Merge "Fix configuration of collectd (lib)virt plugin"
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index bb073f7..9c356a7 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,10 +1,1347 @@
-nova formula
-============
+=========
+Changelog
+=========
-2016.4.1 (2016-04-15)
+Version 2017.2
+=============================
-- second release
+commit 5bc9e9f5542381e91bee899c98e5d3291b33dbbd (HEAD -> master, origin/master, origin/HEAD)
+Author: Filip Pytloun <filip@pytloun.cz>
-0.0.1 (2015-08-03)
+ Unify Makefile, .gitignore and update readme
-- Initial formula setup
+commit 1607342be73886ae6a1b5ed7c5ad3cdf181ff893
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ fixed memcached parameter
+
+commit b20bef085bf945b2af0e2aad1f95b3f74d3955c7 (origin/ceph-libvirt-cache)
+Author: Petr Michalec <epcim@apealive.net>
+
+ ceph, disk_cachemodes
+
+commit 2a9b1c2b4c49c31cc000a00f5d5e1f9070075437
+Merge: 4db36fd 36bd0eb
+Author: Ales Komarek <akomarek@mirantis.com>
+
+ Merge "Provide grains for building the main dashboard"
+
+commit 4db36fd72d2eea55b4424851c06d461cceb9b2b0
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Remove .gitreview
+
+commit 36bd0eb5753522b3eb582ec9efc662db9d409985
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Provide grains for building the main dashboard
+
+commit b462a5d5f7f4858b831c790d6763915292689d1d
+Author: Ales Komarek <ales.komarek@newt.cz>
+
+ MOS fix
+
+commit 873de55f85f0726e88885f10cd08e4af4f1aec7c
+Merge: 270e105 dff30bf
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add aggregates memory tables in Nova dashboard"
+
+commit 270e105c38cdba8140dee1937f884cd7a2e4e7fa
+Author: Olivier Bourdon <obourdon@mirantis.com>
+
+ Add alarms for Nova aggregates
+
+commit dff30bf0818a5d4d2eb8f8e8e9e97b73a8e41b59
+Author: Olivier Bourdon <obourdon@mirantis.com>
+
+ Add aggregates memory tables in Nova dashboard
+
+commit ef81d50cfc1f207733be5a78569f185c9062c281
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Libvirtd deamon does not start after compute reboot
+
+commit add8ae2c6ce1b39a69036b27dce17bec8272c71b
+Merge: bb46d59 6a3c8f7
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Fix typo in README.rst"
+
+commit bb46d594bd7d9c33b8ff158e0bb88913c3b756d7
+Author: Ales Komarek <ales.komarek@newt.cz>
+
+ Added default notification value
+
+commit 3519b04b9717be92ae4a410576d32987d1b4f1ff
+Merge: b827228 74b092d
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Support configuration of notify_on without Ceilometer"
+
+commit b8272283d0910fc19232e93e197a9aaab7b0e2c9
+Merge: 8e67e9e 2ee8c65
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Support dict values for controller.notification"
+
+commit 8e67e9e2e47956af3bbd1579f2202d42afb09038
+Merge: 2b68f17 7a8b3bc
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Enable notifications for the controller role"
+
+commit 2b68f176ecdb169caf995530b3a3a5468e405432
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Remove the usage of down and disabled together
+
+commit 6a3c8f71f990516271f9a1385718eb3c50b42923
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Fix typo in README.rst
+
+commit 74b092d3a763b8ae5c99ff5c1bd190549c1fc383
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Support configuration of notify_on without Ceilometer
+
+commit 2ee8c65d196f87ef67dab2df1615728fd3956942
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Support dict values for controller.notification
+
+commit 7a8b3bc4e21b050f0dd8b30d284340793b023721
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Enable notifications for the controller role
+
+commit 9a4f6334c0fdfc6e0bf83f85e120a8bdb3f0593f
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Enable alarms on libivrt
+
+commit fea94eacea02b8489d8503ce1be8a6c147522502
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Handle "disabled" in nova_compute alarms
+
+commit 32b5251e1d4ce21e55b83e8357cbb2ef176df66d
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Improve alarm descriptions
+
+commit a0624d247b343b6afa7fb35e22054b779a18195c
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Change alarm names for free_memory/vcpu
+
+commit 52d4f329d59b8d716746883397cf54e818522573 (tag: mk22-sl, tag: mk22, tag: 2016.12.1, tag: 2016.12)
+Author: Patrick Petit <ppetit@mirantis.com>
+
+ Use new policies for nova_logs alarm clusters
+
+commit 74ee08104de5ce86b08434233d33428e773c50be
+Merge: e7e57ce cf1d39f
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "extend temporary exeption for libvirtname in mirantis repo; reason: keystone formula goes against nova formula for legacy deployments"
+
+commit e7e57ced1de133fe67f6480d276f7b3448bc7ecf
+Merge: 69574d0 e8f3833
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Documentation update, audit cadf support"
+
+commit 69574d053ea04a6f03c7a95457bef5185fafe376
+Merge: 3a3a154 aa23dc0
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "enable cadf auditing support"
+
+commit e8f383379ded56015fa93c105d926d124333eca4
+Author: Petr Michalec <epcim@apealive.net>
+
+ Documentation update, audit cadf support
+
+commit cf1d39fb530ac402d62e471d2fd9f55002a20fd1
+Author: Petr Michalec <epcim@apealive.net>
+
+ extend temporary exeption for libvirtname in mirantis repo; reason: keystone formula goes against nova formula for legacy deployments
+
+commit aa23dc09c7c075efd28660313d1f8a1e82889f80
+Author: Petr Michalec <epcim@apealive.net>
+
+ enable cadf auditing support
+
+commit 3a3a1545c8d95786a75899c63a5c34e224d33890
+Author: Patrick Petit <ppetit@mirantis.com>
+
+ Fix bugs and improve accuracy of alarms and clusters
+
+commit a03e2e13469f29cf9a8f436305d104a35961f5b2
+Merge: d1d4b2d beb0ad3
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "added compute cluster metadata"
+
+commit d1d4b2d156959b6f0058fef83e7aad05c06a6ff3
+Author: Ales Komarek <ales.komarek@newt.cz>
+
+ Documentation fix
+
+commit beb0ad356a355a1d30e6a30c3a6c7eac0c2a3d62
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ added compute cluster metadata
+
+commit 96a8ed3c846e3f15ced12fce6412cf058318c0ff
+Merge: 6d39fc0 63ef2d5
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Merge remote-tracking branch 'upstream/stacklight' into merge-branch
+
+commit 63ef2d583c733ac59e7598696c9ff076f64c9c06 (origin/stacklight)
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Put Grafana dashboards into their own directory
+
+commit ca319b31e226a599ddcc760d9dcf81008eddcce0
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Fix annotations in Grafana dashboard
+
+commit cc59477410af3bcd9089e4dd737c3e0c115f2058
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Remove the nova_fs alarms
+
+commit e5cc97875994e47eb29472504cb8706c82c720fc
+Author: Swann Croiset <scroiset@mirantis.com>
+
+ Add alerting property for alarm_cluster
+
+commit 38c834cc5d048f13b66f104503323936679d540b
+Merge: 13ffb55 bb998dc
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add nagios_host dimension" into stacklight
+
+commit 13ffb55b8a80fd375a2f1cdba8f14aa0f3171ef0
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Use "nova_api" as the backend name
+
+commit 12017cdbbfdc79384f6f4f766843bc93e0954d45
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Use percent metrics for majority-down
+
+commit bb998dc52d9bf165f2747ae70b829e4340105a56
+Author: Swann Croiset <scroiset@mirantis.com>
+
+ Add nagios_host dimension
+
+commit a7ad2070ff7cccbe9e9793332bf12aeeb7eb38b9
+Merge: 43fa6d1 e7b37cf
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add the dashboard for hypervisor metrics" into stacklight
+
+commit 43fa6d1f0d9244a65995ed66885a9a46a615b21b
+Author: Swann Croiset <scroiset@mirantis.com>
+
+ Fix the alarm_cluster for nova services
+
+commit e7b37cf4dc87917f5dbd35b096841f1edc545584
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Add the dashboard for hypervisor metrics
+
+commit dd15b131be348d9f2db6be5870060097b90cb6bf
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Add alarms and alarm clusters
+
+commit f158af4047eba1c407e24f8580704a4057d16666
+Merge: c1239cf 46dda8f
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Merge remote-tracking branch 'upstream/master' into merge-branch" into stacklight
+
+commit 46dda8f973a9771896d4ab3a322fa78e24b5e0f1
+Merge: 2b2e9c2 6d39fc0
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Merge remote-tracking branch 'upstream/master' into merge-branch
+
+commit c1239cfbc92b1ad2d974d924c2aef3ebd85e4b7e
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Add missing JSON format for dashboard
+
+commit 2b2e9c23266d738dd92d254ffe79fa641f4271a3
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Add support for Grafana
+
+commit 6d39fc0c19a81161147de250434d5689c6ea559f
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fixes in nova-compute libvirt for mitaka
+
+commit 570ebc5d68f8308e6d173a19941522acde56f2c2
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Fix for proper UNIX group
+
+commit f4527523061efca2b1cac7c99c78dfa5a2a46788
+Merge: dd076e4 47a6b91
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Fix collectd meta when the service is disabled" into stacklight
+
+commit dd076e48725dac1f542861bae06e28aa7b93fa43
+Merge: 8d07b80 969c1f8
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add local endpoint check in collectd" into stacklight
+
+commit 8d07b80654399b7d81881068559ddf40a3e019ac
+Merge: 46a5033 fac69ee
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add timezone to openstack log decoder config" into stacklight
+
+commit 47a6b9188d6662e9ec93e31363b376bd2aae9a76
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Fix collectd meta when the service is disabled
+
+commit 969c1f83f9d6a517cc5e8f0288bbd5c4ba802a60
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Add local endpoint check in collectd
+
+commit fac69eeea95173b5caf2d1a1105313a14f86388d
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Add timezone to openstack log decoder config
+
+commit 46a503381d0b3cae42fb1dc2dd8d480a06db8457
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Use more robust logstreamer file match
+
+commit 22533b1476e756e06cec741e3be377176dba430c
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Use more robust logstreamer file match
+
+commit 424592a33aa080e4bc01d89c10013e438704e34d
+Merge: 193ed9c 9a9ba47
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Integrate with StackLight" into stacklight
+
+commit 9a9ba47b51647a9cbfa09648f2f4b16e2950d2cc
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ Integrate with StackLight
+
+commit 193ed9c827d6c8d958e797927d6c368fe12ff40f
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ change libvirt service to libvirtd
+
+commit 12b5c0904ef05974a183f783cce9178b72c39043
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ added new check - nova compute disk space
+
+commit 7b1ede35d2d4e2372059d390395d35c65238e101
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ change libvirt service to libvirtd
+
+commit 329f55b59e9c1647c00eb18ddba20941bb0bbdfc
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ add compute node for containers
+
+commit e99895c3a12618f89ed3c7eb187c49d6ca74cb57
+Merge: 7ef44b6 e2b8a86
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "add region to nova_instance check"
+
+commit 7ef44b6b9eddb4a1381e3d047ab35b83b69ede26
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ mos packages compatability
+
+commit e2b8a86a43806de285b06c8f385d5713b6f2febb
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ add region to nova_instance check
+
+commit 3b20421522065b90ebca4ecb2fd4c178dc9f3451
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ add region to checks
+
+commit d484260256f14394fda14421cd87e771675a0e6a
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ change number of processes in nova-compute check
+
+commit 52188189d0f0569277d5a775baae0c886420c861
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ default metadata for container configmap
+
+commit dda003ac980a78d7bfa13f6f6c35b4e90a5abaee
+Merge: 20d7423 08a23ee
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add support for config generation"
+
+commit 08a23ee032975f9fcec61ce73f9289336ae7b7aa
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Add support for config generation
+
+commit 20d74233b2b0fbd4ebc6e9a7ebfa1b8751bf4676
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ update check procs count
+
+commit 617a8969d522b940d875b9303c1082027fb9c9fc
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ nova compute operation improvements
+
+commit ce5d5993766ca7251b46b2cb9cd7bd490ebd601d
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ remove old unused package for nova-ajax
+
+commit 1cd9e09579ce41f38e2e39f2898b678b34dbb525
+Author: Andreas Jaeger <aj@suse.com>
+
+ Move other-requirements.txt to bindep.txt
+
+commit 7cf1549b40aebb85dbf8fb71625737fbc36fcded
+Merge: bc3871e 8c787fc
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "New parameter with default value cinder for ceph storage in secret.xml"
+
+commit bc3871e6c9a74cf44d35c4f1b473a167f962fd53
+Merge: bedde64 533e119
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "SPM packaging metadata"
+
+commit bedde6403841afa95a9f2811891fe92abfd0f232
+Merge: 87340f8 36213e8
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Disable logging to file during tests"
+
+commit 87340f84e38fca3dcb3b1b9f34e4d7178efb49e0
+Author: Simak, Jan <simak.jan@gmail.com>
+
+ Disable logging to file during tests
+
+commit 36213e859067a9e60570dab23d0dbe51cf2b9ab6
+Author: Lukas Zmrzlik <lukas.zmrzlik@firma.seznam.cz>
+
+ Disable logging to file during tests
+
+commit 533e1198f25685835cb30ebb9b4436b4d9dfa794
+Author: Adam Tengler <adam.tengler@tcpcloud.eu>
+
+ SPM packaging metadata
+
+commit 864bd925e8bcd7fba2bc206f04f96a0f27fbafb4
+Author: Adam Tengler <adam.tengler@tcpcloud.eu>
+
+ Orchestration metadata
+
+commit 340acf4055676dc611cdd600cb42937d01a4966c
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ docker support
+
+commit c236776db5117b3a24217689a1b83e3d188c5834
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fix for ceph ephemeral condition
+
+commit 39e6acaab43b2da867b65901d6d3c235525b5cc6
+Author: maxstack <max@100percentit.com>
+
+ Added the option to use Ceph for Nova ephemeral.
+
+commit fcf34f8f0c04d7e9dc707d168e9e714d2a3ea9e6
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Add documentation and bug links
+
+commit e73d3f23d8b1127273341c80b804e87dcbb50bdb
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Fix heka.toml
+
+commit 3fb42cd5dbc5042a5f052e5436c2dbc383ccdfdd
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Fix for neutron auth in Mitaka
+
+commit 8c787fcac85281c06e6d3452477ac24259e76d8a
+Author: smolaon <ondrej.smola@tcpcloud.eu>
+
+ New parameter with default value cinder for ceph storage in secret.xml
+
+commit a1013066a6c7a535a1ab186303af8b1a5b584914
+Merge: 5142fbf ae1ffe1
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Disable minion_id_caching"
+
+commit ae1ffe1c09978d6833697e972f66cb9bcaec6038
+Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
+
+ Disable minion_id_caching
+
+Version 2016.4.2
+=============================
+
+commit 5142fbfc24e7f9cbf00bf0a3a38e4768064fffc5 (tag: 2016.4.2)
+Merge: a82b820 4405176
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Compatibility with Debian and Ubuntu 16.04"
+
+commit 4405176427f83feaf452f8113223f42fc7dae508
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Compatibility with Debian and Ubuntu 16.04
+
+commit a82b8205776b54739e2973e19dff091d4965d645
+Author: Jiri Konecny <jiri.konecny@tcpcloud.eu>
+
+ [RabbitMQ] Removed deprecated ha_queue option.
+
+Version 2016.4.1
+=============================
+
+
+Version 2016.12.1
+=============================
+
+
+Version 2016.12
+=============================
+
+commit 52d4f329d59b8d716746883397cf54e818522573 (tag: mk22-sl, tag: mk22, tag: 2016.12.1, tag: 2016.12)
+Author: Patrick Petit <ppetit@mirantis.com>
+
+ Use new policies for nova_logs alarm clusters
+
+commit 74ee08104de5ce86b08434233d33428e773c50be
+Merge: e7e57ce cf1d39f
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "extend temporary exeption for libvirtname in mirantis repo; reason: keystone formula goes against nova formula for legacy deployments"
+
+commit e7e57ced1de133fe67f6480d276f7b3448bc7ecf
+Merge: 69574d0 e8f3833
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Documentation update, audit cadf support"
+
+commit 69574d053ea04a6f03c7a95457bef5185fafe376
+Merge: 3a3a154 aa23dc0
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "enable cadf auditing support"
+
+commit e8f383379ded56015fa93c105d926d124333eca4
+Author: Petr Michalec <epcim@apealive.net>
+
+ Documentation update, audit cadf support
+
+commit cf1d39fb530ac402d62e471d2fd9f55002a20fd1
+Author: Petr Michalec <epcim@apealive.net>
+
+ extend temporary exeption for libvirtname in mirantis repo; reason: keystone formula goes against nova formula for legacy deployments
+
+commit aa23dc09c7c075efd28660313d1f8a1e82889f80
+Author: Petr Michalec <epcim@apealive.net>
+
+ enable cadf auditing support
+
+commit 3a3a1545c8d95786a75899c63a5c34e224d33890
+Author: Patrick Petit <ppetit@mirantis.com>
+
+ Fix bugs and improve accuracy of alarms and clusters
+
+commit a03e2e13469f29cf9a8f436305d104a35961f5b2
+Merge: d1d4b2d beb0ad3
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "added compute cluster metadata"
+
+commit d1d4b2d156959b6f0058fef83e7aad05c06a6ff3
+Author: Ales Komarek <ales.komarek@newt.cz>
+
+ Documentation fix
+
+commit beb0ad356a355a1d30e6a30c3a6c7eac0c2a3d62
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ added compute cluster metadata
+
+commit 96a8ed3c846e3f15ced12fce6412cf058318c0ff
+Merge: 6d39fc0 63ef2d5
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Merge remote-tracking branch 'upstream/stacklight' into merge-branch
+
+commit 63ef2d583c733ac59e7598696c9ff076f64c9c06 (origin/stacklight)
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Put Grafana dashboards into their own directory
+
+commit ca319b31e226a599ddcc760d9dcf81008eddcce0
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Fix annotations in Grafana dashboard
+
+commit cc59477410af3bcd9089e4dd737c3e0c115f2058
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Remove the nova_fs alarms
+
+commit e5cc97875994e47eb29472504cb8706c82c720fc
+Author: Swann Croiset <scroiset@mirantis.com>
+
+ Add alerting property for alarm_cluster
+
+commit 38c834cc5d048f13b66f104503323936679d540b
+Merge: 13ffb55 bb998dc
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add nagios_host dimension" into stacklight
+
+commit 13ffb55b8a80fd375a2f1cdba8f14aa0f3171ef0
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Use "nova_api" as the backend name
+
+commit 12017cdbbfdc79384f6f4f766843bc93e0954d45
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Use percent metrics for majority-down
+
+commit bb998dc52d9bf165f2747ae70b829e4340105a56
+Author: Swann Croiset <scroiset@mirantis.com>
+
+ Add nagios_host dimension
+
+commit a7ad2070ff7cccbe9e9793332bf12aeeb7eb38b9
+Merge: 43fa6d1 e7b37cf
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add the dashboard for hypervisor metrics" into stacklight
+
+commit 43fa6d1f0d9244a65995ed66885a9a46a615b21b
+Author: Swann Croiset <scroiset@mirantis.com>
+
+ Fix the alarm_cluster for nova services
+
+commit e7b37cf4dc87917f5dbd35b096841f1edc545584
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Add the dashboard for hypervisor metrics
+
+commit dd15b131be348d9f2db6be5870060097b90cb6bf
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Add alarms and alarm clusters
+
+commit f158af4047eba1c407e24f8580704a4057d16666
+Merge: c1239cf 46dda8f
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Merge remote-tracking branch 'upstream/master' into merge-branch" into stacklight
+
+commit 46dda8f973a9771896d4ab3a322fa78e24b5e0f1
+Merge: 2b2e9c2 6d39fc0
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Merge remote-tracking branch 'upstream/master' into merge-branch
+
+commit c1239cfbc92b1ad2d974d924c2aef3ebd85e4b7e
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Add missing JSON format for dashboard
+
+commit 2b2e9c23266d738dd92d254ffe79fa641f4271a3
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Add support for Grafana
+
+commit 6d39fc0c19a81161147de250434d5689c6ea559f
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fixes in nova-compute libvirt for mitaka
+
+commit 570ebc5d68f8308e6d173a19941522acde56f2c2
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Fix for proper UNIX group
+
+commit f4527523061efca2b1cac7c99c78dfa5a2a46788
+Merge: dd076e4 47a6b91
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Fix collectd meta when the service is disabled" into stacklight
+
+commit dd076e48725dac1f542861bae06e28aa7b93fa43
+Merge: 8d07b80 969c1f8
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add local endpoint check in collectd" into stacklight
+
+commit 8d07b80654399b7d81881068559ddf40a3e019ac
+Merge: 46a5033 fac69ee
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add timezone to openstack log decoder config" into stacklight
+
+commit 47a6b9188d6662e9ec93e31363b376bd2aae9a76
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Fix collectd meta when the service is disabled
+
+commit 969c1f83f9d6a517cc5e8f0288bbd5c4ba802a60
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Add local endpoint check in collectd
+
+commit fac69eeea95173b5caf2d1a1105313a14f86388d
+Author: Simon Pasquier <spasquier@mirantis.com>
+
+ Add timezone to openstack log decoder config
+
+commit 46a503381d0b3cae42fb1dc2dd8d480a06db8457
+Author: Guillaume Thouvenin <gthouvenin@mirantis.com>
+
+ Use more robust logstreamer file match
+
+commit 22533b1476e756e06cec741e3be377176dba430c
+Author: Éric Lemoine <elemoine@mirantis.com>
+
+ Use more robust logstreamer file match
+
+commit 424592a33aa080e4bc01d89c10013e438704e34d
+Merge: 193ed9c 9a9ba47
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Integrate with StackLight" into stacklight
+
+commit 9a9ba47b51647a9cbfa09648f2f4b16e2950d2cc
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ Integrate with StackLight
+
+commit 193ed9c827d6c8d958e797927d6c368fe12ff40f
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ change libvirt service to libvirtd
+
+commit 12b5c0904ef05974a183f783cce9178b72c39043
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ added new check - nova compute disk space
+
+commit 7b1ede35d2d4e2372059d390395d35c65238e101
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ change libvirt service to libvirtd
+
+commit 329f55b59e9c1647c00eb18ddba20941bb0bbdfc
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ add compute node for containers
+
+commit e99895c3a12618f89ed3c7eb187c49d6ca74cb57
+Merge: 7ef44b6 e2b8a86
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "add region to nova_instance check"
+
+commit 7ef44b6b9eddb4a1381e3d047ab35b83b69ede26
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ mos packages compatability
+
+commit e2b8a86a43806de285b06c8f385d5713b6f2febb
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ add region to nova_instance check
+
+commit 3b20421522065b90ebca4ecb2fd4c178dc9f3451
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ add region to checks
+
+commit d484260256f14394fda14421cd87e771675a0e6a
+Author: Ondrej Smola <ondrej.smola@tcpcloud.eu>
+
+ change number of processes in nova-compute check
+
+commit 52188189d0f0569277d5a775baae0c886420c861
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ default metadata for container configmap
+
+commit dda003ac980a78d7bfa13f6f6c35b4e90a5abaee
+Merge: 20d7423 08a23ee
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add support for config generation"
+
+commit 08a23ee032975f9fcec61ce73f9289336ae7b7aa
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Add support for config generation
+
+commit 20d74233b2b0fbd4ebc6e9a7ebfa1b8751bf4676
+Author: vmikes <vlastimil.mikes@tcpcloud.eu>
+
+ update check procs count
+
+commit 617a8969d522b940d875b9303c1082027fb9c9fc
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ nova compute operation improvements
+
+commit ce5d5993766ca7251b46b2cb9cd7bd490ebd601d
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ remove old unused package for nova-ajax
+
+commit 1cd9e09579ce41f38e2e39f2898b678b34dbb525
+Author: Andreas Jaeger <aj@suse.com>
+
+ Move other-requirements.txt to bindep.txt
+
+commit 7cf1549b40aebb85dbf8fb71625737fbc36fcded
+Merge: bc3871e 8c787fc
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "New parameter with default value cinder for ceph storage in secret.xml"
+
+commit bc3871e6c9a74cf44d35c4f1b473a167f962fd53
+Merge: bedde64 533e119
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "SPM packaging metadata"
+
+commit bedde6403841afa95a9f2811891fe92abfd0f232
+Merge: 87340f8 36213e8
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Disable logging to file during tests"
+
+commit 87340f84e38fca3dcb3b1b9f34e4d7178efb49e0
+Author: Simak, Jan <simak.jan@gmail.com>
+
+ Disable logging to file during tests
+
+commit 36213e859067a9e60570dab23d0dbe51cf2b9ab6
+Author: Lukas Zmrzlik <lukas.zmrzlik@firma.seznam.cz>
+
+ Disable logging to file during tests
+
+commit 533e1198f25685835cb30ebb9b4436b4d9dfa794
+Author: Adam Tengler <adam.tengler@tcpcloud.eu>
+
+ SPM packaging metadata
+
+commit 864bd925e8bcd7fba2bc206f04f96a0f27fbafb4
+Author: Adam Tengler <adam.tengler@tcpcloud.eu>
+
+ Orchestration metadata
+
+commit 340acf4055676dc611cdd600cb42937d01a4966c
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ docker support
+
+commit c236776db5117b3a24217689a1b83e3d188c5834
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fix for ceph ephemeral condition
+
+commit 39e6acaab43b2da867b65901d6d3c235525b5cc6
+Author: maxstack <max@100percentit.com>
+
+ Added the option to use Ceph for Nova ephemeral.
+
+commit fcf34f8f0c04d7e9dc707d168e9e714d2a3ea9e6
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Add documentation and bug links
+
+commit e73d3f23d8b1127273341c80b804e87dcbb50bdb
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Fix heka.toml
+
+commit 3fb42cd5dbc5042a5f052e5436c2dbc383ccdfdd
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Fix for neutron auth in Mitaka
+
+commit 8c787fcac85281c06e6d3452477ac24259e76d8a
+Author: smolaon <ondrej.smola@tcpcloud.eu>
+
+ New parameter with default value cinder for ceph storage in secret.xml
+
+commit a1013066a6c7a535a1ab186303af8b1a5b584914
+Merge: 5142fbf ae1ffe1
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Disable minion_id_caching"
+
+commit 5142fbfc24e7f9cbf00bf0a3a38e4768064fffc5 (tag: 2016.4.2)
+Merge: a82b820 4405176
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Compatibility with Debian and Ubuntu 16.04"
+
+commit ae1ffe1c09978d6833697e972f66cb9bcaec6038
+Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
+
+ Disable minion_id_caching
+
+commit 4405176427f83feaf452f8113223f42fc7dae508
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Compatibility with Debian and Ubuntu 16.04
+
+commit a82b8205776b54739e2973e19dff091d4965d645
+Author: Jiri Konecny <jiri.konecny@tcpcloud.eu>
+
+ [RabbitMQ] Removed deprecated ha_queue option.
+
+commit dce07bf3b6e31ad6f1e95196f390253434736910 (tag: 2016.4.1)
+Merge: e31f2c5 3656054
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "New release, debian packaging moved"
+
+commit 365605400cc234d4c73652f9d8841b28effa8d95
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ New release, debian packaging moved
+
+commit e31f2c5ed0c86c7e5cad583be216c08f6f8863b0
+Author: Jiri Konecny <jiri.konecny@tcpcloud.eu>
+
+ [RabbitMQ] Parametrized message queue hosts to enable client-side HA.
+
+commit 3ef8a315cca067fd402f14cd9a93f03a616a24b6
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Add makefile, run tests during package build
+
+commit 34db6e47fd0e4ec10a22c128277c8dbfc71c8e2b
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ Mitaka release configuration files support
+
+commit 27a5ae737d9f740df7f626913d8e606169045df6
+Merge: b5a80e4 7fdb877
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "fix service differentiator"
+
+commit b5a80e4658a248c98137da83a7a6300e80c76ecc
+Author: Jiri Konecny <jiri.konecny@tcpcloud.eu>
+
+ [Workers] Added parametrization of osapi_compute_worker and workers.
+
+commit 9344a370c0498d35c2c8ac995efed205bd6f1a40
+Author: Jiri Konecny <jiri.konecny@tcpcloud.eu>
+
+ [Disk] Added parametrization of disk_allocation_ratio.
+
+commit 7fdb877cd5402ddb678655b892f3155c223739fb
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ fix service differentiator
+
+commit 7902126021d922109398356ed5e1076c2ef80ec1
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ add Keystone region configuration
+
+commit ad16f61b90d675a5ed2a01b7f5407f537fac07d2
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ refactor heka config
+
+commit dbd281bce8a0d17521d9116f274a09d55e9146f9
+Merge: e0f72b4 3958108
+Author: Jenkins <jenkins@review.openstack.org>
+
+ Merge "Add gitreview to project"
+
+commit 395810852f79c2d7eee64e6bd7458e9b71108a8c
+Author: Arif Ali <mail@arif-ali.co.uk>
+
+ Add gitreview to project
+
+commit e0f72b4cccdefa366dfe636897511be69b34770e
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ RedHat Compatability
+
+commit 29b8945f5da2a93e1f89473c62e40f1ad778853b
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ License and links fixes
+
+commit 91737a223a3ddf57fdcf1a4354475364e13b8ca0
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fix in nova sphinx syntax
+
+commit 4ba00c7f34c561c50dfbe8c6a85e9ac62a7f9e7c
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ http in documentation
+
+commit 3b5a42706d701cff4fed70d7d0cf06ddc8758e45
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ bad space
+
+commit 0eb1923642f3556686d67795e13840bd2ada642a
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ endpoints for nova
+
+commit d1caae224e978e93256841f4ddfe86c98da573f8
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fixes in documenation
+
+commit 6a7748781e99ee3c526e7d70eea019b26f54cd75
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ sphinx for rabbit vhost
+
+commit 11424de7ef0a1934f9a8dccde110c6642a418647
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ missing vhost for rabbit
+
+commit 2ee6aea654a2087cf52c20c89fc3751bac208040
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fixes in nova sphinx docs
+
+commit 3ac52980880a194def221e684f6fd1d5c6a9824c
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ final nova sphinx
+
+commit 7e8471eef4678e732481a02a85d7908cf6b64143
+Author: Adam Tengler <a.tengler@tcpcloud.eu>
+
+ Fixed list rendering in sphinx doc
+
+commit 1e87450cf470807fe6a20c098cf5f0f053a34baa
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fix for generationg
+
+commit 995b7ce3c8f5a568a488336d01f26868e3f81bb8
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ sphinx generate list of packages with versions
+
+commit a0f801a31f991c840f17073a8b5375b89f38a834
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ sphinx documenation for nova formula
+
+commit 6d51029e9599d08b7a6ed5e596e140b901e1413a
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ fix project name
+
+commit 3f4444f99fe133db853879acec9b11649c991576
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ Sphinx docs
+
+commit 6afb4697f4552e4b0b6f3e0a85011c652dbd5656
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ gitignore
+
+commit a2dd9ff3b7ea6170ca696f8093a8da91073659e1
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ No dependencies for nova formula
+
+commit 235949e3147d84d82add1734250f462f6930fb52
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Script to run tests
+
+commit c9c41d394c4843f437a47097ab3d2fd98f363842
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Makefile for tests
+
+commit e863a3f2af2e2e145714f9062ce95022f86d31b1
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Support for identity version 3
+
+commit cb7d797df7c6323f06a8ee98b7b6f62d4a8ad4cd
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ top files
+
+commit 880f02f90485d417437a0a63258b102c1714f1f0
+Author: Ales Komarek <ales.komarek@tcpcloud.eu>
+
+ testing scenarios
+
+commit 263ca503f9c6592902ab2b5c9c26be703099ef48
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ removed extra conditional blocks
+
+commit b72de501de9b3695af9b0b2af2b6dc91f305eec4
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ update README, enable scheduler filters and moved default values to metadata to clean up if blocks
+
+commit 67b8e0677a4d2a0a121085cf98ec2e15ca10eb5b
+Merge: b285eae c1395c9
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ Merge branch 'master' of github.com:tcpcloud/salt-formula-nova into feature-add-ram-cpu-allocation-ratio
+
+commit b285eae4f3e44b82a41da96f1424be2a756623a6
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ add ram and cpu allocation ration
+
+commit e1fb007500cd634d4b80874fcaac91449423b236
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ add vm swappiness
+
+commit 8df5e459c84a7b73b64932499eed41a0c62ac974
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ fix pkg typo
+
+commit 61312820a80566d2f09e5ae6d513724e35832023
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ add ability to set directory perms
+
+commit a6d59425dd8cadeea5abe1c43ced12edcc6e3184
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ add reserved memory option to nova.conf
+
+commit be6ce8843bf03df26a5fe36fffce53661f2dc549
+Author: Lachlan Evenson <lachlan.evenson@lithium.com>
+
+ add support for reserved memory
+
+commit bc450b9fb531a9eb4b01738a3448e9432363c86b
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ nova user must be in libvirt user group
+
+commit 9d109ae7ce6b05fab32035bc3a01d6d813862fdc
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ remove host keys into known_hosts for computes. It is replaced but generally disabled host checking for nova user
+
+commit 13904916751ecd60eb85aa9ccc820d4f8f58d913
+Author: Ales Komarek <mail@newt.cz>
+
+ no collectd for controller
+
+commit a7b4cb6d179575e2eaf19b6d8c28b18e2d435471
+Author: Ales Komarek <mail@newt.cz>
+
+ fix
+
+commit 6e762216b034627dc22e0e82de9b8e4c84e4e011
+Author: Ales Komarek <mail@newt.cz>
+
+ service metadata fix
+
+commit 5c00be7526c1755e9fa862f9af37ceb7a3bb9fa9
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ defautl heal_instance_info_cache_interval 60 for backward compatability with older deployments
+
+commit 3e40046a1902462d6e3bce43d1792316bf56c3b8
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ all nova computes regularly poll neutron server to get network info of the instances running on the compute node. Default is 10 seconds. With thousands of VMs it is recommended to increase interval at 600seconds
+
+commit f9e0f6e7d7dcfd62ecd7c4735812850502133b45
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ disable stricthostkeychecking for nova user
+
+commit 105db6361f5fa305dafa2b2d673425dde78ea219
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ pernamently enable bash for nova user. It is requirement for offline migrations and instance resize.
+
+commit 25abc45beac84d5713933bb23d0f97e730d4a323
+Author: Jakub Pavlik <pavlk.jakub@gmail.com>
+
+ fix nova user enabled bash shell to enable offline migration and instance resize
+
+commit aa33f96f4856fafb37ffd1bf4f11e42c7734431d
+Author: Ales Komarek <mail@newt.cz>
+
+ fix to support services and docs
+
+commit 121a9d5c6a4d9b7be386107f3160f0d104ab8023
+Author: Ales Komarek <mail@newt.cz>
+
+ nova setup
+
+commit 9553f40d8f27bb45e389bdaaa3e19a1db625e8ef
+Author: Ales Komarek <mail@newt.cz>
+
+ support services
+
+commit 855f7038f842242f2d9e05d6a6ead8d777131f48
+Author: Ales Komarek <mail@newt.cz>
+
+ sphinx docs
+
+commit 3024ff4c3047b2c9eea17ca0715485717bd4fe90
+Author: Ales Komarek <mail@newt.cz>
+
+ support fix
+
+commit 6cf60320d78867ba297d1ccbac5325a0a6f910e1
+Author: Ales Komarek <mail@newt.cz>
+
+ Support services definition
+
+commit e543f3106dba5f66e8a2ddbccb36d134a232b805
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ harvest only 7days old logs by default
+
+commit c89453c79c4bd9f0ece7e57803e26e8e77a1f1aa
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ add heka config for controller services
+
+commit 78c56ce2e74c4ebd7462b674fb0fb1b3559ff449
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ add shared dir for libraries
+
+commit 8f74c96fc370c56560237e0b3a1731f06a75b061
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ config syntax fixes
+
+commit 1660a53d38413058143b000ca4051b313fe1464f
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ typofix
+
+commit 65f22b203d64def46806a2169aafb9b2679227d4
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ heka config rename
+
+commit f56ce07f76342338796d0334b921897e9082056b
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ typofix
+
+commit cda0f289d8b64a455c3274dce7cb395b209adc4b
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ heka logging setup
+
+commit 9d085e6eaf9727931598c67a28e32a3fee6e54d2
+Author: jan kaufman <jan.kaufman@tcpcloud.eu>
+
+ heka logging config
+
+commit 049e56bd7c166211071dcf285ef50b09446e09d5
+Author: Ales Komarek <mail@newt.cz>
+
+ Heka configuration fixes
+
+commit 75ba1002a951618464d2db714f15801f4bb2b4f3
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Temporary fix on exchanging host keys for compute nodes
+
+commit ecedd170d4141e0afa1d33a355c73839f6d8712e
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Set known_hosts of other nova.compute hosts
+
+commit 7c874e6128f9c6a63a2433bab6c6b54c01cb4199
+Author: Filip Pytloun <filip@pytloun.cz>
+
+ Set dhcp_domain option
+
+commit ed79447c4af8acbf2e6d4467aa4df90543403a64
+Merge: f91d595 0d835a9
+Author: Filip Pytloun <filip.pytloun@tcpcloud.eu>
+
+ Merge branch 'feature/liberty' into 'master'
+
+commit 0d835a979d5dae2e445a08e19c03d1738af8bec3
+Author: Jakub Pavlik <j.pavlik@tcpcloud.eu>
+
+ openstack nova configuration for liberty
+
+commit f91d595a138275081ec0b3b282f82c7ce2ae0da9
+Merge: 4a72d79 b5ee35f
+Author: Aleš Komárek <mail@newt.cz>
+
+ Merge branch 'feature/monitoring' into 'master'
+
+commit b5ee35f9e4deb94491310fc21c20debedfe52eed
+Author: vmikes <v.mikes@tcpcloud.eu>
+
+ Remove log check
+
+Version 0.2
+=============================
+
+
diff --git a/README.rst b/README.rst
index 8105aaa..4aeecf8 100644
--- a/README.rst
+++ b/README.rst
@@ -1,14 +1,14 @@
-==============
-Nova
-==============
+============
+Nova Formula
+============
OpenStack Nova provides a cloud computing fabric controller, supporting a wide
variety of virtualization technologies, including KVM, Xen, LXC, VMware, and
more. In addition to its native API, it includes compatibility with the
commonly encountered Amazon EC2 and S3 APIs.
-Sample pillars
+Sample Pillars
==============
Controller nodes
@@ -320,31 +320,6 @@
- path: /mnt/hugepages_1GB
- path: /mnt/hugepages_2MB
-Documentation and Bugs
-============================
-
-To learn how to deploy OpenStack Salt, consult the documentation available
-online at:
-
- https://wiki.openstack.org/wiki/OpenStackSalt
-
-In the unfortunate event that bugs are discovered, they should be reported to
-the appropriate bug tracker. If you obtained the software from a 3rd party
-operating system vendor, it is often wise to use their own bug tracker for
-reporting problems. In all other cases use the master OpenStack bug tracker,
-available at:
-
- http://bugs.launchpad.net/openstack-salt
-
-Developers wishing to work on the OpenStack Salt project should always base
-their work on the latest formulas code, available from the master GIT
-repository at:
-
- https://git.openstack.org/cgit/openstack/salt-formula-nova
-
-Developers should also join the discussion on the IRC list, at:
-
- https://wiki.openstack.org/wiki/Meetings/openstack-salt
Documentation and Bugs
======================
diff --git a/VERSION b/VERSION
index 1bad316..b648243 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2016.4.1
+2017.2
diff --git a/metadata.yml b/metadata.yml
index 81b361e..7445fbd 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,3 +1,3 @@
name: "nova"
-version: "2016.4.1"
+version: "2017.2"
source: "https://github.com/openstack/salt-formula-nova"
diff --git a/nova/controller.sls b/nova/controller.sls
index b6916ec..69f063c 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -74,13 +74,51 @@
nova_controller_syncdb:
cmd.run:
- names:
- - nova-manage db sync
- {%- if controller.version == "mitaka" or controller.version == "newton" %}
+ {%- if controller.version == "mitaka" or controller.version == "newton" or controller.version == "ocata" %}
- nova-manage api_db sync
{%- endif %}
+ {%- if controller.version == "ocata" %}
+ - 'su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova'
+ {%- endif %}
+ - nova-manage db sync
- require:
- file: /etc/nova/nova.conf
+{%- if controller.version == "ocata" %}
+
+nova_placement_package:
+ pkg.installed:
+ - name: nova-placement-api
+
+/etc/apache2/sites-available/nova-placement-api.conf:
+ file.managed:
+ - source: salt://nova/files/{{ controller.version }}/nova-placement-api.conf
+ - template: jinja
+ - require:
+ - pkg: nova_controller_packages
+ - pkg: nova_placement_package
+
+nova_cell_create:
+ cmd.run:
+ - name:
+ - 'su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova'
+ - unless: 'nova-manage cell_v2 list_cells | grep cell1'
+ - require:
+ - file: /etc/nova/nova.conf
+
+nova_apache_restart:
+ service.running:
+ - enable: true
+ - name: apache2
+ - require:
+ - cmd: nova_controller_syncdb
+ - watch:
+ - file: /etc/nova/nova.conf
+ - file: /etc/nova/api-paste.ini
+ - file: /etc/apache2/sites-available/nova-placement-api.conf
+
+{%- endif %}
+
nova_controller_services:
service.running:
- enable: true
diff --git a/nova/files/liberty/nova-compute.conf.Debian b/nova/files/liberty/nova-compute.conf.Debian
index c8ee68e..4df50c7 100644
--- a/nova/files/liberty/nova-compute.conf.Debian
+++ b/nova/files/liberty/nova-compute.conf.Debian
@@ -125,7 +125,7 @@
notification_driver = messagingv2
{%- endif %}
-resume_guests_state_on_host_boot = {% compute.get('resume_guests_state_on_host_boot', False) %}
+resume_guests_state_on_host_boot = {{ compute.get('resume_guests_state_on_host_boot', False) }}
{%- if compute.identity.get('version', 2) == 2 %}
diff --git a/nova/files/mitaka/nova-compute.conf.Debian b/nova/files/mitaka/nova-compute.conf.Debian
index 94af780..c2f522d 100644
--- a/nova/files/mitaka/nova-compute.conf.Debian
+++ b/nova/files/mitaka/nova-compute.conf.Debian
@@ -72,7 +72,7 @@
notify_on_state_change = vm_and_task_state
{%- endif %}
-resume_guests_state_on_host_boot = {% compute.get('resume_guests_state_on_host_boot', False) %}
+resume_guests_state_on_host_boot = {{ compute.get('resume_guests_state_on_host_boot', False) }}
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
diff --git a/nova/files/newton/nova-compute.conf.Debian b/nova/files/newton/nova-compute.conf.Debian
index 47bccaa..2c1a7a0 100644
--- a/nova/files/newton/nova-compute.conf.Debian
+++ b/nova/files/newton/nova-compute.conf.Debian
@@ -86,7 +86,7 @@
notify_on_state_change = vm_and_task_state
{%- endif %}
-resume_guests_state_on_host_boot = {% compute.get('resume_guests_state_on_host_boot', False) %}
+resume_guests_state_on_host_boot = {{ compute.get('resume_guests_state_on_host_boot', False) }}
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
diff --git a/nova/files/newton/nova-controller.conf.Debian b/nova/files/newton/nova-controller.conf.Debian
index a40446b..7f87aa4 100644
--- a/nova/files/newton/nova-controller.conf.Debian
+++ b/nova/files/newton/nova-controller.conf.Debian
@@ -63,6 +63,7 @@
allow_resize_to_same_host=True
start_guests_on_host_boot=true
+resume_guests_state_on_host_boot=true
rpc_cast_timeout = 30
rpc_response_timeout = 3600
diff --git a/nova/files/newton/nova-controller.conf.RedHat b/nova/files/newton/nova-controller.conf.RedHat
index a40446b..7f87aa4 100644
--- a/nova/files/newton/nova-controller.conf.RedHat
+++ b/nova/files/newton/nova-controller.conf.RedHat
@@ -63,6 +63,7 @@
allow_resize_to_same_host=True
start_guests_on_host_boot=true
+resume_guests_state_on_host_boot=true
rpc_cast_timeout = 30
rpc_response_timeout = 3600
diff --git a/nova/files/ocata/api-paste.ini.Debian b/nova/files/ocata/api-paste.ini.Debian
new file mode 100644
index 0000000..f543fb3
--- /dev/null
+++ b/nova/files/ocata/api-paste.ini.Debian
@@ -0,0 +1,90 @@
+############
+# Metadata #
+############
+{%- from "nova/map.jinja" import controller with context %}
+[composite:metadata]
+use = egg:Paste#urlmap
+/: meta
+
+[pipeline:meta]
+pipeline = cors metaapp
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#############
+# OpenStack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+# v21 is an exactly feature match for v2, except it has more stringent
+# input validation on the wsgi surface (prevents fuzzing early on the
+# API). It also provides new features via API microversions which are
+# opt into for clients. Unaware clients will receive the same frozen
+# v2 API feature set, but with some relaxed validation
+/v2: openstack_compute_api_v21_legacy_v2_compatible
+/v2.1: openstack_compute_api_v21
+
+[composite:openstack_compute_api_v21]
+use = call:nova.api.auth:pipeline_factory_v21
+noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit osprofiler noauth2 osapi_compute_app_v21
+keystone = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_v21
+
+[composite:openstack_compute_api_v21_legacy_v2_compatible]
+use = call:nova.api.auth:pipeline_factory_v21
+noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit osprofiler noauth2 legacy_v2_compatible osapi_compute_app_v21
+keystone = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}legacy_v2_compatible osapi_compute_app_v21
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:compute_req_id]
+paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:noauth2]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = nova.profiler:WsgiMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:legacy_v2_compatible]
+paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory
+
+[app:osapi_compute_app_v21]
+paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
+
+[pipeline:oscomputeversions]
+pipeline = cors faultwrap http_proxy_to_wsgi oscomputeversionapp
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/nova_api_audit_map.conf") }}
+{%- endif %}
+##########
+# Shared #
+##########
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = nova
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
diff --git a/nova/files/ocata/api-paste.ini.RedHat b/nova/files/ocata/api-paste.ini.RedHat
new file mode 120000
index 0000000..08fd76a
--- /dev/null
+++ b/nova/files/ocata/api-paste.ini.RedHat
@@ -0,0 +1 @@
+api-paste.ini.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/libvirt.Debian b/nova/files/ocata/libvirt.Debian
new file mode 100644
index 0000000..b80fab0
--- /dev/null
+++ b/nova/files/ocata/libvirt.Debian
@@ -0,0 +1,19 @@
+# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin)
+# This is a POSIX shell fragment
+
+# Start libvirtd to handle qemu/kvm:
+start_libvirtd="yes"
+
+# options passed to libvirtd, add "-l" to listen on tcp
+{%- if grains.get('init', None) != 'systemd' %}
+libvirtd_opts="-d -l"
+LIBVIRTD_ARGS="--listen"
+
+{%- else %}
+# Don't use "-d" option with systemd
+libvirtd_opts="-l"
+LIBVIRTD_ARGS="--listen"
+{%- endif %}
+# pass in location of kerberos keytab
+#export KRB5_KTNAME=/etc/libvirt/libvirt.keytab
+
diff --git a/nova/files/ocata/libvirtd.conf.Debian b/nova/files/ocata/libvirtd.conf.Debian
new file mode 100644
index 0000000..8333dcb
--- /dev/null
+++ b/nova/files/ocata/libvirtd.conf.Debian
@@ -0,0 +1,402 @@
+# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+#
+# NOTE: the tests/daemon-conf regression test script requires
+# that each "PARAMETER = VALUE" line in this file have the parameter
+# name just after a leading "#".
+
+#################################################################
+#
+# Network connectivity controls
+#
+
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is necessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+#listen_tls = 0
+
+
+listen_tls = 0
+listen_tcp = 1
+auth_tcp = "none"
+
+
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+#listen_tcp = 1
+
+
+
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+#tls_port = "16514"
+
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+#tcp_port = "16509"
+
+
+# Override the default configuration which binds to all network
+# interfaces. This can be a numeric IPv4/6 address, or hostname
+#
+#listen_addr = "192.168.0.1"
+
+
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is disabled by default, uncomment this to enable it
+#mdns_adv = 1
+
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+#mdns_name = "Virtualization Host Joe Demo"
+
+
+#################################################################
+#
+# UNIX socket access controls
+#
+
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = "libvirtd"
+
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+#unix_sock_ro_perms = "0777"
+
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = "0770"
+
+# Set the name of the directory in which sockets will be found/created.
+#unix_sock_dir = "/var/run/libvirt"
+
+#################################################################
+#
+# Authentication.
+#
+# - none: do not perform auth checks. If you can connect to the
+# socket you are allowed. This is suitable if there are
+# restrictions on connecting to the socket (eg, UNIX
+# socket permissions), or if there is a lower layer in
+# the network providing auth (eg, TLS/x509 certificates)
+#
+# - sasl: use SASL infrastructure. The actual auth scheme is then
+# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+# For non-TCP or TLS sockets, any scheme is allowed.
+#
+# - polkit: use PolicyKit to authenticate. This is only suitable
+# for use on the UNIX sockets. The default policy will
+# require a user to supply their own password to gain
+# full read/write access (aka sudo like), while anyone
+# is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = "none"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = "none"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+#auth_tcp = "sasl"
+#auth_tcp = "none"
+
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+#auth_tls = "none"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+#key_file = "/etc/pki/libvirt/private/serverkey.pem"
+
+# Override the default server certificate file path
+#
+#cert_file = "/etc/pki/libvirt/servercert.pem"
+
+# Override the default CA certificate path
+#
+#ca_file = "/etc/pki/CA/cacert.pem"
+
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+#crl_file = "/etc/pki/CA/crl.pem"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
+
+
+# Flag to disable verification of our own server certificates
+#
+# When libvirtd starts it performs some sanity checks against
+# its own certificates.
+#
+# Default is to always run sanity checks. Uncommenting this
+# will disable sanity checks which is not a good idea
+#tls_no_sanity_certificate = 1
+
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+#tls_no_verify_certificate = 1
+
+
+# A whitelist of allowed x509 Distinguished Names
+# This list may contain wildcards such as
+#
+# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+#tls_allowed_dn_list = ["DN1", "DN2"]
+
+
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+# "*@EXAMPLE.COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
+
+
+
+#################################################################
+#
+# Processing controls
+#
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 20
+
+
+# The minimum limit sets the number of workers to start up
+# initially. If the number of active clients exceeds this,
+# then more threads are spawned, upto max_workers limit.
+# Typically you'd want max_workers to equal maximum number
+# of clients allowed
+#min_workers = 5
+#max_workers = 20
+
+
+# The number of priority workers. If all workers from above
+# pool will stuck, some calls marked as high priority
+# (notably domainDestroy) can be executed in this pool.
+#prio_workers = 5
+
+# Total global limit on concurrent RPC calls. Should be
+# at least as large as max_workers. Beyond this, RPC requests
+# will be read into memory and queued. This directly impact
+# memory usage, currently each request requires 256 KB of
+# memory. So by default upto 5 MB of memory is used
+#
+# XXX this isn't actually enforced yet, only the per-client
+# limit is used so far
+#max_requests = 20
+
+# Limit on concurrent requests from a single client
+# connection. To avoid one client monopolizing the server
+# this should be a small fraction of the global max_requests
+# and max_workers parameter
+#max_client_requests = 5
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+#log_level = 3
+
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the libvirtd ident:
+#log_outputs="3:syslog:libvirtd"
+#
+
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
+#log_buffer_size = 64
+
+
+##################################################################
+#
+# Auditing
+#
+# This setting allows usage of the auditing subsystem to be altered:
+#
+# audit_level == 0 -> disable all auditing
+# audit_level == 1 -> enable auditing, only if enabled on host (default)
+# audit_level == 2 -> enable auditing, and exit if disabled on host
+#
+#audit_level = 2
+#
+# If set to 1, then audit messages will also be sent
+# via libvirt logging infrastructure. Defaults to 0
+#
+#audit_logging = 1
+
+###################################################################
+# UUID of the host:
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
+# Keep the format of the example UUID below. UUID must not have all digits
+# be the same.
+
+# NB This default all-zeros UUID will not work. Replace
+# it with the output of the 'uuidgen' command and then
+# uncomment this entry
+#host_uuid = "00000000-0000-0000-0000-000000000000"
+
+###################################################################
+# Keepalive protocol:
+# This allows libvirtd to detect broken client connections or even
+# dead client. A keepalive message is sent to a client after
+# keepalive_interval seconds of inactivity to check if the client is
+# still responding; keepalive_count is a maximum number of keepalive
+# messages that are allowed to be sent to the client without getting
+# any response before the connection is considered broken. In other
+# words, the connection is automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the client. If keepalive_interval is set to
+# -1, libvirtd will never send keepalive requests; however clients
+# can still send them and the deamon will send responses. When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+#
+# If set to 1, libvirtd will refuse to talk to clients that do not
+# support keepalive protocol. Defaults to 0.
+#
+#keepalive_required = 1
\ No newline at end of file
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
new file mode 100644
index 0000000..55d89a2
--- /dev/null
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -0,0 +1,10877 @@
+{%- from "nova/map.jinja" import compute with context %}
+[DEFAULT]
+
+#
+# From nova.conf
+#
+compute_manager=nova.compute.manager.ComputeManager
+network_device_mtu=65000
+use_neutron = True
+security_group_api=neutron
+image_service=nova.image.glance.GlanceImageService
+
+# DEPRECATED:
+# When returning instance metadata, this is the class that is used
+# for getting vendor metadata when that class isn't specified in the individual
+# request. The value should be the full dot-separated path to the class to use.
+#
+# Possible values:
+#
+# * Any valid dot-separated class path that can be imported.
+# (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+#vendordata_driver=nova.api.metadata.vendordata_json.JsonFileVendorData
+
+# DEPRECATED:
+# This option is used to enable or disable quota checking for tenant networks.
+#
+# Related options:
+#
+# * quota_networks
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using nova-network
+# and nova-network is itself deprecated.
+#enable_network_quota=false
+
+# DEPRECATED:
+# This option controls the number of private networks that can be created per
+# project (or per tenant).
+#
+# Related options:
+#
+# * enable_network_quota
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using nova-network
+# and nova-network is itself deprecated.
+#quota_networks=3
+
+#
+# This option specifies the name of the availability zone for the
+# internal services. Services like nova-scheduler, nova-network,
+# nova-conductor are internal services. These services will appear in
+# their own internal availability_zone.
+#
+# Possible values:
+#
+# * Any string representing an availability zone name
+# * 'internal' is the default value
+#
+# (string value)
+#internal_service_availability_zone=internal
+
+#
+# Default compute node availability_zone.
+#
+# This option determines the availability zone to be used when it is not
+# specified in the VM creation request. If this option is not set,
+# the default availability zone 'nova' is used.
+#
+# Possible values:
+#
+# * Any string representing an availability zone name
+# * 'nova' is the default value
+#
+# (string value)
+#default_availability_zone=nova
+
+# Length of generated instance admin passwords. (integer value)
+# Minimum value: 0
+#password_length=12
+
+#
+# Time period to generate instance usages for. It is possible to define optional
+# offset to given period by appending @ character followed by a number defining
+# offset.
+#
+# Possible values:
+#
+# * period, example: ``hour``, ``day``, ``month` or ``year``
+# * period with offset, example: ``month@15`` will result in monthly audits
+# starting on 15th day of month.
+# (string value)
+#instance_usage_audit_period=month
+{% if pillar.ceilometer is defined %}
+instance_usage_audit = True
+instance_usage_audit_period = hour
+{%- endif %}
+#
+# Start and use a daemon that can run the commands that need to be run with
+# root privileges. This option is usually enabled on nodes that run nova compute
+# processes.
+# (boolean value)
+#use_rootwrap_daemon=false
+
+#
+# Path to the rootwrap configuration file.
+#
+# Goal of the root wrapper is to allow a service-specific unprivileged user to
+# run a number of actions as the root user in the safest manner possible.
+# The configuration file used here must match the one defined in the sudoers
+# entry.
+# (string value)
+#rootwrap_config=/etc/nova/rootwrap.conf
+rootwrap_config=/etc/nova/rootwrap.conf
+
+# Explicitly specify the temporary working directory. (string value)
+#tempdir=<None>
+
+#
+# Determine if monkey patching should be applied.
+#
+# Related options:
+#
+# * ``monkey_patch_modules``: This must have values set for this option to
+# have any effect
+# (boolean value)
+#monkey_patch=false
+
+#
+# List of modules/decorators to monkey patch.
+#
+# This option allows you to patch a decorator for all functions in specified
+# modules.
+#
+# Possible values:
+#
+# * nova.compute.api:nova.notifications.notify_decorator
+# * nova.api.ec2.cloud:nova.notifications.notify_decorator
+# * [...]
+#
+# Related options:
+#
+# * ``monkey_patch``: This must be set to ``True`` for this option to
+# have any effect
+# (list value)
+#monkey_patch_modules=nova.compute.api:nova.notifications.notify_decorator
+
+#
+# Defines which driver to use for controlling virtualization.
+#
+# Possible values:
+#
+# * ``libvirt.LibvirtDriver``
+# * ``xenapi.XenAPIDriver``
+# * ``fake.FakeDriver``
+# * ``ironic.IronicDriver``
+# * ``vmwareapi.VMwareVCDriver``
+# * ``hyperv.HyperVDriver``
+# (string value)
+#compute_driver=<None>
+compute_driver = libvirt.LibvirtDriver
+
+#
+# Allow destination machine to match source for resize. Useful when
+# testing in single-host environments. By default it is not allowed
+# to resize to the same host. Setting this option to true will add
+# the same host to the destination options.
+# (boolean value)
+#allow_resize_to_same_host=false
+allow_resize_to_same_host=true
+
+#
+# Availability zone to use when user doesn't specify one.
+#
+# This option is used by the scheduler to determine which availability
+# zone to place a new VM instance into if the user did not specify one
+# at the time of VM boot request.
+#
+# Possible values:
+#
+# * Any string representing an availability zone name
+# * Default value is None.
+# (string value)
+#default_schedule_zone=<None>
+
+#
+# Image properties that should not be inherited from the instance
+# when taking a snapshot.
+#
+# This option gives an opportunity to select which image-properties
+# should not be inherited by newly created snapshots.
+#
+# Possible values:
+#
+# * A list whose item is an image property. Usually only the image
+# properties that are only needed by base images can be included
+# here, since the snapshots that are created from the base images
+# doesn't need them.
+# * Default list: ['cache_in_nova', 'bittorrent']
+# (list value)
+#non_inheritable_image_properties=cache_in_nova,bittorrent
+
+# DEPRECATED:
+# This option is used to decide when an image should have no external
+# ramdisk or kernel. By default this is set to 'nokernel', so when an
+# image is booted with the property 'kernel_id' with the value
+# 'nokernel', Nova assumes the image doesn't require an external kernel
+# and ramdisk.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# When an image is booted with the property 'kernel_id' with the value
+# 'nokernel', Nova assumes the image doesn't require an external kernel and
+# ramdisk. This option allows user to change the API behaviour which should not
+# be allowed and this value "nokernel" should be hard coded.
+#null_kernel=nokernel
+
+# DEPRECATED:
+# When creating multiple instances with a single request using the
+# os-multiple-create API extension, this template will be used to build
+# the display name for each instance. The benefit is that the instances
+# end up with different hostnames. Example display names when creating
+# two VM's: name-1, name-2.
+#
+# Possible values:
+#
+# * Valid keys for the template are: name, uuid, count.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This config changes API behaviour. All changes in API behaviour should be
+# discoverable.
+#multi_instance_display_name_template=%(name)s-%(count)d
+
+#
+# Maximum number of devices that will result in a local image being
+# created on the hypervisor node.
+#
+# A negative number means unlimited. Setting max_local_block_devices
+# to 0 means that any request that attempts to create a local disk
+# will fail. This option is meant to limit the number of local discs
+# (so root local disc that is the result of --image being used, and
+# any other ephemeral and swap disks). 0 does not mean that images
+# will be automatically converted to volumes and boot instances from
+# volumes - it just means that all requests that attempt to create a
+# local disk will fail.
+#
+# Possible values:
+#
+# * 0: Creating a local disk is not allowed.
+# * Negative number: Allows unlimited number of local discs.
+# * Positive number: Allows only these many number of local discs.
+# (Default value is 3).
+# (integer value)
+#max_local_block_devices=3
+
+#
+# A list of monitors that can be used for getting compute metrics.
+# You can use the alias/name from the setuptools entry points for
+# nova.compute.monitors.* namespaces. If no namespace is supplied,
+# the "cpu." namespace is assumed for backwards-compatibility.
+#
+# Possible values:
+#
+# * An empty list will disable the feature(Default).
+# * An example value that would enable both the CPU and NUMA memory
+# bandwidth monitors that used the virt driver variant:
+# ["cpu.virt_driver", "numa_mem_bw.virt_driver"]
+# (list value)
+#compute_monitors =
+
+#
+# The default format an ephemeral_volume will be formatted with on creation.
+#
+# Possible values:
+#
+# * ``ext2``
+# * ``ext3``
+# * ``ext4``
+# * ``xfs``
+# * ``ntfs`` (only for Windows guests)
+# (string value)
+#default_ephemeral_format=<None>
+
+#
+# Determine if instance should boot or fail on VIF plugging timeout.
+#
+# Nova sends a port update to Neutron after an instance has been scheduled,
+# providing Neutron with the necessary information to finish setup of the port.
+# Once completed, Neutron notifies Nova that it has finished setting up the
+# port, at which point Nova resumes the boot of the instance since network
+# connectivity is now supposed to be present. A timeout will occur if the reply
+# is not received after a given interval.
+#
+# This option determines what Nova does when the VIF plugging timeout event
+# happens. When enabled, the instance will error out. When disabled, the
+# instance will continue to boot on the assumption that the port is ready.
+#
+# Possible values:
+#
+# * True: Instances should fail after VIF plugging timeout
+# * False: Instances should continue booting after VIF plugging timeout
+# (boolean value)
+#vif_plugging_is_fatal=true
+vif_plugging_is_fatal=true
+
+#
+# Timeout for Neutron VIF plugging event message arrival.
+#
+# Number of seconds to wait for Neutron vif plugging events to
+# arrive before continuing or failing (see 'vif_plugging_is_fatal').
+#
+# Related options:
+#
+# * vif_plugging_is_fatal - If ``vif_plugging_timeout`` is set to zero and
+# ``vif_plugging_is_fatal`` is False, events should not be expected to
+# arrive at all.
+# (integer value)
+# Minimum value: 0
+#vif_plugging_timeout=300
+vif_plugging_timeout=300
+
+# Path to '/etc/network/interfaces' template.
+#
+# The path to a template file for the '/etc/network/interfaces'-style file,
+# which
+# will be populated by nova and subsequently used by cloudinit. This provides a
+# method to configure network connectivity in environments without a DHCP
+# server.
+#
+# The template will be rendered using Jinja2 template engine, and receive a
+# top-level key called ``interfaces``. This key will contain a list of
+# dictionaries, one for each interface.
+#
+# Refer to the cloudinit documentaion for more information:
+#
+# https://cloudinit.readthedocs.io/en/latest/topics/datasources.html
+#
+# Possible values:
+#
+# * A path to a Jinja2-formatted template for a Debian '/etc/network/interfaces'
+# file. This applies even if using a non Debian-derived guest.
+#
+# Related options:
+#
+# * ``flat_inject``: This must be set to ``True`` to ensure nova embeds network
+# configuration information in the metadata provided through the config drive.
+# (string value)
+#injected_network_template=$pybasedir/nova/virt/interfaces.template
+
+#
+# The image preallocation mode to use.
+#
+# Image preallocation allows storage for instance images to be allocated up
+# front
+# when the instance is initially provisioned. This ensures immediate feedback is
+# given if enough space isn't available. In addition, it should significantly
+# improve performance on writes to new blocks and may even improve I/O
+# performance to prewritten blocks due to reduced fragmentation.
+#
+# Possible values:
+#
+# * "none" => no storage provisioning is done up front
+# * "space" => storage is fully allocated at instance start
+# (string value)
+# Allowed values: none, space
+#preallocate_images=none
+
+#
+# Enable use of copy-on-write (cow) images.
+#
+# QEMU/KVM allow the use of qcow2 as backing files. By disabling this,
+# backing files will not be used.
+# (boolean value)
+#use_cow_images=true
+{%- if compute.image.use_cow is defined %}
+use_cow_images = {{ compute.image.use_cow }}
+{%- endif %}
+
+#
+# Force conversion of backing images to raw format.
+#
+# Possible values:
+#
+# * True: Backing image files will be converted to raw image format
+# * False: Backing image files will not be converted
+#
+# Related options:
+#
+# * ``compute_driver``: Only the libvirt driver uses this option.
+# (boolean value)
+#force_raw_images=true
+force_raw_images=true
+
+#
+# Name of the mkfs commands for ephemeral device.
+#
+# The format is <os_type>=<mkfs command>
+# (multi valued)
+#virt_mkfs =
+
+#
+# Enable resizing of filesystems via a block device.
+#
+# If enabled, attempt to resize the filesystem by accessing the image over a
+# block device. This is done by the host and may not be necessary if the image
+# contains a recent version of cloud-init. Possible mechanisms require the nbd
+# driver (for qcow and raw), or loop (for raw).
+# (boolean value)
+#resize_fs_using_block_device=false
+
+# Amount of time, in seconds, to wait for NBD device start up. (integer value)
+# Minimum value: 0
+#timeout_nbd=10
+
+#
+# Location of cached images.
+#
+# This is NOT the full path - just a folder name relative to '$instances_path'.
+# For per-compute-host cached images, set to '_base_$my_ip'
+# (string value)
+#image_cache_subdirectory_name=_base
+
+# Should unused base images be removed? (boolean value)
+#remove_unused_base_images=true
+
+#
+# Unused unresized base images younger than this will not be removed.
+# (integer value)
+#remove_unused_original_minimum_age_seconds=86400
+remove_unused_original_minimum_age_seconds=86400
+
+#
+# Generic property to specify the pointer type.
+#
+# Input devices allow interaction with a graphical framebuffer. For
+# example to provide a graphic tablet for absolute cursor movement.
+#
+# If set, the 'hw_pointer_model' image property takes precedence over
+# this configuration option.
+#
+# Possible values:
+#
+# * None: Uses default behavior provided by drivers (mouse on PS2 for
+# libvirt x86)
+# * ps2mouse: Uses relative movement. Mouse connected by PS2
+# * usbtablet: Uses absolute movement. Tablet connect by USB
+#
+# Related options:
+#
+# * usbtablet must be configured with VNC enabled or SPICE enabled and SPICE
+# agent disabled. When used with libvirt the instance mode should be
+# configured as HVM.
+# (string value)
+# Allowed values: <None>, ps2mouse, usbtablet
+#pointer_model=usbtablet
+
+#
+# Defines which physical CPUs (pCPUs) can be used by instance
+# virtual CPUs (vCPUs).
+#
+# Possible values:
+#
+# * A comma-separated list of physical CPU numbers that virtual CPUs can be
+# allocated to by default. Each element should be either a single CPU number,
+# a range of CPU numbers, or a caret followed by a CPU number to be
+# excluded from a previous range. For example:
+#
+# vcpu_pin_set = "4-12,^8,15"
+# (string value)
+#vcpu_pin_set=<None>
+{%- if compute.vcpu_pin_set is defined %}
+vcpu_pin_set={{ compute.vcpu_pin_set }}
+{%- endif %}
+
+#
+# Number of huge/large memory pages to reserved per NUMA host cell.
+#
+# Possible values:
+#
+# * A list of valid key=value which reflect NUMA node ID, page size
+# (Default unit is KiB) and number of pages to be reserved.
+#
+# reserved_huge_pages = node:0,size:2048,count:64
+# reserved_huge_pages = node:1,size:1GB,count:1
+#
+# In this example we are reserving on NUMA node 0 64 pages of 2MiB
+# and on NUMA node 1 1 page of 1GiB.
+# (dict value)
+#reserved_huge_pages=<None>
+
+#
+# Amount of disk resources in MB to make them always available to host. The
+# disk usage gets reported back to the scheduler from nova-compute running
+# on the compute nodes. To prevent the disk resources from being considered
+# as available, this option can be used to reserve disk space for that host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of disk in MB to reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_disk_mb=0
+
+#
+# Amount of memory in MB to reserve for the host so that it is always available
+# to host processes. The host resources usage is reported back to the scheduler
+# continuously from nova-compute running on the compute node. To prevent the
+# host
+# memory from being considered as available, this option is used to reserve
+# memory for the host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of memory in MB to reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_memory_mb=512
+reserved_host_memory_mb = {{ compute.get('reserved_host_memory_mb', '512') }}
+
+#
+# This option helps you specify virtual CPU to physical CPU allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the CoreFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the CoreFilter.
+#
+# This configuration specifies ratio for CoreFilter which can be set
+# per compute node. For AggregateCoreFilter, it will fall back to this
+# configuration value if no per-aggregate setting is found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used
+# and defaulted to 16.0'.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#cpu_allocation_ratio=0.0
+
+#
+# This option helps you specify virtual RAM to physical RAM
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the RamFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the RamFilter.
+#
+# This configuration specifies ratio for RamFilter which can be set
+# per compute node. For AggregateRamFilter, it will fall back to this
+# configuration value if no per-aggregate setting found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.5.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#ram_allocation_ratio=0.0
+
+#
+# This option helps you specify virtual disk to physical disk
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the DiskFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the DiskFilter.
+#
+# A ratio greater than 1.0 will result in over-subscription of the
+# available physical disk, which can be useful for more
+# efficiently packing instances created with images that do not
+# use the entire virtual disk, such as sparse or compressed
+# images. It can be set to a value between 0.0 and 1.0 in order
+# to preserve a percentage of the disk for uses other than
+# instances.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.0'.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#disk_allocation_ratio=0.0
+
+#
+# Console proxy host to be used to connect to instances on this host. It is the
+# publicly visible name for the console host.
+#
+# Possible values:
+#
+# * Current hostname (default) or any string representing hostname.
+# (string value)
+#console_host=socket.gethostname()
+
+#
+# Name of the network to be used to set access IPs for instances. If there are
+# multiple IPs to choose from, an arbitrary one will be chosen.
+#
+# Possible values:
+#
+# * None (default)
+# * Any string representing network name.
+# (string value)
+#default_access_ip_network_name=<None>
+
+#
+# Whether to batch up the application of IPTables rules during a host restart
+# and apply all at the end of the init phase.
+# (boolean value)
+#defer_iptables_apply=false
+
+#
+# Specifies where instances are stored on the hypervisor's disk.
+# It can point to locally attached storage or a directory on NFS.
+#
+# Possible values:
+#
+# * $state_path/instances where state_path is a config option that specifies
+# the top-level directory for maintaining nova's state. (default) or
+# Any string representing directory path.
+# (string value)
+#instances_path=$state_path/instances
+
+#
+# This option enables periodic compute.instance.exists notifications. Each
+# compute node must be configured to generate system usage data. These
+# notifications are consumed by OpenStack Telemetry service.
+# (boolean value)
+#instance_usage_audit=false
+
+#
+# Maximum number of 1 second retries in live_migration. It specifies number
+# of retries to iptables when it complains. It happens when an user continuously
+# sends live-migration request to same host leading to concurrent request
+# to iptables.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#live_migration_retry_count=30
+
+#
+# This option specifies whether to start guests that were running before the
+# host rebooted. It ensures that all of the instances on a Nova compute node
+# resume their state each time the compute node boots or restarts.
+# (boolean value)
+#resume_guests_state_on_host_boot=false
+resume_guests_state_on_host_boot=true
+
+#
+# Number of times to retry network allocation. It is required to attempt network
+# allocation retries if the virtual interface plug fails.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#network_allocate_retries=0
+
+#
+# Limits the maximum number of instance builds to run concurrently by
+# nova-compute. Compute service can attempt to build an infinite number of
+# instances, if asked to do so. This limit is enforced to avoid building
+# unlimited instance concurrently on a compute node. This value can be set
+# per compute node.
+#
+# Possible Values:
+#
+# * 0 : treated as unlimited.
+# * Any positive integer representing maximum concurrent builds.
+# (integer value)
+# Minimum value: 0
+#max_concurrent_builds=10
+
+#
+# Maximum number of live migrations to run concurrently. This limit is enforced
+# to avoid outbound live migrations overwhelming the host/network and causing
+# failures. It is not recommended that you change this unless you are very sure
+# that doing so is safe and stable in your environment.
+#
+# Possible values:
+#
+# * 0 : treated as unlimited.
+# * Negative value defaults to 0.
+# * Any positive integer representing maximum number of live migrations
+# to run concurrently.
+# (integer value)
+#max_concurrent_live_migrations=1
+
+#
+# Number of times to retry block device allocation on failures. Starting with
+# Liberty, Cinder can use image volume cache. This may help with block device
+# allocation performance. Look at the cinder image_volume_cache_enabled
+# configuration option.
+#
+# Possible values:
+#
+# * 60 (default)
+# * If value is 0, then one attempt is made.
+# * Any negative value is treated as 0.
+# * For any value > 0, total attempts are (value + 1)
+# (integer value)
+#block_device_allocate_retries=60
+block_device_allocate_retries=600
+
+#
+# Number of greenthreads available for use to sync power states.
+#
+# This option can be used to reduce the number of concurrent requests
+# made to the hypervisor or system with real instance power states
+# for performance reasons, for example, with Ironic.
+#
+# Possible values:
+#
+# * Any positive integer representing greenthreads count.
+# (integer value)
+#sync_power_state_pool_size=1000
+
+#
+# Number of seconds to wait between runs of the image cache manager.
+#
+# Possible values:
+# * 0: run at the default rate.
+# * -1: disable
+# * Any other value
+# (integer value)
+# Minimum value: -1
+#image_cache_manager_interval=2400
+image_cache_manager_interval=0
+
+#
+# Interval to pull network bandwidth usage info.
+#
+# Not supported on all hypervisors. If a hypervisor doesn't support bandwidth
+# usage, it will not get the info in the usage events.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#bandwidth_poll_interval=600
+
+#
+# Interval to sync power states between the database and the hypervisor.
+#
+# The interval that Nova checks the actual virtual machine power state
+# and the power state that Nova has in its database. If a user powers
+# down their VM, Nova updates the API to report the VM has been
+# powered down. Should something turn on the VM unexpectedly,
+# Nova will turn the VM back off to keep the system in the expected
+# state.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * If ``handle_virt_lifecycle_events`` in workarounds_group is
+# false and this option is negative, then instances that get out
+# of sync between the hypervisor and the Nova database will have
+# to be synchronized manually.
+# (integer value)
+#sync_power_state_interval=600
+
+#
+# Interval between instance network information cache updates.
+#
+# Number of seconds after which each compute node runs the task of
+# querying Neutron for all of its instances networking information,
+# then updates the Nova db with that information. Nova will never
+# update it's cache if this option is set to 0. If we don't update the
+# cache, the metadata service and nova-api endpoints will be proxying
+# incorrect network data about the instance. So, it is not recommended
+# to set this option to 0.
+#
+# Possible values:
+#
+# * Any positive integer in seconds.
+# * Any value <=0 will disable the sync. This is not recommended.
+# (integer value)
+#heal_instance_info_cache_interval=60
+heal_instance_info_cache_interval = {{ compute.heal_instance_info_cache_interval }}
+
+#
+# Interval for reclaiming deleted instances.
+#
+# A value greater than 0 will enable SOFT_DELETE of instances.
+# This option decides whether the server to be deleted will be put into
+# the SOFT_DELETED state. If this value is greater than 0, the deleted
+# server will not be deleted immediately, instead it will be put into
+# a queue until it's too old (deleted time greater than the value of
+# reclaim_instance_interval). The server can be recovered from the
+# delete queue by using the restore action. If the deleted server remains
+# longer than the value of reclaim_instance_interval, it will be
+# deleted by a periodic task in the compute service automatically.
+#
+# Note that this option is read from both the API and compute nodes, and
+# must be set globally otherwise servers could be put into a soft deleted
+# state in the API and never actually reclaimed (deleted) on the compute
+# node.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#reclaim_instance_interval=0
+
+#
+# Interval for gathering volume usages.
+#
+# This option updates the volume usage cache for every
+# volume_usage_poll_interval number of seconds.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#volume_usage_poll_interval=0
+
+#
+# Interval for polling shelved instances to offload.
+#
+# The periodic task runs for every shelved_poll_interval number
+# of seconds and checks if there are any shelved instances. If it
+# finds a shelved instance, based on the 'shelved_offload_time' config
+# value it offloads the shelved instances. Check 'shelved_offload_time'
+# config option description for details.
+#
+# Possible values:
+#
+# * Any value <= 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``shelved_offload_time``
+# (integer value)
+#shelved_poll_interval=3600
+
+#
+# Time before a shelved instance is eligible for removal from a host.
+#
+# By default this option is set to 0 and the shelved instance will be
+# removed from the hypervisor immediately after shelve operation.
+# Otherwise, the instance will be kept for the value of
+# shelved_offload_time(in seconds) so that during the time period the
+# unshelve action will be faster, then the periodic task will remove
+# the instance from hypervisor after shelved_offload_time passes.
+#
+# Possible values:
+#
+# * 0: Instance will be immediately offloaded after being
+# shelved.
+# * Any value < 0: An instance will never offload.
+# * Any positive integer in seconds: The instance will exist for
+# the specified number of seconds before being offloaded.
+# (integer value)
+#shelved_offload_time=0
+
+#
+# Interval for retrying failed instance file deletes.
+#
+# This option depends on 'maximum_instance_delete_attempts'.
+# This option specifies how often to retry deletes whereas
+# 'maximum_instance_delete_attempts' specifies the maximum number
+# of retry attempts that can be made.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``maximum_instance_delete_attempts`` from instance_cleaning_opts
+# group.
+# (integer value)
+#instance_delete_interval=300
+
+#
+# Interval (in seconds) between block device allocation retries on failures.
+#
+# This option allows the user to specify the time interval between
+# consecutive retries. 'block_device_allocate_retries' option specifies
+# the maximum number of retries.
+#
+# Possible values:
+#
+# * 0: Disables the option.
+# * Any positive integer in seconds enables the option.
+#
+# Related options:
+#
+# * ``block_device_allocate_retries`` in compute_manager_opts group.
+# (integer value)
+# Minimum value: 0
+#block_device_allocate_retries_interval=3
+block_device_allocate_retries_interval=10
+
+#
+# Interval between sending the scheduler a list of current instance UUIDs to
+# verify that its view of instances is in sync with nova.
+#
+# If the CONF option 'scheduler_tracks_instance_changes' is
+# False, the sync calls will not be made. So, changing this option will
+# have no effect.
+#
+# If the out of sync situations are not very common, this interval
+# can be increased to lower the number of RPC messages being sent.
+# Likewise, if sync issues turn out to be a problem, the interval
+# can be lowered to check more frequently.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * This option has no impact if ``scheduler_tracks_instance_changes``
+# is set to False.
+# (integer value)
+#scheduler_instance_sync_interval=120
+
+#
+# Interval for updating compute resources.
+#
+# This option specifies how often the update_available_resources
+# periodic task should run. A number less than 0 means to disable the
+# task completely. Leaving this at the default of 0 will cause this to
+# run at the default periodic interval. Setting it to any positive
+# value will cause it to run at approximately that number of seconds.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#update_resources_interval=0
+
+#
+# Time interval after which an instance is hard rebooted automatically.
+#
+# When doing a soft reboot, it is possible that a guest kernel is
+# completely hung in a way that causes the soft reboot task
+# to not ever finish. Setting this option to a time period in seconds
+# will automatically hard reboot an instance if it has been stuck
+# in a rebooting state longer than N seconds.
+#
+# Possible values:
+#
+# * 0: Disables the option (default).
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#reboot_timeout=0
+
+#
+# Maximum time in seconds that an instance can take to build.
+#
+# If this timer expires, instance status will be changed to ERROR.
+# Enabling this option will make sure an instance will not be stuck
+# in BUILD state for a longer period.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#instance_build_timeout=0
+
+#
+# Interval to wait before un-rescuing an instance stuck in RESCUE.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#rescue_timeout=0
+
+#
+# Automatically confirm resizes after N seconds.
+#
+# Resize functionality will save the existing server before resizing.
+# After the resize completes, user is requested to confirm the resize.
+# The user has the opportunity to either confirm or revert all
+# changes. Confirm resize removes the original server and changes
+# server status from resized to active. Setting this option to a time
+# period (in seconds) will automatically confirm the resize if the
+# server is in resized state longer than that time.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#resize_confirm_window=0
+
+#
+# Total time to wait in seconds for an instance toperform a clean
+# shutdown.
+#
+# It determines the overall period (in seconds) a VM is allowed to
+# perform a clean shutdown. While performing stop, rescue and shelve,
+# rebuild operations, configuring this option gives the VM a chance
+# to perform a controlled shutdown before the instance is powered off.
+# The default timeout is 60 seconds.
+#
+# The timeout value can be overridden on a per image basis by means
+# of os_shutdown_timeout that is an image metadata setting allowing
+# different types of operating systems to specify how much time they
+# need to shut down cleanly.
+#
+# Possible values:
+#
+# * Any positive integer in seconds (default value is 60).
+# (integer value)
+# Minimum value: 1
+#shutdown_timeout=60
+
+#
+# The compute service periodically checks for instances that have been
+# deleted in the database but remain running on the compute node. The
+# above option enables action to be taken when such instances are
+# identified.
+#
+# Possible values:
+#
+# * reap: Powers down the instances and deletes them(default)
+# * log: Logs warning message about deletion of the resource
+# * shutdown: Powers down instances and marks them as non-
+# bootable which can be later used for debugging/analysis
+# * noop: Takes no action
+#
+# Related options:
+#
+# * running_deleted_instance_poll
+# * running_deleted_instance_timeout
+# (string value)
+# Allowed values: noop, log, shutdown, reap
+#running_deleted_instance_action=reap
+
+#
+# Time interval in seconds to wait between runs for the clean up action.
+# If set to 0, above check will be disabled. If "running_deleted_instance
+# _action" is set to "log" or "reap", a value greater than 0 must be set.
+#
+# Possible values:
+#
+# * Any positive integer in seconds enables the option.
+# * 0: Disables the option.
+# * 1800: Default value.
+#
+# Related options:
+#
+# * running_deleted_instance_action
+# (integer value)
+#running_deleted_instance_poll_interval=1800
+
+#
+# Time interval in seconds to wait for the instances that have
+# been marked as deleted in database to be eligible for cleanup.
+#
+# Possible values:
+#
+# * Any positive integer in seconds(default is 0).
+#
+# Related options:
+#
+# * "running_deleted_instance_action"
+# (integer value)
+#running_deleted_instance_timeout=0
+
+#
+# The number of times to attempt to reap an instance's files.
+#
+# This option specifies the maximum number of retry attempts
+# that can be made.
+#
+# Possible values:
+#
+# * Any positive integer defines how many attempts are made.
+# * Any value <=0 means no delete attempts occur, but you should use
+# ``instance_delete_interval`` to disable the delete attempts.
+#
+# Related options:
+# * ``instance_delete_interval`` in interval_opts group can be used to disable
+# this option.
+# (integer value)
+#maximum_instance_delete_attempts=5
+
+# DEPRECATED:
+# This is the message queue topic that the compute service 'listens' on. It is
+# used when the compute service is started up to configure the queue, and
+# whenever an RPC call to the compute service is made.
+#
+# Possible values:
+#
+# * Any string, but there is almost never any reason to ever change this value
+# from its default of 'compute'.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#compute_topic=compute
+
+#
+# Sets the scope of the check for unique instance names.
+#
+# The default doesn't check for unique names. If a scope for the name check is
+# set, a launch of a new instance or an update of an existing instance with a
+# duplicate name will result in an ''InstanceExists'' error. The uniqueness is
+# case-insensitive. Setting this option can increase the usability for end
+# users as they don't have to distinguish among instances with the same name
+# by their IDs.
+#
+# Possible values:
+#
+# * '': An empty value means that no uniqueness check is done and duplicate
+# names are possible.
+# * "project": The instance name check is done only for instances within the
+# same project.
+# * "global": The instance name check is done for all instances regardless of
+# the project.
+# (string value)
+# Allowed values: '', project, global
+#osapi_compute_unique_server_name_scope =
+
+#
+# Enable new services on this host automatically.
+#
+# When a new service (for example "nova-compute") starts up, it gets
+# registered in the database as an enabled service. Sometimes it can be useful
+# to register new services in disabled state and then enabled them at a later
+# point in time. This option can set this behavior for all services per host.
+#
+# Possible values:
+#
+# * ``True``: Each new service is enabled as soon as it registers itself.
+# * ``False``: Services must be enabled via a REST API call or with the CLI
+# with ``nova service-enable <hostname> <binary>``, otherwise they are not
+# ready to use.
+# (boolean value)
+#enable_new_services=true
+
+#
+# Template string to be used to generate instance names.
+#
+# This template controls the creation of the database name of an instance. This
+# is *not* the display name you enter when creating an instance (via Horizon
+# or CLI). For a new deployment it is advisable to change the default value
+# (which uses the database autoincrement) to another value which makes use
+# of the attributes of an instance, like ``instance-%(uuid)s``. If you
+# already have instances in your deployment when you change this, your
+# deployment will break.
+#
+# Possible values:
+#
+# * A string which either uses the instance database ID (like the
+# default)
+# * A string with a list of named database columns, for example ``%(id)d``
+# or ``%(uuid)s`` or ``%(hostname)s``.
+#
+# Related options:
+#
+# * not to be confused with: ``multi_instance_display_name_template``
+# (string value)
+#instance_name_template=instance-%08x
+
+#
+# Number of times to retry live-migration before failing.
+#
+# Possible values:
+#
+# * If == -1, try until out of hosts (default)
+# * If == 0, only try once, no retries
+# * Integer greater than 0
+# (integer value)
+# Minimum value: -1
+#migrate_max_retries=-1
+
+#
+# Configuration drive format
+#
+# Configuration drive format that will contain metadata attached to the
+# instance when it boots.
+#
+# Possible values:
+#
+# * iso9660: A file system image standard that is widely supported across
+# operating systems. NOTE: Mind the libvirt bug
+# (https://bugs.launchpad.net/nova/+bug/1246201) - If your hypervisor
+# driver is libvirt, and you want live migrate to work without shared storage,
+# then use VFAT.
+# * vfat: For legacy reasons, you can configure the configuration drive to
+# use VFAT format instead of ISO 9660.
+#
+# Related options:
+#
+# * This option is meaningful when one of the following alternatives occur:
+# 1. force_config_drive option set to 'true'
+# 2. the REST API call to create the instance contains an enable flag for
+# config drive option
+# 3. the image used to create the instance requires a config drive,
+# this is defined by img_config_drive property for that image.
+# * A compute node running Hyper-V hypervisor can be configured to attach
+# configuration drive as a CD drive. To attach the configuration drive as a CD
+# drive, set config_drive_cdrom option at hyperv section, to true.
+# (string value)
+# Allowed values: iso9660, vfat
+#config_drive_format=iso9660
+config_drive_format=vfat
+
+#
+# Force injection to take place on a config drive
+#
+# When this option is set to true configuration drive functionality will be
+# forced enabled by default, otherwise user can still enable configuration
+# drives via the REST API or image metadata properties.
+#
+# Possible values:
+#
+# * True: Force to use of configuration drive regardless the user's input in the
+# REST API call.
+# * False: Do not force use of configuration drive. Config drives can still be
+# enabled via the REST API or image metadata properties.
+#
+# Related options:
+#
+# * Use the 'mkisofs_cmd' flag to set the path where you install the
+# genisoimage program. If genisoimage is in same path as the
+# nova-compute service, you do not need to set this flag.
+# * To use configuration drive with Hyper-V, you must set the
+# 'mkisofs_cmd' value to the full path to an mkisofs.exe installation.
+# Additionally, you must set the qemu_img_cmd value in the hyperv
+# configuration section to the full path to an qemu-img command
+# installation.
+# (boolean value)
+#force_config_drive=false
+force_config_drive=true
+
+#
+# Name or path of the tool used for ISO image creation
+#
+# Use the mkisofs_cmd flag to set the path where you install the genisoimage
+# program. If genisoimage is on the system path, you do not need to change
+# the default value.
+#
+# To use configuration drive with Hyper-V, you must set the mkisofs_cmd value
+# to the full path to an mkisofs.exe installation. Additionally, you must set
+# the qemu_img_cmd value in the hyperv configuration section to the full path
+# to an qemu-img command installation.
+#
+# Possible values:
+#
+# * Name of the ISO image creator program, in case it is in the same directory
+# as the nova-compute service
+# * Path to ISO image creator program
+#
+# Related options:
+#
+# * This option is meaningful when config drives are enabled.
+# * To use configuration drive with Hyper-V, you must set the qemu_img_cmd
+# value in the hyperv configuration section to the full path to an qemu-img
+# command installation.
+# (string value)
+#mkisofs_cmd=genisoimage
+
+# DEPRECATED:
+# nova-console-proxy is used to set up multi-tenant VM console access.
+# This option allows pluggable driver program for the console session
+# and represents driver to use for the console proxy.
+#
+# Possible values:
+#
+# * A string representing fully classified class name of console driver.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option no longer does anything. Previously this option had only two
+# valid,
+# in-tree values: nova.console.xvp.XVPConsoleProxy and
+# nova.console.fake.FakeConsoleProxy. The latter of these was only used in tests
+# and has since been replaced.
+#console_driver=nova.console.xvp.XVPConsoleProxy
+
+# DEPRECATED:
+# Represents the message queue topic name used by nova-console
+# service when communicating via the AMQP server. The Nova API uses a message
+# queue to communicate with nova-console to retrieve a console URL for that
+# host.
+#
+# Possible values:
+#
+# * A string representing topic exchange name
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#console_topic=console
+
+# DEPRECATED:
+# This option allows you to change the message topic used by nova-consoleauth
+# service when communicating via the AMQP server. Nova Console Authentication
+# server authenticates nova consoles. Users can then access their instances
+# through VNC clients. The Nova API service uses a message queue to
+# communicate with nova-consoleauth to get a VNC console.
+#
+# Possible Values:
+#
+# * 'consoleauth' (default) or Any string representing topic exchange name.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#consoleauth_topic=consoleauth
+
+# DEPRECATED: The driver to use for database access (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+#db_driver=nova.db
+
+# DEPRECATED:
+# Default flavor to use for the EC2 API only.
+# The Nova API does not support a default flavor.
+# (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The EC2 API is deprecated.
+#default_flavor=m1.small
+
+#
+# Default pool for floating IPs.
+#
+# This option specifies the default floating IP pool for allocating floating
+# IPs.
+#
+# While allocating a floating ip, users can optionally pass in the name of the
+# pool they want to allocate from, otherwise it will be pulled from the
+# default pool.
+#
+# If this option is not set, then 'nova' is used as default floating pool.
+#
+# Possible values:
+#
+# * Any string representing a floating IP pool name
+# (string value)
+#default_floating_pool=nova
+
+# DEPRECATED:
+# Autoassigning floating IP to VM
+#
+# When set to True, floating IP is auto allocated and associated
+# to the VM upon creation.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#auto_assign_floating_ip=false
+
+# DEPRECATED:
+# Full class name for the DNS Manager for floating IPs.
+#
+# This option specifies the class of the driver that provides functionality
+# to manage DNS entries associated with floating IPs.
+#
+# When a user adds a DNS entry for a specified domain to a floating IP,
+# nova will add a DNS entry using the specified floating DNS driver.
+# When a floating IP is deallocated, its DNS entry will automatically be
+# deleted.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#floating_ip_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# Full class name for the DNS Manager for instance IPs.
+#
+# This option specifies the class of the driver that provides functionality
+# to manage DNS entries for instances.
+#
+# On instance creation, nova will add DNS entries for the instance name and
+# id, using the specified instance DNS driver and domain. On instance deletion,
+# nova will remove the DNS entries.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#instance_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# If specified, Nova checks if the availability_zone of every instance matches
+# what the database says the availability_zone should be for the specified
+# dns_domain.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#instance_dns_domain =
+
+#
+# Abstracts out IPv6 address generation to pluggable backends.
+#
+# nova-network can be put into dual-stack mode, so that it uses
+# both IPv4 and IPv6 addresses. In dual-stack mode, by default, instances
+# acquire IPv6 global unicast addresses with the help of stateless address
+# auto-configuration mechanism.
+#
+# Related options:
+#
+# * use_neutron: this option only works with nova-network.
+# * use_ipv6: this option only works if ipv6 is enabled for nova-network.
+# (string value)
+# Allowed values: rfc2462, account_identifier
+#ipv6_backend=rfc2462
+
+#
+# The IP address which the host is using to connect to the management network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IPv4 address of this host.
+#
+# Related options:
+#
+# * metadata_host
+# * my_block_storage_ip
+# * routing_source_ip
+# * vpn_ip
+# (string value)
+#my_ip=10.89.104.70
+
+#
+# The IP address which is used to connect to the block storage network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IP address of this host.
+#
+# Related options:
+#
+# * my_ip - if my_block_storage_ip is not set, then my_ip value is used.
+# (string value)
+#my_block_storage_ip=$my_ip
+
+#
+# Hostname, FQDN or IP address of this host. Must be valid within AMQP key.
+#
+# Possible values:
+#
+# * String with hostname, FQDN or IP address. Default is hostname of this host.
+# (string value)
+#host=lcy01-22
+
+#
+# Assign IPv6 and IPv4 addresses when creating instances.
+#
+# Related options:
+#
+# * use_neutron: this only works with nova-network.
+# (boolean value)
+#use_ipv6=false
+
+#
+# This option is a list of full paths to one or more configuration files for
+# dhcpbridge. In most cases the default path of '/etc/nova/nova-dhcpbridge.conf'
+# should be sufficient, but if you have special needs for configuring
+# dhcpbridge,
+# you can change or add to this list.
+#
+# Possible values
+#
+# A list of strings, where each string is the full path to a dhcpbridge
+# configuration file.
+# (multi valued)
+dhcpbridge_flagfile=/etc/nova/nova.conf
+
+#
+# The location where the network configuration files will be kept. The default
+# is
+# the 'networks' directory off of the location where nova's Python module is
+# installed.
+#
+# Possible values
+#
+# A string containing the full path to the desired configuration directory
+# (string value)
+#networks_path=$state_path/networks
+
+#
+# This is the name of the network interface for public IP addresses. The default
+# is 'eth0'.
+#
+# Possible values:
+#
+# Any string representing a network interface name
+# (string value)
+#public_interface=eth0
+
+#
+# The location of the binary nova-dhcpbridge. By default it is the binary named
+# 'nova-dhcpbridge' that is installed with all the other nova binaries.
+#
+# Possible values:
+#
+# Any string representing the full path to the binary for dhcpbridge
+# (string value)
+dhcpbridge=/usr/bin/nova-dhcpbridge
+
+#
+# This is the public IP address of the network host. It is used when creating a
+# SNAT rule.
+#
+# Possible values:
+#
+# Any valid IP address
+#
+# Related options:
+#
+# force_snat_range
+# (string value)
+#routing_source_ip=$my_ip
+
+#
+# The lifetime of a DHCP lease, in seconds. The default is 86400 (one day).
+#
+# Possible values:
+#
+# Any positive integer value.
+# (integer value)
+# Minimum value: 1
+#dhcp_lease_time=86400
+
+#
+# Despite the singular form of the name of this option, it is actually a list of
+# zero or more server addresses that dnsmasq will use for DNS nameservers. If
+# this is not empty, dnsmasq will not read /etc/resolv.conf, but will only use
+# the servers specified in this option. If the option use_network_dns_servers is
+# True, the dns1 and dns2 servers from the network will be appended to this
+# list,
+# and will be used as DNS servers, too.
+#
+# Possible values:
+#
+# A list of strings, where each string is either an IP address or a FQDN.
+#
+# Related options:
+#
+# use_network_dns_servers
+# (multi valued)
+#dns_server =
+
+#
+# When this option is set to True, the dns1 and dns2 servers for the network
+# specified by the user on boot will be used for DNS, as well as any specified
+# in
+# the `dns_server` option.
+#
+# Related options:
+#
+# dns_server
+# (boolean value)
+#use_network_dns_servers=false
+
+#
+# This option is a list of zero or more IP address ranges in your network's DMZ
+# that should be accepted.
+#
+# Possible values:
+#
+# A list of strings, each of which should be a valid CIDR.
+# (list value)
+#dmz_cidr =
+
+#
+# This is a list of zero or more IP ranges that traffic from the
+# `routing_source_ip` will be SNATted to. If the list is empty, then no SNAT
+# rules are created.
+#
+# Possible values:
+#
+# A list of strings, each of which should be a valid CIDR.
+#
+# Related options:
+#
+# routing_source_ip
+# (multi valued)
+#force_snat_range =
+
+#
+# The path to the custom dnsmasq configuration file, if any.
+#
+# Possible values:
+#
+# The full path to the configuration file, or an empty string if there is no
+# custom dnsmasq configuration file.
+# (string value)
+#dnsmasq_config_file =
+
+#
+# This is the class used as the ethernet device driver for linuxnet bridge
+# operations. The default value should be all you need for most cases, but if
+# you
+# wish to use a customized class, set this option to the full dot-separated
+# import path for that class.
+#
+# Possible values:
+#
+# Any string representing a dot-separated class path that Nova can import.
+# (string value)
+#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
+
+#
+# The name of the Open vSwitch bridge that is used with linuxnet when connecting
+# with Open vSwitch."
+#
+# Possible values:
+#
+# Any string representing a valid bridge name.
+# (string value)
+#linuxnet_ovs_integration_bridge=br-int
+
+#
+# When True, when a device starts up, and upon binding floating IP addresses,
+# arp
+# messages will be sent to ensure that the arp caches on the compute hosts are
+# up-to-date.
+#
+# Related options:
+#
+# send_arp_for_ha_count
+# (boolean value)
+#send_arp_for_ha=false
+
+#
+# When arp messages are configured to be sent, they will be sent with the count
+# set to the value of this option. Of course, if this is set to zero, no arp
+# messages will be sent.
+#
+# Possible values:
+#
+# Any integer greater than or equal to 0
+#
+# Related options:
+#
+# send_arp_for_ha
+# (integer value)
+#send_arp_for_ha_count=3
+
+#
+# When set to True, only the firt nic of a VM will get its default gateway from
+# the DHCP server.
+# (boolean value)
+#use_single_default_gateway=false
+
+#
+# One or more interfaces that bridges can forward traffic to. If any of the
+# items
+# in this list is the special keyword 'all', then all traffic will be forwarded.
+#
+# Possible values:
+#
+# A list of zero or more interface names, or the word 'all'.
+# (multi valued)
+#forward_bridge_interface=all
+
+#
+# This option determines the IP address for the network metadata API server.
+#
+# Possible values:
+#
+# * Any valid IP address. The default is the address of the Nova API server.
+#
+# Related options:
+#
+# * metadata_port
+# (string value)
+#metadata_host=$my_ip
+
+#
+# This option determines the port used for the metadata API server.
+#
+# Related options:
+#
+# * metadata_host
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_port=8775
+
+#
+# This expression, if defined, will select any matching iptables rules and place
+# them at the top when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty string
+#
+# Related options:
+#
+# * iptables_bottom_regex
+# (string value)
+#iptables_top_regex =
+
+#
+# This expression, if defined, will select any matching iptables rules and place
+# them at the bottom when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty string
+#
+# Related options:
+#
+# * iptables_top_regex
+# (string value)
+#iptables_bottom_regex =
+
+#
+# By default, packets that do not pass the firewall are DROPped. In many cases,
+# though, an operator may find it more useful to change this from DROP to
+# REJECT,
+# so that the user issuing those packets may have a better idea as to what's
+# going on, or LOGDROP in order to record the blocked traffic before DROPping.
+#
+# Possible values:
+#
+# * A string representing an iptables chain. The default is DROP.
+# (string value)
+#iptables_drop_action=DROP
+
+#
+# This option represents the period of time, in seconds, that the ovs_vsctl
+# calls
+# will wait for a response from the database before timing out. A setting of 0
+# means that the utility should wait forever for a response.
+#
+# Possible values:
+#
+# * Any positive integer if a limited timeout is desired, or zero if the
+# calls should wait forever for a response.
+# (integer value)
+# Minimum value: 0
+#ovs_vsctl_timeout=120
+
+#
+# This option is used mainly in testing to avoid calls to the underlying network
+# utilities.
+# (boolean value)
+#fake_network=false
+
+#
+# This option determines the number of times to retry ebtables commands before
+# giving up. The minimum number of retries is 1.
+#
+# Possible values:
+#
+# * Any positive integer
+#
+# Related options:
+#
+# * ebtables_retry_interval
+# (integer value)
+# Minimum value: 1
+#ebtables_exec_attempts=3
+
+#
+# This option determines the time, in seconds, that the system will sleep in
+# between ebtables retries. Note that each successive retry waits a multiple of
+# this value, so for example, if this is set to the default of 1.0 seconds, and
+# ebtables_exec_attempts is 4, after the first failure, the system will sleep
+# for
+# 1 * 1.0 seconds, after the second failure it will sleep 2 * 1.0 seconds, and
+# after the third failure it will sleep 3 * 1.0 seconds.
+#
+# Possible values:
+#
+# * Any non-negative float or integer. Setting this to zero will result in
+# no
+# waiting between attempts.
+#
+# Related options:
+#
+# * ebtables_exec_attempts
+# (floating point value)
+#ebtables_retry_interval=1.0
+
+#
+# This option determines whether the network setup information is injected into
+# the VM before it is booted. While it was originally designed to be used only
+# by
+# nova-network, it is also used by the vmware and xenapi virt drivers to control
+# whether network information is injected into a VM.
+# (boolean value)
+#flat_injected=false
+
+# DEPRECATED:
+# This option determines the bridge used for simple network interfaces when no
+# bridge is specified in the VM creation request.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any string representing a valid network bridge, such as 'br100'
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#flat_network_bridge=<None>
+
+# DEPRECATED:
+# This is the address of the DNS server for a simple network. If this option is
+# not specified, the default of '8.8.4.4' is used.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IP address.
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#flat_network_dns=8.8.4.4
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which the bridge
+# will be built. While it was originally designed to be used only by
+# nova-network, it is also used by libvirt for the bridge interface name.
+#
+# Possible values:
+#
+# Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#flat_interface=<None>
+
+# DEPRECATED:
+# This is the VLAN number used for private networks. Note that the when creating
+# the networks, if the specified number has already been assigned, nova-network
+# will increment this number until it finds an available VLAN.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment. It also will be ignored if the configuration
+# option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any integer between 1 and 4094. Values outside of that range will raise a
+# ValueError exception. Default = 100.
+#
+# Related options:
+#
+# ``network_manager``, ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# Maximum value: 4094
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#vlan_start=100
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which the VLAN
+# bridge will be built. While it was originally designed to be used only by
+# nova-network, it is also used by libvirt and xenapi for the bridge interface
+# name.
+#
+# Please note that this setting will be ignored in nova-network if the
+# configuration option for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options. While
+# this option has an effect when using neutron, it incorrectly override the
+# value
+# provided by neutron and should therefore not be used.
+#vlan_interface=<None>
+
+# DEPRECATED:
+# This option represents the number of networks to create if not explicitly
+# specified when the network is created. The only time this is used is if a CIDR
+# is specified, but an explicit network_size is not. In that case, the subnets
+# are created by diving the IP address space of the CIDR by num_networks. The
+# resulting subnet sizes cannot be larger than the configuration option
+# `network_size`; in that event, they are reduced to `network_size`, and a
+# warning is logged.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any positive integer is technically valid, although there are practical
+# limits based upon available IP address space and virtual interfaces. The
+# default is 1.
+#
+# Related options:
+#
+# ``use_neutron``, ``network_size``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#num_networks=1
+
+# DEPRECATED:
+# This is the public IP address for the cloudpipe VPN servers. It defaults to
+# the
+# IP address of the host.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment. It also will be ignored if the configuration
+# option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any valid IP address. The default is $my_ip, the IP address of the VM.
+#
+# Related options:
+#
+# ``network_manager``, ``use_neutron``, ``vpn_start``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#vpn_ip=$my_ip
+
+# DEPRECATED:
+# This is the port number to use as the first VPN port for private networks.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment. It also will be ignored if the configuration
+# option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager', or if you specify a value the 'vpn_start'
+# parameter when creating a network.
+#
+# Possible values:
+#
+# Any integer representing a valid port number. The default is 1000.
+#
+# Related options:
+#
+# ``use_neutron``, ``vpn_ip``, ``network_manager``
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#vpn_start=1000
+
+# DEPRECATED:
+# This option determines the number of addresses in each private subnet.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any positive integer that is less than or equal to the available network
+# size. Note that if you are creating multiple networks, they must all fit
+# in
+# the available IP address space. The default is 256.
+#
+# Related options:
+#
+# ``use_neutron``, ``num_networks``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#network_size=256
+
+# DEPRECATED:
+# This option determines the fixed IPv6 address block when creating a network.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IPv6 CIDR. The default value is "fd00::/48".
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#fixed_range_v6=fd00::/48
+
+# DEPRECATED:
+# This is the default IPv4 gateway. It is used only in the testing suite.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IP address.
+#
+# Related options:
+#
+# ``use_neutron``, ``gateway_v6``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#gateway=<None>
+
+# DEPRECATED:
+# This is the default IPv6 gateway. It is used only in the testing suite.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IP address.
+#
+# Related options:
+#
+# ``use_neutron``, ``gateway``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#gateway_v6=<None>
+
+# DEPRECATED:
+# This option represents the number of IP addresses to reserve at the top of the
+# address range for VPN clients. It also will be ignored if the configuration
+# option for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any integer, 0 or greater. The default is 0.
+#
+# Related options:
+#
+# ``use_neutron``, ``network_manager``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#cnt_vpn_clients=0
+
+# DEPRECATED:
+# This is the number of seconds to wait before disassociating a deallocated
+# fixed
+# IP address. This is only used with the nova-network service, and has no effect
+# when using neutron for networking.
+#
+# Possible values:
+#
+# Any integer, zero or greater. The default is 600 (10 minutes).
+#
+# Related options:
+#
+# ``use_neutron``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#fixed_ip_disassociate_timeout=600
+
+# DEPRECATED:
+# This option determines how many times nova-network will attempt to create a
+# unique MAC address before giving up and raising a
+# `VirtualInterfaceMacAddressException` error.
+#
+# Possible values:
+#
+# Any positive integer. The default is 5.
+#
+# Related options:
+#
+# ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#create_unique_mac_address_attempts=5
+
+# DEPRECATED:
+# Determines whether unused gateway devices, both VLAN and bridge, are deleted
+# if
+# the network is in nova-network VLAN mode and is multi-hosted.
+#
+# Related options:
+#
+# ``use_neutron``, ``vpn_ip``, ``fake_network``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#teardown_unused_network_gateway=false
+
+# DEPRECATED:
+# When this option is True, a call is made to release the DHCP for the instance
+# when that instance is terminated.
+#
+# Related options:
+#
+# ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+force_dhcp_release=true
+
+# DEPRECATED:
+# When this option is True, whenever a DNS entry must be updated, a fanout cast
+# message is sent to all network hosts to update their DNS entries in multi-host
+# mode.
+#
+# Related options:
+#
+# ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#update_dns_entries=false
+
+# DEPRECATED:
+# This option determines the time, in seconds, to wait between refreshing DNS
+# entries for the network.
+#
+# Possible values:
+#
+# Either -1 (default), or any positive integer. A negative value will
+# disable
+# the updates.
+#
+# Related options:
+#
+# ``use_neutron``
+# (integer value)
+# Minimum value: -1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#dns_update_periodic_interval=-1
+
+# DEPRECATED:
+# This option allows you to specify the domain for the DHCP server.
+#
+# Possible values:
+#
+# Any string that is a valid domain name.
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#dhcp_domain=novalocal
+dhcp_domain={{ compute.get('dhcp_domain', 'novalocal') }}
+
+# DEPRECATED:
+# This option allows you to specify the L3 management library to be used.
+#
+# Possible values:
+#
+# Any dot-separated string that represents the import path to an L3
+# networking library.
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#l3_lib=nova.network.l3.LinuxNetL3
+
+# DEPRECATED:
+# THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK.
+#
+# If True in multi_host mode, all compute hosts share the same dhcp address. The
+# same IP address used for DHCP will be added on each nova-network node which is
+# only visible to the VMs on the same host.
+#
+# The use of this configuration has been deprecated and may be removed in any
+# release after Mitaka. It is recommended that instead of relying on this
+# option,
+# an explicit value should be passed to 'create_networks()' as a keyword
+# argument
+# with the name 'share_address'.
+# (boolean value)
+# This option is deprecated for removal since 2014.2.
+# Its value may be silently ignored in the future.
+#share_dhcp_address=false
+
+# DEPRECATED: Whether to use Neutron or Nova Network as the back end for
+# networking. Defaults to False (indicating Nova network).Set to True to use
+# neutron. (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#use_neutron=true
+
+#
+# URL for LDAP server which will store DNS entries
+#
+# Possible values:
+#
+# * A valid LDAP URL representing the server
+# (uri value)
+#ldap_dns_url=ldap://ldap.example.com:389
+
+# Bind user for LDAP server (string value)
+#ldap_dns_user=uid=admin,ou=people,dc=example,dc=org
+
+# Bind user's password for LDAP server (string value)
+#ldap_dns_password=password
+
+#
+# Hostmaster for LDAP DNS driver Statement of Authority
+#
+# Possible values:
+#
+# * Any valid string representing LDAP DNS hostmaster.
+# (string value)
+#ldap_dns_soa_hostmaster=hostmaster@example.org
+
+#
+# DNS Servers for LDAP DNS driver
+#
+# Possible values:
+#
+# * A valid URL representing a DNS server
+# (multi valued)
+#ldap_dns_servers=dns.example.org
+
+#
+# Base distinguished name for the LDAP search query
+#
+# This option helps to decide where to look up the host in LDAP.
+# (string value)
+#ldap_dns_base_dn=ou=hosts,dc=example,dc=org
+
+#
+# Refresh interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server waits before requesting for
+# primary DNS server's current SOA record. If the records are different,
+# secondary DNS server will request a zone transfer from primary.
+#
+# NOTE: Lower values would cause more traffic.
+# (integer value)
+#ldap_dns_soa_refresh=1800
+
+#
+# Retry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server should wait, if an
+# attempt to transfer zone failed during the previous refresh interval.
+# (integer value)
+#ldap_dns_soa_retry=3600
+
+#
+# Expiry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server holds the information
+# before it is no longer considered authoritative.
+# (integer value)
+#ldap_dns_soa_expiry=86400
+
+#
+# Minimum interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# It is Minimum time-to-live applies for all resource records in the
+# zone file. This value is supplied to other servers how long they
+# should keep the data in cache.
+# (integer value)
+#ldap_dns_soa_minimum=7200
+
+# DEPRECATED: The topic network nodes listen on (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#network_topic=network
+
+# DEPRECATED:
+# Default value for multi_host in networks.
+#
+# nova-network service can operate in a multi-host or single-host mode.
+# In multi-host mode each compute node runs a copy of nova-network and the
+# instances on that compute node use the compute node as a gateway to the
+# Internet. Where as in single-host mode, a central server runs the nova-network
+# service. All compute nodes forward traffic from the instances to the
+# cloud controller which then forwards traffic to the Internet.
+#
+# If this options is set to true, some rpc network calls will be sent directly
+# to host.
+#
+# Note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Related options:
+#
+# * use_neutron
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#multi_host=false
+
+# DEPRECATED:
+# Driver to use for network creation.
+#
+# Network driver initializes (creates bridges and so on) only when the
+# first VM lands on a host node. All network managers configure the
+# network using network drivers. The driver is not tied to any particular
+# network manager.
+#
+# The default Linux driver implements vlans, bridges, and iptables rules
+# using linux utilities.
+#
+# Note that this option is only used when using nova-network instead
+# of Neutron in your deployment.
+#
+# Related options:
+#
+# * use_neutron
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#network_driver=nova.network.linux_net
+
+#
+# Firewall driver to use with ``nova-network`` service.
+#
+# This option only applies when using the ``nova-network`` service. When using
+# another networking services, such as Neutron, this should be to set to the
+# ``nova.virt.firewall.NoopFirewallDriver``.
+#
+# If unset (the default), this will default to the hypervisor-specified
+# default driver.
+#
+# Possible values:
+#
+# * nova.virt.firewall.IptablesFirewallDriver
+# * nova.virt.firewall.NoopFirewallDriver
+# * nova.virt.libvirt.firewall.IptablesFirewallDriver
+# * [...]
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-network``
+# networking
+# (string value)
+#firewall_driver=<None>
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+#
+# Determine whether to allow network traffic from same network.
+#
+# When set to true, hosts on the same subnet are not filtered and are allowed
+# to pass all types of traffic between them. On a flat network, this allows
+# all instances from all projects unfiltered communication. With VLAN
+# networking, this allows access between instances within the same project.
+#
+# This option only applies when using the ``nova-network`` service. When using
+# another networking services, such as Neutron, security groups or other
+# approaches should be used.
+#
+# Possible values:
+#
+# * True: Network traffic should be allowed pass between all instances on the
+# same network, regardless of their tenant and security policies
+# * False: Network traffic should not be allowed pass between instances unless
+# it is unblocked in a security group
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-network``
+# networking
+# * ``firewall_driver``: This must be set to
+# ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` to ensure the
+# libvirt firewall driver is enabled.
+# (boolean value)
+#allow_same_net_traffic=true
+
+#
+# Filename that will be used for storing websocket frames received
+# and sent by a proxy service (like VNC, spice, serial) running on this host.
+# If this is not set, no recording will be done.
+# (string value)
+#record=<None>
+
+# Run as a background process. (boolean value)
+#daemon=false
+
+# Disallow non-encrypted connections. (boolean value)
+#ssl_only=false
+
+# Set to True if source host is addressed with IPv6. (boolean value)
+#source_is_ipv6=false
+
+# Path to SSL certificate file. (string value)
+#cert=self.pem
+
+# SSL key file (if separate from cert). (string value)
+#key=<None>
+
+#
+# Path to directory with content which will be served by a web server.
+# (string value)
+#web=/usr/share/spice-html5
+
+#
+# The directory where the Nova python modules are installed.
+#
+# This directory is used to store template files for networking and remote
+# console access. It is also the default path for other config options which
+# need to persist Nova internal data. It is very unlikely that you need to
+# change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+#
+# Related options:
+#
+# * ``state_path``
+# (string value)
+#pybasedir=/build/nova-elxmSs/nova-15.0.2
+
+#
+# The directory where the Nova binaries are installed.
+#
+# This option is only relevant if the networking capabilities from Nova are
+# used (see services below). Nova's networking capabilities are targeted to
+# be fully replaced by Neutron in the future. It is very unlikely that you need
+# to change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+# (string value)
+#bindir=/usr/local/bin
+
+#
+# The top-level directory for maintaining Nova's state.
+#
+# This directory is used to store Nova's internal state. It is used by a
+# variety of other config options which derive from this. In some scenarios
+# (for example migrations) it makes sense to use a storage location which is
+# shared between multiple compute hosts (for example via NFS). Unless the
+# option ``instances_path`` gets overwritten, this directory can grow very
+# large.
+#
+# Possible values:
+#
+# * The full path to a directory. Defaults to value provided in ``pybasedir``.
+# (string value)
+state_path=/var/lib/nova
+
+#
+# Number of seconds indicating how frequently the state of services on a
+# given hypervisor is reported. Nova needs to know this to determine the
+# overall health of the deployment.
+#
+# Related Options:
+#
+# * service_down_time
+# report_interval should be less than service_down_time. If service_down_time
+# is less than report_interval, services will routinely be considered down,
+# because they report in too rarely.
+# (integer value)
+#report_interval=10
+report_interval = {{ compute.get('report_interval', '60') }}
+
+#
+# Maximum time in seconds since last check-in for up service
+#
+# Each compute node periodically updates their database status based on the
+# specified report interval. If the compute node hasn't updated the status
+# for more than service_down_time, then the compute node is considered down.
+#
+# Related Options:
+#
+# * report_interval (service_down_time should not be less than report_interval)
+# (integer value)
+#service_down_time=60
+service_down_time=90
+
+#
+# Enable periodic tasks.
+#
+# If set to true, this option allows services to periodically run tasks
+# on the manager.
+#
+# In case of running multiple schedulers or conductors you may want to run
+# periodic tasks on only one host - in this case disable this option for all
+# hosts but one.
+# (boolean value)
+#periodic_enable=true
+
+#
+# Number of seconds to randomly delay when starting the periodic task
+# scheduler to reduce stampeding.
+#
+# When compute workers are restarted in unison across a cluster,
+# they all end up running the periodic tasks at the same time
+# causing problems for the external services. To mitigate this
+# behavior, periodic_fuzzy_delay option allows you to introduce a
+# random initial delay when starting the periodic task scheduler.
+#
+# Possible Values:
+#
+# * Any positive integer (in seconds)
+# * 0 : disable the random delay
+# (integer value)
+# Minimum value: 0
+#periodic_fuzzy_delay=60
+
+# List of APIs to be enabled by default. (list value)
+enabled_apis=osapi_compute,metadata
+
+#
+# List of APIs with enabled SSL.
+#
+# Nova provides SSL support for the API servers. enabled_ssl_apis option
+# allows configuring the SSL support.
+# (list value)
+#enabled_ssl_apis =
+
+#
+# IP address on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this IP address for incoming
+# requests.
+# (string value)
+#osapi_compute_listen=0.0.0.0
+
+#
+# Port on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#osapi_compute_listen_port=8774
+
+#
+# Number of workers for OpenStack API service. The default will be the number
+# of CPUs available.
+#
+# OpenStack API services can be configured to run as multi-process (workers).
+# This overcomes the problem of reduction in throughput when API request
+# concurrency increases. OpenStack API service will run in the specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#osapi_compute_workers=<None>
+
+#
+# IP address on which the metadata API will listen.
+#
+# The metadata API service listens on this IP address for incoming
+# requests.
+# (string value)
+#metadata_listen=0.0.0.0
+
+#
+# Port on which the metadata API will listen.
+#
+# The metadata API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_listen_port=8775
+
+#
+# Number of workers for metadata service. If not specified the number of
+# available CPUs will be used.
+#
+# The metadata service can be configured to run as multi-process (workers).
+# This overcomes the problem of reduction in throughput when API request
+# concurrency increases. The metadata service will run in the specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#metadata_workers=<None>
+
+# Full class name for the Manager for network (string value)
+# Allowed values: nova.network.manager.FlatManager, nova.network.manager.FlatDHCPManager, nova.network.manager.VlanManager
+#network_manager=nova.network.manager.VlanManager
+
+#
+# This option specifies the driver to be used for the servicegroup service.
+#
+# ServiceGroup API in nova enables checking status of a compute node. When a
+# compute worker running the nova-compute daemon starts, it calls the join API
+# to join the compute group. Services like nova scheduler can query the
+# ServiceGroup API to check if a node is alive. Internally, the ServiceGroup
+# client driver automatically updates the compute worker status. There are
+# multiple backend implementations for this service: Database ServiceGroup
+# driver
+# and Memcache ServiceGroup driver.
+#
+# Possible Values:
+#
+# * db : Database ServiceGroup driver
+# * mc : Memcache ServiceGroup driver
+#
+# Related Options:
+#
+# * service_down_time (maximum time since last check-in for up service)
+# (string value)
+# Allowed values: db, mc
+#servicegroup_driver=db
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug=false
+debug=false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose=true
+verbose=true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append=<None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format=%Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file=<None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+log_dir=/var/log/nova
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
+#watch_log_file=false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_syslog=false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility=LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr=false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
+#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format=%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors=false
+
+# The format for an instance that is passed with the log message. (string value)
+#instance_format="[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format="[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval=0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst=0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
+# empty string. Logs with level greater or equal to rate_limit_except_level are
+# not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level=CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations=false
+
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size=30
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size=2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl=1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address=*
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker=redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts=1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog=<None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir=/var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host=localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger period.
+# The value of 0 specifies no linger period. Pending messages shall be discarded
+# immediately when the socket is closed. Positive values specify an upper bound
+# for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger=-1
+zmq_linger=30
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout=1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire=300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update=180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub=false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy=false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections=false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections=2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port=49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port=65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries=100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization=json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate=true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive=-1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to skip
+# any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle=-1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value and
+# 0) means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_cnt=-1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0) means
+# to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl=-1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size=100
+
+# Expiration timeout in seconds of a sent/received message after which it is not
+# tracked anymore by a client/server. (integer value)
+#rpc_message_ttl=300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks=false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base=15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier=2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts=3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size=64
+executor_thread_pool_size=70
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout=60
+rpc_response_timeout = 3600
+
+{%- if compute.message_queue.members is defined %}
+transport_url = rabbit://{% for member in compute.message_queue.members -%}
+ {{ compute.message_queue.user }}:{{ compute.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ compute.message_queue.virtual_host }}
+{%- else %}
+transport_url = rabbit://{{ compute.message_queue.user }}:{{ compute.message_queue.password }}@{{ compute.message_queue.host }}:{{ controller.message_queue.port }}{{ compute.message_queue.virtual_host }}
+{%- endif %}
+
+rpc_backend=rabbit
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend=rabbit
+
+# The default exchange under which topics are scoped. May be overridden by an
+# exchange name specified in the transport_url option. (string value)
+#control_exchange=openstack
+
+#
+# From oslo.service.periodic_task
+#
+
+# Some periodic tasks can be run in a separate process. Should we run them here?
+# (boolean value)
+#run_external_periodic_tasks=true
+
+#
+# From oslo.service.service
+#
+
+# Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>,
+# where 0 results in listening on a random tcp port number; <port> results in
+# listening on the specified port number (and not enabling backdoor if that port
+# is in use); and <start>:<end> results in listening on the smallest unused port
+# number within the specified range of port numbers. The chosen port is
+# displayed in the service's log file. (string value)
+#backdoor_port=<None>
+
+# Enable eventlet backdoor, using the provided path as a unix socket that can
+# receive connections. This option is mutually exclusive with 'backdoor_port' in
+# that only one should be provided. If both are provided then the existence of
+# this option overrides the usage of that option. (string value)
+#backdoor_socket=<None>
+
+# Enables or disables logging values of all registered options when starting a
+# service (at DEBUG level). (boolean value)
+#log_options=true
+
+# Specify a timeout after which a gracefully shutdown server will exit. Zero
+# value means endless wait. (integer value)
+#graceful_shutdown_timeout=60
+
+
+[api]
+#
+# Options under this group are used to define Nova API.
+
+#
+# From nova.conf
+#
+
+#
+# This determines the strategy to use for authentication: keystone or noauth2.
+# 'noauth2' is designed for testing only, as it does no actual credential
+# checking. 'noauth2' provides administrative credentials only if 'admin' is
+# specified as the username.
+# (string value)
+# Allowed values: keystone, noauth2
+# Deprecated group/name - [DEFAULT]/auth_strategy
+#auth_strategy=keystone
+auth_strategy=keystone
+
+#
+# When True, the 'X-Forwarded-For' header is treated as the canonical remote
+# address. When False (the default), the 'remote_address' header is used.
+#
+# You should only enable this if you have an HTML sanitizing proxy.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/use_forwarded_for
+#use_forwarded_for=false
+
+#
+# When gathering the existing metadata for a config drive, the EC2-style
+# metadata is returned for all versions that don't appear in this option.
+# As of the Liberty release, the available versions are:
+#
+# * 1.0
+# * 2007-01-19
+# * 2007-03-01
+# * 2007-08-29
+# * 2007-10-10
+# * 2007-12-15
+# * 2008-02-01
+# * 2008-09-01
+# * 2009-04-04
+#
+# The option is in the format of a single string, with each version separated
+# by a space.
+#
+# Possible values:
+#
+# * Any string that represents zero or more versions, separated by spaces.
+# (string value)
+# Deprecated group/name - [DEFAULT]/config_drive_skip_versions
+#config_drive_skip_versions=1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01
+
+#
+# A list of vendordata providers.
+#
+# vendordata providers are how deployers can provide metadata via configdrive
+# and metadata that is specific to their deployment. There are currently two
+# supported providers: StaticJSON and DynamicJSON.
+#
+# StaticJSON reads a JSON file configured by the flag vendordata_jsonfile_path
+# and places the JSON from that file into vendor_data.json and
+# vendor_data2.json.
+#
+# DynamicJSON is configured via the vendordata_dynamic_targets flag, which is
+# documented separately. For each of the endpoints specified in that flag, a
+# section is added to the vendor_data2.json.
+#
+# For more information on the requirements for implementing a vendordata
+# dynamic endpoint, please see the vendordata.rst file in the nova developer
+# reference.
+#
+# Possible values:
+#
+# * A list of vendordata providers, with StaticJSON and DynamicJSON being
+# current options.
+#
+# Related options:
+#
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (list value)
+# Deprecated group/name - [DEFAULT]/vendordata_providers
+#vendordata_providers =
+
+#
+# A list of targets for the dynamic vendordata provider. These targets are of
+# the form <name>@<url>.
+#
+# The dynamic vendordata provider collects metadata by contacting external REST
+# services and querying them for information about the instance. This behaviour
+# is documented in the vendordata.rst file in the nova developer reference.
+# (list value)
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_targets
+#vendordata_dynamic_targets =
+
+#
+# Path to an optional certificate file or CA bundle to verify dynamic
+# vendordata REST services ssl certificates against.
+#
+# Possible values:
+#
+# * An empty string, or a path to a valid certificate file
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (string value)
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_ssl_certfile
+#vendordata_dynamic_ssl_certfile =
+
+#
+# Maximum wait time for an external REST service to connect.
+#
+# Possible values:
+#
+# * Any integer with a value greater than three (the TCP packet retransmission
+# timeout). Note that instance start may be blocked during this wait time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 3
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_connect_timeout
+#vendordata_dynamic_connect_timeout=5
+
+#
+# Maximum wait time for an external REST service to return data once connected.
+#
+# Possible values:
+#
+# * Any integer. Note that instance start is blocked during this wait time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_read_timeout
+#vendordata_dynamic_read_timeout=5
+
+#
+# Should failures to fetch dynamic vendordata be fatal to instance boot?
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# (boolean value)
+#vendordata_dynamic_failure_fatal=false
+
+#
+# This option is the time (in seconds) to cache metadata. When set to 0,
+# metadata caching is disabled entirely; this is generally not recommended for
+# performance reasons. Increasing this setting should improve response times
+# of the metadata API when under heavy load. Higher values may increase memory
+# usage, and result in longer times for host metadata changes to take effect.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/metadata_cache_expiration
+#metadata_cache_expiration=15
+
+#
+# Cloud providers may store custom data in vendor data file that will then be
+# available to the instances via the metadata service, and to the rendering of
+# config-drive. The default class for this, JsonFileVendorData, loads this
+# information from a JSON file, whose path is configured by this option. If
+# there is no path set by this option, the class returns an empty dictionary.
+#
+# Possible values:
+#
+# * Any string representing the path to the data file, or an empty string
+# (default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/vendordata_jsonfile_path
+#vendordata_jsonfile_path=<None>
+
+#
+# As a query can potentially return many thousands of items, you can limit the
+# maximum number of items in a single response by setting this option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/osapi_max_limit
+#max_limit=1000
+
+#
+# This string is prepended to the normal URL that is returned in links to the
+# OpenStack Compute API. If it is empty (the default), the URLs are returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix
+#compute_link_prefix=<None>
+
+#
+# This string is prepended to the normal URL that is returned in links to
+# Glance resources. If it is empty (the default), the URLs are returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_glance_link_prefix
+#glance_link_prefix=<None>
+
+#
+# Operators can turn off the ability for a user to take snapshots of their
+# instances by setting this option to False. When disabled, any attempt to
+# take a snapshot will result in a HTTP 400 response ("Bad Request").
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/allow_instance_snapshots
+#allow_instance_snapshots=true
+
+#
+# This option is a list of all instance states for which network address
+# information should not be returned from the API.
+#
+# Possible values:
+#
+# A list of strings, where each string is a valid VM state, as defined in
+# nova/compute/vm_states.py. As of the Newton release, they are:
+#
+# * "active"
+# * "building"
+# * "paused"
+# * "suspended"
+# * "stopped"
+# * "rescued"
+# * "resized"
+# * "soft-delete"
+# * "deleted"
+# * "error"
+# * "shelved"
+# * "shelved_offloaded"
+# (list value)
+# Deprecated group/name - [DEFAULT]/osapi_hide_server_address_states
+#hide_server_address_states=building
+
+# The full path to the fping binary. (string value)
+# Deprecated group/name - [DEFAULT]/fping_path
+#fping_path=/usr/sbin/fping
+
+#
+# When True, the TenantNetworkController will query the Neutron API to get the
+# default networks to use.
+#
+# Related options:
+#
+# * neutron_default_tenant_id
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/use_neutron_default_nets
+#use_neutron_default_nets=false
+
+#
+# Tenant ID for getting the default network from Neutron API (also referred in
+# some places as the 'project ID') to use.
+#
+# Related options:
+#
+# * use_neutron_default_nets
+# (string value)
+# Deprecated group/name - [DEFAULT]/neutron_default_tenant_id
+#neutron_default_tenant_id=default
+
+#
+# Enables returning of the instance password by the relevant server API calls
+# such as create, rebuild, evacuate, or rescue. If the hypervisor does not
+# support password injection, then the password returned will not be correct,
+# so if your hypervisor does not support password injection, set this to False.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/enable_instance_password
+#enable_instance_password=true
+
+
+[api_database]
+#
+# The *Nova API Database* is a separate database which is used for information
+# which is used across *cells*. This database is mandatory since the Mitaka
+# release (13.0.0).
+
+#
+# From nova.conf
+#
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+connection=sqlite:////var/lib/nova/nova.sqlite
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous=true
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
+#slave_connection=<None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode=TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+#idle_timeout=3600
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
+#max_pool_size=<None>
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+#max_retries=10
+
+# Interval between retries of opening a SQL connection. (integer value)
+#retry_interval=10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+#max_overflow=<None>
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+#connection_debug=0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+#connection_trace=false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+#pool_timeout=<None>
+
+
+[barbican]
+
+#
+# From nova.conf
+#
+
+# Use this endpoint to connect to Barbican, for example:
+# "http://localhost:9311/" (string value)
+#barbican_endpoint=<None>
+
+# Version of the Barbican API, for example: "v1" (string value)
+#barbican_api_version=<None>
+
+# Use this endpoint to connect to Keystone (string value)
+#auth_endpoint=http://localhost:5000/v3
+
+# Number of seconds to wait before retrying poll for key creation completion
+# (integer value)
+#retry_delay=1
+
+# Number of times to retry poll for key creation completion (integer value)
+#number_of_retries=60
+
+
+[cache]
+
+#
+# From nova.conf
+#
+{%- if compute.cache is defined %}
+backend = oslo_cache.memcache_pool
+enabled = true
+memcache_servers={%- for member in compute.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+# Prefix for building the configuration dictionary for the cache region. This
+# should not need to be changed unless there is another dogpile.cache region
+# with the same configuration name. (string value)
+#config_prefix=cache.oslo
+
+# Default TTL, in seconds, for any cached item in the dogpile.cache region. This
+# applies to any cached method that doesn't have an explicit cache expiration
+# time defined for it. (integer value)
+#expiration_time=600
+
+# Dogpile.cache backend module. It is recommended that Memcache or Redis
+# (dogpile.cache.redis) be used in production deployments. For eventlet-based or
+# highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is
+# recommended. For low thread servers, dogpile.cache.memcached is recommended.
+# Test environments with a single instance of the server can use the
+# dogpile.cache.memory backend. (string value)
+#backend=dogpile.cache.null
+
+# Arguments supplied to the backend module. Specify this option once per
+# argument to be passed to the dogpile.cache backend. Example format:
+# "<argname>:<value>". (multi valued)
+#backend_argument =
+
+# Proxy classes to import that will affect the way the dogpile.cache backend
+# functions. See the dogpile.cache documentation on changing-backend-behavior.
+# (list value)
+#proxies =
+
+# Global toggle for caching. (boolean value)
+#enabled=false
+
+# Extra debugging from the cache backend (cache keys, get/set/delete/etc calls).
+# This is only really useful if you need to see the specific cache-backend
+# get/set/delete calls with the keys/values. Typically this should be left set
+# to false. (boolean value)
+#debug_cache_backend=false
+
+# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (list value)
+#memcache_servers=localhost:11211
+
+# Number of seconds memcached server is considered dead before it is tried
+# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (integer value)
+#memcache_dead_retry=300
+
+# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (integer value)
+#memcache_socket_timeout=3
+
+# Max total number of open connections to every memcached server.
+# (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_maxsize=10
+
+# Number of seconds a connection to memcached is held unused in the pool before
+# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_unused_timeout=60
+
+# Number of seconds that an operation will wait to get a memcache client
+# connection. (integer value)
+#memcache_pool_connection_get_timeout=10
+
+
+[cells]
+#
+# Cells options allow you to use cells functionality in openstack
+# deployment.
+#
+# Note that the options in this group are only for cells v1 functionality, which
+# is considered experimental and not recommended for new deployments. Cells v1
+# is being replaced with cells v2, which starting in the 15.0.0 Ocata release is
+# required and all Nova deployments will be at least a cells v2 cell of one.
+#
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Topic.
+#
+# This is the message queue topic that cells nodes listen on. It is
+# used when the cells service is started up to configure the queue,
+# and whenever an RPC call to the scheduler is made.
+#
+# Possible values:
+#
+# * cells: This is the recommended and the default value.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Configurable RPC topics provide little value and can result in a wide variety
+# of errors. They should not be used.
+#topic=cells
+
+#
+# Enable cell v1 functionality.
+#
+# Note that cells v1 is considered experimental and not recommended for new
+# Nova deployments. Cells v1 is being replaced by cells v2 which starting in
+# the 15.0.0 Ocata release, all Nova deployments are at least a cells v2 cell
+# of one. Setting this option, or any other options in the [cells] group, is
+# not required for cells v2.
+#
+# When this functionality is enabled, it lets you to scale an OpenStack
+# Compute cloud in a more distributed fashion without having to use
+# complicated technologies like database and message queue clustering.
+# Cells are configured as a tree. The top-level cell should have a host
+# that runs a nova-api service, but no nova-compute services. Each
+# child cell should run all of the typical nova-* services in a regular
+# Compute cloud except for nova-api. You can think of cells as a normal
+# Compute deployment in that each cell has its own database server and
+# message queue broker.
+#
+# Related options:
+#
+# * name: A unique cell name must be given when this functionality
+# is enabled.
+# * cell_type: Cell type should be defined for all cells.
+# (boolean value)
+enable=False
+
+#
+# Name of the current cell.
+#
+# This value must be unique for each cell. Name of a cell is used as
+# its id, leaving this option unset or setting the same name for
+# two or more cells may cause unexpected behaviour.
+#
+# Related options:
+#
+# * enabled: This option is meaningful only when cells service
+# is enabled
+# (string value)
+#name=nova
+
+#
+# Cell capabilities.
+#
+# List of arbitrary key=value pairs defining capabilities of the
+# current cell to be sent to the parent cells. These capabilities
+# are intended to be used in cells scheduler filters/weighers.
+#
+# Possible values:
+#
+# * key=value pairs list for example;
+# ``hypervisor=xenserver;kvm,os=linux;windows``
+# (list value)
+#capabilities=hypervisor=xenserver;kvm,os=linux;windows
+
+#
+# Call timeout.
+#
+# Cell messaging module waits for response(s) to be put into the
+# eventlet queue. This option defines the seconds waited for
+# response from a call to a cell.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# Minimum value: 0
+#call_timeout=60
+
+#
+# Reserve percentage
+#
+# Percentage of cell capacity to hold in reserve, so the minimum
+# amount of free resource is considered to be;
+#
+# min_free = total * (reserve_percent / 100.0)
+#
+# This option affects both memory and disk utilization.
+#
+# The primary purpose of this reserve is to ensure some space is
+# available for users who want to resize their instance to be larger.
+# Note that currently once the capacity expands into this reserve
+# space this option is ignored.
+#
+# Possible values:
+#
+# * An integer or float, corresponding to the percentage of cell capacity to
+# be held in reserve.
+# (floating point value)
+#reserve_percent=10.0
+
+#
+# Type of cell.
+#
+# When cells feature is enabled the hosts in the OpenStack Compute
+# cloud are partitioned into groups. Cells are configured as a tree.
+# The top-level cell's cell_type must be set to ``api``. All other
+# cells are defined as a ``compute cell`` by default.
+#
+# Related option:
+#
+# * quota_driver: Disable quota checking for the child cells.
+# (nova.quota.NoopQuotaDriver)
+# (string value)
+# Allowed values: api, compute
+#cell_type=compute
+
+#
+# Mute child interval.
+#
+# Number of seconds after which a lack of capability and capacity
+# update the child cell is to be treated as a mute cell. Then the
+# child cell will be weighed as recommend highly that it be skipped.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+#mute_child_interval=300
+
+#
+# Bandwidth update interval.
+#
+# Seconds between bandwidth usage cache updates for cells.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+#bandwidth_update_interval=600
+
+#
+# Instance update sync database limit.
+#
+# Number of instances to pull from the database at one time for
+# a sync. If there are more instances to update the results will
+# be paged through.
+#
+# Possible values:
+#
+# * An integer, corresponding to a number of instances.
+# (integer value)
+#instance_update_sync_database_limit=100
+
+#
+# Mute weight multiplier.
+#
+# Multiplier used to weigh mute children. Mute children cells are
+# recommended to be skipped so their weight is multiplied by this
+# negative value.
+#
+# Possible values:
+#
+# * Negative numeric number
+# (floating point value)
+#mute_weight_multiplier=-10000.0
+
+#
+# Ram weight multiplier.
+#
+# Multiplier used for weighing ram. Negative numbers indicate that
+# Compute should stack VMs on one host instead of spreading out new
+# VMs to more hosts in the cell.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+#ram_weight_multiplier=10.0
+
+#
+# Offset weight multiplier
+#
+# Multiplier used to weigh offset weigher. Cells with higher
+# weight_offsets in the DB will be preferred. The weight_offset
+# is a property of a cell stored in the database. It can be used
+# by a deployer to have scheduling decisions favor or disfavor
+# cells based on the setting.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+#offset_weight_multiplier=1.0
+
+#
+# Instance updated at threshold
+#
+# Number of seconds after an instance was updated or deleted to
+# continue to update cells. This option lets cells manager to only
+# attempt to sync instances that have been updated recently.
+# i.e., a threshold of 3600 means to only update instances that
+# have modified in the last hour.
+#
+# Possible values:
+#
+# * Threshold in seconds
+#
+# Related options:
+#
+# * This value is used with the ``instance_update_num_instances``
+# value in a periodic task run.
+# (integer value)
+#instance_updated_at_threshold=3600
+
+#
+# Instance update num instances
+#
+# On every run of the periodic task, nova cells manager will attempt to
+# sync instance_updated_at_threshold number of instances. When the
+# manager gets the list of instances, it shuffles them so that multiple
+# nova-cells services do not attempt to sync the same instances in
+# lockstep.
+#
+# Possible values:
+#
+# * Positive integer number
+#
+# Related options:
+#
+# * This value is used with the ``instance_updated_at_threshold``
+# value in a periodic task run.
+# (integer value)
+#instance_update_num_instances=1
+
+#
+# Maximum hop count
+#
+# When processing a targeted message, if the local cell is not the
+# target, a route is defined between neighbouring cells. And the
+# message is processed across the whole routing path. This option
+# defines the maximum hop counts until reaching the target.
+#
+# Possible values:
+#
+# * Positive integer value
+# (integer value)
+#max_hop_count=10
+
+#
+# Cells scheduler.
+#
+# The class of the driver used by the cells scheduler. This should be
+# the full Python path to the class to be used. If nothing is specified
+# in this option, the CellsScheduler is used.
+# (string value)
+#scheduler=nova.cells.scheduler.CellsScheduler
+
+#
+# RPC driver queue base.
+#
+# When sending a message to another cell by JSON-ifying the message
+# and making an RPC cast to 'process_message', a base queue is used.
+# This option defines the base queue name to be used when communicating
+# between cells. Various topics by message type will be appended to this.
+#
+# Possible values:
+#
+# * The base queue name to be used when communicating between cells.
+# (string value)
+#rpc_driver_queue_base=cells.intercell
+
+#
+# Scheduler filter classes.
+#
+# Filter classes the cells scheduler should use. An entry of
+# "nova.cells.filters.all_filters" maps to all cells filters
+# included with nova. As of the Mitaka release the following
+# filter classes are available:
+#
+# Different cell filter: A scheduler hint of 'different_cell'
+# with a value of a full cell name may be specified to route
+# a build away from a particular cell.
+#
+# Image properties filter: Image metadata named
+# 'hypervisor_version_requires' with a version specification
+# may be specified to ensure the build goes to a cell which
+# has hypervisors of the required version. If either the version
+# requirement on the image or the hypervisor capability of the
+# cell is not present, this filter returns without filtering out
+# the cells.
+#
+# Target cell filter: A scheduler hint of 'target_cell' with a
+# value of a full cell name may be specified to route a build to
+# a particular cell. No error handling is done as there's no way
+# to know whether the full path is a valid.
+#
+# As an admin user, you can also add a filter that directs builds
+# to a particular cell.
+#
+# (list value)
+#scheduler_filter_classes=nova.cells.filters.all_filters
+
+#
+# Scheduler weight classes.
+#
+# Weigher classes the cells scheduler should use. An entry of
+# "nova.cells.weights.all_weighers" maps to all cell weighers
+# included with nova. As of the Mitaka release the following
+# weight classes are available:
+#
+# mute_child: Downgrades the likelihood of child cells being
+# chosen for scheduling requests, which haven't sent capacity
+# or capability updates in a while. Options include
+# mute_weight_multiplier (multiplier for mute children; value
+# should be negative).
+#
+# ram_by_instance_type: Select cells with the most RAM capacity
+# for the instance type being requested. Because higher weights
+# win, Compute returns the number of available units for the
+# instance type requested. The ram_weight_multiplier option defaults
+# to 10.0 that adds to the weight by a factor of 10. Use a negative
+# number to stack VMs on one host instead of spreading out new VMs
+# to more hosts in the cell.
+#
+# weight_offset: Allows modifying the database to weight a particular
+# cell. The highest weight will be the first cell to be scheduled for
+# launching an instance. When the weight_offset of a cell is set to 0,
+# it is unlikely to be picked but it could be picked if other cells
+# have a lower weight, like if they're full. And when the weight_offset
+# is set to a very high value (for example, '999999999999999'), it is
+# likely to be picked if another cell do not have a higher weight.
+# (list value)
+#scheduler_weight_classes=nova.cells.weights.all_weighers
+
+#
+# Scheduler retries.
+#
+# How many retries when no cells are available. Specifies how many
+# times the scheduler tries to launch a new instance when no cells
+# are available.
+#
+# Possible values:
+#
+# * Positive integer value
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retry_delay`` value
+# while retrying to find a suitable cell.
+# (integer value)
+#scheduler_retries=10
+
+#
+# Scheduler retry delay.
+#
+# Specifies the delay (in seconds) between scheduling retries when no
+# cell can be found to place the new instance on. When the instance
+# could not be scheduled to a cell after ``scheduler_retries`` in
+# combination with ``scheduler_retry_delay``, then the scheduling
+# of the instance failed.
+#
+# Possible values:
+#
+# * Time in seconds.
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retries`` value
+# while retrying to find a suitable cell.
+# (integer value)
+#scheduler_retry_delay=2
+
+#
+# DB check interval.
+#
+# Cell state manager updates cell status for all cells from the DB
+# only after this particular interval time is passed. Otherwise cached
+# status are used. If this value is 0 or negative all cell status are
+# updated from the DB whenever a state is needed.
+#
+# Possible values:
+#
+# * Interval time, in seconds.
+#
+# (integer value)
+#db_check_interval=60
+
+#
+# Optional cells configuration.
+#
+# Configuration file from which to read cells configuration. If given,
+# overrides reading cells from the database.
+#
+# Cells store all inter-cell communication data, including user names
+# and passwords, in the database. Because the cells data is not updated
+# very frequently, use this option to specify a JSON file to store
+# cells data. With this configuration, the database is no longer
+# consulted when reloading the cells data. The file must have columns
+# present in the Cell model (excluding common database fields and the
+# id column). You must specify the queue connection information through
+# a transport_url field, instead of username, password, and so on.
+#
+# The transport_url has the following form:
+# rabbit://USERNAME:PASSWORD@HOSTNAME:PORT/VIRTUAL_HOST
+#
+# Possible values:
+#
+# The scheme can be either qpid or rabbit, the following sample shows
+# this optional configuration:
+#
+# {
+# "parent": {
+# "name": "parent",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": true
+# },
+# "cell1": {
+# "name": "cell1",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit1.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# },
+# "cell2": {
+# "name": "cell2",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit2.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# }
+# }
+#
+# (string value)
+#cells_config=<None>
+
+
+[cinder]
+
+#
+# From nova.conf
+#
+os_region_name = {{ compute.identity.region }}
+catalog_info=volumev2:cinderv2:internalURL
+#
+# Info to match when looking for cinder in the service catalog.
+#
+# Possible values:
+#
+# * Format is separated values of the form:
+# <service_type>:<service_name>:<endpoint_type>
+#
+# Note: Nova does not support the Cinder v1 API since the Nova 15.0.0 Ocata
+# release.
+#
+# Related options:
+#
+# * endpoint_template - Setting this option will override catalog_info
+# (string value)
+#catalog_info=volumev2:cinderv2:publicURL
+
+#
+# If this option is set then it will override service catalog lookup with
+# this template for cinder endpoint
+#
+# Possible values:
+#
+# * URL for cinder endpoint API
+# e.g. http://localhost:8776/v2/%(project_id)s
+#
+# Note: Nova does not support the Cinder v1 API since the Nova 15.0.0 Ocata
+# release.
+#
+# Related options:
+#
+# * catalog_info - If endpoint_template is not set, catalog_info will be used.
+# (string value)
+#endpoint_template=<None>
+
+#
+# Region name of this node. This is used when picking the URL in the service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+#os_region_name=<None>
+
+#
+# Number of times cinderclient should retry on any failed http call.
+# 0 means connection is attempted only once. Setting it to any positive integer
+# means that on failure connection is retried that many times e.g. setting it
+# to 3 means total attempts to connect will be 4.
+#
+# Possible values:
+#
+# * Any integer value. 0 means connection is attempted only once
+# (integer value)
+# Minimum value: 0
+#http_retries=3
+
+#
+# Allow attach between instance and volume in different availability zones.
+#
+# If False, volumes attached to an instance must be in the same availability
+# zone in Cinder as the instance availability zone in Nova.
+# This also means care should be taken when booting an instance from a volume
+# where source is not "volume" because Nova will attempt to create a volume
+# using
+# the same availability zone as what is assigned to the instance.
+# If that AZ is not in Cinder (or allow_availability_zone_fallback=False in
+# cinder.conf), the volume create request will fail and the instance will fail
+# the build request.
+# By default there is no availability zone restriction on volume attach.
+# (boolean value)
+#cross_az_attach=true
+
+
+[cloudpipe]
+
+#
+# From nova.conf
+#
+
+#
+# Image ID used when starting up a cloudpipe VPN client.
+#
+# An empty instance is created and configured with OpenVPN using
+# boot_script_template. This instance would be snapshotted and stored
+# in glance. ID of the stored image is used in 'vpn_image_id' to
+# create cloudpipe VPN client.
+#
+# Possible values:
+#
+# * Any valid ID of a VPN image
+# (string value)
+# Deprecated group/name - [DEFAULT]/vpn_image_id
+#vpn_image_id=0
+
+#
+# Flavor for VPN instances.
+#
+# Possible values:
+#
+# * Any valid flavor name
+# (string value)
+# Deprecated group/name - [DEFAULT]/vpn_flavor
+#vpn_flavor=m1.tiny
+
+#
+# Template for cloudpipe instance boot script.
+#
+# Possible values:
+#
+# * Any valid path to a cloudpipe instance boot script template
+#
+# Related options:
+#
+# The following options are required to configure cloudpipe-managed
+# OpenVPN server.
+#
+# * dmz_net
+# * dmz_mask
+# * cnt_vpn_clients
+# (string value)
+# Deprecated group/name - [DEFAULT]/boot_script_template
+#boot_script_template=$pybasedir/nova/cloudpipe/bootscript.template
+
+#
+# Network to push into OpenVPN config.
+#
+# Note: Above mentioned OpenVPN config can be found at
+# /etc/openvpn/server.conf.
+#
+# Possible values:
+#
+# * Any valid IPv4/IPV6 address
+#
+# Related options:
+#
+# * boot_script_template - dmz_net is pushed into bootscript.template
+# to configure cloudpipe-managed OpenVPN server
+# (IP address value)
+# Deprecated group/name - [DEFAULT]/dmz_net
+#dmz_net=10.0.0.0
+
+#
+# Netmask to push into OpenVPN config.
+#
+# Possible values:
+#
+# * Any valid IPv4/IPV6 netmask
+#
+# Related options:
+#
+# * dmz_net - dmz_net and dmz_mask is pushed into bootscript.template
+# to configure cloudpipe-managed OpenVPN server
+# * boot_script_template
+# (IP address value)
+# Deprecated group/name - [DEFAULT]/dmz_mask
+#dmz_mask=255.255.255.0
+
+#
+# Suffix to add to project name for VPN key and secgroups
+#
+# Possible values:
+#
+# * Any string value representing the VPN key suffix
+# (string value)
+# Deprecated group/name - [DEFAULT]/vpn_key_suffix
+#vpn_key_suffix=-vpn
+
+
+[conductor]
+#
+# Options under this group are used to define Conductor's communication,
+# which manager should be act as a proxy between computes and database,
+# and finally, how many worker processes will be used.
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Topic exchange name on which conductor nodes listen.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#topic=conductor
+
+#
+# Number of workers for OpenStack Conductor service. The default will be the
+# number of CPUs available.
+# (integer value)
+#workers=<None>
+
+
+[console]
+#
+# Options under this group allow to tune the configuration of the console proxy
+# service.
+#
+# Note: in configuration of every compute is a ``console_host`` option,
+# which allows to select the console proxy service to connect to.
+
+#
+# From nova.conf
+#
+
+#
+# Adds list of allowed origins to the console websocket proxy to allow
+# connections from other origin hostnames.
+# Websocket proxy matches the host header with the origin header to
+# prevent cross-site requests. This list specifies if any there are
+# values other than host are allowed in the origin header.
+#
+# Possible values:
+#
+# * A list where each element is an allowed origin hostnames, else an empty list
+# (list value)
+# Deprecated group/name - [DEFAULT]/console_allowed_origins
+#allowed_origins =
+
+
+[consoleauth]
+
+#
+# From nova.conf
+#
+
+#
+# The lifetime of a console auth token.
+#
+# A console auth token is used in authorizing console access for a user.
+# Once the auth token time to live count has elapsed, the token is
+# considered expired. Expired tokens are then deleted.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/console_token_ttl
+#token_ttl=600
+
+
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin=<None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials=true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers=X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Service-Token
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age=3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods=GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
+# value)
+#allow_headers=X-Auth-Token,X-Openstack-Request-Id,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin=<None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials=true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers=X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Service-Token
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age=3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods=GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
+# value)
+#allow_headers=X-Auth-Token,X-Openstack-Request-Id,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
+
+
+[crypto]
+
+#
+# From nova.conf
+#
+
+#
+# Filename of root CA (Certificate Authority). This is a container format
+# and includes root certificates.
+#
+# Possible values:
+#
+# * Any file name containing root CA, cacert.pem is default
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+# Deprecated group/name - [DEFAULT]/ca_file
+#ca_file=cacert.pem
+
+#
+# Filename of a private key.
+#
+# Related options:
+#
+# * keys_path
+# (string value)
+# Deprecated group/name - [DEFAULT]/key_file
+#key_file=private/cakey.pem
+
+#
+# Filename of root Certificate Revocation List (CRL). This is a list of
+# certificates that have been revoked, and therefore, entities presenting
+# those (revoked) certificates should no longer be trusted.
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+# Deprecated group/name - [DEFAULT]/crl_file
+#crl_file=crl.pem
+
+#
+# Directory path where keys are located.
+#
+# Related options:
+#
+# * key_file
+# (string value)
+# Deprecated group/name - [DEFAULT]/keys_path
+#keys_path=$state_path/keys
+
+#
+# Directory path where root CA is located.
+#
+# Related options:
+#
+# * ca_file
+# (string value)
+# Deprecated group/name - [DEFAULT]/ca_path
+#ca_path=$state_path/CA
+
+# Option to enable/disable use of CA for each project. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_project_ca
+#use_project_ca=false
+
+#
+# Subject for certificate for users, %s for
+# project, user, timestamp
+# (string value)
+# Deprecated group/name - [DEFAULT]/user_cert_subject
+#user_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s
+
+#
+# Subject for certificate for projects, %s for
+# project, timestamp
+# (string value)
+# Deprecated group/name - [DEFAULT]/project_cert_subject
+#project_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s
+
+
+[database]
+
+#
+# From oslo.db
+#
+
+# DEPRECATED: The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect the
+# database.
+#sqlite_db=oslo.sqlite
+
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous=true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend=sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+#connection=<None>
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
+#slave_connection=<None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode=TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout=3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size=1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size=5
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries=10
+
+# Interval between retries of opening a SQL connection. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval=10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow=50
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug=0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace=false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout=<None>
+
+# Enable the experimental use of database reconnect on connection lost. (boolean
+# value)
+#use_db_reconnect=false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval=1
+
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
+#db_inc_retry_interval=true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
+#db_max_retry_interval=10
+
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
+#db_max_retries=20
+
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool=false
+
+
+[ephemeral_storage_encryption]
+
+#
+# From nova.conf
+#
+
+#
+# Enables/disables LVM ephemeral storage encryption.
+# (boolean value)
+#enabled=false
+
+#
+# Cipher-mode string to be used.
+#
+# The cipher and mode to be used to encrypt ephemeral storage. The set of
+# cipher-mode combinations available depends on kernel support.
+#
+# Possible values:
+#
+# * Any crypto option listed in ``/proc/crypto``.
+# (string value)
+#cipher=aes-xts-plain64
+
+#
+# Encryption key length in bits.
+#
+# The bit length of the encryption key to be used to encrypt ephemeral storage.
+# In XTS mode only half of the bits are used for encryption key.
+# (integer value)
+# Minimum value: 1
+#key_size=512
+
+
+[filter_scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# Size of subset of best hosts selected by scheduler.
+#
+# New instances will be scheduled on a host chosen randomly from a subset of the
+# N best hosts, where N is the value set by this option.
+#
+# Setting this to a value greater than 1 will reduce the chance that multiple
+# scheduler processes handling similar requests will select the same host,
+# creating a potential race condition. By selecting a host randomly from the N
+# hosts that best fit the request, the chance of a conflict is reduced. However,
+# the higher you set this value, the less optimal the chosen host may be for a
+# given request.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the size of a host subset. Any
+# integer is valid, although any value less than 1 will be treated as 1
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_host_subset_size
+#host_subset_size=1
+
+#
+# The number of instances that can be actively performing IO on a host.
+#
+# Instances performing IO includes those in the following states: build, resize,
+# snapshot, migrate, rescue, unshelve.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'io_ops_filter' filter is enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max number of instances
+# that can be actively performing IO on any given host.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/max_io_ops_per_host
+#max_io_ops_per_host=8
+
+#
+# Maximum number of instances that be active on a host.
+#
+# If you need to limit the number of instances on any given host, set this
+# option
+# to the maximum number of instances you want to allow. The num_instances_filter
+# will reject any host that has at least as many instances as this option's
+# value.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'num_instances_filter' filter is enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max instances that can be
+# scheduled on a host.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/max_instances_per_host
+#max_instances_per_host=50
+
+#
+# Enable querying of individual hosts for instance information.
+#
+# The scheduler may need information about the instances on a host in order to
+# evaluate its filters and weighers. The most common need for this information
+# is
+# for the (anti-)affinity filters, which need to choose a host based on the
+# instances already running on a host.
+#
+# If the configured filters and weighers do not need this information, disabling
+# this option will improve performance. It may also be disabled when the
+# tracking
+# overhead proves too heavy, although this will cause classes requiring host
+# usage data to query the database on each request instead.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_tracks_instance_changes
+#track_instance_changes=true
+
+#
+# Filters that the scheduler can use.
+#
+# An unordered list of the filter classes the nova scheduler may apply. Only
+# the
+# filters specified in the 'scheduler_enabled_filters' option will be used, but
+# any filter appearing in that option must also be included in this list.
+#
+# By default, this is set to all filters that are included with nova.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a filter that may be used for selecting a host
+#
+# Related options:
+#
+# * scheduler_enabled_filters
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/scheduler_available_filters
+#available_filters=nova.scheduler.filters.all_filters
+
+#
+# Filters that the scheduler will use.
+#
+# An ordered list of filter class names that will be used for filtering
+# hosts. Ignore the word 'default' in the name of this option: these filters
+# will
+# *always* be applied, and they will be applied in the order they are listed so
+# place your most restrictive filters first to make the filtering process more
+# efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a filter to be used for selecting a host
+#
+# Related options:
+#
+# * All of the filters in this option *must* be present in the
+# 'scheduler_available_filters' option, or a SchedulerHostFilterNotFound
+# exception will be raised.
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_default_filters
+#enabled_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
+
+#
+# Filters used for filtering baremetal hosts.
+#
+# Filters are applied in order, so place your most restrictive filters first to
+# make the filtering process more efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a filter to be used for selecting a baremetal host
+#
+# Related options:
+#
+# * If the 'scheduler_use_baremetal_filters' option is False, this option has
+# no effect.
+# (list value)
+# Deprecated group/name - [DEFAULT]/baremetal_scheduler_default_filters
+#baremetal_enabled_filters=RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter
+
+#
+# Enable baremetal filters.
+#
+# Set this to True to tell the nova scheduler that it should use the filters
+# specified in the 'baremetal_scheduler_enabled_filters' option. If you are not
+# scheduling baremetal nodes, leave this at the default setting of False.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Related options:
+#
+# * If this option is set to True, then the filters specified in the
+# 'baremetal_scheduler_enabled_filters' are used instead of the filters
+# specified in 'scheduler_enabled_filters'.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_use_baremetal_filters
+#use_baremetal_filters=false
+
+#
+# Weighers that the scheduler will use.
+#
+# Only hosts which pass the filters are weighed. The weight for any host starts
+# at 0, and the weighers order these hosts by adding to or subtracting from the
+# weight assigned by the previous weigher. Weights may become negative. An
+# instance will be scheduled to one of the N most-weighted hosts, where N is
+# 'scheduler_host_subset_size'.
+#
+# By default, this is set to all weighers that are included with Nova.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a weigher that will be used for selecting a host
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_weight_classes
+#weight_classes=nova.scheduler.weights.all_weighers
+
+#
+# Ram weight multipler ratio.
+#
+# This option determines how hosts with more or less available RAM are weighed.
+# A
+# positive value will result in the scheduler preferring hosts with more
+# available RAM, and a negative number will result in the scheduler preferring
+# hosts with less available RAM. Another way to look at it is that positive
+# values for this option will tend to spread instances across many hosts, while
+# negative values will tend to fill up (stack) hosts as much as possible before
+# scheduling to a less-used host. The absolute value, whether positive or
+# negative, controls how strong the RAM weigher is relative to other weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'ram' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/ram_weight_multiplier
+#ram_weight_multiplier=1.0
+
+#
+# Disk weight multipler ratio.
+#
+# Multiplier used for weighing free disk space. Negative numbers mean to
+# stack vs spread.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'ram' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/disk_weight_multiplier
+#disk_weight_multiplier=1.0
+
+#
+# IO operations weight multipler ratio.
+#
+# This option determines how hosts with differing workloads are weighed.
+# Negative
+# values, such as the default, will result in the scheduler preferring hosts
+# with
+# lighter workloads whereas positive values will prefer hosts with heavier
+# workloads. Another way to look at it is that positive values for this option
+# will tend to schedule instances onto hosts that are already busy, while
+# negative values will tend to distribute the workload across more hosts. The
+# absolute value, whether positive or negative, controls how strong the io_ops
+# weigher is relative to other weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'io_ops' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/io_ops_weight_multiplier
+#io_ops_weight_multiplier=-1.0
+
+#
+# Multiplier used for weighing hosts for group soft-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight multiplier
+# for hosts with group soft affinity. Only a positive value are meaningful, as
+# negative values would make this behave as a soft anti-affinity weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/soft_affinity_weight_multiplier
+#soft_affinity_weight_multiplier=1.0
+
+#
+# Multiplier used for weighing hosts for group soft-anti-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight multiplier
+# for hosts with group soft anti-affinity. Only a positive value are
+# meaningful, as negative values would make this behave as a soft affinity
+# weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/soft_anti_affinity_weight_multiplier
+#soft_anti_affinity_weight_multiplier=1.0
+
+#
+# List of UUIDs for images that can only be run on certain hosts.
+#
+# If there is a need to restrict some images to only run on certain designated
+# hosts, list those image UUIDs here.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A list of UUID strings, where each string corresponds to the UUID of an
+# image
+#
+# Related options:
+#
+# * scheduler/isolated_hosts
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+# Deprecated group/name - [DEFAULT]/isolated_images
+#isolated_images =
+
+#
+# List of hosts that can only run certain images.
+#
+# If there is a need to restrict some images to only run on certain designated
+# hosts, list those host names here.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A list of strings, where each string corresponds to the name of a host
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+# Deprecated group/name - [DEFAULT]/isolated_hosts
+#isolated_hosts =
+
+#
+# Prevent non-isolated images from being built on isolated hosts.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is enabled. Even
+# then, this option doesn't affect the behavior of requests for isolated images,
+# which will *always* be restricted to isolated hosts.
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/isolated_hosts
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/restrict_isolated_hosts_to_isolated_images
+#restrict_isolated_hosts_to_isolated_images=true
+
+#
+# Image property namespace for use in the host aggregate.
+#
+# Images and hosts can be configured so that certain images can only be
+# scheduled
+# to hosts in a particular aggregate. This is done with metadata values set on
+# the host aggregate that are identified by beginning with the value of this
+# option. If the host is part of an aggregate with such a metadata key, the
+# image
+# in the request spec must have the value of that metadata in its properties in
+# order for the scheduler to consider the host as acceptable.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'aggregate_image_properties_isolation' filter
+# is
+# enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property namespace
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_separator
+# (string value)
+# Deprecated group/name - [DEFAULT]/aggregate_image_properties_isolation_namespace
+#aggregate_image_properties_isolation_namespace=<None>
+
+#
+# Separator character(s) for image property namespace and name.
+#
+# When using the aggregate_image_properties_isolation filter, the relevant
+# metadata keys are prefixed with the namespace defined in the
+# aggregate_image_properties_isolation_namespace configuration option plus a
+# separator. This option defines the separator to be used.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'aggregate_image_properties_isolation' filter
+# is enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property namespace
+# separator character
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_namespace
+# (string value)
+# Deprecated group/name - [DEFAULT]/aggregate_image_properties_isolation_separator
+#aggregate_image_properties_isolation_separator=.
+
+
+[glance]
+# Configuration options for the Image service
+
+#
+# From nova.conf
+#
+
+#
+# List of glance api servers endpoints available to nova.
+#
+# https is used for ssl-based glance api servers.
+#
+# Possible values:
+#
+# * A list of any fully qualified url of the form
+# "scheme://hostname:port[/path]"
+# (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
+# (list value)
+#api_servers=<None>
+api_servers={{ compute.image.host }}:9292
+
+#
+# Enable insecure SSL (https) requests to glance.
+#
+# This setting can be used to turn off verification of the glance server
+# certificate against the certificate authorities.
+# (boolean value)
+#api_insecure=false
+
+#
+# Enable glance operation retries.
+#
+# Specifies the number of retries when uploading / downloading
+# an image to / from glance. 0 means no retries.
+# (integer value)
+# Minimum value: 0
+#num_retries=0
+
+#
+# List of url schemes that can be directly accessed.
+#
+# This option specifies a list of url schemes that can be downloaded
+# directly via the direct_url. This direct_URL can be fetched from
+# Image metadata which can be used by nova to get the
+# image more efficiently. nova-compute could benefit from this by
+# invoking a copy when it has access to the same file system as glance.
+#
+# Possible values:
+#
+# * [file], Empty list (default)
+# (list value)
+#allowed_direct_url_schemes =
+
+#
+# Enable image signature verification.
+#
+# nova uses the image signature metadata from glance and verifies the signature
+# of a signed image while downloading that image. If the image signature cannot
+# be verified or if the image signature metadata is either incomplete or
+# unavailable, then nova will not boot the image and instead will place the
+# instance into an error state. This provides end users with stronger assurances
+# of the integrity of the image data they are using to create servers.
+#
+# Related options:
+#
+# * The options in the `key_manager` group, as the key_manager is used
+# for the signature validation.
+# (boolean value)
+#verify_glance_signatures=false
+
+# Enable or disable debug logging with glanceclient. (boolean value)
+#debug=false
+
+
+[guestfs]
+#
+# libguestfs is a set of tools for accessing and modifying virtual
+# machine (VM) disk images. You can use this for viewing and editing
+# files inside guests, scripting changes to VMs, monitoring disk
+# used/free statistics, creating guests, P2V, V2V, performing backups,
+# cloning VMs, building VMs, formatting disks and resizing disks.
+
+#
+# From nova.conf
+#
+
+#
+# Enable/disables guestfs logging.
+#
+# This configures guestfs to debug messages and push them to Openstack
+# logging system. When set to True, it traces libguestfs API calls and
+# enable verbose debug messages. In order to use the above feature,
+# "libguestfs" package must be installed.
+#
+# Related options:
+# Since libguestfs access and modifies VM's managed by libvirt, below options
+# should be set to give access to those VM's.
+# * libvirt.inject_key
+# * libvirt.inject_partition
+# * libvirt.inject_password
+# (boolean value)
+#debug=false
+
+
+[healthcheck]
+
+#
+# From oslo.middleware
+#
+
+# DEPRECATED: The path to respond to healtcheck requests on. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#path=/healthcheck
+
+# Show more detailed information as part of the response (boolean value)
+#detailed=false
+
+# Additional backends that can perform health checks and report that information
+# back as part of a request. (list value)
+#backends =
+
+# Check the presence of a file to determine if an application is running on a
+# port. Used by DisableByFileHealthcheck plugin. (string value)
+#disable_by_file_path=<None>
+
+# Check the presence of a file based on a port to determine if an application is
+# running on a port. Expects a "port:path" list of strings. Used by
+# DisableByFilesPortsHealthcheck plugin. (list value)
+#disable_by_file_paths =
+
+
+[hyperv]
+#
+# The hyperv feature allows you to configure the Hyper-V hypervisor
+# driver to be used within an OpenStack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# Dynamic memory ratio
+#
+# Enables dynamic memory allocation (ballooning) when set to a value
+# greater than 1. The value expresses the ratio between the total RAM
+# assigned to an instance and its startup RAM amount. For example a
+# ratio of 2.0 for an instance with 1024MB of RAM implies 512MB of
+# RAM allocated at startup.
+#
+# Possible values:
+#
+# * 1.0: Disables dynamic memory allocation (Default).
+# * Float values greater than 1.0: Enables allocation of total implied
+# RAM divided by this value for startup.
+# (floating point value)
+#dynamic_memory_ratio=1.0
+
+#
+# Enable instance metrics collection
+#
+# Enables metrics collections for an instance by using Hyper-V's
+# metric APIs. Collected data can by retrieved by other apps and
+# services, e.g.: Ceilometer.
+# (boolean value)
+#enable_instance_metrics_collection=false
+
+#
+# Instances path share
+#
+# The name of a Windows share mapped to the "instances_path" dir
+# and used by the resize feature to copy files to the target host.
+# If left blank, an administrative share (hidden network share) will
+# be used, looking for the same "instances_path" used locally.
+#
+# Possible values:
+#
+# * "": An administrative share will be used (Default).
+# * Name of a Windows share.
+#
+# Related options:
+#
+# * "instances_path": The directory which will be used if this option
+# here is left blank.
+# (string value)
+#instances_path_share =
+
+#
+# Limit CPU features
+#
+# This flag is needed to support live migration to hosts with
+# different CPU features and checked during instance creation
+# in order to limit the CPU features used by the instance.
+# (boolean value)
+#limit_cpu_features=false
+
+#
+# Mounted disk query retry count
+#
+# The number of times to retry checking for a mounted disk.
+# The query runs until the device can be found or the retry
+# count is reached.
+#
+# Possible values:
+#
+# * Positive integer values. Values greater than 1 is recommended
+# (Default: 10).
+#
+# Related options:
+#
+# * Time interval between disk mount retries is declared with
+# "mounted_disk_query_retry_interval" option.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_count=10
+
+#
+# Mounted disk query retry interval
+#
+# Interval between checks for a mounted disk, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This option is meaningful when the mounted_disk_query_retry_count
+# is greater than 1.
+# * The retry loop runs with mounted_disk_query_retry_count and
+# mounted_disk_query_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_interval=5
+
+#
+# Power state check timeframe
+#
+# The timeframe to be checked for instance power state changes.
+# This option is used to fetch the state of the instance from Hyper-V
+# through the WMI interface, within the specified timeframe.
+#
+# Possible values:
+#
+# * Timeframe in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#power_state_check_timeframe=60
+
+#
+# Power state event polling interval
+#
+# Instance power state change event polling frequency. Sets the
+# listener interval for power state events to the given value.
+# This option enhances the internal lifecycle notifications of
+# instances that reboot themselves. It is unlikely that an operator
+# has to change this value.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 2).
+# (integer value)
+# Minimum value: 0
+#power_state_event_polling_interval=2
+
+#
+# qemu-img command
+#
+# qemu-img is required for some of the image related operations
+# like converting between different image types. You can get it
+# from here: (http://qemu.weilnetz.de/) or you can install the
+# Cloudbase OpenStack Hyper-V Compute Driver
+# (https://cloudbase.it/openstack-hyperv-driver/) which automatically
+# sets the proper path for this config option. You can either give the
+# full path of qemu-img.exe or set its path in the PATH environment
+# variable and leave this option to the default value.
+#
+# Possible values:
+#
+# * Name of the qemu-img executable, in case it is in the same
+# directory as the nova-compute service or its path is in the
+# PATH environment variable (Default).
+# * Path of qemu-img command (DRIVELETTER:\PATH\TO\QEMU-IMG\COMMAND).
+#
+# Related options:
+#
+# * If the config_drive_cdrom option is False, qemu-img will be used to
+# convert the ISO to a VHD, otherwise the configuration drive will
+# remain an ISO. To use configuration drive with Hyper-V, you must
+# set the mkisofs_cmd value to the full path to an mkisofs.exe
+# installation.
+# (string value)
+#qemu_img_cmd=qemu-img.exe
+
+#
+# External virtual switch name
+#
+# The Hyper-V Virtual Switch is a software-based layer-2 Ethernet
+# network switch that is available with the installation of the
+# Hyper-V server role. The switch includes programmatically managed
+# and extensible capabilities to connect virtual machines to both
+# virtual networks and the physical network. In addition, Hyper-V
+# Virtual Switch provides policy enforcement for security, isolation,
+# and service levels. The vSwitch represented by this config option
+# must be an external one (not internal or private).
+#
+# Possible values:
+#
+# * If not provided, the first of a list of available vswitches
+# is used. This list is queried using WQL.
+# * Virtual switch name.
+# (string value)
+#vswitch_name=<None>
+
+#
+# Wait soft reboot seconds
+#
+# Number of seconds to wait for instance to shut down after soft
+# reboot request is made. We fall back to hard reboot if instance
+# does not shutdown within this window.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#wait_soft_reboot_seconds=60
+
+#
+# Configuration drive cdrom
+#
+# OpenStack can be configured to write instance metadata to
+# a configuration drive, which is then attached to the
+# instance before it boots. The configuration drive can be
+# attached as a disk drive (default) or as a CD drive.
+#
+# Possible values:
+#
+# * True: Attach the configuration drive image as a CD drive.
+# * False: Attach the configuration drive image as a disk drive (Default).
+#
+# Related options:
+#
+# * This option is meaningful with force_config_drive option set to 'True'
+# or when the REST API call to create an instance will have
+# '--config-drive=True' flag.
+# * config_drive_format option must be set to 'iso9660' in order to use
+# CD drive as the configuration drive image.
+# * To use configuration drive with Hyper-V, you must set the
+# mkisofs_cmd value to the full path to an mkisofs.exe installation.
+# Additionally, you must set the qemu_img_cmd value to the full path
+# to an qemu-img command installation.
+# * You can configure the Compute service to always create a configuration
+# drive by setting the force_config_drive option to 'True'.
+# (boolean value)
+#config_drive_cdrom=false
+
+#
+# Configuration drive inject password
+#
+# Enables setting the admin password in the configuration drive image.
+#
+# Related options:
+#
+# * This option is meaningful when used with other options that enable
+# configuration drive usage with Hyper-V, such as force_config_drive.
+# * Currently, the only accepted config_drive_format is 'iso9660'.
+# (boolean value)
+#config_drive_inject_password=false
+
+#
+# Volume attach retry count
+#
+# The number of times to retry attaching a volume. Volume attachment
+# is retried until success or the given retry count is reached.
+#
+# Possible values:
+#
+# * Positive integer values (Default: 10).
+#
+# Related options:
+#
+# * Time interval between attachment attempts is declared with
+# volume_attach_retry_interval option.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_count=10
+
+#
+# Volume attach retry interval
+#
+# Interval between volume attachment attempts, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This options is meaningful when volume_attach_retry_count
+# is greater than 1.
+# * The retry loop runs with volume_attach_retry_count and
+# volume_attach_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_interval=5
+
+#
+# Enable RemoteFX feature
+#
+# This requires at least one DirectX 11 capable graphics adapter for
+# Windows / Hyper-V Server 2012 R2 or newer and RDS-Virtualization
+# feature has to be enabled.
+#
+# Instances with RemoteFX can be requested with the following flavor
+# extra specs:
+#
+# **os:resolution**. Guest VM screen resolution size. Acceptable values::
+#
+# 1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
+#
+# ``3840x2160`` is only available on Windows / Hyper-V Server 2016.
+#
+# **os:monitors**. Guest VM number of monitors. Acceptable values::
+#
+# [1, 4] - Windows / Hyper-V Server 2012 R2
+# [1, 8] - Windows / Hyper-V Server 2016
+#
+# **os:vram**. Guest VM VRAM amount. Only available on
+# Windows / Hyper-V Server 2016. Acceptable values::
+#
+# 64, 128, 256, 512, 1024
+# (boolean value)
+#enable_remotefx=false
+
+#
+# Use multipath connections when attaching iSCSI or FC disks.
+#
+# This requires the Multipath IO Windows feature to be enabled. MPIO must be
+# configured to claim such devices.
+# (boolean value)
+#use_multipath_io=false
+
+#
+# List of iSCSI initiators that will be used for estabilishing iSCSI sessions.
+#
+# If none are specified, the Microsoft iSCSI initiator service will choose the
+# initiator.
+# (list value)
+#iscsi_initiator_list =
+
+
+[image_file_url]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# List of file systems that are configured in this file in the
+# image_file_url:<list entry name> sections
+# (list value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The feature to download images from glance via filesystem is not used and will
+# be removed in the future.
+#filesystems =
+
+
+[ironic]
+#
+# Configuration options for Ironic driver (Bare Metal).
+# If using the Ironic driver following options must be set:
+# * auth_type
+# * auth_url
+# * project_name
+# * username
+# * password
+# * project_domain_id or project_domain_name
+# * user_domain_id or user_domain_name
+
+#
+# From nova.conf
+#
+
+# URL override for the Ironic API endpoint. (string value)
+#api_endpoint=http://ironic.example.org:6385/
+
+#
+# The number of times to retry when a request conflicts.
+# If set to 0, only try once, no retries.
+#
+# Related options:
+#
+# * api_retry_interval
+# (integer value)
+# Minimum value: 0
+#api_max_retries=60
+
+#
+# The number of seconds to wait before retrying the request.
+#
+# Related options:
+#
+# * api_max_retries
+# (integer value)
+# Minimum value: 0
+#api_retry_interval=2
+
+# Timeout (seconds) to wait for node serial console state changed. Set to 0 to
+# disable timeout. (integer value)
+# Minimum value: 0
+#serial_console_state_timeout=10
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [ironic]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [ironic]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+
+[key_manager]
+
+#
+# From nova.conf
+#
+
+#
+# Fixed key returned by key manager, specified in hex.
+#
+# Possible values:
+#
+# * Empty string or a key in hex value
+# (string value)
+# Deprecated group/name - [keymgr]/fixed_key
+#fixed_key=<None>
+
+# The full class name of the key manager API class (string value)
+#api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+
+# The type of authentication credential to create. Possible values are 'token',
+# 'password', 'keystone_token', and 'keystone_password'. Required if no context
+# is passed to the credential factory. (string value)
+#auth_type=<None>
+
+# Token for authentication. Required for 'token' and 'keystone_token' auth_type
+# if no context is passed to the credential factory. (string value)
+#token=<None>
+
+# Username for authentication. Required for 'password' auth_type. Optional for
+# the 'keystone_password' auth_type. (string value)
+#username=<None>
+
+# Password for authentication. Required for 'password' and 'keystone_password'
+# auth_type. (string value)
+#password=<None>
+
+# User ID for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_id=<None>
+
+# User's domain ID for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_domain_id=<None>
+
+# User's domain name for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_domain_name=<None>
+
+# Trust ID for trust scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#trust_id=<None>
+
+# Domain ID for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_id=<None>
+
+# Domain name for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_name=<None>
+
+# Project ID for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_id=<None>
+
+# Project name for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_name=<None>
+
+# Project's domain ID for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_id=<None>
+
+# Project's domain name for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_name=<None>
+
+# Allow fetching a new token if the current one is going to expire. Optional for
+# 'keystone_token' and 'keystone_password' auth_type. (boolean value)
+#reauthenticate=true
+
+
+[keystone_authtoken]
+
+#
+# From keystonemiddleware.auth_token
+#
+signing_dirname=/tmp/keystone-signing-nova
+revocation_cache_time = 10
+auth_type = password
+user_domain_id = {{ compute.identity.get('domain', 'default') }}
+project_domain_id = {{ compute.identity.get('domain', 'default') }}
+project_name = {{ compute.identity.tenant }}
+username = {{ compute.identity.user }}
+password = {{ compute.identity.password }}
+auth_uri=http://{{ compute.identity.host }}:5000
+auth_url=http://{{ compute.identity.host }}:35357
+{%- if compute.cache is defined %}
+memcached_servers={%- for member in compute.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
+# clients are redirected to this endpoint to authenticate. Although this
+# endpoint should ideally be unversioned, client support in the wild varies.
+# If you're using a versioned v2 endpoint here, then this should *not* be the
+# same endpoint the service user utilizes for validating tokens, because normal
+# end users may not be able to reach that endpoint. (string value)
+#auth_uri=<None>
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version=<None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision=false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout=<None>
+
+# How many times are we trying to reconnect when communicating with Identity API
+# Server. (integer value)
+#http_request_max_retries=3
+
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
+#cache=<None>
+
+# Required if identity server requires client certificate (string value)
+#certfile=<None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile=<None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# The region in which the identity server can be found. (string value)
+#region_name=<None>
+
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P release.
+# (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#signing_dir=<None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
+#memcached_servers=<None>
+
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set to
+# -1 to disable caching completely. (integer value)
+#token_cache_time=300
+
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in the
+# Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#revocation_cache_time=10
+
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy=None
+
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
+#memcache_secret_key=<None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry=300
+
+# (Optional) Maximum total number of open connections to every memcached server.
+# (integer value)
+#memcache_pool_maxsize=10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout=3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout=60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout=10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool=false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog=true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it if
+# not. "strict" like "permissive" but if the bind type is unknown the token will
+# be rejected. "required" any form of token binding is needed to be allowed.
+# Finally the name of a binding method that must be present in tokens. (string
+# value)
+#enforce_token_bind=permissive
+
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#check_revocations_for_cached=false
+
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#hash_algorithms=md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present. For
+# backwards compatibility reasons this currently only affects the allow_expired
+# check. (list value)
+#service_token_roles=service
+
+# For backwards compatibility reasons we must let valid service tokens pass that
+# don't pass the service_token_roles check as valid. Setting this true will
+# become the default in a future release and should be enabled if possible.
+# (boolean value)
+#service_token_roles_required=false
+
+# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
+# (string value)
+#auth_admin_prefix =
+
+# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+#auth_host=127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (integer value)
+#auth_port=35357
+
+# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+# Allowed values: http, https
+#auth_protocol=https
+
+# Complete admin Identity API endpoint. This should specify the unversioned root
+# endpoint e.g. https://localhost:35357/ (string value)
+#identity_uri=<None>
+
+# This option is deprecated and may be removed in a future release. Single
+# shared secret with the Keystone configuration used for bootstrapping a
+# Keystone installation, or otherwise bypassing the normal authentication
+# process. This option should not be used, use `admin_user` and `admin_password`
+# instead. (string value)
+#admin_token=<None>
+
+# Service username. (string value)
+#admin_user=<None>
+
+# Service user password. (string value)
+#admin_password=<None>
+
+# Service tenant name. (string value)
+#admin_tenant_name=admin
+
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+
+[libvirt]
+#
+# Libvirt options allows cloud administrator to configure related
+# libvirt hypervisor driver to be used within an OpenStack deployment.
+#
+# Almost all of the libvirt config options are influence by ``virt_type`` config
+# which describes the virtualization type (or so called domain type) libvirt
+# should use for specific features such as live migration, snapshot.
+
+#
+# From nova.conf
+#
+cpu_mode = host-passthrough
+virt_type = kvm
+inject_partition=-2
+inject_password=True
+disk_cachemodes="network=writeback,block=none"
+block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC
+live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST
+inject_key=True
+vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
+
+{%- if compute.get('ceph', {}).ephemeral is defined %}
+images_type=rbd
+images_rbd_pool={{ compute.ceph.rbd_pool }}
+images_rbd_ceph_conf=/etc/ceph/ceph.conf
+rbd_user={{ compute.ceph.rbd_user }}
+rbd_secret_uuid={{ compute.ceph.secret_uuid }}
+inject_password=false
+inject_key=false
+{%- endif %}
+
+{%- if compute.get('libvirt', {}).uri is defined %}
+connection_uri={{ compute.libvirt.uri }}
+{%- endif %}
+#
+# The ID of the image to boot from to rescue data from a corrupted instance.
+#
+# If the rescue REST API operation doesn't provide an ID of an image to
+# use, the image which is referenced by this ID is used. If this
+# option is not set, the image from the instance is used.
+#
+# Possible values:
+#
+# * An ID of an image or nothing. If it points to an *Amazon Machine
+# Image* (AMI), consider to set the config options ``rescue_kernel_id``
+# and ``rescue_ramdisk_id`` too. If nothing is set, the image of the instance
+# is used.
+#
+# Related options:
+#
+# * ``rescue_kernel_id``: If the chosen rescue image allows the separate
+# definition of its kernel disk, the value of this option is used,
+# if specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# * ``rescue_ramdisk_id``: If the chosen rescue image allows the separate
+# definition of its RAM disk, the value of this option is used if,
+# specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# (string value)
+#rescue_image_id=<None>
+
+#
+# The ID of the kernel (AKI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its kernel
+# disk, the value of this option is used, if specified. This is the case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue image.
+#
+# Possible values:
+#
+# * An ID of an kernel image or nothing. If nothing is specified, the kernel
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_kernel_id`` too.
+# (string value)
+#rescue_kernel_id=<None>
+
+#
+# The ID of the RAM disk (ARI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its RAM
+# disk, the value of this option is used, if specified. This is the case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue image.
+#
+# Possible values:
+#
+# * An ID of a RAM disk image or nothing. If nothing is specified, the RAM
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_ramdisk_id`` too.
+# (string value)
+#rescue_ramdisk_id=<None>
+
+#
+# Describes the virtualization type (or so called domain type) libvirt should
+# use.
+#
+# The choice of this type must match the underlying virtualization strategy
+# you have chosen for this host.
+#
+# Possible values:
+#
+# * See the predefined set of case-sensitive values.
+#
+# Related options:
+#
+# * ``connection_uri``: depends on this
+# * ``disk_prefix``: depends on this
+# * ``cpu_mode``: depends on this
+# * ``cpu_model``: depends on this
+# (string value)
+# Allowed values: kvm, lxc, qemu, uml, xen, parallels
+#virt_type=kvm
+
+#
+# Overrides the default libvirt URI of the chosen virtualization type.
+#
+# If set, Nova will use this URI to connect to libvirt.
+#
+# Possible values:
+#
+# * An URI like ``qemu:///system`` or ``xen+ssh://oirase/`` for example.
+# This is only necessary if the URI differs to the commonly known URIs
+# for the chosen virtualization type.
+#
+# Related options:
+#
+# * ``virt_type``: Influences what is used as default value here.
+# (string value)
+#connection_uri =
+
+#
+# Allow the injection of an admin password for instance only at ``create`` and
+# ``rebuild`` process.
+#
+# There is no agent needed within the image to do this. If *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The file
+# system of the image will be mounted and the admin password, which is provided
+# in the REST API call will be injected as password for the root user. If no
+# root user is available, the instance won't be launched and an error is thrown.
+# Be aware that the injection is *not* possible when the instance gets launched
+# from a volume.
+#
+# Possible values:
+#
+# * True: Allows the injection.
+# * False (default): Disallows the injection. Any via the REST API provided
+# admin password will be silently ignored.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_password=false
+
+#
+# Allow the injection of an SSH key at boot time.
+#
+# There is no agent needed within the image to do this. If *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The file
+# system of the image will be mounted and the SSH key, which is provided
+# in the REST API call will be injected as SSH key for the root user and
+# appended to the ``authorized_keys`` of that user. The SELinux context will
+# be set if necessary. Be aware that the injection is *not* possible when the
+# instance gets launched from a volume.
+#
+# This config option will enable directly modifying the instance disk and does
+# not affect what cloud-init may do using data from config_drive option or the
+# metadata service.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_key=false
+
+#
+# Determines the way how the file system is chosen to inject data into it.
+#
+# *libguestfs* will be used a first solution to inject data. If that's not
+# available on the host, the image will be locally mounted on the host as a
+# fallback solution. If libguestfs is not able to determine the root partition
+# (because there are more or less than one root partition) or cannot mount the
+# file system it will result in an error and the instance won't be boot.
+#
+# Possible values:
+#
+# * -2 => disable the injection of data.
+# * -1 => find the root partition with the file system to mount with libguestfs
+# * 0 => The image is not partitioned
+# * >0 => The number of the partition to use for the injection
+#
+# Related options:
+#
+# * ``inject_key``: If this option allows the injection of a SSH key it depends
+# on value greater or equal to -1 for ``inject_partition``.
+# * ``inject_password``: If this option allows the injection of an admin
+# password
+# it depends on value greater or equal to -1 for ``inject_partition``.
+# * ``guestfs`` You can enable the debug log level of libguestfs with this
+# config option. A more verbose output will help in debugging issues.
+# * ``virt_type``: If you use ``lxc`` as virt_type it will be treated as a
+# single partition image
+# (integer value)
+# Minimum value: -2
+#inject_partition=-2
+
+# DEPRECATED:
+# Enable a mouse cursor within a graphical VNC or SPICE sessions.
+#
+# This will only be taken into account if the VM is fully virtualized and VNC
+# and/or SPICE is enabled. If the node doesn't support a graphical framebuffer,
+# then it is valid to set this to False.
+#
+# Related options:
+# * ``[vnc]enabled``: If VNC is enabled, ``use_usb_tablet`` will have an effect.
+# * ``[spice]enabled`` + ``[spice].agent_enabled``: If SPICE is enabled and the
+# spice agent is disabled, the config value of ``use_usb_tablet`` will have
+# an effect.
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option is being replaced by the 'pointer_model' option.
+#use_usb_tablet=true
+
+#
+# The IP address or hostname to be used as the target for live migration
+# traffic.
+#
+# If this option is set to None, the hostname of the migration target compute
+# node will be used.
+#
+# This option is useful in environments where the live-migration traffic can
+# impact the network plane significantly. A separate network for live-migration
+# traffic can then use this config option and avoids the impact on the
+# management network.
+#
+# Possible values:
+#
+# * A valid IP address or hostname, else None.
+# (string value)
+#live_migration_inbound_addr=<None>
+
+# DEPRECATED:
+# Live migration target URI to use.
+#
+# Override the default libvirt live migration target URI (which is dependent
+# on virt_type). Any included "%s" is replaced with the migration target
+# hostname.
+#
+# If this option is set to None (which is the default), Nova will automatically
+# generate the `live_migration_uri` value based on only 3 supported `virt_type`
+# in following list:
+# * 'kvm': 'qemu+tcp://%s/system'
+# * 'qemu': 'qemu+tcp://%s/system'
+# * 'xen': 'xenmigr://%s/system'
+#
+# Related options:
+# * ``live_migration_inbound_addr``: If ``live_migration_inbound_addr`` value
+# is not None, the ip/hostname address of target compute node is used instead
+# of ``live_migration_uri`` as the uri for live migration.
+# * ``live_migration_scheme``: If ``live_migration_uri`` is not set, the scheme
+# used for live migration is taken from ``live_migration_scheme`` instead.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# live_migration_uri is deprecated for removal in favor of two other options
+# that
+# allow to change live migration scheme and target URI:
+# ``live_migration_scheme``
+# and ``live_migration_inbound_addr`` respectively.
+#live_migration_uri=<None>
+
+#
+# Schema used for live migration.
+#
+# Override the default libvirt live migration scheme (which is dependant on
+# virt_type). If this option is set to None, nova will automatically choose a
+# sensible default based on the hypervisor. It is not recommended that you
+# change
+# this unless you are very sure that hypervisor supports a particular scheme.
+#
+# Related options:
+# * ``virt_type``: This option is meaningful only when ``virt_type`` is set to
+# `kvm` or `qemu`.
+# * ``live_migration_uri``: If ``live_migration_uri`` value is not None, the
+# scheme used for live migration is taken from ``live_migration_uri`` instead.
+# (string value)
+#live_migration_scheme=<None>
+
+#
+# Enable tunnelled migration.
+#
+# This option enables the tunnelled migration feature, where migration data is
+# transported over the libvirtd connection. If enabled, we use the
+# VIR_MIGRATE_TUNNELLED migration flag, avoiding the need to configure
+# the network to allow direct hypervisor to hypervisor communication.
+# If False, use the native transport. If not set, Nova will choose a
+# sensible default based on, for example the availability of native
+# encryption support in the hypervisor. Enable this option will definitely
+# impact performance massively.
+#
+# Note that this option is NOT compatible with use of block migration.
+#
+# Possible values:
+#
+# * Supersedes and (if set) overrides the deprecated 'live_migration_flag' and
+# 'block_migration_flag' to enable tunneled migration.
+# (boolean value)
+#live_migration_tunnelled=false
+live_migration_tunnelled=true
+
+#
+# Maximum bandwidth(in MiB/s) to be used during migration.
+#
+# If set to 0, the hypervisor will choose a suitable default. Some hypervisors
+# do not support this feature and will return an error if bandwidth is not 0.
+# Please refer to the libvirt documentation for further details.
+# (integer value)
+#live_migration_bandwidth=0
+
+#
+# Maximum permitted downtime, in milliseconds, for live migration
+# switchover.
+#
+# Will be rounded up to a minimum of 100ms. You can increase this value
+# if you want to allow live-migrations to complete faster, or avoid
+# live-migration timeout errors by allowing the guest to be paused for
+# longer during the live-migration switch over.
+#
+# Related options:
+#
+# * live_migration_completion_timeout
+# (integer value)
+#live_migration_downtime=500
+
+#
+# Number of incremental steps to reach max downtime value.
+#
+# Will be rounded up to a minimum of 3 steps.
+# (integer value)
+#live_migration_downtime_steps=10
+
+#
+# Time to wait, in seconds, between each step increase of the migration
+# downtime.
+#
+# Minimum delay is 10 seconds. Value is per GiB of guest RAM + disk to be
+# transferred, with lower bound of a minimum of 2 GiB per device.
+# (integer value)
+#live_migration_downtime_delay=75
+
+#
+# Time to wait, in seconds, for migration to successfully complete transferring
+# data before aborting the operation.
+#
+# Value is per GiB of guest RAM + disk to be transferred, with lower bound of
+# a minimum of 2 GiB. Should usually be larger than downtime delay * downtime
+# steps. Set to 0 to disable timeouts.
+#
+# Related options:
+#
+# * live_migration_downtime
+# * live_migration_downtime_steps
+# * live_migration_downtime_delay
+# (integer value)
+# Note: This option can be changed without restarting.
+#live_migration_completion_timeout=800
+
+# DEPRECATED:
+# Time to wait, in seconds, for migration to make forward progress in
+# transferring data before aborting the operation.
+#
+# Set to 0 to disable timeouts.
+#
+# This is deprecated, and now disabled by default because we have found serious
+# bugs in this feature that caused false live-migration timeout failures. This
+# feature will be removed or replaced in a future release.
+# (integer value)
+# Note: This option can be changed without restarting.
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Serious bugs found in this feature.
+#live_migration_progress_timeout=0
+
+#
+# This option allows nova to switch an on-going live migration to post-copy
+# mode, i.e., switch the active VM to the one on the destination node before the
+# migration is complete, therefore ensuring an upper bound on the memory that
+# needs to be transferred. Post-copy requires libvirt>=1.3.3 and QEMU>=2.5.0.
+#
+# When permitted, post-copy mode will be automatically activated if a
+# live-migration memory copy iteration does not make percentage increase of at
+# least 10% over the last iteration.
+#
+# The live-migration force complete API also uses post-copy when permitted. If
+# post-copy mode is not available, force complete falls back to pausing the VM
+# to ensure the live-migration operation will complete.
+#
+# When using post-copy mode, if the source and destination hosts loose network
+# connectivity, the VM being live-migrated will need to be rebooted. For more
+# details, please see the Administration guide.
+#
+# Related options:
+#
+# * live_migration_permit_auto_converge
+# (boolean value)
+#live_migration_permit_post_copy=false
+
+#
+# This option allows nova to start live migration with auto converge on.
+#
+# Auto converge throttles down CPU if a progress of on-going live migration
+# is slow. Auto converge will only be used if this flag is set to True and
+# post copy is not permitted or post copy is unavailable due to the version
+# of libvirt and QEMU in use. Auto converge requires libvirt>=1.2.3 and
+# QEMU>=1.6.0.
+#
+# Related options:
+#
+# * live_migration_permit_post_copy
+# (boolean value)
+#live_migration_permit_auto_converge=false
+
+#
+# Determine the snapshot image format when sending to the image service.
+#
+# If set, this decides what format is used when sending the snapshot to the
+# image service.
+# If not set, defaults to same type as source image.
+#
+# Possible values:
+#
+# * ``raw``: RAW disk format
+# * ``qcow2``: KVM default disk format
+# * ``vmdk``: VMWare default disk format
+# * ``vdi``: VirtualBox default disk format
+# * If not set, defaults to same type as source image.
+# (string value)
+# Allowed values: raw, qcow2, vmdk, vdi
+#snapshot_image_format=<None>
+
+#
+# Override the default disk prefix for the devices attached to an instance.
+#
+# If set, this is used to identify a free disk device name for a bus.
+#
+# Possible values:
+#
+# * Any prefix which will result in a valid disk device name like 'sda' or 'hda'
+# for example. This is only necessary if the device names differ to the
+# commonly known device name prefixes for a virtualization type such as: sd,
+# xvd, uvd, vd.
+#
+# Related options:
+#
+# * ``virt_type``: Influences which device type is used, which determines
+# the default disk prefix.
+# (string value)
+#disk_prefix=<None>
+
+# Number of seconds to wait for instance to shut down after soft reboot request
+# is made. We fall back to hard reboot if instance does not shutdown within this
+# window. (integer value)
+#wait_soft_reboot_seconds=120
+
+#
+# Is used to set the CPU mode an instance should have.
+#
+# If virt_type="kvm|qemu", it will default to "host-model", otherwise it will
+# default to "none".
+#
+# Possible values:
+#
+# * ``host-model``: Clones the host CPU feature flags.
+# * ``host-passthrough``: Use the host CPU model exactly;
+# * ``custom``: Use a named CPU model;
+# * ``none``: Not set any CPU model.
+#
+# Related options:
+#
+# * ``cpu_model``: If ``custom`` is used for ``cpu_mode``, set this config
+# option too, otherwise this would result in an error and the instance won't
+# be launched.
+# (string value)
+# Allowed values: host-model, host-passthrough, custom, none
+#cpu_mode=<None>
+
+#
+# Set the name of the libvirt CPU model the instance should use.
+#
+# Possible values:
+#
+# * The names listed in /usr/share/libvirt/cpu_map.xml
+#
+# Related options:
+#
+# * ``cpu_mode``: Don't set this when ``cpu_mode`` is NOT set to ``custom``.
+# This would result in an error and the instance won't be launched.
+# * ``virt_type``: Only the virtualization types ``kvm`` and ``qemu`` use this.
+# (string value)
+#cpu_model=<None>
+
+# Location where libvirt driver will store snapshots before uploading them to
+# image service (string value)
+#snapshots_directory=$instances_path/snapshots
+
+# Location where the Xen hvmloader is kept (string value)
+#xen_hvmloader_path=/usr/lib/xen/boot/hvmloader
+
+# Specific cachemodes to use for different disk types e.g:
+# file=directsync,block=none (list value)
+#disk_cachemodes =
+
+# A path to a device that will be used as source of entropy on the host.
+# Permitted options are: /dev/random or /dev/hwrng (string value)
+#rng_dev_path=<None>
+
+# For qemu or KVM guests, set this option to specify a default machine type per
+# host architecture. You can find a list of supported machine types in your
+# environment by checking the output of the "virsh capabilities"command. The
+# format of the value for this config option is host-arch=machine-type. For
+# example: x86_64=machinetype1,armv7l=machinetype2 (list value)
+#hw_machine_type=<None>
+
+# The data source used to the populate the host "serial" UUID exposed to guest
+# in the virtual BIOS. (string value)
+# Allowed values: none, os, hardware, auto
+#sysinfo_serial=auto
+
+# A number of seconds to memory usage statistics period. Zero or negative value
+# mean to disable memory usage statistics. (integer value)
+#mem_stats_period_seconds=10
+
+# List of uid targets and ranges.Syntax is guest-uid:host-uid:countMaximum of 5
+# allowed. (list value)
+#uid_maps =
+
+# List of guid targets and ranges.Syntax is guest-gid:host-gid:countMaximum of 5
+# allowed. (list value)
+#gid_maps =
+
+# In a realtime host context vCPUs for guest will run in that scheduling
+# priority. Priority depends on the host kernel (usually 1-99) (integer value)
+#realtime_scheduler_priority=1
+
+#
+# This is a performance event list which could be used as monitor. These events
+# will be passed to libvirt domain xml while creating a new instances.
+# Then event statistics data can be collected from libvirt. The minimum
+# libvirt version is 2.0.0. For more information about `Performance monitoring
+# events`, refer https://libvirt.org/formatdomain.html#elementsPerf .
+#
+# Possible values:
+# * A string list. For example: ``enabled_perf_events = cmt, mbml, mbmt``
+# The supported events list can be found in
+# https://libvirt.org/html/libvirt-libvirt-domain.html ,
+# which you may need to search key words ``VIR_PERF_PARAM_*``
+# (list value)
+#enabled_perf_events =
+
+#
+# VM Images format.
+#
+# If default is specified, then use_cow_images flag is used instead of this
+# one.
+#
+# Related options:
+#
+# * virt.use_cow_images
+# * images_volume_group
+# (string value)
+# Allowed values: raw, flat, qcow2, lvm, rbd, ploop, default
+#images_type=default
+
+#
+# LVM Volume Group that is used for VM images, when you specify images_type=lvm
+#
+# Related options:
+#
+# * images_type
+# (string value)
+#images_volume_group=<None>
+
+#
+# Create sparse logical volumes (with virtualsize) if this flag is set to True.
+# (boolean value)
+#sparse_logical_volumes=false
+
+# The RADOS pool in which rbd volumes are stored (string value)
+#images_rbd_pool=rbd
+
+# Path to the ceph configuration file to use (string value)
+#images_rbd_ceph_conf =
+
+#
+# Discard option for nova managed disks.
+#
+# Requires:
+#
+# * Libvirt >= 1.0.6
+# * Qemu >= 1.5 (raw format)
+# * Qemu >= 1.6 (qcow2 format)
+# (string value)
+# Allowed values: ignore, unmap
+#hw_disk_discard=<None>
+
+# DEPRECATED: Allows image information files to be stored in non-standard
+# locations (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Image info files are no longer used by the image cache
+#image_info_filename_pattern=$instances_path/$image_cache_subdirectory_name/%(image)s.info
+
+# Unused resized base images younger than this will not be removed (integer
+# value)
+#remove_unused_resized_minimum_age_seconds=3600
+
+# DEPRECATED: Write a checksum for files in _base to disk (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums of stored
+# images. Data integrity can be checked at the block or filesystem level.
+#checksum_base_images=false
+
+# DEPRECATED: How frequently to checksum base images (integer value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums of stored
+# images. Data integrity can be checked at the block or filesystem level.
+#checksum_interval_seconds=3600
+
+#
+# Method used to wipe ephemeral disks when they are deleted. Only takes effect
+# if LVM is set as backing storage.
+#
+# Possible values:
+#
+# * none - do not wipe deleted volumes
+# * zero - overwrite volumes with zeroes
+# * shred - overwrite volume repeatedly
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear_size
+# (string value)
+# Allowed values: none, zero, shred
+#volume_clear=zero
+
+#
+# Size of area in MiB, counting from the beginning of the allocated volume,
+# that will be cleared using method set in ``volume_clear`` option.
+#
+# Possible values:
+#
+# * 0 - clear whole volume
+# * >0 - clear specified amount of MiB
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear - must be set and the value must be different than ``none``
+# for this option to have any impact
+# (integer value)
+# Minimum value: 0
+#volume_clear_size=0
+
+#
+# Enable snapshot compression for ``qcow2`` images.
+#
+# Note: you can set ``snapshot_image_format`` to ``qcow2`` to force all
+# snapshots to be in ``qcow2`` format, independently from their original image
+# type.
+#
+# Related options:
+#
+# * snapshot_image_format
+# (boolean value)
+#snapshot_compression=false
+
+# Use virtio for bridge interfaces with KVM/QEMU (boolean value)
+#use_virtio_for_bridges=true
+
+#
+# Protocols listed here will be accessed directly from QEMU.
+#
+# If gluster is present in qemu_allowed_storage_drivers, glusterfs's backend
+# will
+# pass a disk configuration to QEMU. This allows QEMU to access the volume using
+# libgfapi rather than mounting GlusterFS via fuse.
+#
+# Possible values:
+#
+# * [gluster]
+# (list value)
+#qemu_allowed_storage_drivers =
+
+#
+# Use multipath connection of the iSCSI or FC volume
+#
+# Volumes can be connected in the LibVirt as multipath devices. This will
+# provide high availability and fault tolerance.
+# (boolean value)
+# Deprecated group/name - [libvirt]/iscsi_use_multipath
+#volume_use_multipath=false
+
+#
+# Number of times to rediscover AoE target to find volume.
+#
+# Nova provides support for block storage attaching to hosts via AOE (ATA over
+# Ethernet). This option allows the user to specify the maximum number of retry
+# attempts that can be made to discover the AoE device.
+# (integer value)
+#num_aoe_discover_tries=3
+
+#
+# Absolute path to the directory where the glusterfs volume is mounted on the
+# compute node.
+# (string value)
+#glusterfs_mount_point_base=$state_path/mnt
+
+#
+# Number of times to scan iSCSI target to find volume.
+# (integer value)
+#num_iscsi_scan_tries=5
+
+#
+# The iSCSI transport iface to use to connect to target in case offload support
+# is desired.
+#
+# Default format is of the form <transport_name>.<hwaddress> where
+# <transport_name> is one of (be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx, ocs) and
+# <hwaddress> is the MAC address of the interface and can be generated via the
+# iscsiadm -m iface command. Do not confuse the iscsi_iface parameter to be
+# provided here with the actual transport name.
+# (string value)
+# Deprecated group/name - [libvirt]/iscsi_transport
+#iscsi_iface=<None>
+
+#
+# Number of times to scan iSER target to find volume.
+#
+# iSER is a server network protocol that extends iSCSI protocol to use Remote
+# Direct Memory Access (RDMA). This option allows the user to specify the
+# maximum
+# number of scan attempts that can be made to find iSER volume.
+# (integer value)
+#num_iser_scan_tries=5
+
+#
+# Use multipath connection of the iSER volume.
+#
+# iSER volumes can be connected as multipath devices. This will provide high
+# availability and fault tolerance.
+# (boolean value)
+#iser_use_multipath=false
+
+#
+# The RADOS client name for accessing rbd(RADOS Block Devices) volumes.
+#
+# Libvirt will refer to this user when connecting and authenticating with
+# the Ceph RBD server.
+# (string value)
+#rbd_user=<None>
+
+#
+# The libvirt UUID of the secret for the rbd_user volumes.
+# (string value)
+#rbd_secret_uuid=<None>
+
+#
+# Directory where the NFS volume is mounted on the compute node.
+# The default is 'mnt' directory of the location where nova's Python module
+# is installed.
+#
+# NFS provides shared storage for the OpenStack Block Storage service.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#nfs_mount_point_base=$state_path/mnt
+
+#
+# Mount options passed to the NFS client. See section of the nfs man page
+# for details.
+#
+# Mount options controls the way the filesystem is mounted and how the
+# NFS client behaves when accessing files on this mount point.
+#
+# Possible values:
+#
+# * Any string representing mount options separated by commas.
+# * Example string: vers=3,lookupcache=pos
+# (string value)
+#nfs_mount_options=<None>
+
+#
+# Directory where the Quobyte volume is mounted on the compute node.
+#
+# Nova supports Quobyte volume driver that enables storing Block Storage
+# service volumes on a Quobyte storage back end. This Option sepcifies the
+# path of the directory where Quobyte volume is mounted.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#quobyte_mount_point_base=$state_path/mnt
+
+# Path to a Quobyte Client configuration file. (string value)
+#quobyte_client_cfg=<None>
+
+#
+# Path or URL to Scality SOFS(Scale-Out File Server) configuration file.
+#
+# The Scality SOFS provides OpenStack users the option of storing their
+# data on a high capacity, replicated, highly available Scality Ring object
+# storage cluster.
+# (string value)
+#scality_sofs_config=<None>
+
+#
+# Base dir where Scality SOFS shall be mounted.
+#
+# The Scality volume driver in Nova mounts SOFS and lets the hypervisor access
+# the volumes.
+#
+# Possible values:
+#
+# * $state_path/scality where state_path is a config option that specifies
+# the top-level directory for maintaining nova's state or Any string
+# containing the full directory path.
+# (string value)
+#scality_sofs_mount_point=$state_path/scality
+
+#
+# Directory where the SMBFS shares are mounted on the compute node.
+# (string value)
+#smbfs_mount_point_base=$state_path/mnt
+
+#
+# Mount options passed to the SMBFS client.
+#
+# Provide SMBFS options as a single string containing all parameters.
+# See mount.cifs man page for details. Note that the libvirt-qemu ``uid``
+# and ``gid`` must be specified.
+# (string value)
+#smbfs_mount_options =
+
+#
+# libvirt's transport method for remote file operations.
+#
+# Because libvirt cannot use RPC to copy files over network to/from other
+# compute nodes, other method must be used for:
+#
+# * creating directory on remote host
+# * creating file on remote host
+# * removing file from remote host
+# * copying file to remote host
+# (string value)
+# Allowed values: ssh, rsync
+#remote_filesystem_transport=ssh
+
+#
+# Directory where the Virtuozzo Storage clusters are mounted on the compute
+# node.
+#
+# This option defines non-standard mountpoint for Vzstorage cluster.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_point_base=$state_path/mnt
+
+#
+# Mount owner user name.
+#
+# This option defines the owner user of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_user=stack
+
+#
+# Mount owner group name.
+#
+# This option defines the owner group of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_group=qemu
+
+#
+# Mount access mode.
+#
+# This option defines the access bits of Vzstorage cluster mountpoint,
+# in the format similar to one of chmod(1) utility, like this: 0770.
+# It consists of one to four digits ranging from 0 to 7, with missing
+# lead digits assumed to be 0's.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_perms=0770
+
+#
+# Path to vzstorage client log.
+#
+# This option defines the log of cluster operations,
+# it should include "%(cluster_name)s" template to separate
+# logs from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed logging options.
+# (string value)
+#vzstorage_log_path=/var/log/pstorage/%(cluster_name)s/nova.log.gz
+
+#
+# Path to the SSD cache file.
+#
+# You can attach an SSD drive to a client and configure the drive to store
+# a local cache of frequently accessed data. By having a local cache on a
+# client's SSD drive, you can increase the overall cluster performance by
+# up to 10 and more times.
+# WARNING! There is a lot of SSD models which are not server grade and
+# may loose arbitrary set of data changes on power loss.
+# Such SSDs should not be used in Vstorage and are dangerous as may lead
+# to data corruptions and inconsistencies. Please consult with the manual
+# on which SSD models are known to be safe or verify it using
+# vstorage-hwflush-check(1) utility.
+#
+# This option defines the path which should include "%(cluster_name)s"
+# template to separate caches from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed cache options.
+# (string value)
+#vzstorage_cache_path=<None>
+
+#
+# Extra mount options for pstorage-mount
+#
+# For full description of them, see
+# https://static.openvz.org/vz-man/man1/pstorage-mount.1.gz.html
+# Format is a python string representation of arguments list, like:
+# "['-v', '-R', '500']"
+# Shouldn't include -c, -l, -C, -u, -g and -m as those have
+# explicit vzstorage_* options.
+#
+# Related options:
+#
+# * All other vzstorage_* options
+# (list value)
+#vzstorage_mount_opts =
+
+
+[matchmaker_redis]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#host=127.0.0.1
+
+# DEPRECATED: Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#port=6379
+
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#password =
+
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
+# [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name=oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout=2000
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout=20000
+
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout=10000
+
+
+[metrics]
+#
+# Configuration options for metrics
+#
+# Options under this group allow to adjust how values assigned to metrics are
+# calculated.
+
+#
+# From nova.conf
+#
+
+#
+# When using metrics to weight the suitability of a host, you can use this
+# option
+# to change how the calculated weight influences the weight assigned to a host
+# as
+# follows:
+#
+# * >1.0: increases the effect of the metric on overall weight
+# * 1.0: no change to the calculated weight
+# * >0.0,<1.0: reduces the effect of the metric on overall weight
+# * 0.0: the metric value is ignored, and the value of the
+# 'weight_of_unavailable' option is returned instead
+# * >-1.0,<0.0: the effect is reduced and reversed
+# * -1.0: the effect is reversed
+# * <-1.0: the effect is increased proportionally and reversed
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (floating point value)
+#weight_multiplier=1.0
+
+#
+# This setting specifies the metrics to be weighed and the relative ratios for
+# each metric. This should be a single string value, consisting of a series of
+# one or more 'name=ratio' pairs, separated by commas, where 'name' is the name
+# of the metric to be weighed, and 'ratio' is the relative weight for that
+# metric.
+#
+# Note that if the ratio is set to 0, the metric value is ignored, and instead
+# the weight will be set to the value of the 'weight_of_unavailable' option.
+#
+# As an example, let's consider the case where this option is set to:
+#
+# ``name1=1.0, name2=-1.3``
+#
+# The final weight will be:
+#
+# ``(name1.value * 1.0) + (name2.value * -1.3)``
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more key/value pairs separated by commas, where the key is
+# a string representing the name of a metric and the value is a numeric weight
+# for that metric. If any value is set to 0, the value is ignored and the
+# weight will be set to the value of the 'weight_of_unavailable' option.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (list value)
+#weight_setting =
+
+#
+# This setting determines how any unavailable metrics are treated. If this
+# option
+# is set to True, any hosts for which a metric is unavailable will raise an
+# exception, so it is recommended to also use the MetricFilter to filter out
+# those hosts before weighing.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * True or False, where False ensures any metric being unavailable for a host
+# will set the host weight to 'weight_of_unavailable'.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (boolean value)
+#required=true
+
+#
+# When any of the following conditions are met, this value will be used in place
+# of any actual metric value:
+#
+# * One of the metrics named in 'weight_setting' is not available for a host,
+# and the value of 'required' is False
+# * The ratio specified for a metric in 'weight_setting' is 0
+# * The 'weight_multiplier' option is set to 0
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_setting
+# * required
+# * weight_multiplier
+# (floating point value)
+#weight_of_unavailable=-10000.0
+
+
+[mks]
+#
+# Nova compute node uses WebMKS, a desktop sharing protocol to provide
+# instance console access to VM's created by VMware hypervisors.
+#
+# Related options:
+# Following options must be set to provide console access.
+# * mksproxy_base_url
+# * enabled
+
+#
+# From nova.conf
+#
+
+#
+# Location of MKS web console proxy
+#
+# The URL in the response points to a WebMKS proxy which
+# starts proxying between client and corresponding vCenter
+# server where instance runs. In order to use the web based
+# console access, WebMKS proxy should be installed and configured
+#
+# Possible values:
+#
+# * Must be a valid URL of the form:``http://host:port/``
+# (string value)
+#mksproxy_base_url=http://127.0.0.1:6090/
+
+#
+# Enables graphical console access for virtual machines.
+# (boolean value)
+#enabled=false
+
+
+[neutron]
+#
+# Configuration options for neutron (network connectivity as a service).
+
+#
+# From nova.conf
+#
+username={{ compute.network.user }}
+password={{ compute.network.password }}
+project_name={{ compute.identity.tenant }}
+auth_url=http://{{ compute.identity.host }}:{{ compute.identity.port }}/v3
+url=http://{{ compute.network.host }}:{{ compute.network.port }}
+region_name= {{ compute.network.region }}
+extension_sync_interval={{ compute.network.get('extension_sync_interval', '600') }}
+auth_type = v3password
+project_domain_name = Default
+user_domain_name = Default
+timeout=30
+#
+# This option specifies the URL for connecting to Neutron.
+#
+# Possible values:
+#
+# * Any valid URL that points to the Neutron API service is appropriate here.
+# This typically matches the URL returned for the 'network' service type
+# from the Keystone service catalog.
+# (uri value)
+#url=http://127.0.0.1:9696
+
+#
+# Region name for connecting to Neutron in admin context.
+#
+# This option is used in multi-region setups. If there are two Neutron
+# servers running in two regions in two different machines, then two
+# services need to be created in Keystone with two different regions and
+# associate corresponding endpoints to those services. When requests are made
+# to Keystone, the Keystone service uses the region_name to determine the
+# region the request is coming from.
+# (string value)
+#region_name=RegionOne
+
+#
+# Specifies the name of an integration bridge interface used by OpenvSwitch.
+# This option is used only if Neutron does not specify the OVS bridge name.
+#
+# Possible values:
+#
+# * Any string representing OVS bridge name.
+# (string value)
+#ovs_bridge=br-int
+
+#
+# Integer value representing the number of seconds to wait before querying
+# Neutron for extensions. After this number of seconds the next time Nova
+# needs to create a resource in Neutron it will requery Neutron for the
+# extensions that it has loaded. Setting value to 0 will refresh the
+# extensions with no wait.
+# (integer value)
+# Minimum value: 0
+#extension_sync_interval=600
+
+#
+# When set to True, this option indicates that Neutron will be used to proxy
+# metadata requests and resolve instance ids. Otherwise, the instance ID must be
+# passed to the metadata request in the 'X-Instance-ID' header.
+#
+# Related options:
+#
+# * metadata_proxy_shared_secret
+# (boolean value)
+#service_metadata_proxy=false
+
+#
+# This option holds the shared secret string used to validate proxy requests to
+# Neutron metadata requests. In order to be used, the
+# 'X-Metadata-Provider-Signature' header must be supplied in the request.
+#
+# Related options:
+#
+# * service_metadata_proxy
+# (string value)
+#metadata_proxy_shared_secret =
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+timeout = 300
+
+# Authentication type to load (string value)
+# Deprecated group/name - [neutron]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[notifications]
+#
+# Most of the actions in Nova which manipulate the system state generate
+# notifications which are posted to the messaging component (e.g. RabbitMQ) and
+# can be consumed by any service outside the Openstack. More technical details
+# at http://docs.openstack.org/developer/nova/notifications.html
+
+#
+# From nova.conf
+#
+
+#
+# If set, send compute.instance.update notifications on instance state
+# changes.
+#
+# Please refer to https://wiki.openstack.org/wiki/SystemUsageData for
+# additional information on notifications.
+#
+# Possible values:
+#
+# * None - no notifications
+# * "vm_state" - notifications on VM state changes
+# * "vm_and_task_state" - notifications on VM and task state changes
+# (string value)
+# Allowed values: <None>, vm_state, vm_and_task_state
+# Deprecated group/name - [DEFAULT]/notify_on_state_change
+#notify_on_state_change=<None>
+{%- if compute.get('notification', {}).notify_on is defined %}
+{%- for key, value in compute.notification.notify_on.iteritems() %}
+notify_on_{{ key }} = {{ value }}
+{%- endfor %}
+{%- elif pillar.ceilometer is defined %}
+notify_on_state_change = vm_and_task_state
+{%- endif %}
+
+#
+# If enabled, send api.fault notifications on caught exceptions in the
+# API service.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/notify_api_faults
+#notify_on_api_faults=false
+notify_on_api_faults=false
+
+# Default notification level for outgoing notifications. (string value)
+# Allowed values: DEBUG, INFO, WARN, ERROR, CRITICAL
+# Deprecated group/name - [DEFAULT]/default_notification_level
+#default_level=INFO
+
+#
+# Default publisher_id for outgoing notifications. If you consider routing
+# notifications using different publisher, change this value accordingly.
+#
+# Possible values:
+#
+# * Defaults to the IPv4 address of this host, but it can be any valid
+# oslo.messaging publisher_id
+#
+# Related options:
+#
+# * my_ip - IP address of this host
+# (string value)
+# Deprecated group/name - [DEFAULT]/default_publisher_id
+#default_publisher_id=$my_ip
+
+#
+# Specifies which notification format shall be used by nova.
+#
+# The default value is fine for most deployments and rarely needs to be changed.
+# This value can be set to 'versioned' once the infrastructure moves closer to
+# consuming the newer format of notifications. After this occurs, this option
+# will be removed (possibly in the "P" release).
+#
+# Possible values:
+# * unversioned: Only the legacy unversioned notifications are emitted.
+# * versioned: Only the new versioned notifications are emitted.
+# * both: Both the legacy unversioned and the new versioned notifications are
+# emitted. (Default)
+#
+# The list of versioned notifications is visible in
+# http://docs.openstack.org/developer/nova/notifications.html
+# (string value)
+# Allowed values: unversioned, versioned, both
+# Deprecated group/name - [DEFAULT]/notification_format
+#notification_format=both
+
+
+[osapi_v21]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# This option is a list of all of the v2.1 API extensions to never load.
+#
+# Possible values:
+#
+# * A list of strings, each being the alias of an extension that you do not
+# wish to load.
+#
+# Related options:
+#
+# * enabled
+# * extensions_whitelist
+# (list value)
+# This option is deprecated for removal since 12.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# API extensions are now part of the standard API. API extensions should be
+# disabled using policy, rather than via these configuration options.
+#extensions_blacklist =
+
+# DEPRECATED:
+# This is a list of extensions. If it is empty, then *all* extensions except
+# those specified in the extensions_blacklist option will be loaded. If it is
+# not
+# empty, then only those extensions in this list will be loaded, provided that
+# they are also not in the extensions_blacklist option.
+#
+# Possible values:
+#
+# * A list of strings, each being the alias of an extension that you wish to
+# load, or an empty list, which indicates that all extensions are to be run.
+#
+# Related options:
+#
+# * enabled
+# * extensions_blacklist
+# (list value)
+# This option is deprecated for removal since 12.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# API extensions are now part of the standard API. API extensions should be
+# disabled using policy, rather than via these configuration options.
+#extensions_whitelist =
+
+# DEPRECATED:
+# This option is a string representing a regular expression (regex) that matches
+# the project_id as contained in URLs. If not set, it will match normal UUIDs
+# created by keystone.
+#
+# Possible values:
+#
+# * A string representing any legal regular expression
+# (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Recent versions of nova constrain project IDs to hexadecimal characters and
+# dashes. If your installation uses IDs outside of this range, you should use
+# this option to provide your own regex and give you time to migrate offending
+# projects to valid IDs before the next release.
+#project_id_regex=<None>
+
+
+[oslo_concurrency]
+
+#
+# From oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking=false
+
+# Directory to use for lock files. For security, the specified directory should
+# only be writable by the user running the processes that need locking. Defaults
+# to environment variable OSLO_LOCK_PATH. If OSLO_LOCK_PATH is not set in the
+# environment, use the Python tempfile.gettempdir function to find a suitable
+# location. If external locks are used, a lock path must be set. (string value)
+# Deprecated group/name - [DEFAULT]/lock_path
+lock_path = /var/lib/nova/tmp
+
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name=<None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout=0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace=false
+
+# CA certificate PEM file used to verify the server's certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password=<None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients=false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval=1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff=2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max=30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay=10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry=0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout=30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout=30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout=30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout=600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy' - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic' - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode=dynamic
+
+# address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+#server_request_prefix=exclusive
+
+# address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+#broadcast_prefix=broadcast
+
+# address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+#group_request_prefix=unicast
+
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix=openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix=openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address=multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address=unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-robin
+# fashion across consumers. (string value)
+#anycast_address=anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange=<None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange=<None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit=200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit=100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit=100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify' - Send Notifications pre-settled
+# (multi valued)
+#pre_settled=rpc-cast
+#pre_settled=rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host=localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port=9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes=1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout=1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size=10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size=2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl=1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group=oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating point
+# value)
+#producer_batch_timeout=0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size=16384
+
+
+[oslo_messaging_notifications]
+
+#
+# From oslo.messaging
+#
+{%- if compute.notification is mapping %}
+driver = {{ compute.notification.get('driver', 'messagingv2') }}
+{%- if compute.notification.topics is defined %}
+topics = {{ compute.notification.topics }}
+{%- endif %}
+{%- elif compute.notification %}
+driver = messagingv2
+{%- endif %}
+
+# The Drivers(s) to handle sending notifications. Possible values are messaging,
+# messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url=<None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics=notifications
+
+
+[oslo_messaging_rabbit]
+
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues=false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete=false
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+#kombu_ssl_version =
+
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+#kombu_ssl_keyfile =
+
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+#kombu_ssl_certfile =
+
+# SSL certification authority file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+#kombu_ssl_ca_certs =
+
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+#kombu_reconnect_delay=1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
+#kombu_compression=<None>
+
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout=60
+
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than one
+# RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy=round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host=localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port=5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts=$rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+#rabbit_use_ssl=false
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid=guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password=guest
+
+# The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+#rabbit_login_method=AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host=/
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval=1
+
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+#rabbit_retry_backoff=2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
+#rabbit_interval_max=30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries=0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue. If
+# you just want to make sure that all queues (except those with auto-generated
+# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
+# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+#rabbit_ha_queues=false
+
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically deleted.
+# The parameter affects only reply and fanout queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl=1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows unlimited
+# messages. (integer value)
+#rabbit_qos_prefetch_count=0
+
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
+#heartbeat_timeout_threshold=60
+
+# How often times during the heartbeat_timeout_threshold we check the heartbeat.
+# (integer value)
+#heartbeat_rate=2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+#fake_rabbit=false
+
+# Maximum number of channels to allow (integer value)
+#channel_max=<None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max=<None>
+
+# How often to send heartbeats for consumer's connections (integer value)
+#heartbeat_interval=3
+
+# Enable SSL (boolean value)
+#ssl=<None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options=<None>
+
+# Set socket timeout in seconds for connection's socket (floating point value)
+#socket_timeout=0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point value)
+#tcp_user_timeout=0.25
+
+# Set delay for reconnection to some host which has connection error (floating
+# point value)
+#host_connection_reconnect_delay=0.25
+
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory=single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size=30
+
+# Maximum number of connections to create above `pool_max_size`. (integer value)
+#pool_max_overflow=0
+
+# Default number of seconds to wait for a connections to available (integer
+# value)
+#pool_timeout=30
+
+# Lifetime of a connection (since creation) in seconds or None for no recycling.
+# Expired connections are closed on acquire. (integer value)
+#pool_recycle=600
+
+# Threshold at which inactive (since release) connections are considered stale
+# in seconds or None for no staleness. Stale connections are closed on acquire.
+# (integer value)
+#pool_stale=60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type=json
+
+# Persist notification messages. (boolean value)
+#notification_persistence=false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange=${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to notification
+# listener. (integer value)
+#notification_listener_prefetch_count=100
+
+# Reconnecting retry count in case of connectivity problem during sending
+# notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts=-1
+
+# Reconnecting retry delay in case of connectivity problem during sending
+# notification message (floating point value)
+#notification_retry_delay=0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer value)
+#rpc_queue_expiration=60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange=${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange=${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc
+# listener. (integer value)
+#rpc_listener_prefetch_count=100
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc reply
+# listener. (integer value)
+#rpc_reply_listener_prefetch_count=100
+
+# Reconnecting retry count in case of connectivity problem during sending reply.
+# -1 means infinite retry during rpc_timeout (integer value)
+#rpc_reply_retry_attempts=-1
+
+# Reconnecting retry delay in case of connectivity problem during sending reply.
+# (floating point value)
+#rpc_reply_retry_delay=0.25
+
+# Reconnecting retry count in case of connectivity problem during sending RPC
+# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
+# request could be processed more than one time (integer value)
+#default_rpc_retry_attempts=-1
+
+# Reconnecting retry delay in case of connectivity problem during sending RPC
+# message (floating point value)
+#rpc_retry_delay=0.25
+
+
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address=*
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker=redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts=1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog=<None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir=/var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host=localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger period.
+# The value of 0 specifies no linger period. Pending messages shall be discarded
+# immediately when the socket is closed. Positive values specify an upper bound
+# for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger=-1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout=1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire=300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update=180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub=false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy=false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections=false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections=2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port=49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port=65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries=100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization=json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate=true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive=-1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to skip
+# any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle=-1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value and
+# 0) means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_cnt=-1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0) means
+# to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl=-1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size=100
+
+# Expiration timeout in seconds of a sent/received message after which it is not
+# tracked anymore by a client/server. (integer value)
+#rpc_message_ttl=300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks=false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base=15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier=2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts=3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size=114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by a SSL termination proxy.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header=X-Forwarded-Proto
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing=false
+
+
+[oslo_policy]
+
+#
+# From oslo.policy
+#
+
+# The file that defines policies. (string value)
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file=policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string value)
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule=default
+
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched. Missing or empty directories are ignored. (multi
+# valued)
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs=policy.d
+
+
+[pci]
+
+#
+# From nova.conf
+#
+
+#
+# An alias for a PCI passthrough device requirement.
+#
+# This allows users to specify the alias in the extra_spec for a flavor, without
+# needing to repeat all the PCI property requirements.
+#
+# Possible Values:
+#
+# * A list of JSON values which describe the aliases. For example:
+#
+# alias = {
+# "name": "QuickAssist",
+# "product_id": "0443",
+# "vendor_id": "8086",
+# "device_type": "type-PCI"
+# }
+#
+# defines an alias for the Intel QuickAssist card. (multi valued). Valid key
+# values are :
+#
+# * "name": Name of the PCI alias.
+# * "product_id": Product ID of the device in hexadecimal.
+# * "vendor_id": Vendor ID of the device in hexadecimal.
+# * "device_type": Type of PCI device. Valid values are: "type-PCI",
+# "type-PF" and "type-VF".
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_alias
+#alias =
+
+#
+# White list of PCI devices available to VMs.
+#
+# Possible values:
+#
+# * A JSON dictionary which describe a whitelisted PCI device. It should take
+# the following format:
+#
+# ["vendor_id": "<id>",] ["product_id": "<id>",]
+# ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
+# "devname": "<name>",]
+# {"<tag>": "<tag_value>",}
+#
+# Where '[' indicates zero or one occurrences, '{' indicates zero or multiple
+# occurrences, and '|' mutually exclusive options. Note that any missing
+# fields are automatically wildcarded.
+#
+# Valid key values are :
+#
+# * "vendor_id": Vendor ID of the device in hexadecimal.
+# * "product_id": Product ID of the device in hexadecimal.
+# * "address": PCI address of the device.
+# * "devname": Device name of the device (for e.g. interface name). Not all
+# PCI devices have a name.
+# * "<tag>": Additional <tag> and <tag_value> used for matching PCI devices.
+# Supported <tag>: "physical_network".
+#
+# The address key supports traditional glob style and regular expression
+# syntax. Valid examples are:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet"}
+# passthrough_whitelist = {"address":"*:0a:00.*"}
+# passthrough_whitelist = {"address":":0a:00.",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071",
+# "address": "0000:0a:00.1",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot": "01",
+# "function": "[2-7]"},
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot": "0[1-2]",
+# "function": ".*"},
+# "physical_network":"physnet1"}
+#
+# The following are invalid, as they specify mutually exclusive options:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet",
+# "address":"*:0a:00.*"}
+#
+# * A JSON list of JSON dictionaries corresponding to the above format. For
+# example:
+#
+# passthrough_whitelist = [{"product_id":"0001", "vendor_id":"8086"},
+# {"product_id":"0002", "vendor_id":"8086"}]
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
+#passthrough_whitelist =
+{%- if compute.get('sriov', false) %}
+{%- for nic_name, sriov in compute.sriov.iteritems() %}
+passthrough_whitelist = {"devname":"{{ sriov.devname }}","physical_network":"{{ sriov.physical_network }}"}
+{%- endfor %}
+{%- endif %}
+
+[placement]
+
+#
+# From nova.conf
+#
+auth_type = password
+user_domain_id = {{ compute.identity.get('domain', 'default') }}
+project_domain_id = {{ compute.identity.get('domain', 'default') }}
+project_name = {{ compute.identity.tenant }}
+username = {{ compute.identity.user }}
+password = {{ compute.identity.password }}
+auth_url=http://{{ compute.identity.host }}:35357/v3
+
+#
+# Region name of this node. This is used when picking the URL in the service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+#os_region_name = openstack
+os_region_name = {{ compute.identity.region }}
+
+#
+# Endpoint interface for this node. This is used when picking the URL in the
+# service catalog.
+# (string value)
+#os_interface=<None>
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [placement]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [placement]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[quota]
+#
+# Quota options allow to manage quotas in openstack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# The number of instances allowed per project.
+#
+# Possible Values
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_instances
+#instances=10
+
+#
+# The number of instance cores or vCPUs allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_cores
+#cores=20
+
+#
+# The number of megabytes of instance RAM allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_ram
+#ram=51200
+
+# DEPRECATED:
+# The number of floating IPs allowed per project.
+#
+# Floating IPs are not allocated to instances by default. Users need to select
+# them from the pool configured by the OpenStack administrator to attach to
+# their
+# instances.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_floating_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#floating_ips=10
+
+# DEPRECATED:
+# The number of fixed IPs allowed per project.
+#
+# Unlike floating IPs, fixed IPs are allocated dynamically by the network
+# component when instances boot up. This quota value should be at least the
+# number of instances allowed
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_fixed_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#fixed_ips=-1
+
+#
+# The number of metadata items allowed per instance.
+#
+# Users can associate metadata with an instance during instance creation. This
+# metadata takes the form of key-value pairs.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_metadata_items
+#metadata_items=128
+
+#
+# The number of injected files allowed.
+#
+# File injection allows users to customize the personality of an instance by
+# injecting data into it upon boot. Only text file injection is permitted:
+# binary
+# or ZIP files are not accepted. During file injection, any existing files that
+# match specified files are renamed to include ``.bak`` extension appended with
+# a
+# timestamp.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_files
+#injected_files=5
+
+#
+# The number of bytes allowed per injected file.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_content_bytes
+#injected_file_content_bytes=10240
+
+#
+# The maximum allowed injected file path length.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_path_length
+#injected_file_path_length=255
+
+# DEPRECATED:
+# The number of security groups per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_groups
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#security_groups=10
+
+# DEPRECATED:
+# The number of security rules per security group.
+#
+# The associated rules in each security group control the traffic to instances
+# in
+# the group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_group_rules
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#security_group_rules=20
+
+#
+# The maximum number of key pairs allowed per user.
+#
+# Users can create at least one key pair for each project and use the key pair
+# for multiple instances that belong to that project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_key_pairs
+#key_pairs=100
+
+#
+# The maxiumum number of server groups per project.
+#
+# Server groups are used to control the affinity and anti-affinity scheduling
+# policy for a group of servers or instances. Reducing the quota will not affect
+# any existing group, but new servers will not be allowed into groups that have
+# become over quota.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_groups
+#server_groups=10
+
+#
+# The maximum number of servers per server group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_group_members
+#server_group_members=10
+
+#
+# The number of seconds until a reservation expires.
+#
+# This quota represents the time period for invalidating quota reservations.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/reservation_expire
+#reservation_expire=86400
+
+#
+# The count of reservations until usage is refreshed.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of sync usage
+# issues.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/until_refresh
+#until_refresh=0
+
+#
+# The number of seconds between subsequent usage refreshes.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of sync usage
+# issues. Note that quotas are not updated on a periodic task, they will update
+# on a new reservation if max_age has passed since the last reservation.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/max_age
+#max_age=0
+
+# DEPRECATED:
+# The quota enforcer driver.
+#
+# Provides abstraction for quota checks. Users can configure a specific
+# driver to use for quota checks.
+#
+# Possible values:
+#
+# * nova.quota.DbQuotaDriver (default) or any string representing fully
+# qualified class name.
+# (string value)
+# Deprecated group/name - [DEFAULT]/quota_driver
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+#driver=nova.quota.DbQuotaDriver
+
+
+[rdp]
+#
+# Options under this group enable and configure Remote Desktop Protocol (
+# RDP) related features.
+#
+# This group is only relevant to Hyper-V users.
+
+#
+# From nova.conf
+#
+
+#
+# Enable Remote Desktop Protocol (RDP) related features.
+#
+# Hyper-V, unlike the majority of the hypervisors employed on Nova compute
+# nodes, uses RDP instead of VNC and SPICE as a desktop sharing protocol to
+# provide instance console access. This option enables RDP for graphical
+# console access for virtual machines created by Hyper-V.
+#
+# **Note:** RDP should only be enabled on compute nodes that support the Hyper-V
+# virtualization platform.
+#
+# Related options:
+#
+# * ``compute_driver``: Must be hyperv.
+#
+# (boolean value)
+#enabled=false
+
+#
+# The URL an end user would use to connect to the RDP HTML5 console proxy.
+# The console proxy service is called with this token-embedded URL and
+# establishes the connection to the proper instance.
+#
+# An RDP HTML5 console proxy service will need to be configured to listen on the
+# address configured here. Typically the console proxy service would be run on a
+# controller node. The localhost address used as default would only work in a
+# single node environment i.e. devstack.
+#
+# An RDP HTML5 proxy allows a user to access via the web the text or graphical
+# console of any Windows server or workstation using RDP. RDP HTML5 console
+# proxy services include FreeRDP, wsgate.
+# See https://github.com/FreeRDP/FreeRDP-WebConnect
+#
+# Possible values:
+#
+# * <scheme>://<ip-address>:<port-number>/
+#
+# The scheme must be identical to the scheme configured for the RDP HTML5
+# console proxy service.
+#
+# The IP address must be identical to the address on which the RDP HTML5
+# console proxy service is listening.
+#
+# The port must be identical to the port on which the RDP HTML5 console proxy
+# service is listening.
+#
+# Related options:
+#
+# * ``rdp.enabled``: Must be set to ``True`` for ``html5_proxy_base_url`` to be
+# effective.
+# (string value)
+#html5_proxy_base_url=http://127.0.0.1:6083/
+
+
+[remote_debug]
+
+#
+# From nova.conf
+#
+
+#
+# Debug host (IP or name) to connect to. This command line parameter is used
+# when
+# you want to connect to a nova service via a debugger running on a different
+# host.
+#
+# Note that using the remote debug option changes how Nova uses the eventlet
+# library to support async IO. This could result in failures that do not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * IP address of a remote host as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# (string value)
+#host=<None>
+
+#
+# Debug port to connect to. This command line parameter allows you to specify
+# the port you want to use to connect to a nova service via a debugger running
+# on different host.
+#
+# Note that using the remote debug option changes how Nova uses the eventlet
+# library to support async IO. This could result in failures that do not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * Port number you want to use as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# --remote_debug-port <port> it's listening on>.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#port=<None>
+
+
+[scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# The scheduler host manager to use.
+#
+# The host manager manages the in-memory picture of the hosts that the scheduler
+# uses. The options values are chosen from the entry points under the namespace
+# 'nova.scheduler.host_manager' in 'setup.cfg'.
+# (string value)
+# Allowed values: host_manager, ironic_host_manager
+# Deprecated group/name - [DEFAULT]/scheduler_host_manager
+#host_manager=host_manager
+
+#
+# The class of the driver used by the scheduler.
+#
+# The options are chosen from the entry points under the namespace
+# 'nova.scheduler.driver' in 'setup.cfg'.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to the class name of a scheduler
+# driver. There are a number of options available:
+# ** 'caching_scheduler', which aggressively caches the system state for better
+# individual scheduler performance at the risk of more retries when running
+# multiple schedulers
+# ** 'chance_scheduler', which simply picks a host at random
+# ** 'fake_scheduler', which is used for testing
+# ** A custom scheduler driver. In this case, you will be responsible for
+# creating and maintaining the entry point in your 'setup.cfg' file
+# (string value)
+# Allowed values: filter_scheduler, caching_scheduler, chance_scheduler, fake_scheduler
+# Deprecated group/name - [DEFAULT]/scheduler_driver
+#driver=filter_scheduler
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) to run periodic tasks in the
+# scheduler. The specific tasks that are run for each period are determined by
+# the particular scheduler being used.
+#
+# If this is larger than the nova-service 'service_down_time' setting, Nova may
+# report the scheduler service as down. This is because the scheduler driver is
+# responsible for sending a heartbeat and it will only do that as often as this
+# option allows. As each scheduler can work a little differently than the
+# others,
+# be sure to test this with your selected scheduler.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to periodic task interval in
+# seconds. 0 uses the default interval (60 seconds). A negative value disables
+# periodic tasks.
+#
+# Related options:
+#
+# * ``nova-service service_down_time``
+# (integer value)
+# Deprecated group/name - [DEFAULT]/scheduler_driver_task_period
+#periodic_task_interval=60
+
+#
+# Maximum number of schedule attempts for a chosen host.
+#
+# This is the maximum number of attempts that will be made to schedule an
+# instance before it is assumed that the failures aren't due to normal
+# occasional
+# race conflicts, but rather some other problem. When this is reached a
+# MaxRetriesExceeded exception is raised, and the instance is set to an error
+# state.
+#
+# Possible values:
+#
+# * A positive integer, where the integer corresponds to the max number of
+# attempts that can be made when scheduling an instance.
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_max_attempts
+#max_attempts=3
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) the scheduler should attempt
+# to discover new hosts that have been added to cells. If negative (the
+# default), no automatic discovery will occur.
+#
+# Small deployments may want this periodic task enabled, as surveying the
+# cells for new hosts is likely to be lightweight enough to not cause undue
+# burdon to the scheduler. However, larger clouds (and those that are not
+# adding hosts regularly) will likely want to disable this automatic
+# behavior and instead use the `nova-manage cell_v2 discover_hosts` command
+# when hosts have been added to a cell.
+# (integer value)
+# Minimum value: -1
+#discover_hosts_in_cells_interval=-1
+
+
+[serial_console]
+#
+# The serial console feature allows you to connect to a guest in case a
+# graphical console like VNC, RDP or SPICE is not available. This is only
+# currently supported for the libvirt, Ironic and hyper-v drivers.
+
+#
+# From nova.conf
+#
+
+#
+# Enable the serial console feature.
+#
+# In order to use this feature, the service ``nova-serialproxy`` needs to run.
+# This service is typically executed on the controller node.
+# (boolean value)
+#enabled=false
+
+#
+# A range of TCP ports a guest can use for its backend.
+#
+# Each instance which gets created will use one port out of this range. If the
+# range is not big enough to provide another port for an new instance, this
+# instance won't get launched.
+#
+# Possible values:
+#
+# * Each string which passes the regex ``\d+:\d+`` For example ``10000:20000``.
+# Be sure that the first port number is lower than the second port number
+# and that both are in range from 0 to 65535.
+# (string value)
+#port_range=10000:20000
+
+#
+# The URL an end user would use to connect to the ``nova-serialproxy`` service.
+#
+# The ``nova-serialproxy`` service is called with this token enriched URL
+# and establishes the connection to the proper instance.
+#
+# Related options:
+#
+# * The IP address must be identical to the address to which the
+# ``nova-serialproxy`` service is listening (see option ``serialproxy_host``
+# in this section).
+# * The port must be the same as in the option ``serialproxy_port`` of this
+# section.
+# * If you choose to use a secured websocket connection, then start this option
+# with ``wss://`` instead of the unsecured ``ws://``. The options ``cert``
+# and ``key`` in the ``[DEFAULT]`` section have to be set for that.
+# (uri value)
+#base_url=ws://127.0.0.1:6083/
+
+#
+# The IP address to which proxy clients (like ``nova-serialproxy``) should
+# connect to get the serial console of an instance.
+#
+# This is typically the IP address of the host of a ``nova-compute`` service.
+# (string value)
+#proxyclient_address=127.0.0.1
+
+#
+# The IP address which is used by the ``nova-serialproxy`` service to listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this IP address for incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same IP address which is defined in the option
+# ``base_url`` of this section or use ``0.0.0.0`` to listen on all addresses.
+# (string value)
+#serialproxy_host=0.0.0.0
+
+#
+# The port number which is used by the ``nova-serialproxy`` service to listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this port number for incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same port number which is defined in the option
+# ``base_url`` of this section.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#serialproxy_port=6083
+
+
+[service_user]
+#
+# Configuration options for service to service authentication using a service
+# token. These options allow to send a service token along with the
+# user's token when contacting external REST APIs.
+
+#
+# From nova.conf
+#
+
+#
+# When True, if sending a user token to an REST API, also send a service token.
+#
+# Nova often reuses the user token provided to the nova-api to talk to other
+# REST APIs, such as Cinder and Neutron. It is possible that while the
+# user token was valid when the request was made to Nova, the token may expire
+# before it reaches the other service. To avoid any failures, and to
+# make it clear it is Nova calling the service on the users behalf, we include
+# a server token along with the user token. Should the user's token have
+# expired, a valid service token ensures the REST API request will still be
+# accepted by the keystone middleware.
+#
+# This feature is currently experimental, and as such is turned off by default
+# while full testing and performance tuning of this feature is completed.
+# (boolean value)
+#send_service_user_token=false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [service_user]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [service_user]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[spice]
+#
+# SPICE console feature allows you to connect to a guest virtual machine.
+# SPICE is a replacement for fairly limited VNC protocol.
+#
+# Following requirements must be met in order to use SPICE:
+#
+# * Virtualization driver must be libvirt
+# * spice.enabled set to True
+# * vnc.enabled set to False
+# * update html5proxy_base_url
+# * update server_proxyclient_address
+enabled = false
+html5proxy_base_url = {{ compute.vncproxy_url }}/spice_auto.html
+#
+# From nova.conf
+#
+
+#
+# Enable SPICE related features.
+#
+# Related options:
+#
+# * VNC must be explicitly disabled to get access to the SPICE console. Set the
+# enabled option to False in the [vnc] section to disable the VNC console.
+# (boolean value)
+#enabled=false
+
+#
+# Enable the SPICE guest agent support on the instances.
+#
+# The Spice agent works with the Spice protocol to offer a better guest console
+# experience. However, the Spice console can still be used without the Spice
+# Agent. With the Spice agent installed the following features are enabled:
+#
+# * Copy & Paste of text and images between the guest and client machine
+# * Automatic adjustment of resolution when the client screen changes - e.g.
+# if you make the Spice console full screen the guest resolution will adjust
+# to
+# match it rather than letterboxing.
+# * Better mouse integration - The mouse can be captured and released without
+# needing to click inside the console or press keys to release it. The
+# performance of mouse movement is also improved.
+# (boolean value)
+#agent_enabled=true
+
+#
+# Location of the SPICE HTML5 console proxy.
+#
+# End user would use this URL to connect to the `nova-spicehtml5proxy``
+# service. This service will forward request to the console of an instance.
+#
+# In order to use SPICE console, the service ``nova-spicehtml5proxy`` should be
+# running. This service is typically launched on the controller node.
+#
+# Possible values:
+#
+# * Must be a valid URL of the form: ``http://host:port/spice_auto.html``
+# where host is the node running ``nova-spicehtml5proxy`` and the port is
+# typically 6082. Consider not using default value as it is not well defined
+# for any real deployment.
+#
+# Related options:
+#
+# * This option depends on ``html5proxy_host`` and ``html5proxy_port`` options.
+# The access URL returned by the compute node must have the host
+# and port where the ``nova-spicehtml5proxy`` service is listening.
+# (uri value)
+#html5proxy_base_url=http://127.0.0.1:6082/spice_auto.html
+
+#
+# The address where the SPICE server running on the instances should listen.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the controller
+# node and connects over the private network to this address on the compute
+# node(s).
+#
+# Possible values:
+#
+# * IP address to listen on.
+# (string value)
+#server_listen=127.0.0.1
+
+#
+# The address used by ``nova-spicehtml5proxy`` client to connect to instance
+# console.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the
+# controller node and connects over the private network to this address on the
+# compute node(s).
+#
+# Possible values:
+#
+# * Any valid IP address on the compute node.
+#
+# Related options:
+#
+# * This option depends on the ``server_listen`` option.
+# The proxy client must be able to access the address specified in
+# ``server_listen`` using the value of this option.
+# (string value)
+#server_proxyclient_address=127.0.0.1
+
+#
+# A keyboard layout which is supported by the underlying hypervisor on this
+# node.
+#
+# Possible values:
+# * This is usually an 'IETF language tag' (default is 'en-us'). If you
+# use QEMU as hypervisor, you should find the list of supported keyboard
+# layouts at /usr/share/qemu/keymaps.
+# (string value)
+#keymap=en-us
+
+#
+# IP address or a hostname on which the ``nova-spicehtml5proxy`` service
+# listens for incoming requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a host that is
+# accessible from the HTML5 client.
+# (string value)
+#html5proxy_host=0.0.0.0
+
+#
+# Port on which the ``nova-spicehtml5proxy`` service listens for incoming
+# requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a port that is
+# accessible from the HTML5 client.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#html5proxy_port=6082
+
+
+[ssl]
+
+#
+# From nova.conf
+#
+
+# CA certificate file to use to verify connecting clients. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
+#ca_file=<None>
+
+# Certificate file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#cert_file=<None>
+
+# Private key file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#key_file=<None>
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+#version=<None>
+
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
+#ciphers=<None>
+
+
+[trusted_computing]
+#
+# Configuration options for enabling Trusted Platform Module.
+
+#
+# From nova.conf
+#
+
+#
+# The host to use as the attestation server.
+#
+# Cloud computing pools can involve thousands of compute nodes located at
+# different geographical locations, making it difficult for cloud providers to
+# identify a node's trustworthiness. When using the Trusted filter, users can
+# request that their VMs only be placed on nodes that have been verified by the
+# attestation server specified in this option.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A string representing the host name or IP address of the attestation server,
+# or an empty string.
+#
+# Related options:
+#
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_server=<None>
+
+#
+# The absolute path to the certificate to use for authentication when connecting
+# to the attestation server. See the `attestation_server` help text for more
+# information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A string representing the path to the authentication certificate for the
+# attestation server, or an empty string.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_server_ca_file=<None>
+
+#
+# The port to use when connecting to the attestation server. See the
+# `attestation_server` help text for more information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#attestation_port=8443
+
+#
+# The URL on the attestation server to use. See the `attestation_server` help
+# text for more information about host verification.
+#
+# This value must be just that path portion of the full URL, as it will be
+# joined
+# to the host specified in the attestation_server option.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A valid URL string of the attestation server, or an empty string.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_api_url=/OpenAttestationWebServices/V1.0
+
+#
+# Attestation servers require a specific blob that is used to authenticate. The
+# content and format of the blob are determined by the particular attestation
+# server being used. There is no default value; you must supply the value as
+# specified by your attestation service. See the `attestation_server` help text
+# for more information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A string containing the specific blob required by the attestation server, or
+# an empty string.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_auth_blob=<None>
+
+#
+# This value controls how long a successful attestation is cached. Once this
+# period has elapsed, a new attestation request will be made. See the
+# `attestation_server` help text for more information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A integer value, corresponding to the timeout interval for attestations in
+# seconds. Any integer is valid, although setting this to zero or negative
+# values can greatly impact performance when using an attestation service.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_insecure_ssl
+# (integer value)
+#attestation_auth_timeout=60
+
+#
+# When set to True, the SSL certificate verification is skipped for the
+# attestation service. See the `attestation_server` help text for more
+# information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# (boolean value)
+#attestation_insecure_ssl=false
+
+
+[upgrade_levels]
+#
+# upgrade_levels options are used to set version cap for RPC
+# messages sent between different nova services.
+#
+# By default all services send messages using the latest version
+# they know about.
+#
+# The compute upgrade level is an important part of rolling upgrades
+# where old and new nova-compute services run side by side.
+#
+# The other options can largely be ignored, and are only kept to
+# help with a possible future backport issue.
+
+#
+# From nova.conf
+#
+
+#
+# Compute RPC API version cap.
+#
+# By default, we always send messages using the most recent version
+# the client knows about.
+#
+# Where you have old and new compute services running, you should set
+# this to the lowest deployed version. This is to guarantee that all
+# services never send messages that one of the compute nodes can't
+# understand. Note that we only support upgrading from release N to
+# release N+1.
+#
+# Set this option to "auto" if you want to let the compute RPC module
+# automatically determine what version to use based on the service
+# versions in the deployment.
+#
+# Possible values:
+#
+# * By default send the latest version the client knows about
+# * 'auto': Automatically determines what version to use based on
+# the service versions in the deployment.
+# * A string representing a version number in the format 'N.N';
+# for example, possible values might be '1.12' or '2.0'.
+# * An OpenStack release name, in lower case, such as 'mitaka' or
+# 'liberty'.
+# (string value)
+#compute=<None>
+
+# Cells RPC API version cap (string value)
+#cells=<None>
+
+# Intercell RPC API version cap (string value)
+#intercell=<None>
+
+# Cert RPC API version cap (string value)
+#cert=<None>
+
+# Scheduler RPC API version cap (string value)
+#scheduler=<None>
+
+# Conductor RPC API version cap (string value)
+#conductor=<None>
+
+# Console RPC API version cap (string value)
+#console=<None>
+
+# Consoleauth RPC API version cap (string value)
+#consoleauth=<None>
+
+# Network RPC API version cap (string value)
+#network=<None>
+
+# Base API RPC API version cap (string value)
+#baseapi=<None>
+
+
+[vendordata_dynamic_auth]
+#
+# Options within this group control the authentication of the vendordata
+# subsystem of the metadata API server (and config drive) with external systems.
+
+#
+# From nova.conf
+#
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[vmware]
+#
+# Related options:
+# Following options must be set in order to launch VMware-based
+# virtual machines.
+#
+# * compute_driver: Must use vmwareapi.VMwareVCDriver.
+# * vmware.host_username
+# * vmware.host_password
+# * vmware.cluster_name
+
+#
+# From nova.conf
+#
+
+#
+# This option specifies the physical ethernet adapter name for VLAN
+# networking.
+#
+# Set the vlan_interface configuration option to match the ESX host
+# interface that handles VLAN-tagged VM traffic.
+#
+# Possible values:
+#
+# * Any valid string representing VLAN interface name
+# (string value)
+#vlan_interface=vmnic0
+
+#
+# This option should be configured only when using the NSX-MH Neutron
+# plugin. This is the name of the integration bridge on the ESXi server
+# or host. This should not be set for any other Neutron plugin. Hence
+# the default value is not set.
+#
+# Possible values:
+#
+# * Any valid string representing the name of the integration bridge
+# (string value)
+#integration_bridge=<None>
+
+#
+# Set this value if affected by an increased network latency causing
+# repeated characters when typing in a remote console.
+# (integer value)
+# Minimum value: 0
+#console_delay_seconds=<None>
+
+#
+# Identifies the remote system where the serial port traffic will
+# be sent.
+#
+# This option adds a virtual serial port which sends console output to
+# a configurable service URI. At the service URI address there will be
+# virtual serial port concentrator that will collect console logs.
+# If this is not set, no serial ports will be added to the created VMs.
+#
+# Possible values:
+#
+# * Any valid URI
+# (string value)
+#serial_port_service_uri=<None>
+
+#
+# Identifies a proxy service that provides network access to the
+# serial_port_service_uri.
+#
+# Possible values:
+#
+# * Any valid URI
+#
+# Related options:
+# This option is ignored if serial_port_service_uri is not specified.
+# * serial_port_service_uri
+# (string value)
+#serial_port_proxy_uri=<None>
+
+#
+# Hostname or IP address for connection to VMware vCenter host. (string value)
+#host_ip=<None>
+
+# Port for connection to VMware vCenter host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#host_port=443
+
+# Username for connection to VMware vCenter host. (string value)
+#host_username=<None>
+
+# Password for connection to VMware vCenter host. (string value)
+#host_password=<None>
+
+#
+# Specifies the CA bundle file to be used in verifying the vCenter
+# server certificate.
+# (string value)
+#ca_file=<None>
+
+#
+# If true, the vCenter server certificate is not verified. If false,
+# then the default CA truststore is used for verification.
+#
+# Related options:
+# * ca_file: This option is ignored if "ca_file" is set.
+# (boolean value)
+#insecure=false
+
+# Name of a VMware Cluster ComputeResource. (string value)
+#cluster_name=<None>
+
+#
+# Regular expression pattern to match the name of datastore.
+#
+# The datastore_regex setting specifies the datastores to use with
+# Compute. For example, datastore_regex="nas.*" selects all the data
+# stores that have a name starting with "nas".
+#
+# NOTE: If no regex is given, it just picks the datastore with the
+# most freespace.
+#
+# Possible values:
+#
+# * Any matching regular expression to a datastore must be given
+# (string value)
+#datastore_regex=<None>
+
+#
+# Time interval in seconds to poll remote tasks invoked on
+# VMware VC server.
+# (floating point value)
+#task_poll_interval=0.5
+
+#
+# Number of times VMware vCenter server API must be retried on connection
+# failures, e.g. socket error, etc.
+# (integer value)
+# Minimum value: 0
+#api_retry_count=10
+
+#
+# This option specifies VNC starting port.
+#
+# Every VM created by ESX host has an option of enabling VNC client
+# for remote connection. Above option 'vnc_port' helps you to set
+# default starting port for the VNC client.
+#
+# Possible values:
+#
+# * Any valid port number within 5900 -(5900 + vnc_port_total)
+#
+# Related options:
+# Below options should be set to enable VNC client.
+# * vnc.enabled = True
+# * vnc_port_total
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vnc_port=5900
+
+#
+# Total number of VNC ports.
+# (integer value)
+# Minimum value: 0
+#vnc_port_total=10000
+
+#
+# This option enables/disables the use of linked clone.
+#
+# The ESX hypervisor requires a copy of the VMDK file in order to boot
+# up a virtual machine. The compute driver must download the VMDK via
+# HTTP from the OpenStack Image service to a datastore that is visible
+# to the hypervisor and cache it. Subsequent virtual machines that need
+# the VMDK use the cached version and don't have to copy the file again
+# from the OpenStack Image service.
+#
+# If set to false, even with a cached VMDK, there is still a copy
+# operation from the cache location to the hypervisor file directory
+# in the shared datastore. If set to true, the above copy operation
+# is avoided as it creates copy of the virtual machine that shares
+# virtual disks with its parent VM.
+# (boolean value)
+#use_linked_clone=true
+
+# DEPRECATED:
+# This option specifies VIM Service WSDL Location
+#
+# If vSphere API versions 5.1 and later is being used, this section can
+# be ignored. If version is less than 5.1, WSDL files must be hosted
+# locally and their location must be specified in the above section.
+#
+# Optional over-ride to default location for bug work-arounds.
+#
+# Possible values:
+#
+# * http://<server>/vimService.wsdl
+# * file:///opt/stack/vmware/SDK/wsdl/vim25/vimService.wsdl
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Only vCenter versions earlier than 5.1 require this option and the
+# current minimum version is 5.1.
+#wsdl_location=<None>
+
+#
+# This option enables or disables storage policy based placement
+# of instances.
+#
+# Related options:
+#
+# * pbm_default_policy
+# (boolean value)
+#pbm_enabled=false
+
+#
+# This option specifies the PBM service WSDL file location URL.
+#
+# Setting this will disable storage policy based placement
+# of instances.
+#
+# Possible values:
+#
+# * Any valid file path
+# e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
+# (string value)
+#pbm_wsdl_location=<None>
+
+#
+# This option specifies the default policy to be used.
+#
+# If pbm_enabled is set and there is no defined storage policy for the
+# specific request, then this policy will be used.
+#
+# Possible values:
+#
+# * Any valid storage policy such as VSAN default storage policy
+#
+# Related options:
+#
+# * pbm_enabled
+# (string value)
+#pbm_default_policy=<None>
+
+#
+# This option specifies the limit on the maximum number of objects to
+# return in a single result.
+#
+# A positive value will cause the operation to suspend the retrieval
+# when the count of objects reaches the specified limit. The server may
+# still limit the count to something less than the configured value.
+# Any remaining objects may be retrieved with additional requests.
+# (integer value)
+# Minimum value: 0
+#maximum_objects=100
+
+#
+# This option adds a prefix to the folder where cached images are stored
+#
+# This is not the full path - just a folder prefix. This should only be
+# used when a datastore cache is shared between compute nodes.
+#
+# Note: This should only be used when the compute nodes are running on same
+# host or they have a shared file system.
+#
+# Possible values:
+#
+# * Any string representing the cache prefix to the folder
+# (string value)
+#cache_prefix=<None>
+
+
+[vnc]
+#
+# Virtual Network Computer (VNC) can be used to provide remote desktop
+# console access to instances for tenants and/or administrators.
+
+#
+# From nova.conf
+#
+enabled = true
+novncproxy_base_url={{ compute.vncproxy_url }}/vnc_auto.html
+novncproxy_port={{ compute.bind.vnc_port }}
+vncserver_listen=0.0.0.0
+vncserver_proxyclient_address={{ compute.bind.vnc_address }}
+keymap = {{ compute.get('vnc_keymap', 'en-us') }}
+
+#
+# Enable VNC related features.
+#
+# Guests will get created with graphical devices to support this. Clients
+# (for example Horizon) can then establish a VNC connection to the guest.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/vnc_enabled
+#enabled=true
+
+#
+# Keymap for VNC.
+#
+# The keyboard mapping (keymap) determines which keyboard layout a VNC
+# session should use by default.
+#
+# Possible values:
+#
+# * A keyboard layout which is supported by the underlying hypervisor on
+# this node. This is usually an 'IETF language tag' (for example
+# 'en-us'). If you use QEMU as hypervisor, you should find the list
+# of supported keyboard layouts at ``/usr/share/qemu/keymaps``.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vnc_keymap
+#keymap=en-us
+
+#
+# The IP address or hostname on which an instance should listen to for
+# incoming VNC connection requests on this node.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vncserver_listen
+#vncserver_listen=127.0.0.1
+
+#
+# Private, internal IP address or hostname of VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients.
+#
+# This option sets the private address to which proxy clients, such as
+# ``nova-xvpvncproxy``, should connect to.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vncserver_proxyclient_address
+#vncserver_proxyclient_address=127.0.0.1
+
+#
+# Public address of noVNC VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the public base URL to which client systems will
+# connect. noVNC clients can use this address to connect to the noVNC
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_port
+# (uri value)
+# Deprecated group/name - [DEFAULT]/novncproxy_base_url
+#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html
+
+#
+# IP address or hostname that the XVP VNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private address to which the XVP VNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_port
+# * xvpvncproxy_base_url
+# (string value)
+# Deprecated group/name - [DEFAULT]/xvpvncproxy_host
+#xvpvncproxy_host=0.0.0.0
+
+#
+# Port that the XVP VNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private port to which the XVP VNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/xvpvncproxy_port
+#xvpvncproxy_port=6081
+
+#
+# Public URL address of XVP VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the public base URL to which client systems will
+# connect. XVP clients can use this address to connect to the XVP
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_port
+# (uri value)
+# Deprecated group/name - [DEFAULT]/xvpvncproxy_base_url
+#xvpvncproxy_base_url=http://127.0.0.1:6081/console
+
+#
+# IP address that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private address to which the noVNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_port
+# * novncproxy_base_url
+# (string value)
+# Deprecated group/name - [DEFAULT]/novncproxy_host
+#novncproxy_host=0.0.0.0
+
+#
+# Port that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private port to which the noVNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/novncproxy_port
+#novncproxy_port=6080
+
+
+[workarounds]
+#
+# A collection of workarounds used to mitigate bugs or issues found in system
+# tools (e.g. Libvirt or QEMU) or Nova itself under certain conditions. These
+# should only be enabled in exceptional circumstances. All options are linked
+# against bug IDs, where more information on the issue can be found.
+
+#
+# From nova.conf
+#
+
+#
+# Use sudo instead of rootwrap.
+#
+# Allow fallback to sudo for performance reasons.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1415106
+#
+# Possible values:
+#
+# * True: Use sudo instead of rootwrap
+# * False: Use rootwrap as usual
+#
+# Interdependencies to other options:
+#
+# * Any options that affect 'rootwrap' will be ignored.
+# (boolean value)
+#disable_rootwrap=false
+
+#
+# Disable live snapshots when using the libvirt driver.
+#
+# Live snapshots allow the snapshot of the disk to happen without an
+# interruption to the guest, using coordination with a guest agent to
+# quiesce the filesystem.
+#
+# When using libvirt 1.2.2 live snapshots fail intermittently under load
+# (likely related to concurrent libvirt/qemu operations). This config
+# option provides a mechanism to disable live snapshot, in favor of cold
+# snapshot, while this is resolved. Cold snapshot causes an instance
+# outage while the guest is going through the snapshotting process.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1334398
+#
+# Possible values:
+#
+# * True: Live snapshot is disabled when using libvirt
+# * False: Live snapshots are always used when snapshotting (as long as
+# there is a new enough libvirt and the backend storage supports it)
+# (boolean value)
+#disable_libvirt_livesnapshot=true
+
+#
+# Enable handling of events emitted from compute drivers.
+#
+# Many compute drivers emit lifecycle events, which are events that occur when,
+# for example, an instance is starting or stopping. If the instance is going
+# through task state changes due to an API operation, like resize, the events
+# are ignored.
+#
+# This is an advanced feature which allows the hypervisor to signal to the
+# compute service that an unexpected state change has occurred in an instance
+# and that the instance can be shutdown automatically. Unfortunately, this can
+# race in some conditions, for example in reboot operations or when the compute
+# service or when host is rebooted (planned or due to an outage). If such races
+# are common, then it is advisable to disable this feature.
+#
+# Care should be taken when this feature is disabled and
+# 'sync_power_state_interval' is set to a negative value. In this case, any
+# instances that get out of sync between the hypervisor and the Nova database
+# will have to be synchronized manually.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/bugs/1444630
+#
+# Interdependencies to other options:
+#
+# * If ``sync_power_state_interval`` is negative and this feature is disabled,
+# then instances that get out of sync between the hypervisor and the Nova
+# database will have to be synchronized manually.
+# (boolean value)
+#handle_virt_lifecycle_events=true
+
+
+[wsgi]
+#
+# Options under this group are used to configure WSGI (Web Server Gateway
+# Interface). WSGI is used to serve API requests.
+
+#
+# From nova.conf
+#
+
+#
+# This option represents a file name for the paste.deploy config for nova-api.
+#
+# Possible values:
+#
+# * A string representing file name for the paste.deploy config.
+# (string value)
+# Deprecated group/name - [DEFAULT]/api_paste_config
+api_paste_config=/etc/nova/api-paste.ini
+
+#
+# It represents a python format string that is used as the template to generate
+# log lines. The following values can be formatted into it: client_ip,
+# date_time, request_line, status_code, body_length, wall_seconds.
+#
+# This option is used for building custom request loglines.
+#
+# Possible values:
+#
+# * '%(client_ip)s "%(request_line)s" status: %(status_code)s'
+# 'len: %(body_length)s time: %(wall_seconds).7f' (default)
+# * Any formatted string formed by specific values.
+# (string value)
+# Deprecated group/name - [DEFAULT]/wsgi_log_format
+#wsgi_log_format=%(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
+
+#
+# This option specifies the HTTP header used to determine the protocol scheme
+# for the original request, even if it was removed by a SSL terminating proxy.
+#
+# Possible values:
+#
+# * None (default) - the request scheme is not influenced by any HTTP headers.
+# * Valid HTTP header, like HTTP_X_FORWARDED_PROTO
+# (string value)
+# Deprecated group/name - [DEFAULT]/secure_proxy_ssl_header
+#secure_proxy_ssl_header=<None>
+
+#
+# This option allows setting path to the CA certificate file that should be used
+# to verify connecting clients.
+#
+# Possible values:
+#
+# * String representing path to the CA certificate file.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
+#ssl_ca_file=<None>
+
+#
+# This option allows setting path to the SSL certificate of API server.
+#
+# Possible values:
+#
+# * String representing path to the SSL certificate.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#ssl_cert_file=<None>
+
+#
+# This option specifies the path to the file where SSL private key of API
+# server is stored when SSL is in effect.
+#
+# Possible values:
+#
+# * String representing path to the SSL private key.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#ssl_key_file=<None>
+
+#
+# This option sets the value of TCP_KEEPIDLE in seconds for each server socket.
+# It specifies the duration of time to keep connection active. TCP generates a
+# KEEPALIVE transmission for an application that requests to keep connection
+# active. Not supported on OS X.
+#
+# Related options:
+#
+# * keep_alive
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/tcp_keepidle
+#tcp_keepidle=600
+
+#
+# This option specifies the size of the pool of greenthreads used by wsgi.
+# It is possible to limit the number of concurrent connections using this
+# option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/wsgi_default_pool_size
+#default_pool_size=1000
+
+#
+# This option specifies the maximum line size of message headers to be accepted.
+# max_header_line may need to be increased when using large tokens (typically
+# those generated by the Keystone v3 API with big service catalogs).
+#
+# Since TCP is a stream based protocol, in order to reuse a connection, the HTTP
+# has to have a way to indicate the end of the previous response and beginning
+# of the next. Hence, in a keep_alive case, all messages must have a
+# self-defined message length.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/max_header_line
+#max_header_line=16384
+
+#
+# This option allows using the same TCP connection to send and receive multiple
+# HTTP requests/responses, as opposed to opening a new one for every single
+# request/response pair. HTTP keep-alive indicates HTTP connection reuse.
+#
+# Possible values:
+#
+# * True : reuse HTTP connection.
+# * False : closes the client socket connection explicitly.
+#
+# Related options:
+#
+# * tcp_keepidle
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/wsgi_keep_alive
+#keep_alive=true
+
+#
+# This option specifies the timeout for client connections' socket operations.
+# If an incoming connection is idle for this number of seconds it will be
+# closed. It indicates timeout on individual read/writes on the socket
+# connection. To wait forever set to 0.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/client_socket_timeout
+#client_socket_timeout=900
+
+
+[xenserver]
+#
+# XenServer options are used when the compute_driver is set to use
+# XenServer (compute_driver=xenapi.XenAPIDriver).
+#
+# Must specify connection_url, connection_password and ovs_integration_bridge to
+# use compute_driver=xenapi.XenAPIDriver.
+
+#
+# From nova.conf
+#
+
+#
+# Number of seconds to wait for agent's reply to a request.
+#
+# Nova configures/performs certain administrative actions on a server with the
+# help of an agent that's installed on the server. The communication between
+# Nova and the agent is achieved via sharing messages, called records, over
+# xenstore, a shared storage across all the domains on a Xenserver host.
+# Operations performed by the agent on behalf of nova are: 'version','
+# key_init',
+# 'password','resetnetwork','inject_file', and 'agentupdate'.
+#
+# To perform one of the above operations, the xapi 'agent' plugin writes the
+# command and its associated parameters to a certain location known to the
+# domain
+# and awaits response. On being notified of the message, the agent performs
+# appropriate actions on the server and writes the result back to xenstore. This
+# result is then read by the xapi 'agent' plugin to determine the
+# success/failure
+# of the operation.
+#
+# This config option determines how long the xapi 'agent' plugin shall wait to
+# read the response off of xenstore for a given request/command. If the agent on
+# the instance fails to write the result in this time period, the operation is
+# considered to have timed out.
+#
+# Related options:
+#
+# * ``agent_version_timeout``
+# * ``agent_resetnetwork_timeout``
+#
+# (integer value)
+# Minimum value: 0
+#agent_timeout=30
+
+#
+# Number of seconds to wait for agent't reply to version request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the agent to
+# respond to the 'version' request specifically. The generic timeout for agent
+# communication ``agent_timeout`` is ignored in this case.
+#
+# During the build process the 'version' request is used to determine if the
+# agent is available/operational to perform other requests such as
+# 'resetnetwork', 'password', 'key_init' and 'inject_file'. If the 'version'
+# call
+# fails, the other configuration is skipped. So, this configuration option can
+# also be interpreted as time in which agent is expected to be fully
+# operational.
+# (integer value)
+# Minimum value: 0
+#agent_version_timeout=300
+
+#
+# Number of seconds to wait for agent's reply to resetnetwork
+# request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the agent to
+# respond to the 'resetnetwork' request specifically. The generic timeout for
+# agent communication ``agent_timeout`` is ignored in this case.
+# (integer value)
+# Minimum value: 0
+#agent_resetnetwork_timeout=60
+
+#
+# Path to locate guest agent on the server.
+#
+# Specifies the path in which the XenAPI guest agent should be located. If the
+# agent is present, network configuration is not injected into the image.
+#
+# Related options:
+#
+# For this option to have an effect:
+# * ``flat_injected`` should be set to ``True``
+# * ``compute_driver`` should be set to ``xenapi.XenAPIDriver``
+#
+# (string value)
+#agent_path=usr/sbin/xe-update-networking
+
+#
+# Disables the use of XenAPI agent.
+#
+# This configuration option suggests whether the use of agent should be enabled
+# or not regardless of what image properties are present. Image properties have
+# an effect only when this is set to ``True``. Read description of config option
+# ``use_agent_default`` for more information.
+#
+# Related options:
+#
+# * ``use_agent_default``
+#
+# (boolean value)
+#disable_agent=false
+
+#
+# Whether or not to use the agent by default when its usage is enabled but not
+# indicated by the image.
+#
+# The use of XenAPI agent can be disabled altogether using the configuration
+# option ``disable_agent``. However, if it is not disabled, the use of an agent
+# can still be controlled by the image in use through one of its properties,
+# ``xenapi_use_agent``. If this property is either not present or specified
+# incorrectly on the image, the use of agent is determined by this configuration
+# option.
+#
+# Note that if this configuration is set to ``True`` when the agent is not
+# present, the boot times will increase significantly.
+#
+# Related options:
+#
+# * ``disable_agent``
+#
+# (boolean value)
+#use_agent_default=false
+
+# Timeout in seconds for XenAPI login. (integer value)
+# Minimum value: 0
+#login_timeout=10
+
+#
+# Maximum number of concurrent XenAPI connections.
+#
+# In nova, multiple XenAPI requests can happen at a time.
+# Configuring this option will parallelize access to the XenAPI
+# session, which allows you to make concurrent XenAPI connections.
+# (integer value)
+# Minimum value: 1
+#connection_concurrent=5
+
+# DEPRECATED:
+# Base URL for torrent files; must contain a slash character (see RFC 1808,
+# step 6).
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_base_url=<None>
+
+# DEPRECATED: Probability that peer will become a seeder (1.0 = 100%) (floating
+# point value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_seed_chance=1.0
+
+# DEPRECATED:
+# Number of seconds after downloading an image via BitTorrent that it should
+# be seeded for other peers.'
+# (integer value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_seed_duration=3600
+
+# DEPRECATED:
+# Cached torrent files not accessed within this number of seconds can be reaped.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_max_last_accessed=86400
+
+# DEPRECATED: Beginning of port range to listen on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_listen_port_start=6881
+
+# DEPRECATED: End of port range to listen on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_listen_port_end=6891
+
+# DEPRECATED:
+# Number of seconds a download can remain at the same progress percentage w/o
+# being considered a stall.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_download_stall_cutoff=600
+
+# DEPRECATED:
+# Maximum number of seeder processes to run concurrently within a given dom0
+# (-1 = no limit).
+# (integer value)
+# Minimum value: -1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_max_seeder_processes_per_host=1
+
+#
+# Cache glance images locally.
+#
+# The value for this option must be chosen from the choices listed
+# here. Configuring a value other than these will default to 'all'.
+#
+# Note: There is nothing that deletes these images.
+#
+# Possible values:
+#
+# * `all`: will cache all images.
+# * `some`: will only cache images that have the
+# image_property `cache_in_nova=True`.
+# * `none`: turns off caching entirely.
+# (string value)
+# Allowed values: all, some, none
+#cache_images=all
+
+#
+# Compression level for images.
+#
+# By setting this option we can configure the gzip compression level.
+# This option sets GZIP environment variable before spawning tar -cz
+# to force the compression level. It defaults to none, which means the
+# GZIP environment variable is not set and the default (usually -6)
+# is used.
+#
+# Possible values:
+#
+# * Range is 1-9, e.g., 9 for gzip -9, 9 being most
+# compressed but most CPU intensive on dom0.
+# * Any values out of this range will default to None.
+# (integer value)
+# Minimum value: 1
+# Maximum value: 9
+#image_compression_level=<None>
+
+# Default OS type used when uploading an image to glance (string value)
+#default_os_type=linux
+
+# Time in secs to wait for a block device to be created (integer value)
+# Minimum value: 1
+#block_device_creation_timeout=10
+
+#
+# Maximum size in bytes of kernel or ramdisk images.
+#
+# Specifying the maximum size of kernel or ramdisk will avoid copying
+# large files to dom0 and fill up /boot/guest.
+# (integer value)
+#max_kernel_ramdisk_size=16777216
+
+#
+# Filter for finding the SR to be used to install guest instances on.
+#
+# Possible values:
+#
+# * To use the Local Storage in default XenServer/XCP installations
+# set this flag to other-config:i18n-key=local-storage.
+# * To select an SR with a different matching criteria, you could
+# set it to other-config:my_favorite_sr=true.
+# * To fall back on the Default SR, as displayed by XenCenter,
+# set this flag to: default-sr:true.
+# (string value)
+#sr_matching_filter=default-sr:true
+
+#
+# Whether to use sparse_copy for copying data on a resize down.
+# (False will use standard dd). This speeds up resizes down
+# considerably since large runs of zeros won't have to be rsynced.
+# (boolean value)
+#sparse_copy=true
+
+#
+# Maximum number of retries to unplug VBD.
+# If set to 0, should try once, no retries.
+# (integer value)
+# Minimum value: 0
+#num_vbd_unplug_retries=10
+
+#
+# Whether or not to download images via Bit Torrent.
+#
+# The value for this option must be chosen from the choices listed
+# here. Configuring a value other than these will default to 'none'.
+#
+# Possible values:
+#
+# * `all`: will download all images.
+# * `some`: will only download images that have the image_property
+# `bittorrent=true`.
+# * `none`: will turnoff downloading images via Bit Torrent.
+# (string value)
+# Allowed values: all, some, none
+#torrent_images=none
+
+#
+# Name of network to use for booting iPXE ISOs.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_boot_menu_url`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_network_name=<None>
+
+#
+# URL to the iPXE boot menu.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_boot_menu_url=<None>
+
+#
+# Name and optionally path of the tool used for ISO image creation.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# Note: By default `mkisofs` is not present in the Dom0, so the
+# package can either be manually added to Dom0 or include the
+# `mkisofs` binary in the image itself.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_boot_menu_url`
+# (string value)
+#ipxe_mkisofs_cmd=mkisofs
+
+#
+# URL for connection to XenServer/Xen Cloud Platform. A special value
+# of unix://local can be used to connect to the local unix socket.
+#
+# Possible values:
+#
+# * Any string that represents a URL. The connection_url is
+# generally the management network IP address of the XenServer.
+# * This option must be set if you chose the XenServer driver.
+# (string value)
+#connection_url=<None>
+
+# Username for connection to XenServer/Xen Cloud Platform (string value)
+#connection_username=root
+
+# Password for connection to XenServer/Xen Cloud Platform (string value)
+#connection_password=<None>
+
+#
+# The interval used for polling of coalescing vhds.
+#
+# This is the interval after which the task of coalesce VHD is
+# performed, until it reaches the max attempts that is set by
+# vhd_coalesce_max_attempts.
+#
+# Related options:
+#
+# * `vhd_coalesce_max_attempts`
+# (floating point value)
+# Minimum value: 0
+#vhd_coalesce_poll_interval=5.0
+
+#
+# Ensure compute service is running on host XenAPI connects to.
+# This option must be set to false if the 'independent_compute'
+# option is set to true.
+#
+# Possible values:
+#
+# * Setting this option to true will make sure that compute service
+# is running on the same host that is specified by connection_url.
+# * Setting this option to false, doesn't perform the check.
+#
+# Related options:
+#
+# * `independent_compute`
+# (boolean value)
+#check_host=true
+
+#
+# Max number of times to poll for VHD to coalesce.
+#
+# This option determines the maximum number of attempts that can be
+# made for coalescing the VHD before giving up.
+#
+# Related opitons:
+#
+# * `vhd_coalesce_poll_interval`
+# (integer value)
+# Minimum value: 0
+#vhd_coalesce_max_attempts=20
+
+# Base path to the storage repository on the XenServer host. (string value)
+#sr_base_path=/var/run/sr-mount
+
+#
+# The iSCSI Target Host.
+#
+# This option represents the hostname or ip of the iSCSI Target.
+# If the target host is not present in the connection information from
+# the volume provider then the value from this option is taken.
+#
+# Possible values:
+#
+# * Any string that represents hostname/ip of Target.
+# (string value)
+#target_host=<None>
+
+#
+# The iSCSI Target Port.
+#
+# This option represents the port of the iSCSI Target. If the
+# target port is not present in the connection information from the
+# volume provider then the value from this option is taken.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#target_port=3260
+
+# DEPRECATED:
+# Used to enable the remapping of VBD dev.
+# (Works around an issue in Ubuntu Maverick)
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option provided a workaround for issues in Ubuntu Maverick, which
+# was released in April 2010 and was dropped from support in April 2012.
+# There's no reason to continue supporting this option.
+#remap_vbd_dev=false
+
+#
+# Specify prefix to remap VBD dev to (ex. /dev/xvdb -> /dev/sdb).
+#
+# Related options:
+#
+# * If `remap_vbd_dev` is set to False this option has no impact.
+# (string value)
+#remap_vbd_dev_prefix=sd
+
+#
+# Used to prevent attempts to attach VBDs locally, so Nova can
+# be run in a VM on a different host.
+#
+# Related options:
+#
+# * ``CONF.flat_injected`` (Must be False)
+# * ``CONF.xenserver.check_host`` (Must be False)
+# * ``CONF.default_ephemeral_format`` (Must be unset or 'ext3')
+# * Joining host aggregates (will error if attempted)
+# * Swap disks for Windows VMs (will error if attempted)
+# * Nova-based auto_configure_disk (will error if attempted)
+# (boolean value)
+#independent_compute=false
+
+#
+# Wait time for instances to go to running state.
+#
+# Provide an integer value representing time in seconds to set the
+# wait time for an instance to go to running state.
+#
+# When a request to create an instance is received by nova-api and
+# communicated to nova-compute, the creation of the instance occurs
+# through interaction with Xen via XenAPI in the compute node. Once
+# the node on which the instance(s) are to be launched is decided by
+# nova-schedule and the launch is triggered, a certain amount of wait
+# time is involved until the instance(s) can become available and
+# 'running'. This wait time is defined by running_timeout. If the
+# instances do not go to running state within this specified wait
+# time, the launch expires and the instance(s) are set to 'error'
+# state.
+# (integer value)
+# Minimum value: 0
+#running_timeout=60
+
+# DEPRECATED:
+# The XenAPI VIF driver using XenServer Network APIs.
+#
+# Provide a string value representing the VIF XenAPI vif driver to use for
+# plugging virtual network interfaces.
+#
+# Xen configuration uses bridging within the backend domain to allow
+# all VMs to appear on the network as individual hosts. Bridge
+# interfaces are used to create a XenServer VLAN network in which
+# the VIFs for the VM instances are plugged. If no VIF bridge driver
+# is plugged, the bridge is not made available. This configuration
+# option takes in a value for the VIF driver.
+#
+# Possible values:
+#
+# * nova.virt.xenapi.vif.XenAPIOpenVswitchDriver (default)
+# * nova.virt.xenapi.vif.XenAPIBridgeDriver (deprecated)
+#
+# Related options:
+#
+# * ``vlan_interface``
+# * ``ovs_integration_bridge``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There are only two in-tree vif drivers for XenServer. XenAPIBridgeDriver is
+# for
+# nova-network which is deprecated and XenAPIOpenVswitchDriver is for Neutron
+# which is the default configuration for Nova since the 15.0.0 Ocata release. In
+# the future the "use_neutron" configuration option will be used to determine
+# which vif driver to use.
+#vif_driver=nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
+
+#
+# Dom0 plugin driver used to handle image uploads.
+#
+# Provide a string value representing a plugin driver required to
+# handle the image uploading to GlanceStore.
+#
+# Images, and snapshots from XenServer need to be uploaded to the data
+# store for use. image_upload_handler takes in a value for the Dom0
+# plugin driver. This driver is then called to uplaod images to the
+# GlanceStore.
+# (string value)
+#image_upload_handler=nova.virt.xenapi.image.glance.GlanceStore
+
+#
+# Number of seconds to wait for SR to settle if the VDI
+# does not exist when first introduced.
+#
+# Some SRs, particularly iSCSI connections are slow to see the VDIs
+# right after they got introduced. Setting this option to a
+# time interval will make the SR to wait for that time period
+# before raising VDI not found exception.
+# (integer value)
+# Minimum value: 0
+#introduce_vdi_retry_wait=20
+
+#
+# The name of the integration Bridge that is used with xenapi
+# when connecting with Open vSwitch.
+#
+# Note: The value of this config option is dependent on the
+# environment, therefore this configuration value must be set
+# accordingly if you are using XenAPI.
+#
+# Possible values:
+#
+# * Any string that represents a bridge name.
+# (string value)
+#ovs_integration_bridge=<None>
+
+#
+# When adding new host to a pool, this will append a --force flag to the
+# command, forcing hosts to join a pool, even if they have different CPUs.
+#
+# Since XenServer version 5.6 it is possible to create a pool of hosts that have
+# different CPU capabilities. To accommodate CPU differences, XenServer limited
+# features it uses to determine CPU compatibility to only the ones that are
+# exposed by CPU and support for CPU masking was added.
+# Despite this effort to level differences between CPUs, it is still possible
+# that adding new host will fail, thus option to force join was introduced.
+# (boolean value)
+#use_join_force=true
+
+#
+# Publicly visible name for this console host.
+#
+# Possible values:
+#
+# * A string representing a valid hostname
+# (string value)
+# Deprecated group/name - [DEFAULT]/console_public_hostname
+#console_public_hostname=lcy01-22
+
+
+[xvp]
+#
+# Configuration options for XVP.
+#
+# xvp (Xen VNC Proxy) is a proxy server providing password-protected VNC-based
+# access to the consoles of virtual machines hosted on Citrix XenServer.
+
+#
+# From nova.conf
+#
+
+# XVP conf template (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_conf_template
+#console_xvp_conf_template=$pybasedir/nova/console/xvp.conf.template
+
+# Generated XVP conf file (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_conf
+#console_xvp_conf=/etc/xvp.conf
+
+# XVP master process pid file (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_pid
+#console_xvp_pid=/var/run/xvp.pid
+
+# XVP log file (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_log
+#console_xvp_log=/var/log/xvp.log
+
+# Port for XVP to multiplex VNC connections on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/console_xvp_multiplex_port
+#console_xvp_multiplex_port=5900
diff --git a/nova/files/ocata/nova-compute.conf.RedHat b/nova/files/ocata/nova-compute.conf.RedHat
new file mode 120000
index 0000000..ad4c8f6
--- /dev/null
+++ b/nova/files/ocata/nova-compute.conf.RedHat
@@ -0,0 +1 @@
+nova-compute.conf.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
new file mode 100644
index 0000000..ef773b1
--- /dev/null
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -0,0 +1,10893 @@
+{%- from "nova/map.jinja" import controller with context %}
+[DEFAULT]
+
+#
+# From nova.conf
+#
+image_service=nova.image.glance.GlanceImageService
+
+# DEPRECATED:
+# When returning instance metadata, this is the class that is used
+# for getting vendor metadata when that class isn't specified in the individual
+# request. The value should be the full dot-separated path to the class to use.
+#
+# Possible values:
+#
+# * Any valid dot-separated class path that can be imported.
+# (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+#vendordata_driver=nova.api.metadata.vendordata_json.JsonFileVendorData
+
+# DEPRECATED:
+# This option is used to enable or disable quota checking for tenant networks.
+#
+# Related options:
+#
+# * quota_networks
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using nova-network
+# and nova-network is itself deprecated.
+#enable_network_quota=false
+
+# DEPRECATED:
+# This option controls the number of private networks that can be created per
+# project (or per tenant).
+#
+# Related options:
+#
+# * enable_network_quota
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using nova-network
+# and nova-network is itself deprecated.
+#quota_networks=3
+
+#
+# This option specifies the name of the availability zone for the
+# internal services. Services like nova-scheduler, nova-network,
+# nova-conductor are internal services. These services will appear in
+# their own internal availability_zone.
+#
+# Possible values:
+#
+# * Any string representing an availability zone name
+# * 'internal' is the default value
+#
+# (string value)
+#internal_service_availability_zone=internal
+
+#
+# Default compute node availability_zone.
+#
+# This option determines the availability zone to be used when it is not
+# specified in the VM creation request. If this option is not set,
+# the default availability zone 'nova' is used.
+#
+# Possible values:
+#
+# * Any string representing an availability zone name
+# * 'nova' is the default value
+#
+# (string value)
+#default_availability_zone=nova
+
+# Length of generated instance admin passwords. (integer value)
+# Minimum value: 0
+#password_length=12
+
+#
+# Time period to generate instance usages for. It is possible to define optional
+# offset to given period by appending @ character followed by a number defining
+# offset.
+#
+# Possible values:
+#
+# * period, example: ``hour``, ``day``, ``month` or ``year``
+# * period with offset, example: ``month@15`` will result in monthly audits
+# starting on 15th day of month.
+# (string value)
+#instance_usage_audit_period=month
+
+#
+# Start and use a daemon that can run the commands that need to be run with
+# root privileges. This option is usually enabled on nodes that run nova compute
+# processes.
+# (boolean value)
+#use_rootwrap_daemon=false
+
+#
+# Path to the rootwrap configuration file.
+#
+# Goal of the root wrapper is to allow a service-specific unprivileged user to
+# run a number of actions as the root user in the safest manner possible.
+# The configuration file used here must match the one defined in the sudoers
+# entry.
+# (string value)
+#rootwrap_config=/etc/nova/rootwrap.conf
+rootwrap_config=/etc/nova/rootwrap.conf
+
+# Explicitly specify the temporary working directory. (string value)
+#tempdir=<None>
+
+#
+# Determine if monkey patching should be applied.
+#
+# Related options:
+#
+# * ``monkey_patch_modules``: This must have values set for this option to
+# have any effect
+# (boolean value)
+#monkey_patch=false
+
+#
+# List of modules/decorators to monkey patch.
+#
+# This option allows you to patch a decorator for all functions in specified
+# modules.
+#
+# Possible values:
+#
+# * nova.compute.api:nova.notifications.notify_decorator
+# * nova.api.ec2.cloud:nova.notifications.notify_decorator
+# * [...]
+#
+# Related options:
+#
+# * ``monkey_patch``: This must be set to ``True`` for this option to
+# have any effect
+# (list value)
+#monkey_patch_modules=nova.compute.api:nova.notifications.notify_decorator
+
+#
+# Defines which driver to use for controlling virtualization.
+#
+# Possible values:
+#
+# * ``libvirt.LibvirtDriver``
+# * ``xenapi.XenAPIDriver``
+# * ``fake.FakeDriver``
+# * ``ironic.IronicDriver``
+# * ``vmwareapi.VMwareVCDriver``
+# * ``hyperv.HyperVDriver``
+# (string value)
+#compute_driver=<None>
+compute_driver=libvirt.LibvirtDriver
+
+#
+# Allow destination machine to match source for resize. Useful when
+# testing in single-host environments. By default it is not allowed
+# to resize to the same host. Setting this option to true will add
+# the same host to the destination options.
+# (boolean value)
+#allow_resize_to_same_host=false
+allow_resize_to_same_host=true
+
+#
+# Availability zone to use when user doesn't specify one.
+#
+# This option is used by the scheduler to determine which availability
+# zone to place a new VM instance into if the user did not specify one
+# at the time of VM boot request.
+#
+# Possible values:
+#
+# * Any string representing an availability zone name
+# * Default value is None.
+# (string value)
+#default_schedule_zone=<None>
+
+#
+# Image properties that should not be inherited from the instance
+# when taking a snapshot.
+#
+# This option gives an opportunity to select which image-properties
+# should not be inherited by newly created snapshots.
+#
+# Possible values:
+#
+# * A list whose item is an image property. Usually only the image
+# properties that are only needed by base images can be included
+# here, since the snapshots that are created from the base images
+# doesn't need them.
+# * Default list: ['cache_in_nova', 'bittorrent']
+# (list value)
+#non_inheritable_image_properties=cache_in_nova,bittorrent
+
+# DEPRECATED:
+# This option is used to decide when an image should have no external
+# ramdisk or kernel. By default this is set to 'nokernel', so when an
+# image is booted with the property 'kernel_id' with the value
+# 'nokernel', Nova assumes the image doesn't require an external kernel
+# and ramdisk.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# When an image is booted with the property 'kernel_id' with the value
+# 'nokernel', Nova assumes the image doesn't require an external kernel and
+# ramdisk. This option allows user to change the API behaviour which should not
+# be allowed and this value "nokernel" should be hard coded.
+#null_kernel=nokernel
+
+# DEPRECATED:
+# When creating multiple instances with a single request using the
+# os-multiple-create API extension, this template will be used to build
+# the display name for each instance. The benefit is that the instances
+# end up with different hostnames. Example display names when creating
+# two VM's: name-1, name-2.
+#
+# Possible values:
+#
+# * Valid keys for the template are: name, uuid, count.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This config changes API behaviour. All changes in API behaviour should be
+# discoverable.
+#multi_instance_display_name_template=%(name)s-%(count)d
+
+#
+# Maximum number of devices that will result in a local image being
+# created on the hypervisor node.
+#
+# A negative number means unlimited. Setting max_local_block_devices
+# to 0 means that any request that attempts to create a local disk
+# will fail. This option is meant to limit the number of local discs
+# (so root local disc that is the result of --image being used, and
+# any other ephemeral and swap disks). 0 does not mean that images
+# will be automatically converted to volumes and boot instances from
+# volumes - it just means that all requests that attempt to create a
+# local disk will fail.
+#
+# Possible values:
+#
+# * 0: Creating a local disk is not allowed.
+# * Negative number: Allows unlimited number of local discs.
+# * Positive number: Allows only these many number of local discs.
+# (Default value is 3).
+# (integer value)
+#max_local_block_devices=3
+
+#
+# A list of monitors that can be used for getting compute metrics.
+# You can use the alias/name from the setuptools entry points for
+# nova.compute.monitors.* namespaces. If no namespace is supplied,
+# the "cpu." namespace is assumed for backwards-compatibility.
+#
+# Possible values:
+#
+# * An empty list will disable the feature(Default).
+# * An example value that would enable both the CPU and NUMA memory
+# bandwidth monitors that used the virt driver variant:
+# ["cpu.virt_driver", "numa_mem_bw.virt_driver"]
+# (list value)
+#compute_monitors =
+
+#
+# The default format an ephemeral_volume will be formatted with on creation.
+#
+# Possible values:
+#
+# * ``ext2``
+# * ``ext3``
+# * ``ext4``
+# * ``xfs``
+# * ``ntfs`` (only for Windows guests)
+# (string value)
+#default_ephemeral_format=<None>
+
+#
+# Determine if instance should boot or fail on VIF plugging timeout.
+#
+# Nova sends a port update to Neutron after an instance has been scheduled,
+# providing Neutron with the necessary information to finish setup of the port.
+# Once completed, Neutron notifies Nova that it has finished setting up the
+# port, at which point Nova resumes the boot of the instance since network
+# connectivity is now supposed to be present. A timeout will occur if the reply
+# is not received after a given interval.
+#
+# This option determines what Nova does when the VIF plugging timeout event
+# happens. When enabled, the instance will error out. When disabled, the
+# instance will continue to boot on the assumption that the port is ready.
+#
+# Possible values:
+#
+# * True: Instances should fail after VIF plugging timeout
+# * False: Instances should continue booting after VIF plugging timeout
+# (boolean value)
+#vif_plugging_is_fatal=true
+vif_plugging_is_fatal=false
+
+#
+# Timeout for Neutron VIF plugging event message arrival.
+#
+# Number of seconds to wait for Neutron vif plugging events to
+# arrive before continuing or failing (see 'vif_plugging_is_fatal').
+#
+# Related options:
+#
+# * vif_plugging_is_fatal - If ``vif_plugging_timeout`` is set to zero and
+# ``vif_plugging_is_fatal`` is False, events should not be expected to
+# arrive at all.
+# (integer value)
+# Minimum value: 0
+#vif_plugging_timeout=300
+vif_plugging_timeout=0
+
+# Path to '/etc/network/interfaces' template.
+#
+# The path to a template file for the '/etc/network/interfaces'-style file,
+# which
+# will be populated by nova and subsequently used by cloudinit. This provides a
+# method to configure network connectivity in environments without a DHCP
+# server.
+#
+# The template will be rendered using Jinja2 template engine, and receive a
+# top-level key called ``interfaces``. This key will contain a list of
+# dictionaries, one for each interface.
+#
+# Refer to the cloudinit documentaion for more information:
+#
+# https://cloudinit.readthedocs.io/en/latest/topics/datasources.html
+#
+# Possible values:
+#
+# * A path to a Jinja2-formatted template for a Debian '/etc/network/interfaces'
+# file. This applies even if using a non Debian-derived guest.
+#
+# Related options:
+#
+# * ``flat_inject``: This must be set to ``True`` to ensure nova embeds network
+# configuration information in the metadata provided through the config drive.
+# (string value)
+#injected_network_template=$pybasedir/nova/virt/interfaces.template
+injected_network_template=$pybasedir/nova/virt/interfaces.template
+
+#
+# The image preallocation mode to use.
+#
+# Image preallocation allows storage for instance images to be allocated up
+# front
+# when the instance is initially provisioned. This ensures immediate feedback is
+# given if enough space isn't available. In addition, it should significantly
+# improve performance on writes to new blocks and may even improve I/O
+# performance to prewritten blocks due to reduced fragmentation.
+#
+# Possible values:
+#
+# * "none" => no storage provisioning is done up front
+# * "space" => storage is fully allocated at instance start
+# (string value)
+# Allowed values: none, space
+#preallocate_images=none
+
+#
+# Enable use of copy-on-write (cow) images.
+#
+# QEMU/KVM allow the use of qcow2 as backing files. By disabling this,
+# backing files will not be used.
+# (boolean value)
+#use_cow_images=true
+
+#
+# Force conversion of backing images to raw format.
+#
+# Possible values:
+#
+# * True: Backing image files will be converted to raw image format
+# * False: Backing image files will not be converted
+#
+# Related options:
+#
+# * ``compute_driver``: Only the libvirt driver uses this option.
+# (boolean value)
+#force_raw_images=true
+
+#
+# Name of the mkfs commands for ephemeral device.
+#
+# The format is <os_type>=<mkfs command>
+# (multi valued)
+#virt_mkfs =
+
+#
+# Enable resizing of filesystems via a block device.
+#
+# If enabled, attempt to resize the filesystem by accessing the image over a
+# block device. This is done by the host and may not be necessary if the image
+# contains a recent version of cloud-init. Possible mechanisms require the nbd
+# driver (for qcow and raw), or loop (for raw).
+# (boolean value)
+#resize_fs_using_block_device=false
+
+# Amount of time, in seconds, to wait for NBD device start up. (integer value)
+# Minimum value: 0
+#timeout_nbd=10
+
+#
+# Location of cached images.
+#
+# This is NOT the full path - just a folder name relative to '$instances_path'.
+# For per-compute-host cached images, set to '_base_$my_ip'
+# (string value)
+#image_cache_subdirectory_name=_base
+
+# Should unused base images be removed? (boolean value)
+#remove_unused_base_images=true
+
+#
+# Unused unresized base images younger than this will not be removed.
+# (integer value)
+#remove_unused_original_minimum_age_seconds=86400
+
+#
+# Generic property to specify the pointer type.
+#
+# Input devices allow interaction with a graphical framebuffer. For
+# example to provide a graphic tablet for absolute cursor movement.
+#
+# If set, the 'hw_pointer_model' image property takes precedence over
+# this configuration option.
+#
+# Possible values:
+#
+# * None: Uses default behavior provided by drivers (mouse on PS2 for
+# libvirt x86)
+# * ps2mouse: Uses relative movement. Mouse connected by PS2
+# * usbtablet: Uses absolute movement. Tablet connect by USB
+#
+# Related options:
+#
+# * usbtablet must be configured with VNC enabled or SPICE enabled and SPICE
+# agent disabled. When used with libvirt the instance mode should be
+# configured as HVM.
+# (string value)
+# Allowed values: <None>, ps2mouse, usbtablet
+#pointer_model=usbtablet
+
+#
+# Defines which physical CPUs (pCPUs) can be used by instance
+# virtual CPUs (vCPUs).
+#
+# Possible values:
+#
+# * A comma-separated list of physical CPU numbers that virtual CPUs can be
+# allocated to by default. Each element should be either a single CPU number,
+# a range of CPU numbers, or a caret followed by a CPU number to be
+# excluded from a previous range. For example:
+#
+# vcpu_pin_set = "4-12,^8,15"
+# (string value)
+#vcpu_pin_set=<None>
+
+#
+# Number of huge/large memory pages to reserved per NUMA host cell.
+#
+# Possible values:
+#
+# * A list of valid key=value which reflect NUMA node ID, page size
+# (Default unit is KiB) and number of pages to be reserved.
+#
+# reserved_huge_pages = node:0,size:2048,count:64
+# reserved_huge_pages = node:1,size:1GB,count:1
+#
+# In this example we are reserving on NUMA node 0 64 pages of 2MiB
+# and on NUMA node 1 1 page of 1GiB.
+# (dict value)
+#reserved_huge_pages=<None>
+
+#
+# Amount of disk resources in MB to make them always available to host. The
+# disk usage gets reported back to the scheduler from nova-compute running
+# on the compute nodes. To prevent the disk resources from being considered
+# as available, this option can be used to reserve disk space for that host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of disk in MB to reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_disk_mb=0
+
+#
+# Amount of memory in MB to reserve for the host so that it is always available
+# to host processes. The host resources usage is reported back to the scheduler
+# continuously from nova-compute running on the compute node. To prevent the
+# host
+# memory from being considered as available, this option is used to reserve
+# memory for the host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of memory in MB to reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_memory_mb=512
+
+#
+# This option helps you specify virtual CPU to physical CPU allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the CoreFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the CoreFilter.
+#
+# This configuration specifies ratio for CoreFilter which can be set
+# per compute node. For AggregateCoreFilter, it will fall back to this
+# configuration value if no per-aggregate setting is found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used
+# and defaulted to 16.0'.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#cpu_allocation_ratio=0.0
+cpu_allocation_ratio={{ controller.cpu_allocation_ratio }}
+
+#
+# This option helps you specify virtual RAM to physical RAM
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the RamFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the RamFilter.
+#
+# This configuration specifies ratio for RamFilter which can be set
+# per compute node. For AggregateRamFilter, it will fall back to this
+# configuration value if no per-aggregate setting found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.5.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#ram_allocation_ratio=0.0
+ram_allocation_ratio = {{ controller.ram_allocation_ratio }}
+
+#
+# This option helps you specify virtual disk to physical disk
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the DiskFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the DiskFilter.
+#
+# A ratio greater than 1.0 will result in over-subscription of the
+# available physical disk, which can be useful for more
+# efficiently packing instances created with images that do not
+# use the entire virtual disk, such as sparse or compressed
+# images. It can be set to a value between 0.0 and 1.0 in order
+# to preserve a percentage of the disk for uses other than
+# instances.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.0'.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#disk_allocation_ratio=0.0
+disk_allocation_ratio = {{ controller.disk_allocation_ratio }}
+
+#
+# Console proxy host to be used to connect to instances on this host. It is the
+# publicly visible name for the console host.
+#
+# Possible values:
+#
+# * Current hostname (default) or any string representing hostname.
+# (string value)
+#console_host=socket.gethostname()
+
+#
+# Name of the network to be used to set access IPs for instances. If there are
+# multiple IPs to choose from, an arbitrary one will be chosen.
+#
+# Possible values:
+#
+# * None (default)
+# * Any string representing network name.
+# (string value)
+#default_access_ip_network_name=<None>
+
+#
+# Whether to batch up the application of IPTables rules during a host restart
+# and apply all at the end of the init phase.
+# (boolean value)
+#defer_iptables_apply=false
+
+#
+# Specifies where instances are stored on the hypervisor's disk.
+# It can point to locally attached storage or a directory on NFS.
+#
+# Possible values:
+#
+# * $state_path/instances where state_path is a config option that specifies
+# the top-level directory for maintaining nova's state. (default) or
+# Any string representing directory path.
+# (string value)
+#instances_path=$state_path/instances
+
+#
+# This option enables periodic compute.instance.exists notifications. Each
+# compute node must be configured to generate system usage data. These
+# notifications are consumed by OpenStack Telemetry service.
+# (boolean value)
+#instance_usage_audit=false
+
+#
+# Maximum number of 1 second retries in live_migration. It specifies number
+# of retries to iptables when it complains. It happens when an user continuously
+# sends live-migration request to same host leading to concurrent request
+# to iptables.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#live_migration_retry_count=30
+
+#
+# This option specifies whether to start guests that were running before the
+# host rebooted. It ensures that all of the instances on a Nova compute node
+# resume their state each time the compute node boots or restarts.
+# (boolean value)
+#resume_guests_state_on_host_boot=false
+resume_guests_state_on_host_boot=true
+
+#
+# Number of times to retry network allocation. It is required to attempt network
+# allocation retries if the virtual interface plug fails.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#network_allocate_retries=0
+
+#
+# Limits the maximum number of instance builds to run concurrently by
+# nova-compute. Compute service can attempt to build an infinite number of
+# instances, if asked to do so. This limit is enforced to avoid building
+# unlimited instance concurrently on a compute node. This value can be set
+# per compute node.
+#
+# Possible Values:
+#
+# * 0 : treated as unlimited.
+# * Any positive integer representing maximum concurrent builds.
+# (integer value)
+# Minimum value: 0
+#max_concurrent_builds=10
+
+#
+# Maximum number of live migrations to run concurrently. This limit is enforced
+# to avoid outbound live migrations overwhelming the host/network and causing
+# failures. It is not recommended that you change this unless you are very sure
+# that doing so is safe and stable in your environment.
+#
+# Possible values:
+#
+# * 0 : treated as unlimited.
+# * Negative value defaults to 0.
+# * Any positive integer representing maximum number of live migrations
+# to run concurrently.
+# (integer value)
+#max_concurrent_live_migrations=1
+
+#
+# Number of times to retry block device allocation on failures. Starting with
+# Liberty, Cinder can use image volume cache. This may help with block device
+# allocation performance. Look at the cinder image_volume_cache_enabled
+# configuration option.
+#
+# Possible values:
+#
+# * 60 (default)
+# * If value is 0, then one attempt is made.
+# * Any negative value is treated as 0.
+# * For any value > 0, total attempts are (value + 1)
+# (integer value)
+#block_device_allocate_retries=60
+block_device_allocate_retries=600
+
+#
+# Number of greenthreads available for use to sync power states.
+#
+# This option can be used to reduce the number of concurrent requests
+# made to the hypervisor or system with real instance power states
+# for performance reasons, for example, with Ironic.
+#
+# Possible values:
+#
+# * Any positive integer representing greenthreads count.
+# (integer value)
+#sync_power_state_pool_size=1000
+
+#
+# Number of seconds to wait between runs of the image cache manager.
+#
+# Possible values:
+# * 0: run at the default rate.
+# * -1: disable
+# * Any other value
+# (integer value)
+# Minimum value: -1
+#image_cache_manager_interval=2400
+
+#
+# Interval to pull network bandwidth usage info.
+#
+# Not supported on all hypervisors. If a hypervisor doesn't support bandwidth
+# usage, it will not get the info in the usage events.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#bandwidth_poll_interval=600
+
+#
+# Interval to sync power states between the database and the hypervisor.
+#
+# The interval that Nova checks the actual virtual machine power state
+# and the power state that Nova has in its database. If a user powers
+# down their VM, Nova updates the API to report the VM has been
+# powered down. Should something turn on the VM unexpectedly,
+# Nova will turn the VM back off to keep the system in the expected
+# state.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * If ``handle_virt_lifecycle_events`` in workarounds_group is
+# false and this option is negative, then instances that get out
+# of sync between the hypervisor and the Nova database will have
+# to be synchronized manually.
+# (integer value)
+#sync_power_state_interval=600
+
+#
+# Interval between instance network information cache updates.
+#
+# Number of seconds after which each compute node runs the task of
+# querying Neutron for all of its instances networking information,
+# then updates the Nova db with that information. Nova will never
+# update it's cache if this option is set to 0. If we don't update the
+# cache, the metadata service and nova-api endpoints will be proxying
+# incorrect network data about the instance. So, it is not recommended
+# to set this option to 0.
+#
+# Possible values:
+#
+# * Any positive integer in seconds.
+# * Any value <=0 will disable the sync. This is not recommended.
+# (integer value)
+#heal_instance_info_cache_interval=60
+
+#
+# Interval for reclaiming deleted instances.
+#
+# A value greater than 0 will enable SOFT_DELETE of instances.
+# This option decides whether the server to be deleted will be put into
+# the SOFT_DELETED state. If this value is greater than 0, the deleted
+# server will not be deleted immediately, instead it will be put into
+# a queue until it's too old (deleted time greater than the value of
+# reclaim_instance_interval). The server can be recovered from the
+# delete queue by using the restore action. If the deleted server remains
+# longer than the value of reclaim_instance_interval, it will be
+# deleted by a periodic task in the compute service automatically.
+#
+# Note that this option is read from both the API and compute nodes, and
+# must be set globally otherwise servers could be put into a soft deleted
+# state in the API and never actually reclaimed (deleted) on the compute
+# node.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#reclaim_instance_interval=0
+
+#
+# Interval for gathering volume usages.
+#
+# This option updates the volume usage cache for every
+# volume_usage_poll_interval number of seconds.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#volume_usage_poll_interval=0
+
+#
+# Interval for polling shelved instances to offload.
+#
+# The periodic task runs for every shelved_poll_interval number
+# of seconds and checks if there are any shelved instances. If it
+# finds a shelved instance, based on the 'shelved_offload_time' config
+# value it offloads the shelved instances. Check 'shelved_offload_time'
+# config option description for details.
+#
+# Possible values:
+#
+# * Any value <= 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``shelved_offload_time``
+# (integer value)
+#shelved_poll_interval=3600
+
+#
+# Time before a shelved instance is eligible for removal from a host.
+#
+# By default this option is set to 0 and the shelved instance will be
+# removed from the hypervisor immediately after shelve operation.
+# Otherwise, the instance will be kept for the value of
+# shelved_offload_time(in seconds) so that during the time period the
+# unshelve action will be faster, then the periodic task will remove
+# the instance from hypervisor after shelved_offload_time passes.
+#
+# Possible values:
+#
+# * 0: Instance will be immediately offloaded after being
+# shelved.
+# * Any value < 0: An instance will never offload.
+# * Any positive integer in seconds: The instance will exist for
+# the specified number of seconds before being offloaded.
+# (integer value)
+#shelved_offload_time=0
+
+#
+# Interval for retrying failed instance file deletes.
+#
+# This option depends on 'maximum_instance_delete_attempts'.
+# This option specifies how often to retry deletes whereas
+# 'maximum_instance_delete_attempts' specifies the maximum number
+# of retry attempts that can be made.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``maximum_instance_delete_attempts`` from instance_cleaning_opts
+# group.
+# (integer value)
+#instance_delete_interval=300
+
+#
+# Interval (in seconds) between block device allocation retries on failures.
+#
+# This option allows the user to specify the time interval between
+# consecutive retries. 'block_device_allocate_retries' option specifies
+# the maximum number of retries.
+#
+# Possible values:
+#
+# * 0: Disables the option.
+# * Any positive integer in seconds enables the option.
+#
+# Related options:
+#
+# * ``block_device_allocate_retries`` in compute_manager_opts group.
+# (integer value)
+# Minimum value: 0
+#block_device_allocate_retries_interval=3
+block_device_allocate_retries_interval=10
+
+#
+# Interval between sending the scheduler a list of current instance UUIDs to
+# verify that its view of instances is in sync with nova.
+#
+# If the CONF option 'scheduler_tracks_instance_changes' is
+# False, the sync calls will not be made. So, changing this option will
+# have no effect.
+#
+# If the out of sync situations are not very common, this interval
+# can be increased to lower the number of RPC messages being sent.
+# Likewise, if sync issues turn out to be a problem, the interval
+# can be lowered to check more frequently.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * This option has no impact if ``scheduler_tracks_instance_changes``
+# is set to False.
+# (integer value)
+#scheduler_instance_sync_interval=120
+
+#
+# Interval for updating compute resources.
+#
+# This option specifies how often the update_available_resources
+# periodic task should run. A number less than 0 means to disable the
+# task completely. Leaving this at the default of 0 will cause this to
+# run at the default periodic interval. Setting it to any positive
+# value will cause it to run at approximately that number of seconds.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#update_resources_interval=0
+
+#
+# Time interval after which an instance is hard rebooted automatically.
+#
+# When doing a soft reboot, it is possible that a guest kernel is
+# completely hung in a way that causes the soft reboot task
+# to not ever finish. Setting this option to a time period in seconds
+# will automatically hard reboot an instance if it has been stuck
+# in a rebooting state longer than N seconds.
+#
+# Possible values:
+#
+# * 0: Disables the option (default).
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#reboot_timeout=0
+
+#
+# Maximum time in seconds that an instance can take to build.
+#
+# If this timer expires, instance status will be changed to ERROR.
+# Enabling this option will make sure an instance will not be stuck
+# in BUILD state for a longer period.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#instance_build_timeout=0
+
+#
+# Interval to wait before un-rescuing an instance stuck in RESCUE.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#rescue_timeout=0
+
+#
+# Automatically confirm resizes after N seconds.
+#
+# Resize functionality will save the existing server before resizing.
+# After the resize completes, user is requested to confirm the resize.
+# The user has the opportunity to either confirm or revert all
+# changes. Confirm resize removes the original server and changes
+# server status from resized to active. Setting this option to a time
+# period (in seconds) will automatically confirm the resize if the
+# server is in resized state longer than that time.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#resize_confirm_window=0
+
+#
+# Total time to wait in seconds for an instance toperform a clean
+# shutdown.
+#
+# It determines the overall period (in seconds) a VM is allowed to
+# perform a clean shutdown. While performing stop, rescue and shelve,
+# rebuild operations, configuring this option gives the VM a chance
+# to perform a controlled shutdown before the instance is powered off.
+# The default timeout is 60 seconds.
+#
+# The timeout value can be overridden on a per image basis by means
+# of os_shutdown_timeout that is an image metadata setting allowing
+# different types of operating systems to specify how much time they
+# need to shut down cleanly.
+#
+# Possible values:
+#
+# * Any positive integer in seconds (default value is 60).
+# (integer value)
+# Minimum value: 1
+#shutdown_timeout=60
+
+#
+# The compute service periodically checks for instances that have been
+# deleted in the database but remain running on the compute node. The
+# above option enables action to be taken when such instances are
+# identified.
+#
+# Possible values:
+#
+# * reap: Powers down the instances and deletes them(default)
+# * log: Logs warning message about deletion of the resource
+# * shutdown: Powers down instances and marks them as non-
+# bootable which can be later used for debugging/analysis
+# * noop: Takes no action
+#
+# Related options:
+#
+# * running_deleted_instance_poll
+# * running_deleted_instance_timeout
+# (string value)
+# Allowed values: noop, log, shutdown, reap
+#running_deleted_instance_action=reap
+
+#
+# Time interval in seconds to wait between runs for the clean up action.
+# If set to 0, above check will be disabled. If "running_deleted_instance
+# _action" is set to "log" or "reap", a value greater than 0 must be set.
+#
+# Possible values:
+#
+# * Any positive integer in seconds enables the option.
+# * 0: Disables the option.
+# * 1800: Default value.
+#
+# Related options:
+#
+# * running_deleted_instance_action
+# (integer value)
+#running_deleted_instance_poll_interval=1800
+
+#
+# Time interval in seconds to wait for the instances that have
+# been marked as deleted in database to be eligible for cleanup.
+#
+# Possible values:
+#
+# * Any positive integer in seconds(default is 0).
+#
+# Related options:
+#
+# * "running_deleted_instance_action"
+# (integer value)
+#running_deleted_instance_timeout=0
+
+#
+# The number of times to attempt to reap an instance's files.
+#
+# This option specifies the maximum number of retry attempts
+# that can be made.
+#
+# Possible values:
+#
+# * Any positive integer defines how many attempts are made.
+# * Any value <=0 means no delete attempts occur, but you should use
+# ``instance_delete_interval`` to disable the delete attempts.
+#
+# Related options:
+# * ``instance_delete_interval`` in interval_opts group can be used to disable
+# this option.
+# (integer value)
+#maximum_instance_delete_attempts=5
+
+# DEPRECATED:
+# This is the message queue topic that the compute service 'listens' on. It is
+# used when the compute service is started up to configure the queue, and
+# whenever an RPC call to the compute service is made.
+#
+# Possible values:
+#
+# * Any string, but there is almost never any reason to ever change this value
+# from its default of 'compute'.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#compute_topic=compute
+
+#
+# Sets the scope of the check for unique instance names.
+#
+# The default doesn't check for unique names. If a scope for the name check is
+# set, a launch of a new instance or an update of an existing instance with a
+# duplicate name will result in an ''InstanceExists'' error. The uniqueness is
+# case-insensitive. Setting this option can increase the usability for end
+# users as they don't have to distinguish among instances with the same name
+# by their IDs.
+#
+# Possible values:
+#
+# * '': An empty value means that no uniqueness check is done and duplicate
+# names are possible.
+# * "project": The instance name check is done only for instances within the
+# same project.
+# * "global": The instance name check is done for all instances regardless of
+# the project.
+# (string value)
+# Allowed values: '', project, global
+#osapi_compute_unique_server_name_scope =
+
+#
+# Enable new services on this host automatically.
+#
+# When a new service (for example "nova-compute") starts up, it gets
+# registered in the database as an enabled service. Sometimes it can be useful
+# to register new services in disabled state and then enabled them at a later
+# point in time. This option can set this behavior for all services per host.
+#
+# Possible values:
+#
+# * ``True``: Each new service is enabled as soon as it registers itself.
+# * ``False``: Services must be enabled via a REST API call or with the CLI
+# with ``nova service-enable <hostname> <binary>``, otherwise they are not
+# ready to use.
+# (boolean value)
+#enable_new_services=true
+
+#
+# Template string to be used to generate instance names.
+#
+# This template controls the creation of the database name of an instance. This
+# is *not* the display name you enter when creating an instance (via Horizon
+# or CLI). For a new deployment it is advisable to change the default value
+# (which uses the database autoincrement) to another value which makes use
+# of the attributes of an instance, like ``instance-%(uuid)s``. If you
+# already have instances in your deployment when you change this, your
+# deployment will break.
+#
+# Possible values:
+#
+# * A string which either uses the instance database ID (like the
+# default)
+# * A string with a list of named database columns, for example ``%(id)d``
+# or ``%(uuid)s`` or ``%(hostname)s``.
+#
+# Related options:
+#
+# * not to be confused with: ``multi_instance_display_name_template``
+# (string value)
+#instance_name_template=instance-%08x
+
+#
+# Number of times to retry live-migration before failing.
+#
+# Possible values:
+#
+# * If == -1, try until out of hosts (default)
+# * If == 0, only try once, no retries
+# * Integer greater than 0
+# (integer value)
+# Minimum value: -1
+#migrate_max_retries=-1
+
+#
+# Configuration drive format
+#
+# Configuration drive format that will contain metadata attached to the
+# instance when it boots.
+#
+# Possible values:
+#
+# * iso9660: A file system image standard that is widely supported across
+# operating systems. NOTE: Mind the libvirt bug
+# (https://bugs.launchpad.net/nova/+bug/1246201) - If your hypervisor
+# driver is libvirt, and you want live migrate to work without shared storage,
+# then use VFAT.
+# * vfat: For legacy reasons, you can configure the configuration drive to
+# use VFAT format instead of ISO 9660.
+#
+# Related options:
+#
+# * This option is meaningful when one of the following alternatives occur:
+# 1. force_config_drive option set to 'true'
+# 2. the REST API call to create the instance contains an enable flag for
+# config drive option
+# 3. the image used to create the instance requires a config drive,
+# this is defined by img_config_drive property for that image.
+# * A compute node running Hyper-V hypervisor can be configured to attach
+# configuration drive as a CD drive. To attach the configuration drive as a CD
+# drive, set config_drive_cdrom option at hyperv section, to true.
+# (string value)
+# Allowed values: iso9660, vfat
+#config_drive_format=iso9660
+
+#
+# Force injection to take place on a config drive
+#
+# When this option is set to true configuration drive functionality will be
+# forced enabled by default, otherwise user can still enable configuration
+# drives via the REST API or image metadata properties.
+#
+# Possible values:
+#
+# * True: Force to use of configuration drive regardless the user's input in the
+# REST API call.
+# * False: Do not force use of configuration drive. Config drives can still be
+# enabled via the REST API or image metadata properties.
+#
+# Related options:
+#
+# * Use the 'mkisofs_cmd' flag to set the path where you install the
+# genisoimage program. If genisoimage is in same path as the
+# nova-compute service, you do not need to set this flag.
+# * To use configuration drive with Hyper-V, you must set the
+# 'mkisofs_cmd' value to the full path to an mkisofs.exe installation.
+# Additionally, you must set the qemu_img_cmd value in the hyperv
+# configuration section to the full path to an qemu-img command
+# installation.
+# (boolean value)
+#force_config_drive=false
+
+#
+# Name or path of the tool used for ISO image creation
+#
+# Use the mkisofs_cmd flag to set the path where you install the genisoimage
+# program. If genisoimage is on the system path, you do not need to change
+# the default value.
+#
+# To use configuration drive with Hyper-V, you must set the mkisofs_cmd value
+# to the full path to an mkisofs.exe installation. Additionally, you must set
+# the qemu_img_cmd value in the hyperv configuration section to the full path
+# to an qemu-img command installation.
+#
+# Possible values:
+#
+# * Name of the ISO image creator program, in case it is in the same directory
+# as the nova-compute service
+# * Path to ISO image creator program
+#
+# Related options:
+#
+# * This option is meaningful when config drives are enabled.
+# * To use configuration drive with Hyper-V, you must set the qemu_img_cmd
+# value in the hyperv configuration section to the full path to an qemu-img
+# command installation.
+# (string value)
+#mkisofs_cmd=genisoimage
+
+# DEPRECATED:
+# nova-console-proxy is used to set up multi-tenant VM console access.
+# This option allows pluggable driver program for the console session
+# and represents driver to use for the console proxy.
+#
+# Possible values:
+#
+# * A string representing fully classified class name of console driver.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option no longer does anything. Previously this option had only two
+# valid,
+# in-tree values: nova.console.xvp.XVPConsoleProxy and
+# nova.console.fake.FakeConsoleProxy. The latter of these was only used in tests
+# and has since been replaced.
+#console_driver=nova.console.xvp.XVPConsoleProxy
+
+# DEPRECATED:
+# Represents the message queue topic name used by nova-console
+# service when communicating via the AMQP server. The Nova API uses a message
+# queue to communicate with nova-console to retrieve a console URL for that
+# host.
+#
+# Possible values:
+#
+# * A string representing topic exchange name
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#console_topic=console
+
+# DEPRECATED:
+# This option allows you to change the message topic used by nova-consoleauth
+# service when communicating via the AMQP server. Nova Console Authentication
+# server authenticates nova consoles. Users can then access their instances
+# through VNC clients. The Nova API service uses a message queue to
+# communicate with nova-consoleauth to get a VNC console.
+#
+# Possible Values:
+#
+# * 'consoleauth' (default) or Any string representing topic exchange name.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#consoleauth_topic=consoleauth
+
+# DEPRECATED: The driver to use for database access (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+#db_driver=nova.db
+
+# DEPRECATED:
+# Default flavor to use for the EC2 API only.
+# The Nova API does not support a default flavor.
+# (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The EC2 API is deprecated.
+#default_flavor=m1.small
+
+#
+# Default pool for floating IPs.
+#
+# This option specifies the default floating IP pool for allocating floating
+# IPs.
+#
+# While allocating a floating ip, users can optionally pass in the name of the
+# pool they want to allocate from, otherwise it will be pulled from the
+# default pool.
+#
+# If this option is not set, then 'nova' is used as default floating pool.
+#
+# Possible values:
+#
+# * Any string representing a floating IP pool name
+# (string value)
+#default_floating_pool=nova
+
+# DEPRECATED:
+# Autoassigning floating IP to VM
+#
+# When set to True, floating IP is auto allocated and associated
+# to the VM upon creation.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#auto_assign_floating_ip=false
+use_neutron = True
+
+# DEPRECATED:
+# Full class name for the DNS Manager for floating IPs.
+#
+# This option specifies the class of the driver that provides functionality
+# to manage DNS entries associated with floating IPs.
+#
+# When a user adds a DNS entry for a specified domain to a floating IP,
+# nova will add a DNS entry using the specified floating DNS driver.
+# When a floating IP is deallocated, its DNS entry will automatically be
+# deleted.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#floating_ip_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# Full class name for the DNS Manager for instance IPs.
+#
+# This option specifies the class of the driver that provides functionality
+# to manage DNS entries for instances.
+#
+# On instance creation, nova will add DNS entries for the instance name and
+# id, using the specified instance DNS driver and domain. On instance deletion,
+# nova will remove the DNS entries.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#instance_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# If specified, Nova checks if the availability_zone of every instance matches
+# what the database says the availability_zone should be for the specified
+# dns_domain.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#instance_dns_domain =
+
+#
+# Abstracts out IPv6 address generation to pluggable backends.
+#
+# nova-network can be put into dual-stack mode, so that it uses
+# both IPv4 and IPv6 addresses. In dual-stack mode, by default, instances
+# acquire IPv6 global unicast addresses with the help of stateless address
+# auto-configuration mechanism.
+#
+# Related options:
+#
+# * use_neutron: this option only works with nova-network.
+# * use_ipv6: this option only works if ipv6 is enabled for nova-network.
+# (string value)
+# Allowed values: rfc2462, account_identifier
+#ipv6_backend=rfc2462
+
+#
+# The IP address which the host is using to connect to the management network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IPv4 address of this host.
+#
+# Related options:
+#
+# * metadata_host
+# * my_block_storage_ip
+# * routing_source_ip
+# * vpn_ip
+# (string value)
+#my_ip=10.89.104.70
+my_ip={{ controller.bind.private_address }}
+
+#
+# The IP address which is used to connect to the block storage network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IP address of this host.
+#
+# Related options:
+#
+# * my_ip - if my_block_storage_ip is not set, then my_ip value is used.
+# (string value)
+#my_block_storage_ip=$my_ip
+
+#
+# Hostname, FQDN or IP address of this host. Must be valid within AMQP key.
+#
+# Possible values:
+#
+# * String with hostname, FQDN or IP address. Default is hostname of this host.
+# (string value)
+#host=lcy01-22
+
+#
+# Assign IPv6 and IPv4 addresses when creating instances.
+#
+# Related options:
+#
+# * use_neutron: this only works with nova-network.
+# (boolean value)
+#use_ipv6=false
+
+#
+# This option is a list of full paths to one or more configuration files for
+# dhcpbridge. In most cases the default path of '/etc/nova/nova-dhcpbridge.conf'
+# should be sufficient, but if you have special needs for configuring
+# dhcpbridge,
+# you can change or add to this list.
+#
+# Possible values
+#
+# A list of strings, where each string is the full path to a dhcpbridge
+# configuration file.
+# (multi valued)
+dhcpbridge_flagfile=/etc/nova/nova.conf
+
+#
+# The location where the network configuration files will be kept. The default
+# is
+# the 'networks' directory off of the location where nova's Python module is
+# installed.
+#
+# Possible values
+#
+# A string containing the full path to the desired configuration directory
+# (string value)
+#networks_path=$state_path/networks
+
+#
+# This is the name of the network interface for public IP addresses. The default
+# is 'eth0'.
+#
+# Possible values:
+#
+# Any string representing a network interface name
+# (string value)
+#public_interface=eth0
+
+#
+# The location of the binary nova-dhcpbridge. By default it is the binary named
+# 'nova-dhcpbridge' that is installed with all the other nova binaries.
+#
+# Possible values:
+#
+# Any string representing the full path to the binary for dhcpbridge
+# (string value)
+dhcpbridge=/usr/bin/nova-dhcpbridge
+
+#
+# This is the public IP address of the network host. It is used when creating a
+# SNAT rule.
+#
+# Possible values:
+#
+# Any valid IP address
+#
+# Related options:
+#
+# force_snat_range
+# (string value)
+#routing_source_ip=$my_ip
+
+#
+# The lifetime of a DHCP lease, in seconds. The default is 86400 (one day).
+#
+# Possible values:
+#
+# Any positive integer value.
+# (integer value)
+# Minimum value: 1
+#dhcp_lease_time=86400
+
+#
+# Despite the singular form of the name of this option, it is actually a list of
+# zero or more server addresses that dnsmasq will use for DNS nameservers. If
+# this is not empty, dnsmasq will not read /etc/resolv.conf, but will only use
+# the servers specified in this option. If the option use_network_dns_servers is
+# True, the dns1 and dns2 servers from the network will be appended to this
+# list,
+# and will be used as DNS servers, too.
+#
+# Possible values:
+#
+# A list of strings, where each string is either an IP address or a FQDN.
+#
+# Related options:
+#
+# use_network_dns_servers
+# (multi valued)
+#dns_server =
+
+#
+# When this option is set to True, the dns1 and dns2 servers for the network
+# specified by the user on boot will be used for DNS, as well as any specified
+# in
+# the `dns_server` option.
+#
+# Related options:
+#
+# dns_server
+# (boolean value)
+#use_network_dns_servers=false
+
+#
+# This option is a list of zero or more IP address ranges in your network's DMZ
+# that should be accepted.
+#
+# Possible values:
+#
+# A list of strings, each of which should be a valid CIDR.
+# (list value)
+#dmz_cidr =
+
+#
+# This is a list of zero or more IP ranges that traffic from the
+# `routing_source_ip` will be SNATted to. If the list is empty, then no SNAT
+# rules are created.
+#
+# Possible values:
+#
+# A list of strings, each of which should be a valid CIDR.
+#
+# Related options:
+#
+# routing_source_ip
+# (multi valued)
+#force_snat_range =
+
+#
+# The path to the custom dnsmasq configuration file, if any.
+#
+# Possible values:
+#
+# The full path to the configuration file, or an empty string if there is no
+# custom dnsmasq configuration file.
+# (string value)
+#dnsmasq_config_file =
+
+#
+# This is the class used as the ethernet device driver for linuxnet bridge
+# operations. The default value should be all you need for most cases, but if
+# you
+# wish to use a customized class, set this option to the full dot-separated
+# import path for that class.
+#
+# Possible values:
+#
+# Any string representing a dot-separated class path that Nova can import.
+# (string value)
+#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
+
+#
+# The name of the Open vSwitch bridge that is used with linuxnet when connecting
+# with Open vSwitch."
+#
+# Possible values:
+#
+# Any string representing a valid bridge name.
+# (string value)
+#linuxnet_ovs_integration_bridge=br-int
+
+#
+# When True, when a device starts up, and upon binding floating IP addresses,
+# arp
+# messages will be sent to ensure that the arp caches on the compute hosts are
+# up-to-date.
+#
+# Related options:
+#
+# send_arp_for_ha_count
+# (boolean value)
+#send_arp_for_ha=false
+
+#
+# When arp messages are configured to be sent, they will be sent with the count
+# set to the value of this option. Of course, if this is set to zero, no arp
+# messages will be sent.
+#
+# Possible values:
+#
+# Any integer greater than or equal to 0
+#
+# Related options:
+#
+# send_arp_for_ha
+# (integer value)
+#send_arp_for_ha_count=3
+
+#
+# When set to True, only the firt nic of a VM will get its default gateway from
+# the DHCP server.
+# (boolean value)
+#use_single_default_gateway=false
+
+#
+# One or more interfaces that bridges can forward traffic to. If any of the
+# items
+# in this list is the special keyword 'all', then all traffic will be forwarded.
+#
+# Possible values:
+#
+# A list of zero or more interface names, or the word 'all'.
+# (multi valued)
+#forward_bridge_interface=all
+
+#
+# This option determines the IP address for the network metadata API server.
+#
+# Possible values:
+#
+# * Any valid IP address. The default is the address of the Nova API server.
+#
+# Related options:
+#
+# * metadata_port
+# (string value)
+#metadata_host=$my_ip
+
+#
+# This option determines the port used for the metadata API server.
+#
+# Related options:
+#
+# * metadata_host
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_port=8775
+
+#
+# This expression, if defined, will select any matching iptables rules and place
+# them at the top when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty string
+#
+# Related options:
+#
+# * iptables_bottom_regex
+# (string value)
+#iptables_top_regex =
+
+#
+# This expression, if defined, will select any matching iptables rules and place
+# them at the bottom when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty string
+#
+# Related options:
+#
+# * iptables_top_regex
+# (string value)
+#iptables_bottom_regex =
+
+#
+# By default, packets that do not pass the firewall are DROPped. In many cases,
+# though, an operator may find it more useful to change this from DROP to
+# REJECT,
+# so that the user issuing those packets may have a better idea as to what's
+# going on, or LOGDROP in order to record the blocked traffic before DROPping.
+#
+# Possible values:
+#
+# * A string representing an iptables chain. The default is DROP.
+# (string value)
+#iptables_drop_action=DROP
+
+#
+# This option represents the period of time, in seconds, that the ovs_vsctl
+# calls
+# will wait for a response from the database before timing out. A setting of 0
+# means that the utility should wait forever for a response.
+#
+# Possible values:
+#
+# * Any positive integer if a limited timeout is desired, or zero if the
+# calls should wait forever for a response.
+# (integer value)
+# Minimum value: 0
+#ovs_vsctl_timeout=120
+
+#
+# This option is used mainly in testing to avoid calls to the underlying network
+# utilities.
+# (boolean value)
+#fake_network=false
+
+#
+# This option determines the number of times to retry ebtables commands before
+# giving up. The minimum number of retries is 1.
+#
+# Possible values:
+#
+# * Any positive integer
+#
+# Related options:
+#
+# * ebtables_retry_interval
+# (integer value)
+# Minimum value: 1
+#ebtables_exec_attempts=3
+
+#
+# This option determines the time, in seconds, that the system will sleep in
+# between ebtables retries. Note that each successive retry waits a multiple of
+# this value, so for example, if this is set to the default of 1.0 seconds, and
+# ebtables_exec_attempts is 4, after the first failure, the system will sleep
+# for
+# 1 * 1.0 seconds, after the second failure it will sleep 2 * 1.0 seconds, and
+# after the third failure it will sleep 3 * 1.0 seconds.
+#
+# Possible values:
+#
+# * Any non-negative float or integer. Setting this to zero will result in
+# no
+# waiting between attempts.
+#
+# Related options:
+#
+# * ebtables_exec_attempts
+# (floating point value)
+#ebtables_retry_interval=1.0
+
+#
+# This option determines whether the network setup information is injected into
+# the VM before it is booted. While it was originally designed to be used only
+# by
+# nova-network, it is also used by the vmware and xenapi virt drivers to control
+# whether network information is injected into a VM.
+# (boolean value)
+#flat_injected=false
+
+# DEPRECATED:
+# This option determines the bridge used for simple network interfaces when no
+# bridge is specified in the VM creation request.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any string representing a valid network bridge, such as 'br100'
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#flat_network_bridge=<None>
+
+# DEPRECATED:
+# This is the address of the DNS server for a simple network. If this option is
+# not specified, the default of '8.8.4.4' is used.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IP address.
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#flat_network_dns=8.8.4.4
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which the bridge
+# will be built. While it was originally designed to be used only by
+# nova-network, it is also used by libvirt for the bridge interface name.
+#
+# Possible values:
+#
+# Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#flat_interface=<None>
+
+# DEPRECATED:
+# This is the VLAN number used for private networks. Note that the when creating
+# the networks, if the specified number has already been assigned, nova-network
+# will increment this number until it finds an available VLAN.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment. It also will be ignored if the configuration
+# option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any integer between 1 and 4094. Values outside of that range will raise a
+# ValueError exception. Default = 100.
+#
+# Related options:
+#
+# ``network_manager``, ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# Maximum value: 4094
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#vlan_start=100
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which the VLAN
+# bridge will be built. While it was originally designed to be used only by
+# nova-network, it is also used by libvirt and xenapi for the bridge interface
+# name.
+#
+# Please note that this setting will be ignored in nova-network if the
+# configuration option for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options. While
+# this option has an effect when using neutron, it incorrectly override the
+# value
+# provided by neutron and should therefore not be used.
+#vlan_interface=<None>
+
+# DEPRECATED:
+# This option represents the number of networks to create if not explicitly
+# specified when the network is created. The only time this is used is if a CIDR
+# is specified, but an explicit network_size is not. In that case, the subnets
+# are created by diving the IP address space of the CIDR by num_networks. The
+# resulting subnet sizes cannot be larger than the configuration option
+# `network_size`; in that event, they are reduced to `network_size`, and a
+# warning is logged.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any positive integer is technically valid, although there are practical
+# limits based upon available IP address space and virtual interfaces. The
+# default is 1.
+#
+# Related options:
+#
+# ``use_neutron``, ``network_size``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#num_networks=1
+
+# DEPRECATED:
+# This is the public IP address for the cloudpipe VPN servers. It defaults to
+# the
+# IP address of the host.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment. It also will be ignored if the configuration
+# option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any valid IP address. The default is $my_ip, the IP address of the VM.
+#
+# Related options:
+#
+# ``network_manager``, ``use_neutron``, ``vpn_start``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#vpn_ip=$my_ip
+
+# DEPRECATED:
+# This is the port number to use as the first VPN port for private networks.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment. It also will be ignored if the configuration
+# option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager', or if you specify a value the 'vpn_start'
+# parameter when creating a network.
+#
+# Possible values:
+#
+# Any integer representing a valid port number. The default is 1000.
+#
+# Related options:
+#
+# ``use_neutron``, ``vpn_ip``, ``network_manager``
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#vpn_start=1000
+
+# DEPRECATED:
+# This option determines the number of addresses in each private subnet.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any positive integer that is less than or equal to the available network
+# size. Note that if you are creating multiple networks, they must all fit
+# in
+# the available IP address space. The default is 256.
+#
+# Related options:
+#
+# ``use_neutron``, ``num_networks``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#network_size=256
+
+# DEPRECATED:
+# This option determines the fixed IPv6 address block when creating a network.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IPv6 CIDR. The default value is "fd00::/48".
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#fixed_range_v6=fd00::/48
+
+# DEPRECATED:
+# This is the default IPv4 gateway. It is used only in the testing suite.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IP address.
+#
+# Related options:
+#
+# ``use_neutron``, ``gateway_v6``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#gateway=<None>
+
+# DEPRECATED:
+# This is the default IPv6 gateway. It is used only in the testing suite.
+#
+# Please note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# Any valid IP address.
+#
+# Related options:
+#
+# ``use_neutron``, ``gateway``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#gateway_v6=<None>
+
+# DEPRECATED:
+# This option represents the number of IP addresses to reserve at the top of the
+# address range for VPN clients. It also will be ignored if the configuration
+# option for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# Any integer, 0 or greater. The default is 0.
+#
+# Related options:
+#
+# ``use_neutron``, ``network_manager``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#cnt_vpn_clients=0
+
+# DEPRECATED:
+# This is the number of seconds to wait before disassociating a deallocated
+# fixed
+# IP address. This is only used with the nova-network service, and has no effect
+# when using neutron for networking.
+#
+# Possible values:
+#
+# Any integer, zero or greater. The default is 600 (10 minutes).
+#
+# Related options:
+#
+# ``use_neutron``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#fixed_ip_disassociate_timeout=600
+
+# DEPRECATED:
+# This option determines how many times nova-network will attempt to create a
+# unique MAC address before giving up and raising a
+# `VirtualInterfaceMacAddressException` error.
+#
+# Possible values:
+#
+# Any positive integer. The default is 5.
+#
+# Related options:
+#
+# ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#create_unique_mac_address_attempts=5
+
+# DEPRECATED:
+# Determines whether unused gateway devices, both VLAN and bridge, are deleted
+# if
+# the network is in nova-network VLAN mode and is multi-hosted.
+#
+# Related options:
+#
+# ``use_neutron``, ``vpn_ip``, ``fake_network``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#teardown_unused_network_gateway=false
+
+# DEPRECATED:
+# When this option is True, a call is made to release the DHCP for the instance
+# when that instance is terminated.
+#
+# Related options:
+#
+# ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+force_dhcp_release=true
+
+# DEPRECATED:
+# When this option is True, whenever a DNS entry must be updated, a fanout cast
+# message is sent to all network hosts to update their DNS entries in multi-host
+# mode.
+#
+# Related options:
+#
+# ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#update_dns_entries=false
+
+# DEPRECATED:
+# This option determines the time, in seconds, to wait between refreshing DNS
+# entries for the network.
+#
+# Possible values:
+#
+# Either -1 (default), or any positive integer. A negative value will
+# disable
+# the updates.
+#
+# Related options:
+#
+# ``use_neutron``
+# (integer value)
+# Minimum value: -1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#dns_update_periodic_interval=-1
+
+# DEPRECATED:
+# This option allows you to specify the domain for the DHCP server.
+#
+# Possible values:
+#
+# Any string that is a valid domain name.
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#dhcp_domain=novalocal
+
+# DEPRECATED:
+# This option allows you to specify the L3 management library to be used.
+#
+# Possible values:
+#
+# Any dot-separated string that represents the import path to an L3
+# networking library.
+#
+# Related options:
+#
+# ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#l3_lib=nova.network.l3.LinuxNetL3
+
+# DEPRECATED:
+# THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK.
+#
+# If True in multi_host mode, all compute hosts share the same dhcp address. The
+# same IP address used for DHCP will be added on each nova-network node which is
+# only visible to the VMs on the same host.
+#
+# The use of this configuration has been deprecated and may be removed in any
+# release after Mitaka. It is recommended that instead of relying on this
+# option,
+# an explicit value should be passed to 'create_networks()' as a keyword
+# argument
+# with the name 'share_address'.
+# (boolean value)
+# This option is deprecated for removal since 2014.2.
+# Its value may be silently ignored in the future.
+#share_dhcp_address=false
+
+# DEPRECATED: Whether to use Neutron or Nova Network as the back end for
+# networking. Defaults to False (indicating Nova network).Set to True to use
+# neutron. (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#use_neutron=true
+
+#
+# URL for LDAP server which will store DNS entries
+#
+# Possible values:
+#
+# * A valid LDAP URL representing the server
+# (uri value)
+#ldap_dns_url=ldap://ldap.example.com:389
+
+# Bind user for LDAP server (string value)
+#ldap_dns_user=uid=admin,ou=people,dc=example,dc=org
+
+# Bind user's password for LDAP server (string value)
+#ldap_dns_password=password
+
+#
+# Hostmaster for LDAP DNS driver Statement of Authority
+#
+# Possible values:
+#
+# * Any valid string representing LDAP DNS hostmaster.
+# (string value)
+#ldap_dns_soa_hostmaster=hostmaster@example.org
+
+#
+# DNS Servers for LDAP DNS driver
+#
+# Possible values:
+#
+# * A valid URL representing a DNS server
+# (multi valued)
+#ldap_dns_servers=dns.example.org
+
+#
+# Base distinguished name for the LDAP search query
+#
+# This option helps to decide where to look up the host in LDAP.
+# (string value)
+#ldap_dns_base_dn=ou=hosts,dc=example,dc=org
+
+#
+# Refresh interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server waits before requesting for
+# primary DNS server's current SOA record. If the records are different,
+# secondary DNS server will request a zone transfer from primary.
+#
+# NOTE: Lower values would cause more traffic.
+# (integer value)
+#ldap_dns_soa_refresh=1800
+
+#
+# Retry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server should wait, if an
+# attempt to transfer zone failed during the previous refresh interval.
+# (integer value)
+#ldap_dns_soa_retry=3600
+
+#
+# Expiry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server holds the information
+# before it is no longer considered authoritative.
+# (integer value)
+#ldap_dns_soa_expiry=86400
+
+#
+# Minimum interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# It is Minimum time-to-live applies for all resource records in the
+# zone file. This value is supplied to other servers how long they
+# should keep the data in cache.
+# (integer value)
+#ldap_dns_soa_minimum=7200
+
+# DEPRECATED: The topic network nodes listen on (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#network_topic=network
+
+# DEPRECATED:
+# Default value for multi_host in networks.
+#
+# nova-network service can operate in a multi-host or single-host mode.
+# In multi-host mode each compute node runs a copy of nova-network and the
+# instances on that compute node use the compute node as a gateway to the
+# Internet. Where as in single-host mode, a central server runs the nova-network
+# service. All compute nodes forward traffic from the instances to the
+# cloud controller which then forwards traffic to the Internet.
+#
+# If this options is set to true, some rpc network calls will be sent directly
+# to host.
+#
+# Note that this option is only used when using nova-network instead of
+# Neutron in your deployment.
+#
+# Related options:
+#
+# * use_neutron
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#multi_host=false
+
+# DEPRECATED:
+# Driver to use for network creation.
+#
+# Network driver initializes (creates bridges and so on) only when the
+# first VM lands on a host node. All network managers configure the
+# network using network drivers. The driver is not tied to any particular
+# network manager.
+#
+# The default Linux driver implements vlans, bridges, and iptables rules
+# using linux utilities.
+#
+# Note that this option is only used when using nova-network instead
+# of Neutron in your deployment.
+#
+# Related options:
+#
+# * use_neutron
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#network_driver=nova.network.linux_net
+
+#
+# Firewall driver to use with ``nova-network`` service.
+#
+# This option only applies when using the ``nova-network`` service. When using
+# another networking services, such as Neutron, this should be to set to the
+# ``nova.virt.firewall.NoopFirewallDriver``.
+#
+# If unset (the default), this will default to the hypervisor-specified
+# default driver.
+#
+# Possible values:
+#
+# * nova.virt.firewall.IptablesFirewallDriver
+# * nova.virt.firewall.NoopFirewallDriver
+# * nova.virt.libvirt.firewall.IptablesFirewallDriver
+# * [...]
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-network``
+# networking
+# (string value)
+#firewall_driver=<None>
+firewall_driver=nova.virt.firewall.NoopFirewallDriver
+
+#
+# Determine whether to allow network traffic from same network.
+#
+# When set to true, hosts on the same subnet are not filtered and are allowed
+# to pass all types of traffic between them. On a flat network, this allows
+# all instances from all projects unfiltered communication. With VLAN
+# networking, this allows access between instances within the same project.
+#
+# This option only applies when using the ``nova-network`` service. When using
+# another networking services, such as Neutron, security groups or other
+# approaches should be used.
+#
+# Possible values:
+#
+# * True: Network traffic should be allowed pass between all instances on the
+# same network, regardless of their tenant and security policies
+# * False: Network traffic should not be allowed pass between instances unless
+# it is unblocked in a security group
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-network``
+# networking
+# * ``firewall_driver``: This must be set to
+# ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` to ensure the
+# libvirt firewall driver is enabled.
+# (boolean value)
+#allow_same_net_traffic=true
+
+#
+# Filename that will be used for storing websocket frames received
+# and sent by a proxy service (like VNC, spice, serial) running on this host.
+# If this is not set, no recording will be done.
+# (string value)
+#record=<None>
+
+# Run as a background process. (boolean value)
+#daemon=false
+
+# Disallow non-encrypted connections. (boolean value)
+#ssl_only=false
+
+# Set to True if source host is addressed with IPv6. (boolean value)
+#source_is_ipv6=false
+
+# Path to SSL certificate file. (string value)
+#cert=self.pem
+
+# SSL key file (if separate from cert). (string value)
+#key=<None>
+
+#
+# Path to directory with content which will be served by a web server.
+# (string value)
+#web=/usr/share/spice-html5
+
+#
+# The directory where the Nova python modules are installed.
+#
+# This directory is used to store template files for networking and remote
+# console access. It is also the default path for other config options which
+# need to persist Nova internal data. It is very unlikely that you need to
+# change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+#
+# Related options:
+#
+# * ``state_path``
+# (string value)
+#pybasedir=/build/nova-elxmSs/nova-15.0.2
+
+#
+# The directory where the Nova binaries are installed.
+#
+# This option is only relevant if the networking capabilities from Nova are
+# used (see services below). Nova's networking capabilities are targeted to
+# be fully replaced by Neutron in the future. It is very unlikely that you need
+# to change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+# (string value)
+#bindir=/usr/local/bin
+
+#
+# The top-level directory for maintaining Nova's state.
+#
+# This directory is used to store Nova's internal state. It is used by a
+# variety of other config options which derive from this. In some scenarios
+# (for example migrations) it makes sense to use a storage location which is
+# shared between multiple compute hosts (for example via NFS). Unless the
+# option ``instances_path`` gets overwritten, this directory can grow very
+# large.
+#
+# Possible values:
+#
+# * The full path to a directory. Defaults to value provided in ``pybasedir``.
+# (string value)
+state_path=/var/lib/nova
+
+#
+# Number of seconds indicating how frequently the state of services on a
+# given hypervisor is reported. Nova needs to know this to determine the
+# overall health of the deployment.
+#
+# Related Options:
+#
+# * service_down_time
+# report_interval should be less than service_down_time. If service_down_time
+# is less than report_interval, services will routinely be considered down,
+# because they report in too rarely.
+# (integer value)
+#report_interval=10
+report_interval=10
+
+#
+# Maximum time in seconds since last check-in for up service
+#
+# Each compute node periodically updates their database status based on the
+# specified report interval. If the compute node hasn't updated the status
+# for more than service_down_time, then the compute node is considered down.
+#
+# Related Options:
+#
+# * report_interval (service_down_time should not be less than report_interval)
+# (integer value)
+#service_down_time=60
+
+#
+# Enable periodic tasks.
+#
+# If set to true, this option allows services to periodically run tasks
+# on the manager.
+#
+# In case of running multiple schedulers or conductors you may want to run
+# periodic tasks on only one host - in this case disable this option for all
+# hosts but one.
+# (boolean value)
+#periodic_enable=true
+
+#
+# Number of seconds to randomly delay when starting the periodic task
+# scheduler to reduce stampeding.
+#
+# When compute workers are restarted in unison across a cluster,
+# they all end up running the periodic tasks at the same time
+# causing problems for the external services. To mitigate this
+# behavior, periodic_fuzzy_delay option allows you to introduce a
+# random initial delay when starting the periodic task scheduler.
+#
+# Possible Values:
+#
+# * Any positive integer (in seconds)
+# * 0 : disable the random delay
+# (integer value)
+# Minimum value: 0
+#periodic_fuzzy_delay=60
+
+# List of APIs to be enabled by default. (list value)
+enabled_apis=osapi_compute,metadata
+
+#
+# List of APIs with enabled SSL.
+#
+# Nova provides SSL support for the API servers. enabled_ssl_apis option
+# allows configuring the SSL support.
+# (list value)
+#enabled_ssl_apis =
+
+#
+# IP address on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this IP address for incoming
+# requests.
+# (string value)
+#osapi_compute_listen=0.0.0.0
+osapi_compute_listen={{ controller.bind.private_address }}
+
+#
+# Port on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#osapi_compute_listen_port=8774
+
+#
+# Number of workers for OpenStack API service. The default will be the number
+# of CPUs available.
+#
+# OpenStack API services can be configured to run as multi-process (workers).
+# This overcomes the problem of reduction in throughput when API request
+# concurrency increases. OpenStack API service will run in the specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#osapi_compute_workers=<None>
+osapi_compute_workers = {{ controller.workers }}
+
+#
+# IP address on which the metadata API will listen.
+#
+# The metadata API service listens on this IP address for incoming
+# requests.
+# (string value)
+#metadata_listen=0.0.0.0
+metadata_listen={{ controller.bind.private_address }}
+osapi_volume_listen={{ controller.bind.private_address }}
+
+#
+# Port on which the metadata API will listen.
+#
+# The metadata API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_listen_port=8775
+
+#
+# Number of workers for metadata service. If not specified the number of
+# available CPUs will be used.
+#
+# The metadata service can be configured to run as multi-process (workers).
+# This overcomes the problem of reduction in throughput when API request
+# concurrency increases. The metadata service will run in the specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#metadata_workers=<None>
+metadata_workers = {{ controller.workers }}
+
+# Full class name for the Manager for network (string value)
+# Allowed values: nova.network.manager.FlatManager, nova.network.manager.FlatDHCPManager, nova.network.manager.VlanManager
+#network_manager=nova.network.manager.VlanManager
+
+#
+# This option specifies the driver to be used for the servicegroup service.
+#
+# ServiceGroup API in nova enables checking status of a compute node. When a
+# compute worker running the nova-compute daemon starts, it calls the join API
+# to join the compute group. Services like nova scheduler can query the
+# ServiceGroup API to check if a node is alive. Internally, the ServiceGroup
+# client driver automatically updates the compute worker status. There are
+# multiple backend implementations for this service: Database ServiceGroup
+# driver
+# and Memcache ServiceGroup driver.
+#
+# Possible Values:
+#
+# * db : Database ServiceGroup driver
+# * mc : Memcache ServiceGroup driver
+#
+# Related Options:
+#
+# * service_down_time (maximum time since last check-in for up service)
+# (string value)
+# Allowed values: db, mc
+#servicegroup_driver=db
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug=false
+debug=false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose=true
+verbose=true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append=<None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format=%Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file=<None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+log_dir=/var/log/nova
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
+#watch_log_file=false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_syslog=false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility=LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr=false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
+#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format=%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors=false
+
+# The format for an instance that is passed with the log message. (string value)
+#instance_format="[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format="[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval=0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst=0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
+# empty string. Logs with level greater or equal to rate_limit_except_level are
+# not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level=CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations=false
+
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size=30
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size=2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl=1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address=*
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker=redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts=1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog=<None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir=/var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host=localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger period.
+# The value of 0 specifies no linger period. Pending messages shall be discarded
+# immediately when the socket is closed. Positive values specify an upper bound
+# for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger=-1
+zmq_linger=30
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout=1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire=300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update=180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub=false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy=false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections=false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections=2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port=49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port=65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries=100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization=json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate=true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive=-1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to skip
+# any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle=-1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value and
+# 0) means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_cnt=-1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0) means
+# to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl=-1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size=100
+
+# Expiration timeout in seconds of a sent/received message after which it is not
+# tracked anymore by a client/server. (integer value)
+#rpc_message_ttl=300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks=false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base=15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier=2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts=3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size=64
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout=60
+rpc_response_timeout=3600
+
+{%- if controller.message_queue.members is defined %}
+transport_url = rabbit://{% for member in controller.message_queue.members -%}
+ {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ controller.message_queue.virtual_host }}
+{%- else %}
+transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ controller.message_queue.port }}{{ controller.message_queue.virtual_host }}
+{%- endif %}
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend=rabbit
+rpc_backend=rabbit
+
+# The default exchange under which topics are scoped. May be overridden by an
+# exchange name specified in the transport_url option. (string value)
+#control_exchange=openstack
+
+#
+# From oslo.service.periodic_task
+#
+
+# Some periodic tasks can be run in a separate process. Should we run them here?
+# (boolean value)
+#run_external_periodic_tasks=true
+
+#
+# From oslo.service.service
+#
+
+# Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>,
+# where 0 results in listening on a random tcp port number; <port> results in
+# listening on the specified port number (and not enabling backdoor if that port
+# is in use); and <start>:<end> results in listening on the smallest unused port
+# number within the specified range of port numbers. The chosen port is
+# displayed in the service's log file. (string value)
+#backdoor_port=<None>
+
+# Enable eventlet backdoor, using the provided path as a unix socket that can
+# receive connections. This option is mutually exclusive with 'backdoor_port' in
+# that only one should be provided. If both are provided then the existence of
+# this option overrides the usage of that option. (string value)
+#backdoor_socket=<None>
+
+# Enables or disables logging values of all registered options when starting a
+# service (at DEBUG level). (boolean value)
+#log_options=true
+
+# Specify a timeout after which a gracefully shutdown server will exit. Zero
+# value means endless wait. (integer value)
+#graceful_shutdown_timeout=60
+
+
+[api]
+#
+# Options under this group are used to define Nova API.
+
+#
+# From nova.conf
+#
+
+#
+# This determines the strategy to use for authentication: keystone or noauth2.
+# 'noauth2' is designed for testing only, as it does no actual credential
+# checking. 'noauth2' provides administrative credentials only if 'admin' is
+# specified as the username.
+# (string value)
+# Allowed values: keystone, noauth2
+# Deprecated group/name - [DEFAULT]/auth_strategy
+#auth_strategy=keystone
+auth_strategy=keystone
+
+#
+# When True, the 'X-Forwarded-For' header is treated as the canonical remote
+# address. When False (the default), the 'remote_address' header is used.
+#
+# You should only enable this if you have an HTML sanitizing proxy.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/use_forwarded_for
+#use_forwarded_for=false
+use_forwarded_for=false
+
+#
+# When gathering the existing metadata for a config drive, the EC2-style
+# metadata is returned for all versions that don't appear in this option.
+# As of the Liberty release, the available versions are:
+#
+# * 1.0
+# * 2007-01-19
+# * 2007-03-01
+# * 2007-08-29
+# * 2007-10-10
+# * 2007-12-15
+# * 2008-02-01
+# * 2008-09-01
+# * 2009-04-04
+#
+# The option is in the format of a single string, with each version separated
+# by a space.
+#
+# Possible values:
+#
+# * Any string that represents zero or more versions, separated by spaces.
+# (string value)
+# Deprecated group/name - [DEFAULT]/config_drive_skip_versions
+#config_drive_skip_versions=1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01
+
+#
+# A list of vendordata providers.
+#
+# vendordata providers are how deployers can provide metadata via configdrive
+# and metadata that is specific to their deployment. There are currently two
+# supported providers: StaticJSON and DynamicJSON.
+#
+# StaticJSON reads a JSON file configured by the flag vendordata_jsonfile_path
+# and places the JSON from that file into vendor_data.json and
+# vendor_data2.json.
+#
+# DynamicJSON is configured via the vendordata_dynamic_targets flag, which is
+# documented separately. For each of the endpoints specified in that flag, a
+# section is added to the vendor_data2.json.
+#
+# For more information on the requirements for implementing a vendordata
+# dynamic endpoint, please see the vendordata.rst file in the nova developer
+# reference.
+#
+# Possible values:
+#
+# * A list of vendordata providers, with StaticJSON and DynamicJSON being
+# current options.
+#
+# Related options:
+#
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (list value)
+# Deprecated group/name - [DEFAULT]/vendordata_providers
+#vendordata_providers =
+
+#
+# A list of targets for the dynamic vendordata provider. These targets are of
+# the form <name>@<url>.
+#
+# The dynamic vendordata provider collects metadata by contacting external REST
+# services and querying them for information about the instance. This behaviour
+# is documented in the vendordata.rst file in the nova developer reference.
+# (list value)
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_targets
+#vendordata_dynamic_targets =
+
+#
+# Path to an optional certificate file or CA bundle to verify dynamic
+# vendordata REST services ssl certificates against.
+#
+# Possible values:
+#
+# * An empty string, or a path to a valid certificate file
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (string value)
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_ssl_certfile
+#vendordata_dynamic_ssl_certfile =
+
+#
+# Maximum wait time for an external REST service to connect.
+#
+# Possible values:
+#
+# * Any integer with a value greater than three (the TCP packet retransmission
+# timeout). Note that instance start may be blocked during this wait time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 3
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_connect_timeout
+#vendordata_dynamic_connect_timeout=5
+
+#
+# Maximum wait time for an external REST service to return data once connected.
+#
+# Possible values:
+#
+# * Any integer. Note that instance start is blocked during this wait time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/vendordata_dynamic_read_timeout
+#vendordata_dynamic_read_timeout=5
+
+#
+# Should failures to fetch dynamic vendordata be fatal to instance boot?
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# (boolean value)
+#vendordata_dynamic_failure_fatal=false
+
+#
+# This option is the time (in seconds) to cache metadata. When set to 0,
+# metadata caching is disabled entirely; this is generally not recommended for
+# performance reasons. Increasing this setting should improve response times
+# of the metadata API when under heavy load. Higher values may increase memory
+# usage, and result in longer times for host metadata changes to take effect.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/metadata_cache_expiration
+#metadata_cache_expiration=15
+
+#
+# Cloud providers may store custom data in vendor data file that will then be
+# available to the instances via the metadata service, and to the rendering of
+# config-drive. The default class for this, JsonFileVendorData, loads this
+# information from a JSON file, whose path is configured by this option. If
+# there is no path set by this option, the class returns an empty dictionary.
+#
+# Possible values:
+#
+# * Any string representing the path to the data file, or an empty string
+# (default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/vendordata_jsonfile_path
+#vendordata_jsonfile_path=<None>
+
+#
+# As a query can potentially return many thousands of items, you can limit the
+# maximum number of items in a single response by setting this option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/osapi_max_limit
+#max_limit=1000
+max_limit={{ controller.osapi_max_limit|default('1000') }}
+
+#
+# This string is prepended to the normal URL that is returned in links to the
+# OpenStack Compute API. If it is empty (the default), the URLs are returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix
+#compute_link_prefix=<None>
+
+#
+# This string is prepended to the normal URL that is returned in links to
+# Glance resources. If it is empty (the default), the URLs are returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_glance_link_prefix
+#glance_link_prefix=<None>
+
+#
+# Operators can turn off the ability for a user to take snapshots of their
+# instances by setting this option to False. When disabled, any attempt to
+# take a snapshot will result in a HTTP 400 response ("Bad Request").
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/allow_instance_snapshots
+#allow_instance_snapshots=true
+
+#
+# This option is a list of all instance states for which network address
+# information should not be returned from the API.
+#
+# Possible values:
+#
+# A list of strings, where each string is a valid VM state, as defined in
+# nova/compute/vm_states.py. As of the Newton release, they are:
+#
+# * "active"
+# * "building"
+# * "paused"
+# * "suspended"
+# * "stopped"
+# * "rescued"
+# * "resized"
+# * "soft-delete"
+# * "deleted"
+# * "error"
+# * "shelved"
+# * "shelved_offloaded"
+# (list value)
+# Deprecated group/name - [DEFAULT]/osapi_hide_server_address_states
+#hide_server_address_states=building
+
+# The full path to the fping binary. (string value)
+# Deprecated group/name - [DEFAULT]/fping_path
+#fping_path=/usr/sbin/fping
+fping_path=/usr/sbin/fping
+
+#
+# When True, the TenantNetworkController will query the Neutron API to get the
+# default networks to use.
+#
+# Related options:
+#
+# * neutron_default_tenant_id
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/use_neutron_default_nets
+#use_neutron_default_nets=false
+
+#
+# Tenant ID for getting the default network from Neutron API (also referred in
+# some places as the 'project ID') to use.
+#
+# Related options:
+#
+# * use_neutron_default_nets
+# (string value)
+# Deprecated group/name - [DEFAULT]/neutron_default_tenant_id
+#neutron_default_tenant_id=default
+
+#
+# Enables returning of the instance password by the relevant server API calls
+# such as create, rebuild, evacuate, or rescue. If the hypervisor does not
+# support password injection, then the password returned will not be correct,
+# so if your hypervisor does not support password injection, set this to False.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/enable_instance_password
+#enable_instance_password=true
+
+
+[api_database]
+#
+# The *Nova API Database* is a separate database which is used for information
+# which is used across *cells*. This database is mandatory since the Mitaka
+# release (13.0.0).
+
+#
+# From nova.conf
+#
+idle_timeout = 180
+min_pool_size = 100
+max_pool_size = 700
+max_overflow = 100
+retry_interval = 5
+max_retries = -1
+db_max_retries = 3
+db_retry_interval = 1
+connection_debug = 10
+pool_timeout = 120
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+#connection=sqlite:////var/lib/nova/nova.sqlite
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous=true
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
+#slave_connection=<None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode=TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+#idle_timeout=3600
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
+#max_pool_size=<None>
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+#max_retries=10
+
+# Interval between retries of opening a SQL connection. (integer value)
+#retry_interval=10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+#max_overflow=<None>
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+#connection_debug=0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+#connection_trace=false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+#pool_timeout=<None>
+
+
+[barbican]
+
+#
+# From nova.conf
+#
+
+# Use this endpoint to connect to Barbican, for example:
+# "http://localhost:9311/" (string value)
+#barbican_endpoint=<None>
+
+# Version of the Barbican API, for example: "v1" (string value)
+#barbican_api_version=<None>
+
+# Use this endpoint to connect to Keystone (string value)
+#auth_endpoint=http://localhost:5000/v3
+
+# Number of seconds to wait before retrying poll for key creation completion
+# (integer value)
+#retry_delay=1
+
+# Number of times to retry poll for key creation completion (integer value)
+#number_of_retries=60
+
+
+[cache]
+
+#
+# From nova.conf
+#
+{%- if controller.cache is defined %}
+enabled = true
+backend = oslo_cache.memcache_pool
+memcache_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+# Prefix for building the configuration dictionary for the cache region. This
+# should not need to be changed unless there is another dogpile.cache region
+# with the same configuration name. (string value)
+#config_prefix=cache.oslo
+
+# Default TTL, in seconds, for any cached item in the dogpile.cache region. This
+# applies to any cached method that doesn't have an explicit cache expiration
+# time defined for it. (integer value)
+#expiration_time=600
+
+# Dogpile.cache backend module. It is recommended that Memcache or Redis
+# (dogpile.cache.redis) be used in production deployments. For eventlet-based or
+# highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is
+# recommended. For low thread servers, dogpile.cache.memcached is recommended.
+# Test environments with a single instance of the server can use the
+# dogpile.cache.memory backend. (string value)
+#backend=dogpile.cache.null
+
+# Arguments supplied to the backend module. Specify this option once per
+# argument to be passed to the dogpile.cache backend. Example format:
+# "<argname>:<value>". (multi valued)
+#backend_argument =
+
+# Proxy classes to import that will affect the way the dogpile.cache backend
+# functions. See the dogpile.cache documentation on changing-backend-behavior.
+# (list value)
+#proxies =
+
+# Global toggle for caching. (boolean value)
+#enabled=false
+
+# Extra debugging from the cache backend (cache keys, get/set/delete/etc calls).
+# This is only really useful if you need to see the specific cache-backend
+# get/set/delete calls with the keys/values. Typically this should be left set
+# to false. (boolean value)
+#debug_cache_backend=false
+
+# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (list value)
+#memcache_servers=localhost:11211
+
+# Number of seconds memcached server is considered dead before it is tried
+# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (integer value)
+#memcache_dead_retry=300
+
+# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (integer value)
+#memcache_socket_timeout=3
+
+# Max total number of open connections to every memcached server.
+# (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_maxsize=10
+
+# Number of seconds a connection to memcached is held unused in the pool before
+# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_unused_timeout=60
+
+# Number of seconds that an operation will wait to get a memcache client
+# connection. (integer value)
+#memcache_pool_connection_get_timeout=10
+
+
+[cells]
+#
+# Cells options allow you to use cells functionality in openstack
+# deployment.
+#
+# Note that the options in this group are only for cells v1 functionality, which
+# is considered experimental and not recommended for new deployments. Cells v1
+# is being replaced with cells v2, which starting in the 15.0.0 Ocata release is
+# required and all Nova deployments will be at least a cells v2 cell of one.
+#
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Topic.
+#
+# This is the message queue topic that cells nodes listen on. It is
+# used when the cells service is started up to configure the queue,
+# and whenever an RPC call to the scheduler is made.
+#
+# Possible values:
+#
+# * cells: This is the recommended and the default value.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Configurable RPC topics provide little value and can result in a wide variety
+# of errors. They should not be used.
+#topic=cells
+
+#
+# Enable cell v1 functionality.
+#
+# Note that cells v1 is considered experimental and not recommended for new
+# Nova deployments. Cells v1 is being replaced by cells v2 which starting in
+# the 15.0.0 Ocata release, all Nova deployments are at least a cells v2 cell
+# of one. Setting this option, or any other options in the [cells] group, is
+# not required for cells v2.
+#
+# When this functionality is enabled, it lets you to scale an OpenStack
+# Compute cloud in a more distributed fashion without having to use
+# complicated technologies like database and message queue clustering.
+# Cells are configured as a tree. The top-level cell should have a host
+# that runs a nova-api service, but no nova-compute services. Each
+# child cell should run all of the typical nova-* services in a regular
+# Compute cloud except for nova-api. You can think of cells as a normal
+# Compute deployment in that each cell has its own database server and
+# message queue broker.
+#
+# Related options:
+#
+# * name: A unique cell name must be given when this functionality
+# is enabled.
+# * cell_type: Cell type should be defined for all cells.
+# (boolean value)
+enable=False
+
+#
+# Name of the current cell.
+#
+# This value must be unique for each cell. Name of a cell is used as
+# its id, leaving this option unset or setting the same name for
+# two or more cells may cause unexpected behaviour.
+#
+# Related options:
+#
+# * enabled: This option is meaningful only when cells service
+# is enabled
+# (string value)
+#name=nova
+
+#
+# Cell capabilities.
+#
+# List of arbitrary key=value pairs defining capabilities of the
+# current cell to be sent to the parent cells. These capabilities
+# are intended to be used in cells scheduler filters/weighers.
+#
+# Possible values:
+#
+# * key=value pairs list for example;
+# ``hypervisor=xenserver;kvm,os=linux;windows``
+# (list value)
+#capabilities=hypervisor=xenserver;kvm,os=linux;windows
+
+#
+# Call timeout.
+#
+# Cell messaging module waits for response(s) to be put into the
+# eventlet queue. This option defines the seconds waited for
+# response from a call to a cell.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# Minimum value: 0
+#call_timeout=60
+
+#
+# Reserve percentage
+#
+# Percentage of cell capacity to hold in reserve, so the minimum
+# amount of free resource is considered to be;
+#
+# min_free = total * (reserve_percent / 100.0)
+#
+# This option affects both memory and disk utilization.
+#
+# The primary purpose of this reserve is to ensure some space is
+# available for users who want to resize their instance to be larger.
+# Note that currently once the capacity expands into this reserve
+# space this option is ignored.
+#
+# Possible values:
+#
+# * An integer or float, corresponding to the percentage of cell capacity to
+# be held in reserve.
+# (floating point value)
+#reserve_percent=10.0
+
+#
+# Type of cell.
+#
+# When cells feature is enabled the hosts in the OpenStack Compute
+# cloud are partitioned into groups. Cells are configured as a tree.
+# The top-level cell's cell_type must be set to ``api``. All other
+# cells are defined as a ``compute cell`` by default.
+#
+# Related option:
+#
+# * quota_driver: Disable quota checking for the child cells.
+# (nova.quota.NoopQuotaDriver)
+# (string value)
+# Allowed values: api, compute
+#cell_type=compute
+
+#
+# Mute child interval.
+#
+# Number of seconds after which a lack of capability and capacity
+# update the child cell is to be treated as a mute cell. Then the
+# child cell will be weighed as recommend highly that it be skipped.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+#mute_child_interval=300
+
+#
+# Bandwidth update interval.
+#
+# Seconds between bandwidth usage cache updates for cells.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+#bandwidth_update_interval=600
+
+#
+# Instance update sync database limit.
+#
+# Number of instances to pull from the database at one time for
+# a sync. If there are more instances to update the results will
+# be paged through.
+#
+# Possible values:
+#
+# * An integer, corresponding to a number of instances.
+# (integer value)
+#instance_update_sync_database_limit=100
+
+#
+# Mute weight multiplier.
+#
+# Multiplier used to weigh mute children. Mute children cells are
+# recommended to be skipped so their weight is multiplied by this
+# negative value.
+#
+# Possible values:
+#
+# * Negative numeric number
+# (floating point value)
+#mute_weight_multiplier=-10000.0
+
+#
+# Ram weight multiplier.
+#
+# Multiplier used for weighing ram. Negative numbers indicate that
+# Compute should stack VMs on one host instead of spreading out new
+# VMs to more hosts in the cell.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+#ram_weight_multiplier=10.0
+
+#
+# Offset weight multiplier
+#
+# Multiplier used to weigh offset weigher. Cells with higher
+# weight_offsets in the DB will be preferred. The weight_offset
+# is a property of a cell stored in the database. It can be used
+# by a deployer to have scheduling decisions favor or disfavor
+# cells based on the setting.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+#offset_weight_multiplier=1.0
+
+#
+# Instance updated at threshold
+#
+# Number of seconds after an instance was updated or deleted to
+# continue to update cells. This option lets cells manager to only
+# attempt to sync instances that have been updated recently.
+# i.e., a threshold of 3600 means to only update instances that
+# have modified in the last hour.
+#
+# Possible values:
+#
+# * Threshold in seconds
+#
+# Related options:
+#
+# * This value is used with the ``instance_update_num_instances``
+# value in a periodic task run.
+# (integer value)
+#instance_updated_at_threshold=3600
+
+#
+# Instance update num instances
+#
+# On every run of the periodic task, nova cells manager will attempt to
+# sync instance_updated_at_threshold number of instances. When the
+# manager gets the list of instances, it shuffles them so that multiple
+# nova-cells services do not attempt to sync the same instances in
+# lockstep.
+#
+# Possible values:
+#
+# * Positive integer number
+#
+# Related options:
+#
+# * This value is used with the ``instance_updated_at_threshold``
+# value in a periodic task run.
+# (integer value)
+#instance_update_num_instances=1
+
+#
+# Maximum hop count
+#
+# When processing a targeted message, if the local cell is not the
+# target, a route is defined between neighbouring cells. And the
+# message is processed across the whole routing path. This option
+# defines the maximum hop counts until reaching the target.
+#
+# Possible values:
+#
+# * Positive integer value
+# (integer value)
+#max_hop_count=10
+
+#
+# Cells scheduler.
+#
+# The class of the driver used by the cells scheduler. This should be
+# the full Python path to the class to be used. If nothing is specified
+# in this option, the CellsScheduler is used.
+# (string value)
+#scheduler=nova.cells.scheduler.CellsScheduler
+
+#
+# RPC driver queue base.
+#
+# When sending a message to another cell by JSON-ifying the message
+# and making an RPC cast to 'process_message', a base queue is used.
+# This option defines the base queue name to be used when communicating
+# between cells. Various topics by message type will be appended to this.
+#
+# Possible values:
+#
+# * The base queue name to be used when communicating between cells.
+# (string value)
+#rpc_driver_queue_base=cells.intercell
+
+#
+# Scheduler filter classes.
+#
+# Filter classes the cells scheduler should use. An entry of
+# "nova.cells.filters.all_filters" maps to all cells filters
+# included with nova. As of the Mitaka release the following
+# filter classes are available:
+#
+# Different cell filter: A scheduler hint of 'different_cell'
+# with a value of a full cell name may be specified to route
+# a build away from a particular cell.
+#
+# Image properties filter: Image metadata named
+# 'hypervisor_version_requires' with a version specification
+# may be specified to ensure the build goes to a cell which
+# has hypervisors of the required version. If either the version
+# requirement on the image or the hypervisor capability of the
+# cell is not present, this filter returns without filtering out
+# the cells.
+#
+# Target cell filter: A scheduler hint of 'target_cell' with a
+# value of a full cell name may be specified to route a build to
+# a particular cell. No error handling is done as there's no way
+# to know whether the full path is a valid.
+#
+# As an admin user, you can also add a filter that directs builds
+# to a particular cell.
+#
+# (list value)
+#scheduler_filter_classes=nova.cells.filters.all_filters
+
+#
+# Scheduler weight classes.
+#
+# Weigher classes the cells scheduler should use. An entry of
+# "nova.cells.weights.all_weighers" maps to all cell weighers
+# included with nova. As of the Mitaka release the following
+# weight classes are available:
+#
+# mute_child: Downgrades the likelihood of child cells being
+# chosen for scheduling requests, which haven't sent capacity
+# or capability updates in a while. Options include
+# mute_weight_multiplier (multiplier for mute children; value
+# should be negative).
+#
+# ram_by_instance_type: Select cells with the most RAM capacity
+# for the instance type being requested. Because higher weights
+# win, Compute returns the number of available units for the
+# instance type requested. The ram_weight_multiplier option defaults
+# to 10.0 that adds to the weight by a factor of 10. Use a negative
+# number to stack VMs on one host instead of spreading out new VMs
+# to more hosts in the cell.
+#
+# weight_offset: Allows modifying the database to weight a particular
+# cell. The highest weight will be the first cell to be scheduled for
+# launching an instance. When the weight_offset of a cell is set to 0,
+# it is unlikely to be picked but it could be picked if other cells
+# have a lower weight, like if they're full. And when the weight_offset
+# is set to a very high value (for example, '999999999999999'), it is
+# likely to be picked if another cell do not have a higher weight.
+# (list value)
+#scheduler_weight_classes=nova.cells.weights.all_weighers
+
+#
+# Scheduler retries.
+#
+# How many retries when no cells are available. Specifies how many
+# times the scheduler tries to launch a new instance when no cells
+# are available.
+#
+# Possible values:
+#
+# * Positive integer value
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retry_delay`` value
+# while retrying to find a suitable cell.
+# (integer value)
+#scheduler_retries=10
+
+#
+# Scheduler retry delay.
+#
+# Specifies the delay (in seconds) between scheduling retries when no
+# cell can be found to place the new instance on. When the instance
+# could not be scheduled to a cell after ``scheduler_retries`` in
+# combination with ``scheduler_retry_delay``, then the scheduling
+# of the instance failed.
+#
+# Possible values:
+#
+# * Time in seconds.
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retries`` value
+# while retrying to find a suitable cell.
+# (integer value)
+#scheduler_retry_delay=2
+
+#
+# DB check interval.
+#
+# Cell state manager updates cell status for all cells from the DB
+# only after this particular interval time is passed. Otherwise cached
+# status are used. If this value is 0 or negative all cell status are
+# updated from the DB whenever a state is needed.
+#
+# Possible values:
+#
+# * Interval time, in seconds.
+#
+# (integer value)
+#db_check_interval=60
+
+#
+# Optional cells configuration.
+#
+# Configuration file from which to read cells configuration. If given,
+# overrides reading cells from the database.
+#
+# Cells store all inter-cell communication data, including user names
+# and passwords, in the database. Because the cells data is not updated
+# very frequently, use this option to specify a JSON file to store
+# cells data. With this configuration, the database is no longer
+# consulted when reloading the cells data. The file must have columns
+# present in the Cell model (excluding common database fields and the
+# id column). You must specify the queue connection information through
+# a transport_url field, instead of username, password, and so on.
+#
+# The transport_url has the following form:
+# rabbit://USERNAME:PASSWORD@HOSTNAME:PORT/VIRTUAL_HOST
+#
+# Possible values:
+#
+# The scheme can be either qpid or rabbit, the following sample shows
+# this optional configuration:
+#
+# {
+# "parent": {
+# "name": "parent",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": true
+# },
+# "cell1": {
+# "name": "cell1",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit1.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# },
+# "cell2": {
+# "name": "cell2",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit2.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# }
+# }
+#
+# (string value)
+#cells_config=<None>
+
+
+[cinder]
+
+#
+# From nova.conf
+#
+
+#
+# Info to match when looking for cinder in the service catalog.
+#
+# Possible values:
+#
+# * Format is separated values of the form:
+# <service_type>:<service_name>:<endpoint_type>
+#
+# Note: Nova does not support the Cinder v1 API since the Nova 15.0.0 Ocata
+# release.
+#
+# Related options:
+#
+# * endpoint_template - Setting this option will override catalog_info
+# (string value)
+#catalog_info=volumev2:cinderv2:publicURL
+catalog_info=volumev2:cinderv2:internalURL
+
+#
+# If this option is set then it will override service catalog lookup with
+# this template for cinder endpoint
+#
+# Possible values:
+#
+# * URL for cinder endpoint API
+# e.g. http://localhost:8776/v2/%(project_id)s
+#
+# Note: Nova does not support the Cinder v1 API since the Nova 15.0.0 Ocata
+# release.
+#
+# Related options:
+#
+# * catalog_info - If endpoint_template is not set, catalog_info will be used.
+# (string value)
+#endpoint_template=<None>
+
+#
+# Region name of this node. This is used when picking the URL in the service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+#os_region_name=<None>
+os_region_name = {{ controller.identity.region }}
+
+#
+# Number of times cinderclient should retry on any failed http call.
+# 0 means connection is attempted only once. Setting it to any positive integer
+# means that on failure connection is retried that many times e.g. setting it
+# to 3 means total attempts to connect will be 4.
+#
+# Possible values:
+#
+# * Any integer value. 0 means connection is attempted only once
+# (integer value)
+# Minimum value: 0
+#http_retries=3
+
+#
+# Allow attach between instance and volume in different availability zones.
+#
+# If False, volumes attached to an instance must be in the same availability
+# zone in Cinder as the instance availability zone in Nova.
+# This also means care should be taken when booting an instance from a volume
+# where source is not "volume" because Nova will attempt to create a volume
+# using
+# the same availability zone as what is assigned to the instance.
+# If that AZ is not in Cinder (or allow_availability_zone_fallback=False in
+# cinder.conf), the volume create request will fail and the instance will fail
+# the build request.
+# By default there is no availability zone restriction on volume attach.
+# (boolean value)
+#cross_az_attach=true
+
+
+[cloudpipe]
+
+#
+# From nova.conf
+#
+
+#
+# Image ID used when starting up a cloudpipe VPN client.
+#
+# An empty instance is created and configured with OpenVPN using
+# boot_script_template. This instance would be snapshotted and stored
+# in glance. ID of the stored image is used in 'vpn_image_id' to
+# create cloudpipe VPN client.
+#
+# Possible values:
+#
+# * Any valid ID of a VPN image
+# (string value)
+# Deprecated group/name - [DEFAULT]/vpn_image_id
+#vpn_image_id=0
+
+#
+# Flavor for VPN instances.
+#
+# Possible values:
+#
+# * Any valid flavor name
+# (string value)
+# Deprecated group/name - [DEFAULT]/vpn_flavor
+#vpn_flavor=m1.tiny
+
+#
+# Template for cloudpipe instance boot script.
+#
+# Possible values:
+#
+# * Any valid path to a cloudpipe instance boot script template
+#
+# Related options:
+#
+# The following options are required to configure cloudpipe-managed
+# OpenVPN server.
+#
+# * dmz_net
+# * dmz_mask
+# * cnt_vpn_clients
+# (string value)
+# Deprecated group/name - [DEFAULT]/boot_script_template
+#boot_script_template=$pybasedir/nova/cloudpipe/bootscript.template
+
+#
+# Network to push into OpenVPN config.
+#
+# Note: Above mentioned OpenVPN config can be found at
+# /etc/openvpn/server.conf.
+#
+# Possible values:
+#
+# * Any valid IPv4/IPV6 address
+#
+# Related options:
+#
+# * boot_script_template - dmz_net is pushed into bootscript.template
+# to configure cloudpipe-managed OpenVPN server
+# (IP address value)
+# Deprecated group/name - [DEFAULT]/dmz_net
+#dmz_net=10.0.0.0
+
+#
+# Netmask to push into OpenVPN config.
+#
+# Possible values:
+#
+# * Any valid IPv4/IPV6 netmask
+#
+# Related options:
+#
+# * dmz_net - dmz_net and dmz_mask is pushed into bootscript.template
+# to configure cloudpipe-managed OpenVPN server
+# * boot_script_template
+# (IP address value)
+# Deprecated group/name - [DEFAULT]/dmz_mask
+#dmz_mask=255.255.255.0
+
+#
+# Suffix to add to project name for VPN key and secgroups
+#
+# Possible values:
+#
+# * Any string value representing the VPN key suffix
+# (string value)
+# Deprecated group/name - [DEFAULT]/vpn_key_suffix
+#vpn_key_suffix=-vpn
+
+
+[conductor]
+#
+# Options under this group are used to define Conductor's communication,
+# which manager should be act as a proxy between computes and database,
+# and finally, how many worker processes will be used.
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Topic exchange name on which conductor nodes listen.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services - there
+# is little gain from this. Furthermore, it makes it really easy to break Nova
+# by using this option.
+#topic=conductor
+
+#
+# Number of workers for OpenStack Conductor service. The default will be the
+# number of CPUs available.
+# (integer value)
+#workers=<None>
+workers = {{ controller.workers }}
+
+[console]
+#
+# Options under this group allow to tune the configuration of the console proxy
+# service.
+#
+# Note: in configuration of every compute is a ``console_host`` option,
+# which allows to select the console proxy service to connect to.
+
+#
+# From nova.conf
+#
+
+#
+# Adds list of allowed origins to the console websocket proxy to allow
+# connections from other origin hostnames.
+# Websocket proxy matches the host header with the origin header to
+# prevent cross-site requests. This list specifies if any there are
+# values other than host are allowed in the origin header.
+#
+# Possible values:
+#
+# * A list where each element is an allowed origin hostnames, else an empty list
+# (list value)
+# Deprecated group/name - [DEFAULT]/console_allowed_origins
+#allowed_origins =
+
+
+[consoleauth]
+
+#
+# From nova.conf
+#
+
+#
+# The lifetime of a console auth token.
+#
+# A console auth token is used in authorizing console access for a user.
+# Once the auth token time to live count has elapsed, the token is
+# considered expired. Expired tokens are then deleted.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/console_token_ttl
+#token_ttl=600
+
+
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin=<None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials=true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers=X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Service-Token
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age=3600
+max_age=0
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods=GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
+# value)
+#allow_headers=X-Auth-Token,X-Openstack-Request-Id,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin=<None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials=true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers=X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Service-Token
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age=3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods=GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
+# value)
+#allow_headers=X-Auth-Token,X-Openstack-Request-Id,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
+
+
+[crypto]
+
+#
+# From nova.conf
+#
+
+#
+# Filename of root CA (Certificate Authority). This is a container format
+# and includes root certificates.
+#
+# Possible values:
+#
+# * Any file name containing root CA, cacert.pem is default
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+# Deprecated group/name - [DEFAULT]/ca_file
+#ca_file=cacert.pem
+
+#
+# Filename of a private key.
+#
+# Related options:
+#
+# * keys_path
+# (string value)
+# Deprecated group/name - [DEFAULT]/key_file
+#key_file=private/cakey.pem
+
+#
+# Filename of root Certificate Revocation List (CRL). This is a list of
+# certificates that have been revoked, and therefore, entities presenting
+# those (revoked) certificates should no longer be trusted.
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+# Deprecated group/name - [DEFAULT]/crl_file
+#crl_file=crl.pem
+
+#
+# Directory path where keys are located.
+#
+# Related options:
+#
+# * key_file
+# (string value)
+# Deprecated group/name - [DEFAULT]/keys_path
+#keys_path=$state_path/keys
+
+#
+# Directory path where root CA is located.
+#
+# Related options:
+#
+# * ca_file
+# (string value)
+# Deprecated group/name - [DEFAULT]/ca_path
+#ca_path=$state_path/CA
+
+# Option to enable/disable use of CA for each project. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_project_ca
+#use_project_ca=false
+
+#
+# Subject for certificate for users, %s for
+# project, user, timestamp
+# (string value)
+# Deprecated group/name - [DEFAULT]/user_cert_subject
+#user_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s
+
+#
+# Subject for certificate for projects, %s for
+# project, timestamp
+# (string value)
+# Deprecated group/name - [DEFAULT]/project_cert_subject
+#project_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s
+
+
+[database]
+
+#
+# From oslo.db
+#
+
+# DEPRECATED: The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect the
+# database.
+#sqlite_db=oslo.sqlite
+idle_timeout = 180
+min_pool_size = 100
+max_pool_size = 700
+max_overflow = 100
+retry_interval = 5
+max_retries = -1
+db_max_retries = 3
+db_retry_interval = 1
+connection_debug = 10
+pool_timeout = 120
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8
+
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous=true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend=sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+#connection=<None>
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
+#slave_connection=<None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode=TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout=3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size=1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size=5
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries=10
+
+# Interval between retries of opening a SQL connection. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval=10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow=50
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug=0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace=false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout=<None>
+
+# Enable the experimental use of database reconnect on connection lost. (boolean
+# value)
+#use_db_reconnect=false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval=1
+
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
+#db_inc_retry_interval=true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
+#db_max_retry_interval=10
+
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
+#db_max_retries=20
+
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool=false
+
+
+[ephemeral_storage_encryption]
+
+#
+# From nova.conf
+#
+
+#
+# Enables/disables LVM ephemeral storage encryption.
+# (boolean value)
+#enabled=false
+
+#
+# Cipher-mode string to be used.
+#
+# The cipher and mode to be used to encrypt ephemeral storage. The set of
+# cipher-mode combinations available depends on kernel support.
+#
+# Possible values:
+#
+# * Any crypto option listed in ``/proc/crypto``.
+# (string value)
+#cipher=aes-xts-plain64
+
+#
+# Encryption key length in bits.
+#
+# The bit length of the encryption key to be used to encrypt ephemeral storage.
+# In XTS mode only half of the bits are used for encryption key.
+# (integer value)
+# Minimum value: 1
+#key_size=512
+
+
+[filter_scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# Size of subset of best hosts selected by scheduler.
+#
+# New instances will be scheduled on a host chosen randomly from a subset of the
+# N best hosts, where N is the value set by this option.
+#
+# Setting this to a value greater than 1 will reduce the chance that multiple
+# scheduler processes handling similar requests will select the same host,
+# creating a potential race condition. By selecting a host randomly from the N
+# hosts that best fit the request, the chance of a conflict is reduced. However,
+# the higher you set this value, the less optimal the chosen host may be for a
+# given request.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the size of a host subset. Any
+# integer is valid, although any value less than 1 will be treated as 1
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_host_subset_size
+#host_subset_size=1
+host_subset_size=30
+
+#
+# The number of instances that can be actively performing IO on a host.
+#
+# Instances performing IO includes those in the following states: build, resize,
+# snapshot, migrate, rescue, unshelve.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'io_ops_filter' filter is enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max number of instances
+# that can be actively performing IO on any given host.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/max_io_ops_per_host
+#max_io_ops_per_host=8
+max_io_ops_per_host=8
+
+#
+# Maximum number of instances that be active on a host.
+#
+# If you need to limit the number of instances on any given host, set this
+# option
+# to the maximum number of instances you want to allow. The num_instances_filter
+# will reject any host that has at least as many instances as this option's
+# value.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'num_instances_filter' filter is enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max instances that can be
+# scheduled on a host.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/max_instances_per_host
+#max_instances_per_host=50
+max_instances_per_host=50
+
+#
+# Enable querying of individual hosts for instance information.
+#
+# The scheduler may need information about the instances on a host in order to
+# evaluate its filters and weighers. The most common need for this information
+# is
+# for the (anti-)affinity filters, which need to choose a host based on the
+# instances already running on a host.
+#
+# If the configured filters and weighers do not need this information, disabling
+# this option will improve performance. It may also be disabled when the
+# tracking
+# overhead proves too heavy, although this will cause classes requiring host
+# usage data to query the database on each request instead.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_tracks_instance_changes
+#track_instance_changes=true
+
+#
+# Filters that the scheduler can use.
+#
+# An unordered list of the filter classes the nova scheduler may apply. Only
+# the
+# filters specified in the 'scheduler_enabled_filters' option will be used, but
+# any filter appearing in that option must also be included in this list.
+#
+# By default, this is set to all filters that are included with nova.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a filter that may be used for selecting a host
+#
+# Related options:
+#
+# * scheduler_enabled_filters
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/scheduler_available_filters
+#available_filters=nova.scheduler.filters.all_filters
+available_filters=nova.scheduler.filters.all_filters
+available_filters=nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter
+
+#
+# Filters that the scheduler will use.
+#
+# An ordered list of filter class names that will be used for filtering
+# hosts. Ignore the word 'default' in the name of this option: these filters
+# will
+# *always* be applied, and they will be applied in the order they are listed so
+# place your most restrictive filters first to make the filtering process more
+# efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a filter to be used for selecting a host
+#
+# Related options:
+#
+# * All of the filters in this option *must* be present in the
+# 'scheduler_available_filters' option, or a SchedulerHostFilterNotFound
+# exception will be raised.
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_default_filters
+#enabled_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
+enabled_filters={{ controller.scheduler_default_filters }}
+
+#
+# Filters used for filtering baremetal hosts.
+#
+# Filters are applied in order, so place your most restrictive filters first to
+# make the filtering process more efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a filter to be used for selecting a baremetal host
+#
+# Related options:
+#
+# * If the 'scheduler_use_baremetal_filters' option is False, this option has
+# no effect.
+# (list value)
+# Deprecated group/name - [DEFAULT]/baremetal_scheduler_default_filters
+#baremetal_enabled_filters=RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter
+
+#
+# Enable baremetal filters.
+#
+# Set this to True to tell the nova scheduler that it should use the filters
+# specified in the 'baremetal_scheduler_enabled_filters' option. If you are not
+# scheduling baremetal nodes, leave this at the default setting of False.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Related options:
+#
+# * If this option is set to True, then the filters specified in the
+# 'baremetal_scheduler_enabled_filters' are used instead of the filters
+# specified in 'scheduler_enabled_filters'.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_use_baremetal_filters
+#use_baremetal_filters=false
+use_baremetal_filters=false
+
+#
+# Weighers that the scheduler will use.
+#
+# Only hosts which pass the filters are weighed. The weight for any host starts
+# at 0, and the weighers order these hosts by adding to or subtracting from the
+# weight assigned by the previous weigher. Weights may become negative. An
+# instance will be scheduled to one of the N most-weighted hosts, where N is
+# 'scheduler_host_subset_size'.
+#
+# By default, this is set to all weighers that are included with Nova.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to the name of
+# a weigher that will be used for selecting a host
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_weight_classes
+#weight_classes=nova.scheduler.weights.all_weighers
+
+#
+# Ram weight multipler ratio.
+#
+# This option determines how hosts with more or less available RAM are weighed.
+# A
+# positive value will result in the scheduler preferring hosts with more
+# available RAM, and a negative number will result in the scheduler preferring
+# hosts with less available RAM. Another way to look at it is that positive
+# values for this option will tend to spread instances across many hosts, while
+# negative values will tend to fill up (stack) hosts as much as possible before
+# scheduling to a less-used host. The absolute value, whether positive or
+# negative, controls how strong the RAM weigher is relative to other weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'ram' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/ram_weight_multiplier
+#ram_weight_multiplier=1.0
+
+#
+# Disk weight multipler ratio.
+#
+# Multiplier used for weighing free disk space. Negative numbers mean to
+# stack vs spread.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'ram' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/disk_weight_multiplier
+#disk_weight_multiplier=1.0
+
+#
+# IO operations weight multipler ratio.
+#
+# This option determines how hosts with differing workloads are weighed.
+# Negative
+# values, such as the default, will result in the scheduler preferring hosts
+# with
+# lighter workloads whereas positive values will prefer hosts with heavier
+# workloads. Another way to look at it is that positive values for this option
+# will tend to schedule instances onto hosts that are already busy, while
+# negative values will tend to distribute the workload across more hosts. The
+# absolute value, whether positive or negative, controls how strong the io_ops
+# weigher is relative to other weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'io_ops' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/io_ops_weight_multiplier
+#io_ops_weight_multiplier=-1.0
+
+#
+# Multiplier used for weighing hosts for group soft-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight multiplier
+# for hosts with group soft affinity. Only a positive value are meaningful, as
+# negative values would make this behave as a soft anti-affinity weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/soft_affinity_weight_multiplier
+#soft_affinity_weight_multiplier=1.0
+
+#
+# Multiplier used for weighing hosts for group soft-anti-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight multiplier
+# for hosts with group soft anti-affinity. Only a positive value are
+# meaningful, as negative values would make this behave as a soft affinity
+# weigher.
+# (floating point value)
+# Deprecated group/name - [DEFAULT]/soft_anti_affinity_weight_multiplier
+#soft_anti_affinity_weight_multiplier=1.0
+
+#
+# List of UUIDs for images that can only be run on certain hosts.
+#
+# If there is a need to restrict some images to only run on certain designated
+# hosts, list those image UUIDs here.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A list of UUID strings, where each string corresponds to the UUID of an
+# image
+#
+# Related options:
+#
+# * scheduler/isolated_hosts
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+# Deprecated group/name - [DEFAULT]/isolated_images
+#isolated_images =
+
+#
+# List of hosts that can only run certain images.
+#
+# If there is a need to restrict some images to only run on certain designated
+# hosts, list those host names here.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A list of strings, where each string corresponds to the name of a host
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+# Deprecated group/name - [DEFAULT]/isolated_hosts
+#isolated_hosts =
+
+#
+# Prevent non-isolated images from being built on isolated hosts.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is enabled. Even
+# then, this option doesn't affect the behavior of requests for isolated images,
+# which will *always* be restricted to isolated hosts.
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/isolated_hosts
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/restrict_isolated_hosts_to_isolated_images
+#restrict_isolated_hosts_to_isolated_images=true
+
+#
+# Image property namespace for use in the host aggregate.
+#
+# Images and hosts can be configured so that certain images can only be
+# scheduled
+# to hosts in a particular aggregate. This is done with metadata values set on
+# the host aggregate that are identified by beginning with the value of this
+# option. If the host is part of an aggregate with such a metadata key, the
+# image
+# in the request spec must have the value of that metadata in its properties in
+# order for the scheduler to consider the host as acceptable.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'aggregate_image_properties_isolation' filter
+# is
+# enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property namespace
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_separator
+# (string value)
+# Deprecated group/name - [DEFAULT]/aggregate_image_properties_isolation_namespace
+#aggregate_image_properties_isolation_namespace=<None>
+
+#
+# Separator character(s) for image property namespace and name.
+#
+# When using the aggregate_image_properties_isolation filter, the relevant
+# metadata keys are prefixed with the namespace defined in the
+# aggregate_image_properties_isolation_namespace configuration option plus a
+# separator. This option defines the separator to be used.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'aggregate_image_properties_isolation' filter
+# is enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property namespace
+# separator character
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_namespace
+# (string value)
+# Deprecated group/name - [DEFAULT]/aggregate_image_properties_isolation_separator
+#aggregate_image_properties_isolation_separator=.
+
+
+[glance]
+# Configuration options for the Image service
+
+#
+# From nova.conf
+#
+
+#
+# List of glance api servers endpoints available to nova.
+#
+# https is used for ssl-based glance api servers.
+#
+# Possible values:
+#
+# * A list of any fully qualified url of the form
+# "scheme://hostname:port[/path]"
+# (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
+# (list value)
+#api_servers=<None>
+api_servers = {{ controller.glance.host }}:9292
+
+#
+# Enable insecure SSL (https) requests to glance.
+#
+# This setting can be used to turn off verification of the glance server
+# certificate against the certificate authorities.
+# (boolean value)
+#api_insecure=false
+
+#
+# Enable glance operation retries.
+#
+# Specifies the number of retries when uploading / downloading
+# an image to / from glance. 0 means no retries.
+# (integer value)
+# Minimum value: 0
+#num_retries=0
+
+#
+# List of url schemes that can be directly accessed.
+#
+# This option specifies a list of url schemes that can be downloaded
+# directly via the direct_url. This direct_URL can be fetched from
+# Image metadata which can be used by nova to get the
+# image more efficiently. nova-compute could benefit from this by
+# invoking a copy when it has access to the same file system as glance.
+#
+# Possible values:
+#
+# * [file], Empty list (default)
+# (list value)
+#allowed_direct_url_schemes =
+
+#
+# Enable image signature verification.
+#
+# nova uses the image signature metadata from glance and verifies the signature
+# of a signed image while downloading that image. If the image signature cannot
+# be verified or if the image signature metadata is either incomplete or
+# unavailable, then nova will not boot the image and instead will place the
+# instance into an error state. This provides end users with stronger assurances
+# of the integrity of the image data they are using to create servers.
+#
+# Related options:
+#
+# * The options in the `key_manager` group, as the key_manager is used
+# for the signature validation.
+# (boolean value)
+#verify_glance_signatures=false
+
+# Enable or disable debug logging with glanceclient. (boolean value)
+#debug=false
+
+
+[guestfs]
+#
+# libguestfs is a set of tools for accessing and modifying virtual
+# machine (VM) disk images. You can use this for viewing and editing
+# files inside guests, scripting changes to VMs, monitoring disk
+# used/free statistics, creating guests, P2V, V2V, performing backups,
+# cloning VMs, building VMs, formatting disks and resizing disks.
+
+#
+# From nova.conf
+#
+
+#
+# Enable/disables guestfs logging.
+#
+# This configures guestfs to debug messages and push them to Openstack
+# logging system. When set to True, it traces libguestfs API calls and
+# enable verbose debug messages. In order to use the above feature,
+# "libguestfs" package must be installed.
+#
+# Related options:
+# Since libguestfs access and modifies VM's managed by libvirt, below options
+# should be set to give access to those VM's.
+# * libvirt.inject_key
+# * libvirt.inject_partition
+# * libvirt.inject_password
+# (boolean value)
+#debug=false
+
+
+[healthcheck]
+
+#
+# From oslo.middleware
+#
+
+# DEPRECATED: The path to respond to healtcheck requests on. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#path=/healthcheck
+
+# Show more detailed information as part of the response (boolean value)
+#detailed=false
+
+# Additional backends that can perform health checks and report that information
+# back as part of a request. (list value)
+#backends =
+
+# Check the presence of a file to determine if an application is running on a
+# port. Used by DisableByFileHealthcheck plugin. (string value)
+#disable_by_file_path=<None>
+
+# Check the presence of a file based on a port to determine if an application is
+# running on a port. Expects a "port:path" list of strings. Used by
+# DisableByFilesPortsHealthcheck plugin. (list value)
+#disable_by_file_paths =
+
+
+[hyperv]
+#
+# The hyperv feature allows you to configure the Hyper-V hypervisor
+# driver to be used within an OpenStack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# Dynamic memory ratio
+#
+# Enables dynamic memory allocation (ballooning) when set to a value
+# greater than 1. The value expresses the ratio between the total RAM
+# assigned to an instance and its startup RAM amount. For example a
+# ratio of 2.0 for an instance with 1024MB of RAM implies 512MB of
+# RAM allocated at startup.
+#
+# Possible values:
+#
+# * 1.0: Disables dynamic memory allocation (Default).
+# * Float values greater than 1.0: Enables allocation of total implied
+# RAM divided by this value for startup.
+# (floating point value)
+#dynamic_memory_ratio=1.0
+
+#
+# Enable instance metrics collection
+#
+# Enables metrics collections for an instance by using Hyper-V's
+# metric APIs. Collected data can by retrieved by other apps and
+# services, e.g.: Ceilometer.
+# (boolean value)
+#enable_instance_metrics_collection=false
+
+#
+# Instances path share
+#
+# The name of a Windows share mapped to the "instances_path" dir
+# and used by the resize feature to copy files to the target host.
+# If left blank, an administrative share (hidden network share) will
+# be used, looking for the same "instances_path" used locally.
+#
+# Possible values:
+#
+# * "": An administrative share will be used (Default).
+# * Name of a Windows share.
+#
+# Related options:
+#
+# * "instances_path": The directory which will be used if this option
+# here is left blank.
+# (string value)
+#instances_path_share =
+
+#
+# Limit CPU features
+#
+# This flag is needed to support live migration to hosts with
+# different CPU features and checked during instance creation
+# in order to limit the CPU features used by the instance.
+# (boolean value)
+#limit_cpu_features=false
+
+#
+# Mounted disk query retry count
+#
+# The number of times to retry checking for a mounted disk.
+# The query runs until the device can be found or the retry
+# count is reached.
+#
+# Possible values:
+#
+# * Positive integer values. Values greater than 1 is recommended
+# (Default: 10).
+#
+# Related options:
+#
+# * Time interval between disk mount retries is declared with
+# "mounted_disk_query_retry_interval" option.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_count=10
+
+#
+# Mounted disk query retry interval
+#
+# Interval between checks for a mounted disk, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This option is meaningful when the mounted_disk_query_retry_count
+# is greater than 1.
+# * The retry loop runs with mounted_disk_query_retry_count and
+# mounted_disk_query_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_interval=5
+
+#
+# Power state check timeframe
+#
+# The timeframe to be checked for instance power state changes.
+# This option is used to fetch the state of the instance from Hyper-V
+# through the WMI interface, within the specified timeframe.
+#
+# Possible values:
+#
+# * Timeframe in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#power_state_check_timeframe=60
+
+#
+# Power state event polling interval
+#
+# Instance power state change event polling frequency. Sets the
+# listener interval for power state events to the given value.
+# This option enhances the internal lifecycle notifications of
+# instances that reboot themselves. It is unlikely that an operator
+# has to change this value.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 2).
+# (integer value)
+# Minimum value: 0
+#power_state_event_polling_interval=2
+
+#
+# qemu-img command
+#
+# qemu-img is required for some of the image related operations
+# like converting between different image types. You can get it
+# from here: (http://qemu.weilnetz.de/) or you can install the
+# Cloudbase OpenStack Hyper-V Compute Driver
+# (https://cloudbase.it/openstack-hyperv-driver/) which automatically
+# sets the proper path for this config option. You can either give the
+# full path of qemu-img.exe or set its path in the PATH environment
+# variable and leave this option to the default value.
+#
+# Possible values:
+#
+# * Name of the qemu-img executable, in case it is in the same
+# directory as the nova-compute service or its path is in the
+# PATH environment variable (Default).
+# * Path of qemu-img command (DRIVELETTER:\PATH\TO\QEMU-IMG\COMMAND).
+#
+# Related options:
+#
+# * If the config_drive_cdrom option is False, qemu-img will be used to
+# convert the ISO to a VHD, otherwise the configuration drive will
+# remain an ISO. To use configuration drive with Hyper-V, you must
+# set the mkisofs_cmd value to the full path to an mkisofs.exe
+# installation.
+# (string value)
+#qemu_img_cmd=qemu-img.exe
+
+#
+# External virtual switch name
+#
+# The Hyper-V Virtual Switch is a software-based layer-2 Ethernet
+# network switch that is available with the installation of the
+# Hyper-V server role. The switch includes programmatically managed
+# and extensible capabilities to connect virtual machines to both
+# virtual networks and the physical network. In addition, Hyper-V
+# Virtual Switch provides policy enforcement for security, isolation,
+# and service levels. The vSwitch represented by this config option
+# must be an external one (not internal or private).
+#
+# Possible values:
+#
+# * If not provided, the first of a list of available vswitches
+# is used. This list is queried using WQL.
+# * Virtual switch name.
+# (string value)
+#vswitch_name=<None>
+
+#
+# Wait soft reboot seconds
+#
+# Number of seconds to wait for instance to shut down after soft
+# reboot request is made. We fall back to hard reboot if instance
+# does not shutdown within this window.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#wait_soft_reboot_seconds=60
+
+#
+# Configuration drive cdrom
+#
+# OpenStack can be configured to write instance metadata to
+# a configuration drive, which is then attached to the
+# instance before it boots. The configuration drive can be
+# attached as a disk drive (default) or as a CD drive.
+#
+# Possible values:
+#
+# * True: Attach the configuration drive image as a CD drive.
+# * False: Attach the configuration drive image as a disk drive (Default).
+#
+# Related options:
+#
+# * This option is meaningful with force_config_drive option set to 'True'
+# or when the REST API call to create an instance will have
+# '--config-drive=True' flag.
+# * config_drive_format option must be set to 'iso9660' in order to use
+# CD drive as the configuration drive image.
+# * To use configuration drive with Hyper-V, you must set the
+# mkisofs_cmd value to the full path to an mkisofs.exe installation.
+# Additionally, you must set the qemu_img_cmd value to the full path
+# to an qemu-img command installation.
+# * You can configure the Compute service to always create a configuration
+# drive by setting the force_config_drive option to 'True'.
+# (boolean value)
+#config_drive_cdrom=false
+
+#
+# Configuration drive inject password
+#
+# Enables setting the admin password in the configuration drive image.
+#
+# Related options:
+#
+# * This option is meaningful when used with other options that enable
+# configuration drive usage with Hyper-V, such as force_config_drive.
+# * Currently, the only accepted config_drive_format is 'iso9660'.
+# (boolean value)
+#config_drive_inject_password=false
+
+#
+# Volume attach retry count
+#
+# The number of times to retry attaching a volume. Volume attachment
+# is retried until success or the given retry count is reached.
+#
+# Possible values:
+#
+# * Positive integer values (Default: 10).
+#
+# Related options:
+#
+# * Time interval between attachment attempts is declared with
+# volume_attach_retry_interval option.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_count=10
+
+#
+# Volume attach retry interval
+#
+# Interval between volume attachment attempts, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This options is meaningful when volume_attach_retry_count
+# is greater than 1.
+# * The retry loop runs with volume_attach_retry_count and
+# volume_attach_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_interval=5
+
+#
+# Enable RemoteFX feature
+#
+# This requires at least one DirectX 11 capable graphics adapter for
+# Windows / Hyper-V Server 2012 R2 or newer and RDS-Virtualization
+# feature has to be enabled.
+#
+# Instances with RemoteFX can be requested with the following flavor
+# extra specs:
+#
+# **os:resolution**. Guest VM screen resolution size. Acceptable values::
+#
+# 1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
+#
+# ``3840x2160`` is only available on Windows / Hyper-V Server 2016.
+#
+# **os:monitors**. Guest VM number of monitors. Acceptable values::
+#
+# [1, 4] - Windows / Hyper-V Server 2012 R2
+# [1, 8] - Windows / Hyper-V Server 2016
+#
+# **os:vram**. Guest VM VRAM amount. Only available on
+# Windows / Hyper-V Server 2016. Acceptable values::
+#
+# 64, 128, 256, 512, 1024
+# (boolean value)
+#enable_remotefx=false
+
+#
+# Use multipath connections when attaching iSCSI or FC disks.
+#
+# This requires the Multipath IO Windows feature to be enabled. MPIO must be
+# configured to claim such devices.
+# (boolean value)
+#use_multipath_io=false
+
+#
+# List of iSCSI initiators that will be used for estabilishing iSCSI sessions.
+#
+# If none are specified, the Microsoft iSCSI initiator service will choose the
+# initiator.
+# (list value)
+#iscsi_initiator_list =
+
+
+[image_file_url]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# List of file systems that are configured in this file in the
+# image_file_url:<list entry name> sections
+# (list value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The feature to download images from glance via filesystem is not used and will
+# be removed in the future.
+#filesystems =
+
+
+[ironic]
+#
+# Configuration options for Ironic driver (Bare Metal).
+# If using the Ironic driver following options must be set:
+# * auth_type
+# * auth_url
+# * project_name
+# * username
+# * password
+# * project_domain_id or project_domain_name
+# * user_domain_id or user_domain_name
+
+#
+# From nova.conf
+#
+
+# URL override for the Ironic API endpoint. (string value)
+#api_endpoint=http://ironic.example.org:6385/
+
+#
+# The number of times to retry when a request conflicts.
+# If set to 0, only try once, no retries.
+#
+# Related options:
+#
+# * api_retry_interval
+# (integer value)
+# Minimum value: 0
+#api_max_retries=60
+
+#
+# The number of seconds to wait before retrying the request.
+#
+# Related options:
+#
+# * api_max_retries
+# (integer value)
+# Minimum value: 0
+#api_retry_interval=2
+
+# Timeout (seconds) to wait for node serial console state changed. Set to 0 to
+# disable timeout. (integer value)
+# Minimum value: 0
+#serial_console_state_timeout=10
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [ironic]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [ironic]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+
+[key_manager]
+
+#
+# From nova.conf
+#
+
+#
+# Fixed key returned by key manager, specified in hex.
+#
+# Possible values:
+#
+# * Empty string or a key in hex value
+# (string value)
+# Deprecated group/name - [keymgr]/fixed_key
+#fixed_key=<None>
+
+# The full class name of the key manager API class (string value)
+#api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+
+# The type of authentication credential to create. Possible values are 'token',
+# 'password', 'keystone_token', and 'keystone_password'. Required if no context
+# is passed to the credential factory. (string value)
+#auth_type=<None>
+
+# Token for authentication. Required for 'token' and 'keystone_token' auth_type
+# if no context is passed to the credential factory. (string value)
+#token=<None>
+
+# Username for authentication. Required for 'password' auth_type. Optional for
+# the 'keystone_password' auth_type. (string value)
+#username=<None>
+
+# Password for authentication. Required for 'password' and 'keystone_password'
+# auth_type. (string value)
+#password=<None>
+
+# User ID for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_id=<None>
+
+# User's domain ID for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_domain_id=<None>
+
+# User's domain name for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_domain_name=<None>
+
+# Trust ID for trust scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#trust_id=<None>
+
+# Domain ID for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_id=<None>
+
+# Domain name for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_name=<None>
+
+# Project ID for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_id=<None>
+
+# Project name for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_name=<None>
+
+# Project's domain ID for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_id=<None>
+
+# Project's domain name for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_name=<None>
+
+# Allow fetching a new token if the current one is going to expire. Optional for
+# 'keystone_token' and 'keystone_password' auth_type. (boolean value)
+#reauthenticate=true
+
+
+[keystone_authtoken]
+
+#
+# From keystonemiddleware.auth_token
+#
+revocation_cache_time = 10
+signing_dir=/tmp/keystone-signing-nova
+auth_type = password
+user_domain_id = {{ controller.identity.get('domain', 'default') }}
+project_domain_id = {{ controller.identity.get('domain', 'default') }}
+project_name = {{ controller.identity.tenant }}
+username = {{ controller.identity.user }}
+password = {{ controller.identity.password }}
+auth_uri=http://{{ controller.identity.host }}:5000
+auth_url=http://{{ controller.identity.host }}:35357
+{%- if controller.cache is defined %}
+memcached_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
+# clients are redirected to this endpoint to authenticate. Although this
+# endpoint should ideally be unversioned, client support in the wild varies.
+# If you're using a versioned v2 endpoint here, then this should *not* be the
+# same endpoint the service user utilizes for validating tokens, because normal
+# end users may not be able to reach that endpoint. (string value)
+#auth_uri=<None>
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version=<None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision=false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout=<None>
+
+# How many times are we trying to reconnect when communicating with Identity API
+# Server. (integer value)
+#http_request_max_retries=3
+
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
+#cache=<None>
+
+# Required if identity server requires client certificate (string value)
+#certfile=<None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile=<None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# The region in which the identity server can be found. (string value)
+#region_name=<None>
+
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P release.
+# (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#signing_dir=<None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
+#memcached_servers=<None>
+
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set to
+# -1 to disable caching completely. (integer value)
+#token_cache_time=300
+
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in the
+# Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#revocation_cache_time=10
+
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy=None
+
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
+#memcache_secret_key=<None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry=300
+
+# (Optional) Maximum total number of open connections to every memcached server.
+# (integer value)
+#memcache_pool_maxsize=10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout=3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout=60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout=10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool=false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog=true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it if
+# not. "strict" like "permissive" but if the bind type is unknown the token will
+# be rejected. "required" any form of token binding is needed to be allowed.
+# Finally the name of a binding method that must be present in tokens. (string
+# value)
+#enforce_token_bind=permissive
+
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#check_revocations_for_cached=false
+
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#hash_algorithms=md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present. For
+# backwards compatibility reasons this currently only affects the allow_expired
+# check. (list value)
+#service_token_roles=service
+
+# For backwards compatibility reasons we must let valid service tokens pass that
+# don't pass the service_token_roles check as valid. Setting this true will
+# become the default in a future release and should be enabled if possible.
+# (boolean value)
+#service_token_roles_required=false
+
+# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
+# (string value)
+#auth_admin_prefix =
+
+# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+#auth_host=127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (integer value)
+#auth_port=35357
+
+# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+# Allowed values: http, https
+#auth_protocol=https
+
+# Complete admin Identity API endpoint. This should specify the unversioned root
+# endpoint e.g. https://localhost:35357/ (string value)
+#identity_uri=<None>
+
+# This option is deprecated and may be removed in a future release. Single
+# shared secret with the Keystone configuration used for bootstrapping a
+# Keystone installation, or otherwise bypassing the normal authentication
+# process. This option should not be used, use `admin_user` and `admin_password`
+# instead. (string value)
+#admin_token=<None>
+
+# Service username. (string value)
+#admin_user=<None>
+
+# Service user password. (string value)
+#admin_password=<None>
+
+# Service tenant name. (string value)
+#admin_tenant_name=admin
+
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+
+[libvirt]
+#
+# Libvirt options allows cloud administrator to configure related
+# libvirt hypervisor driver to be used within an OpenStack deployment.
+#
+# Almost all of the libvirt config options are influence by ``virt_type`` config
+# which describes the virtualization type (or so called domain type) libvirt
+# should use for specific features such as live migration, snapshot.
+
+#
+# From nova.conf
+#
+
+#
+# The ID of the image to boot from to rescue data from a corrupted instance.
+#
+# If the rescue REST API operation doesn't provide an ID of an image to
+# use, the image which is referenced by this ID is used. If this
+# option is not set, the image from the instance is used.
+#
+# Possible values:
+#
+# * An ID of an image or nothing. If it points to an *Amazon Machine
+# Image* (AMI), consider to set the config options ``rescue_kernel_id``
+# and ``rescue_ramdisk_id`` too. If nothing is set, the image of the instance
+# is used.
+#
+# Related options:
+#
+# * ``rescue_kernel_id``: If the chosen rescue image allows the separate
+# definition of its kernel disk, the value of this option is used,
+# if specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# * ``rescue_ramdisk_id``: If the chosen rescue image allows the separate
+# definition of its RAM disk, the value of this option is used if,
+# specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# (string value)
+#rescue_image_id=<None>
+
+#
+# The ID of the kernel (AKI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its kernel
+# disk, the value of this option is used, if specified. This is the case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue image.
+#
+# Possible values:
+#
+# * An ID of an kernel image or nothing. If nothing is specified, the kernel
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_kernel_id`` too.
+# (string value)
+#rescue_kernel_id=<None>
+
+#
+# The ID of the RAM disk (ARI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its RAM
+# disk, the value of this option is used, if specified. This is the case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue image.
+#
+# Possible values:
+#
+# * An ID of a RAM disk image or nothing. If nothing is specified, the RAM
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_ramdisk_id`` too.
+# (string value)
+#rescue_ramdisk_id=<None>
+
+#
+# Describes the virtualization type (or so called domain type) libvirt should
+# use.
+#
+# The choice of this type must match the underlying virtualization strategy
+# you have chosen for this host.
+#
+# Possible values:
+#
+# * See the predefined set of case-sensitive values.
+#
+# Related options:
+#
+# * ``connection_uri``: depends on this
+# * ``disk_prefix``: depends on this
+# * ``cpu_mode``: depends on this
+# * ``cpu_model``: depends on this
+# (string value)
+# Allowed values: kvm, lxc, qemu, uml, xen, parallels
+#virt_type=kvm
+virt_type=kvm
+
+#
+# Overrides the default libvirt URI of the chosen virtualization type.
+#
+# If set, Nova will use this URI to connect to libvirt.
+#
+# Possible values:
+#
+# * An URI like ``qemu:///system`` or ``xen+ssh://oirase/`` for example.
+# This is only necessary if the URI differs to the commonly known URIs
+# for the chosen virtualization type.
+#
+# Related options:
+#
+# * ``virt_type``: Influences what is used as default value here.
+# (string value)
+#connection_uri =
+
+#
+# Allow the injection of an admin password for instance only at ``create`` and
+# ``rebuild`` process.
+#
+# There is no agent needed within the image to do this. If *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The file
+# system of the image will be mounted and the admin password, which is provided
+# in the REST API call will be injected as password for the root user. If no
+# root user is available, the instance won't be launched and an error is thrown.
+# Be aware that the injection is *not* possible when the instance gets launched
+# from a volume.
+#
+# Possible values:
+#
+# * True: Allows the injection.
+# * False (default): Disallows the injection. Any via the REST API provided
+# admin password will be silently ignored.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_password=false
+
+#
+# Allow the injection of an SSH key at boot time.
+#
+# There is no agent needed within the image to do this. If *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The file
+# system of the image will be mounted and the SSH key, which is provided
+# in the REST API call will be injected as SSH key for the root user and
+# appended to the ``authorized_keys`` of that user. The SELinux context will
+# be set if necessary. Be aware that the injection is *not* possible when the
+# instance gets launched from a volume.
+#
+# This config option will enable directly modifying the instance disk and does
+# not affect what cloud-init may do using data from config_drive option or the
+# metadata service.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_key=false
+
+#
+# Determines the way how the file system is chosen to inject data into it.
+#
+# *libguestfs* will be used a first solution to inject data. If that's not
+# available on the host, the image will be locally mounted on the host as a
+# fallback solution. If libguestfs is not able to determine the root partition
+# (because there are more or less than one root partition) or cannot mount the
+# file system it will result in an error and the instance won't be boot.
+#
+# Possible values:
+#
+# * -2 => disable the injection of data.
+# * -1 => find the root partition with the file system to mount with libguestfs
+# * 0 => The image is not partitioned
+# * >0 => The number of the partition to use for the injection
+#
+# Related options:
+#
+# * ``inject_key``: If this option allows the injection of a SSH key it depends
+# on value greater or equal to -1 for ``inject_partition``.
+# * ``inject_password``: If this option allows the injection of an admin
+# password
+# it depends on value greater or equal to -1 for ``inject_partition``.
+# * ``guestfs`` You can enable the debug log level of libguestfs with this
+# config option. A more verbose output will help in debugging issues.
+# * ``virt_type``: If you use ``lxc`` as virt_type it will be treated as a
+# single partition image
+# (integer value)
+# Minimum value: -2
+#inject_partition=-2
+inject_partition = -1
+
+# DEPRECATED:
+# Enable a mouse cursor within a graphical VNC or SPICE sessions.
+#
+# This will only be taken into account if the VM is fully virtualized and VNC
+# and/or SPICE is enabled. If the node doesn't support a graphical framebuffer,
+# then it is valid to set this to False.
+#
+# Related options:
+# * ``[vnc]enabled``: If VNC is enabled, ``use_usb_tablet`` will have an effect.
+# * ``[spice]enabled`` + ``[spice].agent_enabled``: If SPICE is enabled and the
+# spice agent is disabled, the config value of ``use_usb_tablet`` will have
+# an effect.
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option is being replaced by the 'pointer_model' option.
+#use_usb_tablet=true
+use_usb_tablet=true
+
+#
+# The IP address or hostname to be used as the target for live migration
+# traffic.
+#
+# If this option is set to None, the hostname of the migration target compute
+# node will be used.
+#
+# This option is useful in environments where the live-migration traffic can
+# impact the network plane significantly. A separate network for live-migration
+# traffic can then use this config option and avoids the impact on the
+# management network.
+#
+# Possible values:
+#
+# * A valid IP address or hostname, else None.
+# (string value)
+#live_migration_inbound_addr=<None>
+
+# DEPRECATED:
+# Live migration target URI to use.
+#
+# Override the default libvirt live migration target URI (which is dependent
+# on virt_type). Any included "%s" is replaced with the migration target
+# hostname.
+#
+# If this option is set to None (which is the default), Nova will automatically
+# generate the `live_migration_uri` value based on only 3 supported `virt_type`
+# in following list:
+# * 'kvm': 'qemu+tcp://%s/system'
+# * 'qemu': 'qemu+tcp://%s/system'
+# * 'xen': 'xenmigr://%s/system'
+#
+# Related options:
+# * ``live_migration_inbound_addr``: If ``live_migration_inbound_addr`` value
+# is not None, the ip/hostname address of target compute node is used instead
+# of ``live_migration_uri`` as the uri for live migration.
+# * ``live_migration_scheme``: If ``live_migration_uri`` is not set, the scheme
+# used for live migration is taken from ``live_migration_scheme`` instead.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# live_migration_uri is deprecated for removal in favor of two other options
+# that
+# allow to change live migration scheme and target URI:
+# ``live_migration_scheme``
+# and ``live_migration_inbound_addr`` respectively.
+#live_migration_uri=<None>
+
+#
+# Schema used for live migration.
+#
+# Override the default libvirt live migration scheme (which is dependant on
+# virt_type). If this option is set to None, nova will automatically choose a
+# sensible default based on the hypervisor. It is not recommended that you
+# change
+# this unless you are very sure that hypervisor supports a particular scheme.
+#
+# Related options:
+# * ``virt_type``: This option is meaningful only when ``virt_type`` is set to
+# `kvm` or `qemu`.
+# * ``live_migration_uri``: If ``live_migration_uri`` value is not None, the
+# scheme used for live migration is taken from ``live_migration_uri`` instead.
+# (string value)
+#live_migration_scheme=<None>
+
+#
+# Enable tunnelled migration.
+#
+# This option enables the tunnelled migration feature, where migration data is
+# transported over the libvirtd connection. If enabled, we use the
+# VIR_MIGRATE_TUNNELLED migration flag, avoiding the need to configure
+# the network to allow direct hypervisor to hypervisor communication.
+# If False, use the native transport. If not set, Nova will choose a
+# sensible default based on, for example the availability of native
+# encryption support in the hypervisor. Enable this option will definitely
+# impact performance massively.
+#
+# Note that this option is NOT compatible with use of block migration.
+#
+# Possible values:
+#
+# * Supersedes and (if set) overrides the deprecated 'live_migration_flag' and
+# 'block_migration_flag' to enable tunneled migration.
+# (boolean value)
+#live_migration_tunnelled=false
+
+#
+# Maximum bandwidth(in MiB/s) to be used during migration.
+#
+# If set to 0, the hypervisor will choose a suitable default. Some hypervisors
+# do not support this feature and will return an error if bandwidth is not 0.
+# Please refer to the libvirt documentation for further details.
+# (integer value)
+#live_migration_bandwidth=0
+
+#
+# Maximum permitted downtime, in milliseconds, for live migration
+# switchover.
+#
+# Will be rounded up to a minimum of 100ms. You can increase this value
+# if you want to allow live-migrations to complete faster, or avoid
+# live-migration timeout errors by allowing the guest to be paused for
+# longer during the live-migration switch over.
+#
+# Related options:
+#
+# * live_migration_completion_timeout
+# (integer value)
+#live_migration_downtime=500
+
+#
+# Number of incremental steps to reach max downtime value.
+#
+# Will be rounded up to a minimum of 3 steps.
+# (integer value)
+#live_migration_downtime_steps=10
+
+#
+# Time to wait, in seconds, between each step increase of the migration
+# downtime.
+#
+# Minimum delay is 10 seconds. Value is per GiB of guest RAM + disk to be
+# transferred, with lower bound of a minimum of 2 GiB per device.
+# (integer value)
+#live_migration_downtime_delay=75
+
+#
+# Time to wait, in seconds, for migration to successfully complete transferring
+# data before aborting the operation.
+#
+# Value is per GiB of guest RAM + disk to be transferred, with lower bound of
+# a minimum of 2 GiB. Should usually be larger than downtime delay * downtime
+# steps. Set to 0 to disable timeouts.
+#
+# Related options:
+#
+# * live_migration_downtime
+# * live_migration_downtime_steps
+# * live_migration_downtime_delay
+# (integer value)
+# Note: This option can be changed without restarting.
+#live_migration_completion_timeout=800
+
+# DEPRECATED:
+# Time to wait, in seconds, for migration to make forward progress in
+# transferring data before aborting the operation.
+#
+# Set to 0 to disable timeouts.
+#
+# This is deprecated, and now disabled by default because we have found serious
+# bugs in this feature that caused false live-migration timeout failures. This
+# feature will be removed or replaced in a future release.
+# (integer value)
+# Note: This option can be changed without restarting.
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Serious bugs found in this feature.
+#live_migration_progress_timeout=0
+
+#
+# This option allows nova to switch an on-going live migration to post-copy
+# mode, i.e., switch the active VM to the one on the destination node before the
+# migration is complete, therefore ensuring an upper bound on the memory that
+# needs to be transferred. Post-copy requires libvirt>=1.3.3 and QEMU>=2.5.0.
+#
+# When permitted, post-copy mode will be automatically activated if a
+# live-migration memory copy iteration does not make percentage increase of at
+# least 10% over the last iteration.
+#
+# The live-migration force complete API also uses post-copy when permitted. If
+# post-copy mode is not available, force complete falls back to pausing the VM
+# to ensure the live-migration operation will complete.
+#
+# When using post-copy mode, if the source and destination hosts loose network
+# connectivity, the VM being live-migrated will need to be rebooted. For more
+# details, please see the Administration guide.
+#
+# Related options:
+#
+# * live_migration_permit_auto_converge
+# (boolean value)
+#live_migration_permit_post_copy=false
+
+#
+# This option allows nova to start live migration with auto converge on.
+#
+# Auto converge throttles down CPU if a progress of on-going live migration
+# is slow. Auto converge will only be used if this flag is set to True and
+# post copy is not permitted or post copy is unavailable due to the version
+# of libvirt and QEMU in use. Auto converge requires libvirt>=1.2.3 and
+# QEMU>=1.6.0.
+#
+# Related options:
+#
+# * live_migration_permit_post_copy
+# (boolean value)
+#live_migration_permit_auto_converge=false
+
+#
+# Determine the snapshot image format when sending to the image service.
+#
+# If set, this decides what format is used when sending the snapshot to the
+# image service.
+# If not set, defaults to same type as source image.
+#
+# Possible values:
+#
+# * ``raw``: RAW disk format
+# * ``qcow2``: KVM default disk format
+# * ``vmdk``: VMWare default disk format
+# * ``vdi``: VirtualBox default disk format
+# * If not set, defaults to same type as source image.
+# (string value)
+# Allowed values: raw, qcow2, vmdk, vdi
+#snapshot_image_format=<None>
+
+#
+# Override the default disk prefix for the devices attached to an instance.
+#
+# If set, this is used to identify a free disk device name for a bus.
+#
+# Possible values:
+#
+# * Any prefix which will result in a valid disk device name like 'sda' or 'hda'
+# for example. This is only necessary if the device names differ to the
+# commonly known device name prefixes for a virtualization type such as: sd,
+# xvd, uvd, vd.
+#
+# Related options:
+#
+# * ``virt_type``: Influences which device type is used, which determines
+# the default disk prefix.
+# (string value)
+#disk_prefix=<None>
+
+# Number of seconds to wait for instance to shut down after soft reboot request
+# is made. We fall back to hard reboot if instance does not shutdown within this
+# window. (integer value)
+#wait_soft_reboot_seconds=120
+
+#
+# Is used to set the CPU mode an instance should have.
+#
+# If virt_type="kvm|qemu", it will default to "host-model", otherwise it will
+# default to "none".
+#
+# Possible values:
+#
+# * ``host-model``: Clones the host CPU feature flags.
+# * ``host-passthrough``: Use the host CPU model exactly;
+# * ``custom``: Use a named CPU model;
+# * ``none``: Not set any CPU model.
+#
+# Related options:
+#
+# * ``cpu_model``: If ``custom`` is used for ``cpu_mode``, set this config
+# option too, otherwise this would result in an error and the instance won't
+# be launched.
+# (string value)
+# Allowed values: host-model, host-passthrough, custom, none
+#cpu_mode=<None>
+cpu_mode=host-passthrough
+
+#
+# Set the name of the libvirt CPU model the instance should use.
+#
+# Possible values:
+#
+# * The names listed in /usr/share/libvirt/cpu_map.xml
+#
+# Related options:
+#
+# * ``cpu_mode``: Don't set this when ``cpu_mode`` is NOT set to ``custom``.
+# This would result in an error and the instance won't be launched.
+# * ``virt_type``: Only the virtualization types ``kvm`` and ``qemu`` use this.
+# (string value)
+#cpu_model=<None>
+
+# Location where libvirt driver will store snapshots before uploading them to
+# image service (string value)
+#snapshots_directory=$instances_path/snapshots
+
+# Location where the Xen hvmloader is kept (string value)
+#xen_hvmloader_path=/usr/lib/xen/boot/hvmloader
+
+# Specific cachemodes to use for different disk types e.g:
+# file=directsync,block=none (list value)
+#disk_cachemodes =
+
+# A path to a device that will be used as source of entropy on the host.
+# Permitted options are: /dev/random or /dev/hwrng (string value)
+#rng_dev_path=<None>
+
+# For qemu or KVM guests, set this option to specify a default machine type per
+# host architecture. You can find a list of supported machine types in your
+# environment by checking the output of the "virsh capabilities"command. The
+# format of the value for this config option is host-arch=machine-type. For
+# example: x86_64=machinetype1,armv7l=machinetype2 (list value)
+#hw_machine_type=<None>
+
+# The data source used to the populate the host "serial" UUID exposed to guest
+# in the virtual BIOS. (string value)
+# Allowed values: none, os, hardware, auto
+#sysinfo_serial=auto
+
+# A number of seconds to memory usage statistics period. Zero or negative value
+# mean to disable memory usage statistics. (integer value)
+#mem_stats_period_seconds=10
+
+# List of uid targets and ranges.Syntax is guest-uid:host-uid:countMaximum of 5
+# allowed. (list value)
+#uid_maps =
+
+# List of guid targets and ranges.Syntax is guest-gid:host-gid:countMaximum of 5
+# allowed. (list value)
+#gid_maps =
+
+# In a realtime host context vCPUs for guest will run in that scheduling
+# priority. Priority depends on the host kernel (usually 1-99) (integer value)
+#realtime_scheduler_priority=1
+
+#
+# This is a performance event list which could be used as monitor. These events
+# will be passed to libvirt domain xml while creating a new instances.
+# Then event statistics data can be collected from libvirt. The minimum
+# libvirt version is 2.0.0. For more information about `Performance monitoring
+# events`, refer https://libvirt.org/formatdomain.html#elementsPerf .
+#
+# Possible values:
+# * A string list. For example: ``enabled_perf_events = cmt, mbml, mbmt``
+# The supported events list can be found in
+# https://libvirt.org/html/libvirt-libvirt-domain.html ,
+# which you may need to search key words ``VIR_PERF_PARAM_*``
+# (list value)
+#enabled_perf_events =
+
+#
+# VM Images format.
+#
+# If default is specified, then use_cow_images flag is used instead of this
+# one.
+#
+# Related options:
+#
+# * virt.use_cow_images
+# * images_volume_group
+# (string value)
+# Allowed values: raw, flat, qcow2, lvm, rbd, ploop, default
+#images_type=default
+
+#
+# LVM Volume Group that is used for VM images, when you specify images_type=lvm
+#
+# Related options:
+#
+# * images_type
+# (string value)
+#images_volume_group=<None>
+
+#
+# Create sparse logical volumes (with virtualsize) if this flag is set to True.
+# (boolean value)
+#sparse_logical_volumes=false
+
+# The RADOS pool in which rbd volumes are stored (string value)
+#images_rbd_pool=rbd
+
+# Path to the ceph configuration file to use (string value)
+#images_rbd_ceph_conf =
+
+#
+# Discard option for nova managed disks.
+#
+# Requires:
+#
+# * Libvirt >= 1.0.6
+# * Qemu >= 1.5 (raw format)
+# * Qemu >= 1.6 (qcow2 format)
+# (string value)
+# Allowed values: ignore, unmap
+#hw_disk_discard=<None>
+
+# DEPRECATED: Allows image information files to be stored in non-standard
+# locations (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Image info files are no longer used by the image cache
+#image_info_filename_pattern=$instances_path/$image_cache_subdirectory_name/%(image)s.info
+
+# Unused resized base images younger than this will not be removed (integer
+# value)
+#remove_unused_resized_minimum_age_seconds=3600
+
+# DEPRECATED: Write a checksum for files in _base to disk (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums of stored
+# images. Data integrity can be checked at the block or filesystem level.
+#checksum_base_images=false
+
+# DEPRECATED: How frequently to checksum base images (integer value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums of stored
+# images. Data integrity can be checked at the block or filesystem level.
+#checksum_interval_seconds=3600
+
+#
+# Method used to wipe ephemeral disks when they are deleted. Only takes effect
+# if LVM is set as backing storage.
+#
+# Possible values:
+#
+# * none - do not wipe deleted volumes
+# * zero - overwrite volumes with zeroes
+# * shred - overwrite volume repeatedly
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear_size
+# (string value)
+# Allowed values: none, zero, shred
+#volume_clear=zero
+
+#
+# Size of area in MiB, counting from the beginning of the allocated volume,
+# that will be cleared using method set in ``volume_clear`` option.
+#
+# Possible values:
+#
+# * 0 - clear whole volume
+# * >0 - clear specified amount of MiB
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear - must be set and the value must be different than ``none``
+# for this option to have any impact
+# (integer value)
+# Minimum value: 0
+#volume_clear_size=0
+
+#
+# Enable snapshot compression for ``qcow2`` images.
+#
+# Note: you can set ``snapshot_image_format`` to ``qcow2`` to force all
+# snapshots to be in ``qcow2`` format, independently from their original image
+# type.
+#
+# Related options:
+#
+# * snapshot_image_format
+# (boolean value)
+#snapshot_compression=false
+
+# Use virtio for bridge interfaces with KVM/QEMU (boolean value)
+#use_virtio_for_bridges=true
+use_virtio_for_bridges=true
+
+#
+# Protocols listed here will be accessed directly from QEMU.
+#
+# If gluster is present in qemu_allowed_storage_drivers, glusterfs's backend
+# will
+# pass a disk configuration to QEMU. This allows QEMU to access the volume using
+# libgfapi rather than mounting GlusterFS via fuse.
+#
+# Possible values:
+#
+# * [gluster]
+# (list value)
+#qemu_allowed_storage_drivers =
+
+#
+# Use multipath connection of the iSCSI or FC volume
+#
+# Volumes can be connected in the LibVirt as multipath devices. This will
+# provide high availability and fault tolerance.
+# (boolean value)
+# Deprecated group/name - [libvirt]/iscsi_use_multipath
+#volume_use_multipath=false
+
+#
+# Number of times to rediscover AoE target to find volume.
+#
+# Nova provides support for block storage attaching to hosts via AOE (ATA over
+# Ethernet). This option allows the user to specify the maximum number of retry
+# attempts that can be made to discover the AoE device.
+# (integer value)
+#num_aoe_discover_tries=3
+
+#
+# Absolute path to the directory where the glusterfs volume is mounted on the
+# compute node.
+# (string value)
+#glusterfs_mount_point_base=$state_path/mnt
+
+#
+# Number of times to scan iSCSI target to find volume.
+# (integer value)
+#num_iscsi_scan_tries=5
+
+#
+# The iSCSI transport iface to use to connect to target in case offload support
+# is desired.
+#
+# Default format is of the form <transport_name>.<hwaddress> where
+# <transport_name> is one of (be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx, ocs) and
+# <hwaddress> is the MAC address of the interface and can be generated via the
+# iscsiadm -m iface command. Do not confuse the iscsi_iface parameter to be
+# provided here with the actual transport name.
+# (string value)
+# Deprecated group/name - [libvirt]/iscsi_transport
+#iscsi_iface=<None>
+
+#
+# Number of times to scan iSER target to find volume.
+#
+# iSER is a server network protocol that extends iSCSI protocol to use Remote
+# Direct Memory Access (RDMA). This option allows the user to specify the
+# maximum
+# number of scan attempts that can be made to find iSER volume.
+# (integer value)
+#num_iser_scan_tries=5
+
+#
+# Use multipath connection of the iSER volume.
+#
+# iSER volumes can be connected as multipath devices. This will provide high
+# availability and fault tolerance.
+# (boolean value)
+#iser_use_multipath=false
+
+#
+# The RADOS client name for accessing rbd(RADOS Block Devices) volumes.
+#
+# Libvirt will refer to this user when connecting and authenticating with
+# the Ceph RBD server.
+# (string value)
+#rbd_user=<None>
+
+#
+# The libvirt UUID of the secret for the rbd_user volumes.
+# (string value)
+#rbd_secret_uuid=<None>
+
+#
+# Directory where the NFS volume is mounted on the compute node.
+# The default is 'mnt' directory of the location where nova's Python module
+# is installed.
+#
+# NFS provides shared storage for the OpenStack Block Storage service.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#nfs_mount_point_base=$state_path/mnt
+
+#
+# Mount options passed to the NFS client. See section of the nfs man page
+# for details.
+#
+# Mount options controls the way the filesystem is mounted and how the
+# NFS client behaves when accessing files on this mount point.
+#
+# Possible values:
+#
+# * Any string representing mount options separated by commas.
+# * Example string: vers=3,lookupcache=pos
+# (string value)
+#nfs_mount_options=<None>
+
+#
+# Directory where the Quobyte volume is mounted on the compute node.
+#
+# Nova supports Quobyte volume driver that enables storing Block Storage
+# service volumes on a Quobyte storage back end. This Option sepcifies the
+# path of the directory where Quobyte volume is mounted.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#quobyte_mount_point_base=$state_path/mnt
+
+# Path to a Quobyte Client configuration file. (string value)
+#quobyte_client_cfg=<None>
+
+#
+# Path or URL to Scality SOFS(Scale-Out File Server) configuration file.
+#
+# The Scality SOFS provides OpenStack users the option of storing their
+# data on a high capacity, replicated, highly available Scality Ring object
+# storage cluster.
+# (string value)
+#scality_sofs_config=<None>
+
+#
+# Base dir where Scality SOFS shall be mounted.
+#
+# The Scality volume driver in Nova mounts SOFS and lets the hypervisor access
+# the volumes.
+#
+# Possible values:
+#
+# * $state_path/scality where state_path is a config option that specifies
+# the top-level directory for maintaining nova's state or Any string
+# containing the full directory path.
+# (string value)
+#scality_sofs_mount_point=$state_path/scality
+
+#
+# Directory where the SMBFS shares are mounted on the compute node.
+# (string value)
+#smbfs_mount_point_base=$state_path/mnt
+
+#
+# Mount options passed to the SMBFS client.
+#
+# Provide SMBFS options as a single string containing all parameters.
+# See mount.cifs man page for details. Note that the libvirt-qemu ``uid``
+# and ``gid`` must be specified.
+# (string value)
+#smbfs_mount_options =
+
+#
+# libvirt's transport method for remote file operations.
+#
+# Because libvirt cannot use RPC to copy files over network to/from other
+# compute nodes, other method must be used for:
+#
+# * creating directory on remote host
+# * creating file on remote host
+# * removing file from remote host
+# * copying file to remote host
+# (string value)
+# Allowed values: ssh, rsync
+#remote_filesystem_transport=ssh
+
+#
+# Directory where the Virtuozzo Storage clusters are mounted on the compute
+# node.
+#
+# This option defines non-standard mountpoint for Vzstorage cluster.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_point_base=$state_path/mnt
+
+#
+# Mount owner user name.
+#
+# This option defines the owner user of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_user=stack
+
+#
+# Mount owner group name.
+#
+# This option defines the owner group of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_group=qemu
+
+#
+# Mount access mode.
+#
+# This option defines the access bits of Vzstorage cluster mountpoint,
+# in the format similar to one of chmod(1) utility, like this: 0770.
+# It consists of one to four digits ranging from 0 to 7, with missing
+# lead digits assumed to be 0's.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_perms=0770
+
+#
+# Path to vzstorage client log.
+#
+# This option defines the log of cluster operations,
+# it should include "%(cluster_name)s" template to separate
+# logs from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed logging options.
+# (string value)
+#vzstorage_log_path=/var/log/pstorage/%(cluster_name)s/nova.log.gz
+
+#
+# Path to the SSD cache file.
+#
+# You can attach an SSD drive to a client and configure the drive to store
+# a local cache of frequently accessed data. By having a local cache on a
+# client's SSD drive, you can increase the overall cluster performance by
+# up to 10 and more times.
+# WARNING! There is a lot of SSD models which are not server grade and
+# may loose arbitrary set of data changes on power loss.
+# Such SSDs should not be used in Vstorage and are dangerous as may lead
+# to data corruptions and inconsistencies. Please consult with the manual
+# on which SSD models are known to be safe or verify it using
+# vstorage-hwflush-check(1) utility.
+#
+# This option defines the path which should include "%(cluster_name)s"
+# template to separate caches from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed cache options.
+# (string value)
+#vzstorage_cache_path=<None>
+
+#
+# Extra mount options for pstorage-mount
+#
+# For full description of them, see
+# https://static.openvz.org/vz-man/man1/pstorage-mount.1.gz.html
+# Format is a python string representation of arguments list, like:
+# "['-v', '-R', '500']"
+# Shouldn't include -c, -l, -C, -u, -g and -m as those have
+# explicit vzstorage_* options.
+#
+# Related options:
+#
+# * All other vzstorage_* options
+# (list value)
+#vzstorage_mount_opts =
+
+
+[matchmaker_redis]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#host=127.0.0.1
+
+# DEPRECATED: Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#port=6379
+
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#password =
+
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
+# [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name=oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout=2000
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout=20000
+
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout=10000
+
+
+[metrics]
+#
+# Configuration options for metrics
+#
+# Options under this group allow to adjust how values assigned to metrics are
+# calculated.
+
+#
+# From nova.conf
+#
+
+#
+# When using metrics to weight the suitability of a host, you can use this
+# option
+# to change how the calculated weight influences the weight assigned to a host
+# as
+# follows:
+#
+# * >1.0: increases the effect of the metric on overall weight
+# * 1.0: no change to the calculated weight
+# * >0.0,<1.0: reduces the effect of the metric on overall weight
+# * 0.0: the metric value is ignored, and the value of the
+# 'weight_of_unavailable' option is returned instead
+# * >-1.0,<0.0: the effect is reduced and reversed
+# * -1.0: the effect is reversed
+# * <-1.0: the effect is increased proportionally and reversed
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (floating point value)
+#weight_multiplier=1.0
+
+#
+# This setting specifies the metrics to be weighed and the relative ratios for
+# each metric. This should be a single string value, consisting of a series of
+# one or more 'name=ratio' pairs, separated by commas, where 'name' is the name
+# of the metric to be weighed, and 'ratio' is the relative weight for that
+# metric.
+#
+# Note that if the ratio is set to 0, the metric value is ignored, and instead
+# the weight will be set to the value of the 'weight_of_unavailable' option.
+#
+# As an example, let's consider the case where this option is set to:
+#
+# ``name1=1.0, name2=-1.3``
+#
+# The final weight will be:
+#
+# ``(name1.value * 1.0) + (name2.value * -1.3)``
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more key/value pairs separated by commas, where the key is
+# a string representing the name of a metric and the value is a numeric weight
+# for that metric. If any value is set to 0, the value is ignored and the
+# weight will be set to the value of the 'weight_of_unavailable' option.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (list value)
+#weight_setting =
+
+#
+# This setting determines how any unavailable metrics are treated. If this
+# option
+# is set to True, any hosts for which a metric is unavailable will raise an
+# exception, so it is recommended to also use the MetricFilter to filter out
+# those hosts before weighing.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * True or False, where False ensures any metric being unavailable for a host
+# will set the host weight to 'weight_of_unavailable'.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (boolean value)
+#required=true
+
+#
+# When any of the following conditions are met, this value will be used in place
+# of any actual metric value:
+#
+# * One of the metrics named in 'weight_setting' is not available for a host,
+# and the value of 'required' is False
+# * The ratio specified for a metric in 'weight_setting' is 0
+# * The 'weight_multiplier' option is set to 0
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_setting
+# * required
+# * weight_multiplier
+# (floating point value)
+#weight_of_unavailable=-10000.0
+
+
+[mks]
+#
+# Nova compute node uses WebMKS, a desktop sharing protocol to provide
+# instance console access to VM's created by VMware hypervisors.
+#
+# Related options:
+# Following options must be set to provide console access.
+# * mksproxy_base_url
+# * enabled
+
+#
+# From nova.conf
+#
+
+#
+# Location of MKS web console proxy
+#
+# The URL in the response points to a WebMKS proxy which
+# starts proxying between client and corresponding vCenter
+# server where instance runs. In order to use the web based
+# console access, WebMKS proxy should be installed and configured
+#
+# Possible values:
+#
+# * Must be a valid URL of the form:``http://host:port/``
+# (string value)
+#mksproxy_base_url=http://127.0.0.1:6090/
+
+#
+# Enables graphical console access for virtual machines.
+# (boolean value)
+#enabled=false
+
+
+[neutron]
+#
+# Configuration options for neutron (network connectivity as a service).
+
+#
+# From nova.conf
+#
+auth_type=v3password
+project_domain_name = Default
+user_domain_name = Default
+auth_url = http://{{ controller.identity.host }}:35357/v3
+{% if pillar.neutron is defined %}
+password={{ pillar.neutron.server.identity.password }}
+project_name={{ pillar.neutron.server.identity.tenant }}
+username={{ pillar.neutron.server.identity.user }}
+region_name= {{ pillar.neutron.server.identity.region }}
+{%- else %}
+password={{ controller.network.password }}
+project_name={{ controller.network.tenant }}
+username={{ controller.network.user }}
+region_name= {{ controller.network.region }}
+{%- endif %}
+url=http://{{ controller.network.host }}:{{ controller.network.port }}
+
+{%- if controller.get('networking', 'default') != "contrail" %}
+metadata_proxy_shared_secret={{ controller.metadata.password }}
+{%- endif %}
+service_metadata_proxy=True
+#
+# This option specifies the URL for connecting to Neutron.
+#
+# Possible values:
+#
+# * Any valid URL that points to the Neutron API service is appropriate here.
+# This typically matches the URL returned for the 'network' service type
+# from the Keystone service catalog.
+# (uri value)
+#url=http://127.0.0.1:9696
+
+#
+# Region name for connecting to Neutron in admin context.
+#
+# This option is used in multi-region setups. If there are two Neutron
+# servers running in two regions in two different machines, then two
+# services need to be created in Keystone with two different regions and
+# associate corresponding endpoints to those services. When requests are made
+# to Keystone, the Keystone service uses the region_name to determine the
+# region the request is coming from.
+# (string value)
+#region_name=RegionOne
+
+#
+# Specifies the name of an integration bridge interface used by OpenvSwitch.
+# This option is used only if Neutron does not specify the OVS bridge name.
+#
+# Possible values:
+#
+# * Any string representing OVS bridge name.
+# (string value)
+#ovs_bridge=br-int
+
+#
+# Integer value representing the number of seconds to wait before querying
+# Neutron for extensions. After this number of seconds the next time Nova
+# needs to create a resource in Neutron it will requery Neutron for the
+# extensions that it has loaded. Setting value to 0 will refresh the
+# extensions with no wait.
+# (integer value)
+# Minimum value: 0
+#extension_sync_interval=600
+
+#
+# When set to True, this option indicates that Neutron will be used to proxy
+# metadata requests and resolve instance ids. Otherwise, the instance ID must be
+# passed to the metadata request in the 'X-Instance-ID' header.
+#
+# Related options:
+#
+# * metadata_proxy_shared_secret
+# (boolean value)
+#service_metadata_proxy=false
+
+#
+# This option holds the shared secret string used to validate proxy requests to
+# Neutron metadata requests. In order to be used, the
+# 'X-Metadata-Provider-Signature' header must be supplied in the request.
+#
+# Related options:
+#
+# * service_metadata_proxy
+# (string value)
+#metadata_proxy_shared_secret =
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [neutron]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[notifications]
+#
+# Most of the actions in Nova which manipulate the system state generate
+# notifications which are posted to the messaging component (e.g. RabbitMQ) and
+# can be consumed by any service outside the Openstack. More technical details
+# at http://docs.openstack.org/developer/nova/notifications.html
+
+#
+# From nova.conf
+#
+
+#
+# If set, send compute.instance.update notifications on instance state
+# changes.
+#
+# Please refer to https://wiki.openstack.org/wiki/SystemUsageData for
+# additional information on notifications.
+#
+# Possible values:
+#
+# * None - no notifications
+# * "vm_state" - notifications on VM state changes
+# * "vm_and_task_state" - notifications on VM and task state changes
+# (string value)
+# Allowed values: <None>, vm_state, vm_and_task_state
+# Deprecated group/name - [DEFAULT]/notify_on_state_change
+#notify_on_state_change=<None>
+
+#
+# If enabled, send api.fault notifications on caught exceptions in the
+# API service.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/notify_api_faults
+#notify_on_api_faults=false
+notify_on_api_faults=false
+
+# Default notification level for outgoing notifications. (string value)
+# Allowed values: DEBUG, INFO, WARN, ERROR, CRITICAL
+# Deprecated group/name - [DEFAULT]/default_notification_level
+#default_level=INFO
+
+#
+# Default publisher_id for outgoing notifications. If you consider routing
+# notifications using different publisher, change this value accordingly.
+#
+# Possible values:
+#
+# * Defaults to the IPv4 address of this host, but it can be any valid
+# oslo.messaging publisher_id
+#
+# Related options:
+#
+# * my_ip - IP address of this host
+# (string value)
+# Deprecated group/name - [DEFAULT]/default_publisher_id
+#default_publisher_id=$my_ip
+
+#
+# Specifies which notification format shall be used by nova.
+#
+# The default value is fine for most deployments and rarely needs to be changed.
+# This value can be set to 'versioned' once the infrastructure moves closer to
+# consuming the newer format of notifications. After this occurs, this option
+# will be removed (possibly in the "P" release).
+#
+# Possible values:
+# * unversioned: Only the legacy unversioned notifications are emitted.
+# * versioned: Only the new versioned notifications are emitted.
+# * both: Both the legacy unversioned and the new versioned notifications are
+# emitted. (Default)
+#
+# The list of versioned notifications is visible in
+# http://docs.openstack.org/developer/nova/notifications.html
+# (string value)
+# Allowed values: unversioned, versioned, both
+# Deprecated group/name - [DEFAULT]/notification_format
+#notification_format=both
+
+
+[osapi_v21]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# This option is a list of all of the v2.1 API extensions to never load.
+#
+# Possible values:
+#
+# * A list of strings, each being the alias of an extension that you do not
+# wish to load.
+#
+# Related options:
+#
+# * enabled
+# * extensions_whitelist
+# (list value)
+# This option is deprecated for removal since 12.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# API extensions are now part of the standard API. API extensions should be
+# disabled using policy, rather than via these configuration options.
+#extensions_blacklist =
+
+# DEPRECATED:
+# This is a list of extensions. If it is empty, then *all* extensions except
+# those specified in the extensions_blacklist option will be loaded. If it is
+# not
+# empty, then only those extensions in this list will be loaded, provided that
+# they are also not in the extensions_blacklist option.
+#
+# Possible values:
+#
+# * A list of strings, each being the alias of an extension that you wish to
+# load, or an empty list, which indicates that all extensions are to be run.
+#
+# Related options:
+#
+# * enabled
+# * extensions_blacklist
+# (list value)
+# This option is deprecated for removal since 12.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# API extensions are now part of the standard API. API extensions should be
+# disabled using policy, rather than via these configuration options.
+#extensions_whitelist =
+
+# DEPRECATED:
+# This option is a string representing a regular expression (regex) that matches
+# the project_id as contained in URLs. If not set, it will match normal UUIDs
+# created by keystone.
+#
+# Possible values:
+#
+# * A string representing any legal regular expression
+# (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Recent versions of nova constrain project IDs to hexadecimal characters and
+# dashes. If your installation uses IDs outside of this range, you should use
+# this option to provide your own regex and give you time to migrate offending
+# projects to valid IDs before the next release.
+#project_id_regex=<None>
+
+
+[oslo_concurrency]
+
+#
+# From oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking=false
+
+# Directory to use for lock files. For security, the specified directory should
+# only be writable by the user running the processes that need locking. Defaults
+# to environment variable OSLO_LOCK_PATH. If OSLO_LOCK_PATH is not set in the
+# environment, use the Python tempfile.gettempdir function to find a suitable
+# location. If external locks are used, a lock path must be set. (string value)
+# Deprecated group/name - [DEFAULT]/lock_path
+lock_path=/var/lib/nova/tmp
+
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name=<None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout=0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace=false
+
+# CA certificate PEM file used to verify the server's certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password=<None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients=false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval=1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff=2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max=30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay=10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry=0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout=30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout=30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout=30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout=600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy' - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic' - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode=dynamic
+
+# address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+#server_request_prefix=exclusive
+
+# address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+#broadcast_prefix=broadcast
+
+# address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+#group_request_prefix=unicast
+
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix=openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix=openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address=multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address=unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-robin
+# fashion across consumers. (string value)
+#anycast_address=anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange=<None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange=<None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit=200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit=100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit=100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify' - Send Notifications pre-settled
+# (multi valued)
+#pre_settled=rpc-cast
+#pre_settled=rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host=localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port=9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes=1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout=1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size=10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size=2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl=1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group=oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating point
+# value)
+#producer_batch_timeout=0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size=16384
+
+
+[oslo_messaging_notifications]
+
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are messaging,
+# messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+{%- if controller.notification is mapping %}
+driver = {{ controller.notification.get('driver', 'messagingv2') }}
+{%- if controller.notification.topics is defined %}
+topics = {{ controller.notification.topics }}
+{%- endif %}
+{%- elif controller.notification %}
+driver=messagingv2
+{%- endif %}
+
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url=<None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics=notifications
+
+
+[oslo_messaging_rabbit]
+
+#
+# From oslo.messaging
+#
+rabbit_retry_interval = 1
+rabbit_retry_backoff = 2
+rpc_conn_pool_size = 300
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues=false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete=false
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+#kombu_ssl_version =
+
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+#kombu_ssl_keyfile =
+
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+#kombu_ssl_certfile =
+
+# SSL certification authority file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+#kombu_ssl_ca_certs =
+
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+#kombu_reconnect_delay=1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
+#kombu_compression=<None>
+
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout=60
+
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than one
+# RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy=round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host=localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port=5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts=$rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+#rabbit_use_ssl=false
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid=guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password=guest
+
+# The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+#rabbit_login_method=AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host=/
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval=1
+
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+#rabbit_retry_backoff=2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
+#rabbit_interval_max=30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries=0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue. If
+# you just want to make sure that all queues (except those with auto-generated
+# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
+# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+#rabbit_ha_queues=false
+
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically deleted.
+# The parameter affects only reply and fanout queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl=1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows unlimited
+# messages. (integer value)
+#rabbit_qos_prefetch_count=0
+
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
+#heartbeat_timeout_threshold=60
+
+# How often times during the heartbeat_timeout_threshold we check the heartbeat.
+# (integer value)
+#heartbeat_rate=2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+#fake_rabbit=false
+
+# Maximum number of channels to allow (integer value)
+#channel_max=<None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max=<None>
+
+# How often to send heartbeats for consumer's connections (integer value)
+#heartbeat_interval=3
+
+# Enable SSL (boolean value)
+#ssl=<None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options=<None>
+
+# Set socket timeout in seconds for connection's socket (floating point value)
+#socket_timeout=0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point value)
+#tcp_user_timeout=0.25
+
+# Set delay for reconnection to some host which has connection error (floating
+# point value)
+#host_connection_reconnect_delay=0.25
+
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory=single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size=30
+
+# Maximum number of connections to create above `pool_max_size`. (integer value)
+#pool_max_overflow=0
+
+# Default number of seconds to wait for a connections to available (integer
+# value)
+#pool_timeout=30
+
+# Lifetime of a connection (since creation) in seconds or None for no recycling.
+# Expired connections are closed on acquire. (integer value)
+#pool_recycle=600
+
+# Threshold at which inactive (since release) connections are considered stale
+# in seconds or None for no staleness. Stale connections are closed on acquire.
+# (integer value)
+#pool_stale=60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type=json
+
+# Persist notification messages. (boolean value)
+#notification_persistence=false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange=${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to notification
+# listener. (integer value)
+#notification_listener_prefetch_count=100
+
+# Reconnecting retry count in case of connectivity problem during sending
+# notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts=-1
+
+# Reconnecting retry delay in case of connectivity problem during sending
+# notification message (floating point value)
+#notification_retry_delay=0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer value)
+#rpc_queue_expiration=60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange=${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange=${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc
+# listener. (integer value)
+#rpc_listener_prefetch_count=100
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc reply
+# listener. (integer value)
+#rpc_reply_listener_prefetch_count=100
+
+# Reconnecting retry count in case of connectivity problem during sending reply.
+# -1 means infinite retry during rpc_timeout (integer value)
+#rpc_reply_retry_attempts=-1
+
+# Reconnecting retry delay in case of connectivity problem during sending reply.
+# (floating point value)
+#rpc_reply_retry_delay=0.25
+
+# Reconnecting retry count in case of connectivity problem during sending RPC
+# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
+# request could be processed more than one time (integer value)
+#default_rpc_retry_attempts=-1
+
+# Reconnecting retry delay in case of connectivity problem during sending RPC
+# message (floating point value)
+#rpc_retry_delay=0.25
+
+
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address=*
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker=redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts=1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog=<None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir=/var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host=localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger period.
+# The value of 0 specifies no linger period. Pending messages shall be discarded
+# immediately when the socket is closed. Positive values specify an upper bound
+# for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger=-1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout=1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire=300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update=180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub=false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy=false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections=false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections=2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port=49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port=65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries=100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization=json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate=true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive=-1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to skip
+# any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle=-1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value and
+# 0) means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_cnt=-1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0) means
+# to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl=-1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size=100
+rpc_thread_pool_size=70
+
+# Expiration timeout in seconds of a sent/received message after which it is not
+# tracked anymore by a client/server. (integer value)
+#rpc_message_ttl=300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks=false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base=15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier=2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts=3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size=114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by a SSL termination proxy.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header=X-Forwarded-Proto
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing=false
+enable_proxy_headers_parsing=True
+
+[oslo_policy]
+
+#
+# From oslo.policy
+#
+
+# The file that defines policies. (string value)
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file=policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string value)
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule=default
+
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched. Missing or empty directories are ignored. (multi
+# valued)
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs=policy.d
+
+
+[pci]
+
+#
+# From nova.conf
+#
+
+#
+# An alias for a PCI passthrough device requirement.
+#
+# This allows users to specify the alias in the extra_spec for a flavor, without
+# needing to repeat all the PCI property requirements.
+#
+# Possible Values:
+#
+# * A list of JSON values which describe the aliases. For example:
+#
+# alias = {
+# "name": "QuickAssist",
+# "product_id": "0443",
+# "vendor_id": "8086",
+# "device_type": "type-PCI"
+# }
+#
+# defines an alias for the Intel QuickAssist card. (multi valued). Valid key
+# values are :
+#
+# * "name": Name of the PCI alias.
+# * "product_id": Product ID of the device in hexadecimal.
+# * "vendor_id": Vendor ID of the device in hexadecimal.
+# * "device_type": Type of PCI device. Valid values are: "type-PCI",
+# "type-PF" and "type-VF".
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_alias
+#alias =
+
+#
+# White list of PCI devices available to VMs.
+#
+# Possible values:
+#
+# * A JSON dictionary which describe a whitelisted PCI device. It should take
+# the following format:
+#
+# ["vendor_id": "<id>",] ["product_id": "<id>",]
+# ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
+# "devname": "<name>",]
+# {"<tag>": "<tag_value>",}
+#
+# Where '[' indicates zero or one occurrences, '{' indicates zero or multiple
+# occurrences, and '|' mutually exclusive options. Note that any missing
+# fields are automatically wildcarded.
+#
+# Valid key values are :
+#
+# * "vendor_id": Vendor ID of the device in hexadecimal.
+# * "product_id": Product ID of the device in hexadecimal.
+# * "address": PCI address of the device.
+# * "devname": Device name of the device (for e.g. interface name). Not all
+# PCI devices have a name.
+# * "<tag>": Additional <tag> and <tag_value> used for matching PCI devices.
+# Supported <tag>: "physical_network".
+#
+# The address key supports traditional glob style and regular expression
+# syntax. Valid examples are:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet"}
+# passthrough_whitelist = {"address":"*:0a:00.*"}
+# passthrough_whitelist = {"address":":0a:00.",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071",
+# "address": "0000:0a:00.1",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot": "01",
+# "function": "[2-7]"},
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot": "0[1-2]",
+# "function": ".*"},
+# "physical_network":"physnet1"}
+#
+# The following are invalid, as they specify mutually exclusive options:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet",
+# "address":"*:0a:00.*"}
+#
+# * A JSON list of JSON dictionaries corresponding to the above format. For
+# example:
+#
+# passthrough_whitelist = [{"product_id":"0001", "vendor_id":"8086"},
+# {"product_id":"0002", "vendor_id":"8086"}]
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
+#passthrough_whitelist =
+
+
+[placement]
+
+#
+# From nova.conf
+#
+
+#
+# Region name of this node. This is used when picking the URL in the service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+os_region_name = {{ controller.identity.region }}
+auth_type = password
+user_domain_id = {{ controller.identity.get('domain', 'default') }}
+project_domain_id = {{ controller.identity.get('domain', 'default') }}
+project_name = {{ controller.identity.tenant }}
+username = {{ controller.identity.user }}
+password = {{ controller.identity.password }}
+auth_url=http://{{ controller.identity.host }}:35357/v3
+
+#
+# Endpoint interface for this node. This is used when picking the URL in the
+# service catalog.
+# (string value)
+#os_interface=<None>
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [placement]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [placement]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[quota]
+#
+# Quota options allow to manage quotas in openstack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# The number of instances allowed per project.
+#
+# Possible Values
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_instances
+#instances=10
+
+#
+# The number of instance cores or vCPUs allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_cores
+#cores=20
+
+#
+# The number of megabytes of instance RAM allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_ram
+#ram=51200
+
+# DEPRECATED:
+# The number of floating IPs allowed per project.
+#
+# Floating IPs are not allocated to instances by default. Users need to select
+# them from the pool configured by the OpenStack administrator to attach to
+# their
+# instances.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_floating_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#floating_ips=10
+
+# DEPRECATED:
+# The number of fixed IPs allowed per project.
+#
+# Unlike floating IPs, fixed IPs are allocated dynamically by the network
+# component when instances boot up. This quota value should be at least the
+# number of instances allowed
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_fixed_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#fixed_ips=-1
+
+#
+# The number of metadata items allowed per instance.
+#
+# Users can associate metadata with an instance during instance creation. This
+# metadata takes the form of key-value pairs.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_metadata_items
+#metadata_items=128
+
+#
+# The number of injected files allowed.
+#
+# File injection allows users to customize the personality of an instance by
+# injecting data into it upon boot. Only text file injection is permitted:
+# binary
+# or ZIP files are not accepted. During file injection, any existing files that
+# match specified files are renamed to include ``.bak`` extension appended with
+# a
+# timestamp.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_files
+#injected_files=5
+
+#
+# The number of bytes allowed per injected file.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_content_bytes
+#injected_file_content_bytes=10240
+
+#
+# The maximum allowed injected file path length.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_path_length
+#injected_file_path_length=255
+
+# DEPRECATED:
+# The number of security groups per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_groups
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#security_groups=10
+
+# DEPRECATED:
+# The number of security rules per security group.
+#
+# The associated rules in each security group control the traffic to instances
+# in
+# the group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_group_rules
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration options.
+#security_group_rules=20
+
+#
+# The maximum number of key pairs allowed per user.
+#
+# Users can create at least one key pair for each project and use the key pair
+# for multiple instances that belong to that project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_key_pairs
+#key_pairs=100
+
+#
+# The maxiumum number of server groups per project.
+#
+# Server groups are used to control the affinity and anti-affinity scheduling
+# policy for a group of servers or instances. Reducing the quota will not affect
+# any existing group, but new servers will not be allowed into groups that have
+# become over quota.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_groups
+#server_groups=10
+
+#
+# The maximum number of servers per server group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_group_members
+#server_group_members=10
+
+#
+# The number of seconds until a reservation expires.
+#
+# This quota represents the time period for invalidating quota reservations.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/reservation_expire
+#reservation_expire=86400
+reservation_expire=86400
+
+#
+# The count of reservations until usage is refreshed.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of sync usage
+# issues.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/until_refresh
+#until_refresh=0
+until_refresh=0
+
+#
+# The number of seconds between subsequent usage refreshes.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of sync usage
+# issues. Note that quotas are not updated on a periodic task, they will update
+# on a new reservation if max_age has passed since the last reservation.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/max_age
+#max_age=0
+
+# DEPRECATED:
+# The quota enforcer driver.
+#
+# Provides abstraction for quota checks. Users can configure a specific
+# driver to use for quota checks.
+#
+# Possible values:
+#
+# * nova.quota.DbQuotaDriver (default) or any string representing fully
+# qualified class name.
+# (string value)
+# Deprecated group/name - [DEFAULT]/quota_driver
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+#driver=nova.quota.DbQuotaDriver
+
+
+[rdp]
+#
+# Options under this group enable and configure Remote Desktop Protocol (
+# RDP) related features.
+#
+# This group is only relevant to Hyper-V users.
+
+#
+# From nova.conf
+#
+
+#
+# Enable Remote Desktop Protocol (RDP) related features.
+#
+# Hyper-V, unlike the majority of the hypervisors employed on Nova compute
+# nodes, uses RDP instead of VNC and SPICE as a desktop sharing protocol to
+# provide instance console access. This option enables RDP for graphical
+# console access for virtual machines created by Hyper-V.
+#
+# **Note:** RDP should only be enabled on compute nodes that support the Hyper-V
+# virtualization platform.
+#
+# Related options:
+#
+# * ``compute_driver``: Must be hyperv.
+#
+# (boolean value)
+#enabled=false
+
+#
+# The URL an end user would use to connect to the RDP HTML5 console proxy.
+# The console proxy service is called with this token-embedded URL and
+# establishes the connection to the proper instance.
+#
+# An RDP HTML5 console proxy service will need to be configured to listen on the
+# address configured here. Typically the console proxy service would be run on a
+# controller node. The localhost address used as default would only work in a
+# single node environment i.e. devstack.
+#
+# An RDP HTML5 proxy allows a user to access via the web the text or graphical
+# console of any Windows server or workstation using RDP. RDP HTML5 console
+# proxy services include FreeRDP, wsgate.
+# See https://github.com/FreeRDP/FreeRDP-WebConnect
+#
+# Possible values:
+#
+# * <scheme>://<ip-address>:<port-number>/
+#
+# The scheme must be identical to the scheme configured for the RDP HTML5
+# console proxy service.
+#
+# The IP address must be identical to the address on which the RDP HTML5
+# console proxy service is listening.
+#
+# The port must be identical to the port on which the RDP HTML5 console proxy
+# service is listening.
+#
+# Related options:
+#
+# * ``rdp.enabled``: Must be set to ``True`` for ``html5_proxy_base_url`` to be
+# effective.
+# (string value)
+#html5_proxy_base_url=http://127.0.0.1:6083/
+
+
+[remote_debug]
+
+#
+# From nova.conf
+#
+
+#
+# Debug host (IP or name) to connect to. This command line parameter is used
+# when
+# you want to connect to a nova service via a debugger running on a different
+# host.
+#
+# Note that using the remote debug option changes how Nova uses the eventlet
+# library to support async IO. This could result in failures that do not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * IP address of a remote host as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# (string value)
+#host=<None>
+
+#
+# Debug port to connect to. This command line parameter allows you to specify
+# the port you want to use to connect to a nova service via a debugger running
+# on different host.
+#
+# Note that using the remote debug option changes how Nova uses the eventlet
+# library to support async IO. This could result in failures that do not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * Port number you want to use as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# --remote_debug-port <port> it's listening on>.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#port=<None>
+
+
+[scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# The scheduler host manager to use.
+#
+# The host manager manages the in-memory picture of the hosts that the scheduler
+# uses. The options values are chosen from the entry points under the namespace
+# 'nova.scheduler.host_manager' in 'setup.cfg'.
+# (string value)
+# Allowed values: host_manager, ironic_host_manager
+# Deprecated group/name - [DEFAULT]/scheduler_host_manager
+#host_manager=host_manager
+host_manager=host_manager
+
+#
+# The class of the driver used by the scheduler.
+#
+# The options are chosen from the entry points under the namespace
+# 'nova.scheduler.driver' in 'setup.cfg'.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to the class name of a scheduler
+# driver. There are a number of options available:
+# ** 'caching_scheduler', which aggressively caches the system state for better
+# individual scheduler performance at the risk of more retries when running
+# multiple schedulers
+# ** 'chance_scheduler', which simply picks a host at random
+# ** 'fake_scheduler', which is used for testing
+# ** A custom scheduler driver. In this case, you will be responsible for
+# creating and maintaining the entry point in your 'setup.cfg' file
+# (string value)
+# Allowed values: filter_scheduler, caching_scheduler, chance_scheduler, fake_scheduler
+# Deprecated group/name - [DEFAULT]/scheduler_driver
+#driver=filter_scheduler
+driver=filter_scheduler
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) to run periodic tasks in the
+# scheduler. The specific tasks that are run for each period are determined by
+# the particular scheduler being used.
+#
+# If this is larger than the nova-service 'service_down_time' setting, Nova may
+# report the scheduler service as down. This is because the scheduler driver is
+# responsible for sending a heartbeat and it will only do that as often as this
+# option allows. As each scheduler can work a little differently than the
+# others,
+# be sure to test this with your selected scheduler.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to periodic task interval in
+# seconds. 0 uses the default interval (60 seconds). A negative value disables
+# periodic tasks.
+#
+# Related options:
+#
+# * ``nova-service service_down_time``
+# (integer value)
+# Deprecated group/name - [DEFAULT]/scheduler_driver_task_period
+#periodic_task_interval=60
+
+#
+# Maximum number of schedule attempts for a chosen host.
+#
+# This is the maximum number of attempts that will be made to schedule an
+# instance before it is assumed that the failures aren't due to normal
+# occasional
+# race conflicts, but rather some other problem. When this is reached a
+# MaxRetriesExceeded exception is raised, and the instance is set to an error
+# state.
+#
+# Possible values:
+#
+# * A positive integer, where the integer corresponds to the max number of
+# attempts that can be made when scheduling an instance.
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_max_attempts
+#max_attempts=3
+max_attempts=3
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) the scheduler should attempt
+# to discover new hosts that have been added to cells. If negative (the
+# default), no automatic discovery will occur.
+#
+# Small deployments may want this periodic task enabled, as surveying the
+# cells for new hosts is likely to be lightweight enough to not cause undue
+# burdon to the scheduler. However, larger clouds (and those that are not
+# adding hosts regularly) will likely want to disable this automatic
+# behavior and instead use the `nova-manage cell_v2 discover_hosts` command
+# when hosts have been added to a cell.
+# (integer value)
+# Minimum value: -1
+#discover_hosts_in_cells_interval=-1
+discover_hosts_in_cells_interval=300
+
+
+[serial_console]
+#
+# The serial console feature allows you to connect to a guest in case a
+# graphical console like VNC, RDP or SPICE is not available. This is only
+# currently supported for the libvirt, Ironic and hyper-v drivers.
+
+#
+# From nova.conf
+#
+
+#
+# Enable the serial console feature.
+#
+# In order to use this feature, the service ``nova-serialproxy`` needs to run.
+# This service is typically executed on the controller node.
+# (boolean value)
+#enabled=false
+
+#
+# A range of TCP ports a guest can use for its backend.
+#
+# Each instance which gets created will use one port out of this range. If the
+# range is not big enough to provide another port for an new instance, this
+# instance won't get launched.
+#
+# Possible values:
+#
+# * Each string which passes the regex ``\d+:\d+`` For example ``10000:20000``.
+# Be sure that the first port number is lower than the second port number
+# and that both are in range from 0 to 65535.
+# (string value)
+#port_range=10000:20000
+
+#
+# The URL an end user would use to connect to the ``nova-serialproxy`` service.
+#
+# The ``nova-serialproxy`` service is called with this token enriched URL
+# and establishes the connection to the proper instance.
+#
+# Related options:
+#
+# * The IP address must be identical to the address to which the
+# ``nova-serialproxy`` service is listening (see option ``serialproxy_host``
+# in this section).
+# * The port must be the same as in the option ``serialproxy_port`` of this
+# section.
+# * If you choose to use a secured websocket connection, then start this option
+# with ``wss://`` instead of the unsecured ``ws://``. The options ``cert``
+# and ``key`` in the ``[DEFAULT]`` section have to be set for that.
+# (uri value)
+#base_url=ws://127.0.0.1:6083/
+
+#
+# The IP address to which proxy clients (like ``nova-serialproxy``) should
+# connect to get the serial console of an instance.
+#
+# This is typically the IP address of the host of a ``nova-compute`` service.
+# (string value)
+#proxyclient_address=127.0.0.1
+
+#
+# The IP address which is used by the ``nova-serialproxy`` service to listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this IP address for incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same IP address which is defined in the option
+# ``base_url`` of this section or use ``0.0.0.0`` to listen on all addresses.
+# (string value)
+#serialproxy_host=0.0.0.0
+
+#
+# The port number which is used by the ``nova-serialproxy`` service to listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this port number for incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same port number which is defined in the option
+# ``base_url`` of this section.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#serialproxy_port=6083
+
+
+[service_user]
+#
+# Configuration options for service to service authentication using a service
+# token. These options allow to send a service token along with the
+# user's token when contacting external REST APIs.
+
+#
+# From nova.conf
+#
+
+#
+# When True, if sending a user token to an REST API, also send a service token.
+#
+# Nova often reuses the user token provided to the nova-api to talk to other
+# REST APIs, such as Cinder and Neutron. It is possible that while the
+# user token was valid when the request was made to Nova, the token may expire
+# before it reaches the other service. To avoid any failures, and to
+# make it clear it is Nova calling the service on the users behalf, we include
+# a server token along with the user token. Should the user's token have
+# expired, a valid service token ensures the REST API request will still be
+# accepted by the keystone middleware.
+#
+# This feature is currently experimental, and as such is turned off by default
+# while full testing and performance tuning of this feature is completed.
+# (boolean value)
+#send_service_user_token=false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [service_user]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [service_user]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[spice]
+#
+# SPICE console feature allows you to connect to a guest virtual machine.
+# SPICE is a replacement for fairly limited VNC protocol.
+#
+# Following requirements must be met in order to use SPICE:
+#
+# * Virtualization driver must be libvirt
+# * spice.enabled set to True
+# * vnc.enabled set to False
+# * update html5proxy_base_url
+# * update server_proxyclient_address
+enabled = false
+html5proxy_base_url = {{ controller.vncproxy_url }}/spice_auto.html
+#
+# From nova.conf
+#
+
+#
+# Enable SPICE related features.
+#
+# Related options:
+#
+# * VNC must be explicitly disabled to get access to the SPICE console. Set the
+# enabled option to False in the [vnc] section to disable the VNC console.
+# (boolean value)
+#enabled=false
+
+#
+# Enable the SPICE guest agent support on the instances.
+#
+# The Spice agent works with the Spice protocol to offer a better guest console
+# experience. However, the Spice console can still be used without the Spice
+# Agent. With the Spice agent installed the following features are enabled:
+#
+# * Copy & Paste of text and images between the guest and client machine
+# * Automatic adjustment of resolution when the client screen changes - e.g.
+# if you make the Spice console full screen the guest resolution will adjust
+# to
+# match it rather than letterboxing.
+# * Better mouse integration - The mouse can be captured and released without
+# needing to click inside the console or press keys to release it. The
+# performance of mouse movement is also improved.
+# (boolean value)
+#agent_enabled=true
+
+#
+# Location of the SPICE HTML5 console proxy.
+#
+# End user would use this URL to connect to the `nova-spicehtml5proxy``
+# service. This service will forward request to the console of an instance.
+#
+# In order to use SPICE console, the service ``nova-spicehtml5proxy`` should be
+# running. This service is typically launched on the controller node.
+#
+# Possible values:
+#
+# * Must be a valid URL of the form: ``http://host:port/spice_auto.html``
+# where host is the node running ``nova-spicehtml5proxy`` and the port is
+# typically 6082. Consider not using default value as it is not well defined
+# for any real deployment.
+#
+# Related options:
+#
+# * This option depends on ``html5proxy_host`` and ``html5proxy_port`` options.
+# The access URL returned by the compute node must have the host
+# and port where the ``nova-spicehtml5proxy`` service is listening.
+# (uri value)
+#html5proxy_base_url=http://127.0.0.1:6082/spice_auto.html
+
+#
+# The address where the SPICE server running on the instances should listen.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the controller
+# node and connects over the private network to this address on the compute
+# node(s).
+#
+# Possible values:
+#
+# * IP address to listen on.
+# (string value)
+#server_listen=127.0.0.1
+
+#
+# The address used by ``nova-spicehtml5proxy`` client to connect to instance
+# console.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the
+# controller node and connects over the private network to this address on the
+# compute node(s).
+#
+# Possible values:
+#
+# * Any valid IP address on the compute node.
+#
+# Related options:
+#
+# * This option depends on the ``server_listen`` option.
+# The proxy client must be able to access the address specified in
+# ``server_listen`` using the value of this option.
+# (string value)
+#server_proxyclient_address=127.0.0.1
+
+#
+# A keyboard layout which is supported by the underlying hypervisor on this
+# node.
+#
+# Possible values:
+# * This is usually an 'IETF language tag' (default is 'en-us'). If you
+# use QEMU as hypervisor, you should find the list of supported keyboard
+# layouts at /usr/share/qemu/keymaps.
+# (string value)
+#keymap=en-us
+
+#
+# IP address or a hostname on which the ``nova-spicehtml5proxy`` service
+# listens for incoming requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a host that is
+# accessible from the HTML5 client.
+# (string value)
+#html5proxy_host=0.0.0.0
+
+#
+# Port on which the ``nova-spicehtml5proxy`` service listens for incoming
+# requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a port that is
+# accessible from the HTML5 client.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#html5proxy_port=6082
+
+
+[ssl]
+
+#
+# From nova.conf
+#
+
+# CA certificate file to use to verify connecting clients. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
+#ca_file=<None>
+
+# Certificate file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#cert_file=<None>
+
+# Private key file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#key_file=<None>
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+#version=<None>
+
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
+#ciphers=<None>
+
+
+[trusted_computing]
+#
+# Configuration options for enabling Trusted Platform Module.
+
+#
+# From nova.conf
+#
+
+#
+# The host to use as the attestation server.
+#
+# Cloud computing pools can involve thousands of compute nodes located at
+# different geographical locations, making it difficult for cloud providers to
+# identify a node's trustworthiness. When using the Trusted filter, users can
+# request that their VMs only be placed on nodes that have been verified by the
+# attestation server specified in this option.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A string representing the host name or IP address of the attestation server,
+# or an empty string.
+#
+# Related options:
+#
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_server=<None>
+
+#
+# The absolute path to the certificate to use for authentication when connecting
+# to the attestation server. See the `attestation_server` help text for more
+# information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A string representing the path to the authentication certificate for the
+# attestation server, or an empty string.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_server_ca_file=<None>
+
+#
+# The port to use when connecting to the attestation server. See the
+# `attestation_server` help text for more information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#attestation_port=8443
+
+#
+# The URL on the attestation server to use. See the `attestation_server` help
+# text for more information about host verification.
+#
+# This value must be just that path portion of the full URL, as it will be
+# joined
+# to the host specified in the attestation_server option.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A valid URL string of the attestation server, or an empty string.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_api_url=/OpenAttestationWebServices/V1.0
+
+#
+# Attestation servers require a specific blob that is used to authenticate. The
+# content and format of the blob are determined by the particular attestation
+# server being used. There is no default value; you must supply the value as
+# specified by your attestation service. See the `attestation_server` help text
+# for more information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A string containing the specific blob required by the attestation server, or
+# an empty string.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_timeout
+# * attestation_insecure_ssl
+# (string value)
+#attestation_auth_blob=<None>
+
+#
+# This value controls how long a successful attestation is cached. Once this
+# period has elapsed, a new attestation request will be made. See the
+# `attestation_server` help text for more information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Possible values:
+#
+# * A integer value, corresponding to the timeout interval for attestations in
+# seconds. Any integer is valid, although setting this to zero or negative
+# values can greatly impact performance when using an attestation service.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_insecure_ssl
+# (integer value)
+#attestation_auth_timeout=60
+
+#
+# When set to True, the SSL certificate verification is skipped for the
+# attestation service. See the `attestation_server` help text for more
+# information about host verification.
+#
+# This option is only used by the FilterScheduler and its subclasses; if you use
+# a different scheduler, this option has no effect. Also note that this setting
+# only affects scheduling if the 'TrustedFilter' filter is enabled.
+#
+# Related options:
+#
+# * attestation_server
+# * attestation_server_ca_file
+# * attestation_port
+# * attestation_api_url
+# * attestation_auth_blob
+# * attestation_auth_timeout
+# (boolean value)
+#attestation_insecure_ssl=false
+
+
+[upgrade_levels]
+#
+# upgrade_levels options are used to set version cap for RPC
+# messages sent between different nova services.
+#
+# By default all services send messages using the latest version
+# they know about.
+#
+# The compute upgrade level is an important part of rolling upgrades
+# where old and new nova-compute services run side by side.
+#
+# The other options can largely be ignored, and are only kept to
+# help with a possible future backport issue.
+
+#
+# From nova.conf
+#
+
+#
+# Compute RPC API version cap.
+#
+# By default, we always send messages using the most recent version
+# the client knows about.
+#
+# Where you have old and new compute services running, you should set
+# this to the lowest deployed version. This is to guarantee that all
+# services never send messages that one of the compute nodes can't
+# understand. Note that we only support upgrading from release N to
+# release N+1.
+#
+# Set this option to "auto" if you want to let the compute RPC module
+# automatically determine what version to use based on the service
+# versions in the deployment.
+#
+# Possible values:
+#
+# * By default send the latest version the client knows about
+# * 'auto': Automatically determines what version to use based on
+# the service versions in the deployment.
+# * A string representing a version number in the format 'N.N';
+# for example, possible values might be '1.12' or '2.0'.
+# * An OpenStack release name, in lower case, such as 'mitaka' or
+# 'liberty'.
+# (string value)
+#compute=<None>
+
+# Cells RPC API version cap (string value)
+#cells=<None>
+
+# Intercell RPC API version cap (string value)
+#intercell=<None>
+
+# Cert RPC API version cap (string value)
+#cert=<None>
+
+# Scheduler RPC API version cap (string value)
+#scheduler=<None>
+
+# Conductor RPC API version cap (string value)
+#conductor=<None>
+
+# Console RPC API version cap (string value)
+#console=<None>
+
+# Consoleauth RPC API version cap (string value)
+#consoleauth=<None>
+
+# Network RPC API version cap (string value)
+#network=<None>
+
+# Base API RPC API version cap (string value)
+#baseapi=<None>
+
+
+[vendordata_dynamic_auth]
+#
+# Options within this group control the authentication of the vendordata
+# subsystem of the metadata API server (and config drive) with external systems.
+
+#
+# From nova.conf
+#
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile=<None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile=<None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile=<None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure=false
+
+# Timeout value for http requests (integer value)
+#timeout=<None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/auth_plugin
+#auth_type=<None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section=<None>
+
+# Authentication URL (string value)
+#auth_url=<None>
+
+# Domain ID to scope to (string value)
+#domain_id=<None>
+
+# Domain name to scope to (string value)
+#domain_name=<None>
+
+# Project ID to scope to (string value)
+#project_id=<None>
+
+# Project name to scope to (string value)
+#project_name=<None>
+
+# Domain ID containing project (string value)
+#project_domain_id=<None>
+
+# Domain name containing project (string value)
+#project_domain_name=<None>
+
+# Trust ID (string value)
+#trust_id=<None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id=<None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name=<None>
+
+# User ID (string value)
+#user_id=<None>
+
+# Username (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/user-name
+#username=<None>
+
+# User's domain id (string value)
+#user_domain_id=<None>
+
+# User's domain name (string value)
+#user_domain_name=<None>
+
+# User's password (string value)
+#password=<None>
+
+# Tenant ID (string value)
+#tenant_id=<None>
+
+# Tenant Name (string value)
+#tenant_name=<None>
+
+
+[vmware]
+#
+# Related options:
+# Following options must be set in order to launch VMware-based
+# virtual machines.
+#
+# * compute_driver: Must use vmwareapi.VMwareVCDriver.
+# * vmware.host_username
+# * vmware.host_password
+# * vmware.cluster_name
+
+#
+# From nova.conf
+#
+
+#
+# This option specifies the physical ethernet adapter name for VLAN
+# networking.
+#
+# Set the vlan_interface configuration option to match the ESX host
+# interface that handles VLAN-tagged VM traffic.
+#
+# Possible values:
+#
+# * Any valid string representing VLAN interface name
+# (string value)
+#vlan_interface=vmnic0
+
+#
+# This option should be configured only when using the NSX-MH Neutron
+# plugin. This is the name of the integration bridge on the ESXi server
+# or host. This should not be set for any other Neutron plugin. Hence
+# the default value is not set.
+#
+# Possible values:
+#
+# * Any valid string representing the name of the integration bridge
+# (string value)
+#integration_bridge=<None>
+
+#
+# Set this value if affected by an increased network latency causing
+# repeated characters when typing in a remote console.
+# (integer value)
+# Minimum value: 0
+#console_delay_seconds=<None>
+
+#
+# Identifies the remote system where the serial port traffic will
+# be sent.
+#
+# This option adds a virtual serial port which sends console output to
+# a configurable service URI. At the service URI address there will be
+# virtual serial port concentrator that will collect console logs.
+# If this is not set, no serial ports will be added to the created VMs.
+#
+# Possible values:
+#
+# * Any valid URI
+# (string value)
+#serial_port_service_uri=<None>
+
+#
+# Identifies a proxy service that provides network access to the
+# serial_port_service_uri.
+#
+# Possible values:
+#
+# * Any valid URI
+#
+# Related options:
+# This option is ignored if serial_port_service_uri is not specified.
+# * serial_port_service_uri
+# (string value)
+#serial_port_proxy_uri=<None>
+
+#
+# Hostname or IP address for connection to VMware vCenter host. (string value)
+#host_ip=<None>
+
+# Port for connection to VMware vCenter host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#host_port=443
+
+# Username for connection to VMware vCenter host. (string value)
+#host_username=<None>
+
+# Password for connection to VMware vCenter host. (string value)
+#host_password=<None>
+
+#
+# Specifies the CA bundle file to be used in verifying the vCenter
+# server certificate.
+# (string value)
+#ca_file=<None>
+
+#
+# If true, the vCenter server certificate is not verified. If false,
+# then the default CA truststore is used for verification.
+#
+# Related options:
+# * ca_file: This option is ignored if "ca_file" is set.
+# (boolean value)
+#insecure=false
+
+# Name of a VMware Cluster ComputeResource. (string value)
+#cluster_name=<None>
+
+#
+# Regular expression pattern to match the name of datastore.
+#
+# The datastore_regex setting specifies the datastores to use with
+# Compute. For example, datastore_regex="nas.*" selects all the data
+# stores that have a name starting with "nas".
+#
+# NOTE: If no regex is given, it just picks the datastore with the
+# most freespace.
+#
+# Possible values:
+#
+# * Any matching regular expression to a datastore must be given
+# (string value)
+#datastore_regex=<None>
+
+#
+# Time interval in seconds to poll remote tasks invoked on
+# VMware VC server.
+# (floating point value)
+#task_poll_interval=0.5
+
+#
+# Number of times VMware vCenter server API must be retried on connection
+# failures, e.g. socket error, etc.
+# (integer value)
+# Minimum value: 0
+#api_retry_count=10
+
+#
+# This option specifies VNC starting port.
+#
+# Every VM created by ESX host has an option of enabling VNC client
+# for remote connection. Above option 'vnc_port' helps you to set
+# default starting port for the VNC client.
+#
+# Possible values:
+#
+# * Any valid port number within 5900 -(5900 + vnc_port_total)
+#
+# Related options:
+# Below options should be set to enable VNC client.
+# * vnc.enabled = True
+# * vnc_port_total
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vnc_port=5900
+
+#
+# Total number of VNC ports.
+# (integer value)
+# Minimum value: 0
+#vnc_port_total=10000
+
+#
+# This option enables/disables the use of linked clone.
+#
+# The ESX hypervisor requires a copy of the VMDK file in order to boot
+# up a virtual machine. The compute driver must download the VMDK via
+# HTTP from the OpenStack Image service to a datastore that is visible
+# to the hypervisor and cache it. Subsequent virtual machines that need
+# the VMDK use the cached version and don't have to copy the file again
+# from the OpenStack Image service.
+#
+# If set to false, even with a cached VMDK, there is still a copy
+# operation from the cache location to the hypervisor file directory
+# in the shared datastore. If set to true, the above copy operation
+# is avoided as it creates copy of the virtual machine that shares
+# virtual disks with its parent VM.
+# (boolean value)
+#use_linked_clone=true
+
+# DEPRECATED:
+# This option specifies VIM Service WSDL Location
+#
+# If vSphere API versions 5.1 and later is being used, this section can
+# be ignored. If version is less than 5.1, WSDL files must be hosted
+# locally and their location must be specified in the above section.
+#
+# Optional over-ride to default location for bug work-arounds.
+#
+# Possible values:
+#
+# * http://<server>/vimService.wsdl
+# * file:///opt/stack/vmware/SDK/wsdl/vim25/vimService.wsdl
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Only vCenter versions earlier than 5.1 require this option and the
+# current minimum version is 5.1.
+#wsdl_location=<None>
+
+#
+# This option enables or disables storage policy based placement
+# of instances.
+#
+# Related options:
+#
+# * pbm_default_policy
+# (boolean value)
+#pbm_enabled=false
+
+#
+# This option specifies the PBM service WSDL file location URL.
+#
+# Setting this will disable storage policy based placement
+# of instances.
+#
+# Possible values:
+#
+# * Any valid file path
+# e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
+# (string value)
+#pbm_wsdl_location=<None>
+
+#
+# This option specifies the default policy to be used.
+#
+# If pbm_enabled is set and there is no defined storage policy for the
+# specific request, then this policy will be used.
+#
+# Possible values:
+#
+# * Any valid storage policy such as VSAN default storage policy
+#
+# Related options:
+#
+# * pbm_enabled
+# (string value)
+#pbm_default_policy=<None>
+
+#
+# This option specifies the limit on the maximum number of objects to
+# return in a single result.
+#
+# A positive value will cause the operation to suspend the retrieval
+# when the count of objects reaches the specified limit. The server may
+# still limit the count to something less than the configured value.
+# Any remaining objects may be retrieved with additional requests.
+# (integer value)
+# Minimum value: 0
+#maximum_objects=100
+
+#
+# This option adds a prefix to the folder where cached images are stored
+#
+# This is not the full path - just a folder prefix. This should only be
+# used when a datastore cache is shared between compute nodes.
+#
+# Note: This should only be used when the compute nodes are running on same
+# host or they have a shared file system.
+#
+# Possible values:
+#
+# * Any string representing the cache prefix to the folder
+# (string value)
+#cache_prefix=<None>
+
+
+[vnc]
+#
+# Virtual Network Computer (VNC) can be used to provide remote desktop
+# console access to instances for tenants and/or administrators.
+
+#
+# From nova.conf
+#
+
+#
+# Enable VNC related features.
+#
+# Guests will get created with graphical devices to support this. Clients
+# (for example Horizon) can then establish a VNC connection to the guest.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/vnc_enabled
+#enabled=true
+enabled=true
+
+#
+# Keymap for VNC.
+#
+# The keyboard mapping (keymap) determines which keyboard layout a VNC
+# session should use by default.
+#
+# Possible values:
+#
+# * A keyboard layout which is supported by the underlying hypervisor on
+# this node. This is usually an 'IETF language tag' (for example
+# 'en-us'). If you use QEMU as hypervisor, you should find the list
+# of supported keyboard layouts at ``/usr/share/qemu/keymaps``.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vnc_keymap
+#keymap=en-us
+
+#
+# The IP address or hostname on which an instance should listen to for
+# incoming VNC connection requests on this node.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vncserver_listen
+#vncserver_listen=127.0.0.1
+
+#
+# Private, internal IP address or hostname of VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients.
+#
+# This option sets the private address to which proxy clients, such as
+# ``nova-xvpvncproxy``, should connect to.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vncserver_proxyclient_address
+#vncserver_proxyclient_address=127.0.0.1
+
+#
+# Public address of noVNC VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the public base URL to which client systems will
+# connect. noVNC clients can use this address to connect to the noVNC
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_port
+# (uri value)
+# Deprecated group/name - [DEFAULT]/novncproxy_base_url
+#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html
+enabled = true
+novncproxy_host = {{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
+novncproxy_base_url = {{ controller.vncproxy_url }}/vnc_auto.html
+novncproxy_port={{ controller.bind.get('vncproxy_port', '6080') }}
+{%- if pillar.nova.compute is defined %}
+vncserver_listen={{ controller.bind.private_address }}
+vncserver_proxyclient_address={{ controller.bind.private_address }}
+{%- else %}
+vncserver_listen={{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
+{%- endif %}
+keymap = {{ controller.get('vnc_keymap', 'en-us') }}
+
+#
+# IP address or hostname that the XVP VNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private address to which the XVP VNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_port
+# * xvpvncproxy_base_url
+# (string value)
+# Deprecated group/name - [DEFAULT]/xvpvncproxy_host
+#xvpvncproxy_host=0.0.0.0
+
+#
+# Port that the XVP VNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private port to which the XVP VNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/xvpvncproxy_port
+#xvpvncproxy_port=6081
+
+#
+# Public URL address of XVP VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the public base URL to which client systems will
+# connect. XVP clients can use this address to connect to the XVP
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_port
+# (uri value)
+# Deprecated group/name - [DEFAULT]/xvpvncproxy_base_url
+#xvpvncproxy_base_url=http://127.0.0.1:6081/console
+
+#
+# IP address that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private address to which the noVNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_port
+# * novncproxy_base_url
+# (string value)
+# Deprecated group/name - [DEFAULT]/novncproxy_host
+#novncproxy_host=0.0.0.0
+
+#
+# Port that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private port to which the noVNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/novncproxy_port
+#novncproxy_port=6080
+
+
+[workarounds]
+#
+# A collection of workarounds used to mitigate bugs or issues found in system
+# tools (e.g. Libvirt or QEMU) or Nova itself under certain conditions. These
+# should only be enabled in exceptional circumstances. All options are linked
+# against bug IDs, where more information on the issue can be found.
+
+#
+# From nova.conf
+#
+
+#
+# Use sudo instead of rootwrap.
+#
+# Allow fallback to sudo for performance reasons.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1415106
+#
+# Possible values:
+#
+# * True: Use sudo instead of rootwrap
+# * False: Use rootwrap as usual
+#
+# Interdependencies to other options:
+#
+# * Any options that affect 'rootwrap' will be ignored.
+# (boolean value)
+#disable_rootwrap=false
+
+#
+# Disable live snapshots when using the libvirt driver.
+#
+# Live snapshots allow the snapshot of the disk to happen without an
+# interruption to the guest, using coordination with a guest agent to
+# quiesce the filesystem.
+#
+# When using libvirt 1.2.2 live snapshots fail intermittently under load
+# (likely related to concurrent libvirt/qemu operations). This config
+# option provides a mechanism to disable live snapshot, in favor of cold
+# snapshot, while this is resolved. Cold snapshot causes an instance
+# outage while the guest is going through the snapshotting process.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1334398
+#
+# Possible values:
+#
+# * True: Live snapshot is disabled when using libvirt
+# * False: Live snapshots are always used when snapshotting (as long as
+# there is a new enough libvirt and the backend storage supports it)
+# (boolean value)
+#disable_libvirt_livesnapshot=true
+
+#
+# Enable handling of events emitted from compute drivers.
+#
+# Many compute drivers emit lifecycle events, which are events that occur when,
+# for example, an instance is starting or stopping. If the instance is going
+# through task state changes due to an API operation, like resize, the events
+# are ignored.
+#
+# This is an advanced feature which allows the hypervisor to signal to the
+# compute service that an unexpected state change has occurred in an instance
+# and that the instance can be shutdown automatically. Unfortunately, this can
+# race in some conditions, for example in reboot operations or when the compute
+# service or when host is rebooted (planned or due to an outage). If such races
+# are common, then it is advisable to disable this feature.
+#
+# Care should be taken when this feature is disabled and
+# 'sync_power_state_interval' is set to a negative value. In this case, any
+# instances that get out of sync between the hypervisor and the Nova database
+# will have to be synchronized manually.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/bugs/1444630
+#
+# Interdependencies to other options:
+#
+# * If ``sync_power_state_interval`` is negative and this feature is disabled,
+# then instances that get out of sync between the hypervisor and the Nova
+# database will have to be synchronized manually.
+# (boolean value)
+#handle_virt_lifecycle_events=true
+
+
+[wsgi]
+#
+# Options under this group are used to configure WSGI (Web Server Gateway
+# Interface). WSGI is used to serve API requests.
+
+#
+# From nova.conf
+#
+
+#
+# This option represents a file name for the paste.deploy config for nova-api.
+#
+# Possible values:
+#
+# * A string representing file name for the paste.deploy config.
+# (string value)
+# Deprecated group/name - [DEFAULT]/api_paste_config
+api_paste_config=/etc/nova/api-paste.ini
+
+#
+# It represents a python format string that is used as the template to generate
+# log lines. The following values can be formatted into it: client_ip,
+# date_time, request_line, status_code, body_length, wall_seconds.
+#
+# This option is used for building custom request loglines.
+#
+# Possible values:
+#
+# * '%(client_ip)s "%(request_line)s" status: %(status_code)s'
+# 'len: %(body_length)s time: %(wall_seconds).7f' (default)
+# * Any formatted string formed by specific values.
+# (string value)
+# Deprecated group/name - [DEFAULT]/wsgi_log_format
+#wsgi_log_format=%(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
+
+#
+# This option specifies the HTTP header used to determine the protocol scheme
+# for the original request, even if it was removed by a SSL terminating proxy.
+#
+# Possible values:
+#
+# * None (default) - the request scheme is not influenced by any HTTP headers.
+# * Valid HTTP header, like HTTP_X_FORWARDED_PROTO
+# (string value)
+# Deprecated group/name - [DEFAULT]/secure_proxy_ssl_header
+#secure_proxy_ssl_header=<None>
+
+#
+# This option allows setting path to the CA certificate file that should be used
+# to verify connecting clients.
+#
+# Possible values:
+#
+# * String representing path to the CA certificate file.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
+#ssl_ca_file=<None>
+
+#
+# This option allows setting path to the SSL certificate of API server.
+#
+# Possible values:
+#
+# * String representing path to the SSL certificate.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#ssl_cert_file=<None>
+
+#
+# This option specifies the path to the file where SSL private key of API
+# server is stored when SSL is in effect.
+#
+# Possible values:
+#
+# * String representing path to the SSL private key.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#ssl_key_file=<None>
+
+#
+# This option sets the value of TCP_KEEPIDLE in seconds for each server socket.
+# It specifies the duration of time to keep connection active. TCP generates a
+# KEEPALIVE transmission for an application that requests to keep connection
+# active. Not supported on OS X.
+#
+# Related options:
+#
+# * keep_alive
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/tcp_keepidle
+#tcp_keepidle=600
+
+#
+# This option specifies the size of the pool of greenthreads used by wsgi.
+# It is possible to limit the number of concurrent connections using this
+# option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/wsgi_default_pool_size
+#default_pool_size=1000
+
+#
+# This option specifies the maximum line size of message headers to be accepted.
+# max_header_line may need to be increased when using large tokens (typically
+# those generated by the Keystone v3 API with big service catalogs).
+#
+# Since TCP is a stream based protocol, in order to reuse a connection, the HTTP
+# has to have a way to indicate the end of the previous response and beginning
+# of the next. Hence, in a keep_alive case, all messages must have a
+# self-defined message length.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/max_header_line
+#max_header_line=16384
+
+#
+# This option allows using the same TCP connection to send and receive multiple
+# HTTP requests/responses, as opposed to opening a new one for every single
+# request/response pair. HTTP keep-alive indicates HTTP connection reuse.
+#
+# Possible values:
+#
+# * True : reuse HTTP connection.
+# * False : closes the client socket connection explicitly.
+#
+# Related options:
+#
+# * tcp_keepidle
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/wsgi_keep_alive
+#keep_alive=true
+
+#
+# This option specifies the timeout for client connections' socket operations.
+# If an incoming connection is idle for this number of seconds it will be
+# closed. It indicates timeout on individual read/writes on the socket
+# connection. To wait forever set to 0.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/client_socket_timeout
+#client_socket_timeout=900
+
+
+[xenserver]
+#
+# XenServer options are used when the compute_driver is set to use
+# XenServer (compute_driver=xenapi.XenAPIDriver).
+#
+# Must specify connection_url, connection_password and ovs_integration_bridge to
+# use compute_driver=xenapi.XenAPIDriver.
+
+#
+# From nova.conf
+#
+
+#
+# Number of seconds to wait for agent's reply to a request.
+#
+# Nova configures/performs certain administrative actions on a server with the
+# help of an agent that's installed on the server. The communication between
+# Nova and the agent is achieved via sharing messages, called records, over
+# xenstore, a shared storage across all the domains on a Xenserver host.
+# Operations performed by the agent on behalf of nova are: 'version','
+# key_init',
+# 'password','resetnetwork','inject_file', and 'agentupdate'.
+#
+# To perform one of the above operations, the xapi 'agent' plugin writes the
+# command and its associated parameters to a certain location known to the
+# domain
+# and awaits response. On being notified of the message, the agent performs
+# appropriate actions on the server and writes the result back to xenstore. This
+# result is then read by the xapi 'agent' plugin to determine the
+# success/failure
+# of the operation.
+#
+# This config option determines how long the xapi 'agent' plugin shall wait to
+# read the response off of xenstore for a given request/command. If the agent on
+# the instance fails to write the result in this time period, the operation is
+# considered to have timed out.
+#
+# Related options:
+#
+# * ``agent_version_timeout``
+# * ``agent_resetnetwork_timeout``
+#
+# (integer value)
+# Minimum value: 0
+#agent_timeout=30
+
+#
+# Number of seconds to wait for agent't reply to version request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the agent to
+# respond to the 'version' request specifically. The generic timeout for agent
+# communication ``agent_timeout`` is ignored in this case.
+#
+# During the build process the 'version' request is used to determine if the
+# agent is available/operational to perform other requests such as
+# 'resetnetwork', 'password', 'key_init' and 'inject_file'. If the 'version'
+# call
+# fails, the other configuration is skipped. So, this configuration option can
+# also be interpreted as time in which agent is expected to be fully
+# operational.
+# (integer value)
+# Minimum value: 0
+#agent_version_timeout=300
+
+#
+# Number of seconds to wait for agent's reply to resetnetwork
+# request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the agent to
+# respond to the 'resetnetwork' request specifically. The generic timeout for
+# agent communication ``agent_timeout`` is ignored in this case.
+# (integer value)
+# Minimum value: 0
+#agent_resetnetwork_timeout=60
+
+#
+# Path to locate guest agent on the server.
+#
+# Specifies the path in which the XenAPI guest agent should be located. If the
+# agent is present, network configuration is not injected into the image.
+#
+# Related options:
+#
+# For this option to have an effect:
+# * ``flat_injected`` should be set to ``True``
+# * ``compute_driver`` should be set to ``xenapi.XenAPIDriver``
+#
+# (string value)
+#agent_path=usr/sbin/xe-update-networking
+
+#
+# Disables the use of XenAPI agent.
+#
+# This configuration option suggests whether the use of agent should be enabled
+# or not regardless of what image properties are present. Image properties have
+# an effect only when this is set to ``True``. Read description of config option
+# ``use_agent_default`` for more information.
+#
+# Related options:
+#
+# * ``use_agent_default``
+#
+# (boolean value)
+#disable_agent=false
+
+#
+# Whether or not to use the agent by default when its usage is enabled but not
+# indicated by the image.
+#
+# The use of XenAPI agent can be disabled altogether using the configuration
+# option ``disable_agent``. However, if it is not disabled, the use of an agent
+# can still be controlled by the image in use through one of its properties,
+# ``xenapi_use_agent``. If this property is either not present or specified
+# incorrectly on the image, the use of agent is determined by this configuration
+# option.
+#
+# Note that if this configuration is set to ``True`` when the agent is not
+# present, the boot times will increase significantly.
+#
+# Related options:
+#
+# * ``disable_agent``
+#
+# (boolean value)
+#use_agent_default=false
+
+# Timeout in seconds for XenAPI login. (integer value)
+# Minimum value: 0
+#login_timeout=10
+
+#
+# Maximum number of concurrent XenAPI connections.
+#
+# In nova, multiple XenAPI requests can happen at a time.
+# Configuring this option will parallelize access to the XenAPI
+# session, which allows you to make concurrent XenAPI connections.
+# (integer value)
+# Minimum value: 1
+#connection_concurrent=5
+
+# DEPRECATED:
+# Base URL for torrent files; must contain a slash character (see RFC 1808,
+# step 6).
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_base_url=<None>
+
+# DEPRECATED: Probability that peer will become a seeder (1.0 = 100%) (floating
+# point value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_seed_chance=1.0
+
+# DEPRECATED:
+# Number of seconds after downloading an image via BitTorrent that it should
+# be seeded for other peers.'
+# (integer value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_seed_duration=3600
+
+# DEPRECATED:
+# Cached torrent files not accessed within this number of seconds can be reaped.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_max_last_accessed=86400
+
+# DEPRECATED: Beginning of port range to listen on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_listen_port_start=6881
+
+# DEPRECATED: End of port range to listen on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_listen_port_end=6891
+
+# DEPRECATED:
+# Number of seconds a download can remain at the same progress percentage w/o
+# being considered a stall.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_download_stall_cutoff=600
+
+# DEPRECATED:
+# Maximum number of seeder processes to run concurrently within a given dom0
+# (-1 = no limit).
+# (integer value)
+# Minimum value: -1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# The torrent feature has not been tested nor maintained, and as such is being
+# removed.
+#torrent_max_seeder_processes_per_host=1
+
+#
+# Cache glance images locally.
+#
+# The value for this option must be chosen from the choices listed
+# here. Configuring a value other than these will default to 'all'.
+#
+# Note: There is nothing that deletes these images.
+#
+# Possible values:
+#
+# * `all`: will cache all images.
+# * `some`: will only cache images that have the
+# image_property `cache_in_nova=True`.
+# * `none`: turns off caching entirely.
+# (string value)
+# Allowed values: all, some, none
+#cache_images=all
+
+#
+# Compression level for images.
+#
+# By setting this option we can configure the gzip compression level.
+# This option sets GZIP environment variable before spawning tar -cz
+# to force the compression level. It defaults to none, which means the
+# GZIP environment variable is not set and the default (usually -6)
+# is used.
+#
+# Possible values:
+#
+# * Range is 1-9, e.g., 9 for gzip -9, 9 being most
+# compressed but most CPU intensive on dom0.
+# * Any values out of this range will default to None.
+# (integer value)
+# Minimum value: 1
+# Maximum value: 9
+#image_compression_level=<None>
+
+# Default OS type used when uploading an image to glance (string value)
+#default_os_type=linux
+
+# Time in secs to wait for a block device to be created (integer value)
+# Minimum value: 1
+#block_device_creation_timeout=10
+
+#
+# Maximum size in bytes of kernel or ramdisk images.
+#
+# Specifying the maximum size of kernel or ramdisk will avoid copying
+# large files to dom0 and fill up /boot/guest.
+# (integer value)
+#max_kernel_ramdisk_size=16777216
+
+#
+# Filter for finding the SR to be used to install guest instances on.
+#
+# Possible values:
+#
+# * To use the Local Storage in default XenServer/XCP installations
+# set this flag to other-config:i18n-key=local-storage.
+# * To select an SR with a different matching criteria, you could
+# set it to other-config:my_favorite_sr=true.
+# * To fall back on the Default SR, as displayed by XenCenter,
+# set this flag to: default-sr:true.
+# (string value)
+#sr_matching_filter=default-sr:true
+
+#
+# Whether to use sparse_copy for copying data on a resize down.
+# (False will use standard dd). This speeds up resizes down
+# considerably since large runs of zeros won't have to be rsynced.
+# (boolean value)
+#sparse_copy=true
+
+#
+# Maximum number of retries to unplug VBD.
+# If set to 0, should try once, no retries.
+# (integer value)
+# Minimum value: 0
+#num_vbd_unplug_retries=10
+
+#
+# Whether or not to download images via Bit Torrent.
+#
+# The value for this option must be chosen from the choices listed
+# here. Configuring a value other than these will default to 'none'.
+#
+# Possible values:
+#
+# * `all`: will download all images.
+# * `some`: will only download images that have the image_property
+# `bittorrent=true`.
+# * `none`: will turnoff downloading images via Bit Torrent.
+# (string value)
+# Allowed values: all, some, none
+#torrent_images=none
+
+#
+# Name of network to use for booting iPXE ISOs.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_boot_menu_url`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_network_name=<None>
+
+#
+# URL to the iPXE boot menu.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_boot_menu_url=<None>
+
+#
+# Name and optionally path of the tool used for ISO image creation.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# Note: By default `mkisofs` is not present in the Dom0, so the
+# package can either be manually added to Dom0 or include the
+# `mkisofs` binary in the image itself.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_boot_menu_url`
+# (string value)
+#ipxe_mkisofs_cmd=mkisofs
+
+#
+# URL for connection to XenServer/Xen Cloud Platform. A special value
+# of unix://local can be used to connect to the local unix socket.
+#
+# Possible values:
+#
+# * Any string that represents a URL. The connection_url is
+# generally the management network IP address of the XenServer.
+# * This option must be set if you chose the XenServer driver.
+# (string value)
+#connection_url=<None>
+
+# Username for connection to XenServer/Xen Cloud Platform (string value)
+#connection_username=root
+
+# Password for connection to XenServer/Xen Cloud Platform (string value)
+#connection_password=<None>
+
+#
+# The interval used for polling of coalescing vhds.
+#
+# This is the interval after which the task of coalesce VHD is
+# performed, until it reaches the max attempts that is set by
+# vhd_coalesce_max_attempts.
+#
+# Related options:
+#
+# * `vhd_coalesce_max_attempts`
+# (floating point value)
+# Minimum value: 0
+#vhd_coalesce_poll_interval=5.0
+
+#
+# Ensure compute service is running on host XenAPI connects to.
+# This option must be set to false if the 'independent_compute'
+# option is set to true.
+#
+# Possible values:
+#
+# * Setting this option to true will make sure that compute service
+# is running on the same host that is specified by connection_url.
+# * Setting this option to false, doesn't perform the check.
+#
+# Related options:
+#
+# * `independent_compute`
+# (boolean value)
+#check_host=true
+
+#
+# Max number of times to poll for VHD to coalesce.
+#
+# This option determines the maximum number of attempts that can be
+# made for coalescing the VHD before giving up.
+#
+# Related opitons:
+#
+# * `vhd_coalesce_poll_interval`
+# (integer value)
+# Minimum value: 0
+#vhd_coalesce_max_attempts=20
+
+# Base path to the storage repository on the XenServer host. (string value)
+#sr_base_path=/var/run/sr-mount
+
+#
+# The iSCSI Target Host.
+#
+# This option represents the hostname or ip of the iSCSI Target.
+# If the target host is not present in the connection information from
+# the volume provider then the value from this option is taken.
+#
+# Possible values:
+#
+# * Any string that represents hostname/ip of Target.
+# (string value)
+#target_host=<None>
+
+#
+# The iSCSI Target Port.
+#
+# This option represents the port of the iSCSI Target. If the
+# target port is not present in the connection information from the
+# volume provider then the value from this option is taken.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#target_port=3260
+
+# DEPRECATED:
+# Used to enable the remapping of VBD dev.
+# (Works around an issue in Ubuntu Maverick)
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option provided a workaround for issues in Ubuntu Maverick, which
+# was released in April 2010 and was dropped from support in April 2012.
+# There's no reason to continue supporting this option.
+#remap_vbd_dev=false
+
+#
+# Specify prefix to remap VBD dev to (ex. /dev/xvdb -> /dev/sdb).
+#
+# Related options:
+#
+# * If `remap_vbd_dev` is set to False this option has no impact.
+# (string value)
+#remap_vbd_dev_prefix=sd
+
+#
+# Used to prevent attempts to attach VBDs locally, so Nova can
+# be run in a VM on a different host.
+#
+# Related options:
+#
+# * ``CONF.flat_injected`` (Must be False)
+# * ``CONF.xenserver.check_host`` (Must be False)
+# * ``CONF.default_ephemeral_format`` (Must be unset or 'ext3')
+# * Joining host aggregates (will error if attempted)
+# * Swap disks for Windows VMs (will error if attempted)
+# * Nova-based auto_configure_disk (will error if attempted)
+# (boolean value)
+#independent_compute=false
+
+#
+# Wait time for instances to go to running state.
+#
+# Provide an integer value representing time in seconds to set the
+# wait time for an instance to go to running state.
+#
+# When a request to create an instance is received by nova-api and
+# communicated to nova-compute, the creation of the instance occurs
+# through interaction with Xen via XenAPI in the compute node. Once
+# the node on which the instance(s) are to be launched is decided by
+# nova-schedule and the launch is triggered, a certain amount of wait
+# time is involved until the instance(s) can become available and
+# 'running'. This wait time is defined by running_timeout. If the
+# instances do not go to running state within this specified wait
+# time, the launch expires and the instance(s) are set to 'error'
+# state.
+# (integer value)
+# Minimum value: 0
+#running_timeout=60
+
+# DEPRECATED:
+# The XenAPI VIF driver using XenServer Network APIs.
+#
+# Provide a string value representing the VIF XenAPI vif driver to use for
+# plugging virtual network interfaces.
+#
+# Xen configuration uses bridging within the backend domain to allow
+# all VMs to appear on the network as individual hosts. Bridge
+# interfaces are used to create a XenServer VLAN network in which
+# the VIFs for the VM instances are plugged. If no VIF bridge driver
+# is plugged, the bridge is not made available. This configuration
+# option takes in a value for the VIF driver.
+#
+# Possible values:
+#
+# * nova.virt.xenapi.vif.XenAPIOpenVswitchDriver (default)
+# * nova.virt.xenapi.vif.XenAPIBridgeDriver (deprecated)
+#
+# Related options:
+#
+# * ``vlan_interface``
+# * ``ovs_integration_bridge``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There are only two in-tree vif drivers for XenServer. XenAPIBridgeDriver is
+# for
+# nova-network which is deprecated and XenAPIOpenVswitchDriver is for Neutron
+# which is the default configuration for Nova since the 15.0.0 Ocata release. In
+# the future the "use_neutron" configuration option will be used to determine
+# which vif driver to use.
+#vif_driver=nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
+
+#
+# Dom0 plugin driver used to handle image uploads.
+#
+# Provide a string value representing a plugin driver required to
+# handle the image uploading to GlanceStore.
+#
+# Images, and snapshots from XenServer need to be uploaded to the data
+# store for use. image_upload_handler takes in a value for the Dom0
+# plugin driver. This driver is then called to uplaod images to the
+# GlanceStore.
+# (string value)
+#image_upload_handler=nova.virt.xenapi.image.glance.GlanceStore
+
+#
+# Number of seconds to wait for SR to settle if the VDI
+# does not exist when first introduced.
+#
+# Some SRs, particularly iSCSI connections are slow to see the VDIs
+# right after they got introduced. Setting this option to a
+# time interval will make the SR to wait for that time period
+# before raising VDI not found exception.
+# (integer value)
+# Minimum value: 0
+#introduce_vdi_retry_wait=20
+
+#
+# The name of the integration Bridge that is used with xenapi
+# when connecting with Open vSwitch.
+#
+# Note: The value of this config option is dependent on the
+# environment, therefore this configuration value must be set
+# accordingly if you are using XenAPI.
+#
+# Possible values:
+#
+# * Any string that represents a bridge name.
+# (string value)
+#ovs_integration_bridge=<None>
+
+#
+# When adding new host to a pool, this will append a --force flag to the
+# command, forcing hosts to join a pool, even if they have different CPUs.
+#
+# Since XenServer version 5.6 it is possible to create a pool of hosts that have
+# different CPU capabilities. To accommodate CPU differences, XenServer limited
+# features it uses to determine CPU compatibility to only the ones that are
+# exposed by CPU and support for CPU masking was added.
+# Despite this effort to level differences between CPUs, it is still possible
+# that adding new host will fail, thus option to force join was introduced.
+# (boolean value)
+#use_join_force=true
+
+#
+# Publicly visible name for this console host.
+#
+# Possible values:
+#
+# * A string representing a valid hostname
+# (string value)
+# Deprecated group/name - [DEFAULT]/console_public_hostname
+#console_public_hostname=lcy01-22
+
+
+[xvp]
+#
+# Configuration options for XVP.
+#
+# xvp (Xen VNC Proxy) is a proxy server providing password-protected VNC-based
+# access to the consoles of virtual machines hosted on Citrix XenServer.
+
+#
+# From nova.conf
+#
+
+# XVP conf template (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_conf_template
+#console_xvp_conf_template=$pybasedir/nova/console/xvp.conf.template
+
+# Generated XVP conf file (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_conf
+#console_xvp_conf=/etc/xvp.conf
+
+# XVP master process pid file (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_pid
+#console_xvp_pid=/var/run/xvp.pid
+
+# XVP log file (string value)
+# Deprecated group/name - [DEFAULT]/console_xvp_log
+#console_xvp_log=/var/log/xvp.log
+
+# Port for XVP to multiplex VNC connections on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/console_xvp_multiplex_port
+#console_xvp_multiplex_port=5900
diff --git a/nova/files/ocata/nova-controller.conf.RedHat b/nova/files/ocata/nova-controller.conf.RedHat
new file mode 120000
index 0000000..09c7524
--- /dev/null
+++ b/nova/files/ocata/nova-controller.conf.RedHat
@@ -0,0 +1 @@
+nova-controller.conf.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/nova-placement-api.conf b/nova/files/ocata/nova-placement-api.conf
new file mode 100644
index 0000000..02e88cc
--- /dev/null
+++ b/nova/files/ocata/nova-placement-api.conf
@@ -0,0 +1,28 @@
+{%- from "nova/map.jinja" import controller with context %}
+Listen {{ controller.bind.private_address }}:8778
+
+<VirtualHost {{ controller.bind.private_address }}:8778>
+ WSGIScriptAlias / /usr/bin/nova-placement-api
+ WSGIDaemonProcess nova-placement processes=5 threads=1 user=nova group=nova display-name=%{GROUP}
+ WSGIProcessGroup nova-placement
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ LimitRequestBody 114688
+
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+
+ ErrorLog /var/log/apache2/nova_placement_error.log
+ CustomLog /var/log/apache2/nova_placement_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/nova/files/ocata/qemu.conf.Debian b/nova/files/ocata/qemu.conf.Debian
new file mode 100644
index 0000000..5b039c4
--- /dev/null
+++ b/nova/files/ocata/qemu.conf.Debian
@@ -0,0 +1,486 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master configuration file for the QEMU driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# VNC is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#vnc_listen = "0.0.0.0"
+
+# Enable this option to have VNC served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine, though most VNC clients do not support it.
+#
+# This will only be enabled for VNC configurations that do not have
+# a hardcoded 'listen' or 'socket' value. This setting takes preference
+# over vnc_listen.
+#
+#vnc_auto_unix_socket = 1
+
+# Enable use of TLS encryption on the VNC server. This requires
+# a VNC client which supports the VeNCrypt protocol extension.
+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#vnc_tls = 1
+
+
+# Use of TLS requires that x509 certificates be issued. The
+# default it to keep them in /etc/pki/libvirt-vnc. This directory
+# must contain
+#
+# ca-cert.pem - the CA master certificate
+# server-cert.pem - the server certificate signed with ca-cert.pem
+# server-key.pem - the server private key
+#
+# This option allows the certificate directory to be changed
+#
+#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing a x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
+#
+#vnc_tls_x509_verify = 1
+
+
+# The default VNC password. Only 8 bytes are significant for
+# VNC passwords. This parameter is only used if the per-domain
+# XML config does not already provide a password. To allow
+# access without passwords, leave this commented out. An empty
+# string will still enable passwords, but be rejected by QEMU,
+# effectively preventing any use of VNC. Obviously change this
+# example here before you set this.
+#
+#vnc_password = "XYZ12345"
+
+
+# Enable use of SASL encryption on the VNC server. This requires
+# a VNC client which supports the SASL protocol extension.
+# Examples include vinagre, virt-viewer and virt-manager
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#vnc_sasl = 1
+
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#vnc_sasl_dir = "/some/directory/sasl2"
+
+
+# QEMU implements an extension for providing audio over a VNC connection,
+# though if your VNC client does not support it, your only chance for getting
+# sound output is through regular audio backends. By default, libvirt will
+# disable all QEMU sound backends if using VNC, since they can cause
+# permissions issues. Enabling this option will make libvirtd honor the
+# QEMU_AUDIO_DRV environment variable when using VNC.
+#
+#vnc_allow_host_audio = 0
+
+
+
+# SPICE is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#spice_listen = "0.0.0.0"
+
+
+# Enable use of TLS encryption on the SPICE server.
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#spice_tls = 1
+
+
+# Use of TLS requires that x509 certificates be issued. The
+# default it to keep them in /etc/pki/libvirt-spice. This directory
+# must contain
+#
+# ca-cert.pem - the CA master certificate
+# server-cert.pem - the server certificate signed with ca-cert.pem
+# server-key.pem - the server private key
+#
+# This option allows the certificate directory to be changed.
+#
+#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+
+
+# The default SPICE password. This parameter is only used if the
+# per-domain XML config does not already provide a password. To
+# allow access without passwords, leave this commented out. An
+# empty string will still enable passwords, but be rejected by
+# QEMU, effectively preventing any use of SPICE. Obviously change
+# this example here before you set this.
+#
+#spice_password = "XYZ12345"
+
+
+# Enable use of SASL encryption on the SPICE server. This requires
+# a SPICE client which supports the SASL protocol extension.
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#spice_sasl = 1
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#spice_sasl_dir = "/some/directory/sasl2"
+
+
+# By default, if no graphical front end is configured, libvirt will disable
+# QEMU audio output since directly talking to alsa/pulseaudio may not work
+# with various security settings. If you know what you're doing, enable
+# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
+# environment variable when using nographics.
+#
+#nographics_allow_host_audio = 1
+
+
+# Override the port for creating both VNC and SPICE sessions (min).
+# This defaults to 5900 and increases for consecutive sessions
+# or when ports are occupied, until it hits the maximum.
+#
+# Minimum must be greater than or equal to 5900 as lower number would
+# result into negative vnc display number.
+#
+# Maximum must be less than 65536, because higher numbers do not make
+# sense as a port number.
+#
+#remote_display_port_min = 5900
+#remote_display_port_max = 65535
+
+# VNC WebSocket port policies, same rules apply as with remote display
+# ports. VNC WebSockets use similar display <-> port mappings, with
+# the exception being that ports start from 5700 instead of 5900.
+#
+#remote_websocket_port_min = 5700
+#remote_websocket_port_max = 65535
+
+# The default security driver is SELinux. If SELinux is disabled
+# on the host, then the security driver will automatically disable
+# itself. If you wish to disable QEMU SELinux security driver while
+# leaving SELinux enabled for the host in general, then set this
+# to 'none' instead. It's also possible to use more than one security
+# driver at the same time, for this use a list of names separated by
+# comma and delimited by square brackets. For example:
+#
+# security_driver = [ "selinux", "apparmor" ]
+#
+# Notes: The DAC security driver is always enabled; as a result, the
+# value of security_driver cannot contain "dac". The value "none" is
+# a special value; security_driver can be set to that value in
+# isolation, but it cannot appear in a list of drivers.
+#
+#security_driver = "selinux"
+
+# If set to non-zero, then the default security labeling
+# will make guests confined. If set to zero, then guests
+# will be unconfined by default. Defaults to 1.
+#security_default_confined = 1
+
+# If set to non-zero, then attempts to create unconfined
+# guests will be blocked. Defaults to 0.
+#security_require_confined = 1
+
+# The user for QEMU processes run by the system instance. It can be
+# specified as a user name or as a user id. The qemu driver will try to
+# parse this value first as a name and then, if the name doesn't exist,
+# as a user id.
+#
+# Since a sequence of digits is a valid user name, a leading plus sign
+# can be used to ensure that a user id will not be interpreted as a user
+# name.
+#
+# Some examples of valid values are:
+#
+# user = "qemu" # A user named "qemu"
+# user = "+0" # Super user (uid=0)
+# user = "100" # A user named "100" or a user with uid=100
+#
+#user = "root"
+
+# The group for QEMU processes run by the system instance. It can be
+# specified in a similar way to user.
+#group = "root"
+
+# Whether libvirt should dynamically change file ownership
+# to match the configured user/group above. Defaults to 1.
+# Set to 0 to disable file ownership changes.
+#dynamic_ownership = 1
+
+
+# What cgroup controllers to make use of with QEMU guests
+#
+# - 'cpu' - use for schedular tunables
+# - 'devices' - use for device whitelisting
+# - 'memory' - use for memory tunables
+# - 'blkio' - use for block devices I/O tunables
+# - 'cpuset' - use for CPUs and memory nodes
+# - 'cpuacct' - use for CPUs statistics.
+#
+# NB, even if configured here, they won't be used unless
+# the administrator has mounted cgroups, e.g.:
+#
+# mkdir /dev/cgroup
+# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
+#
+# They can be mounted anywhere, and different controllers
+# can be mounted in different locations. libvirt will detect
+# where they are located.
+#
+#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
+
+# This is the basic set of devices allowed / required by
+# all virtual machines.
+#
+# As well as this, any configured block backed disks,
+# all sound device, and all PTY devices are allowed.
+#
+# This will only need setting if newer QEMU suddenly
+# wants some device we don't already know about.
+#
+#cgroup_device_acl = [
+# "/dev/null", "/dev/full", "/dev/zero",
+# "/dev/random", "/dev/urandom",
+# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+# "/dev/rtc","/dev/hpet", "/dev/vfio/vfio"
+#]
+
+
+# The default format for Qemu/KVM guest save images is raw; that is, the
+# memory from the domain is dumped out directly to a file. If you have
+# guests with a large amount of memory, however, this can take up quite
+# a bit of space. If you would like to compress the images while they
+# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
+# for save_image_format. Note that this means you slow down the process of
+# saving a domain in order to save disk space; the list above is in descending
+# order by performance and ascending order by compression ratio.
+#
+# save_image_format is used when you use 'virsh save' or 'virsh managedsave'
+# at scheduled saving, and it is an error if the specified save_image_format
+# is not valid, or the requested compression program can't be found.
+#
+# dump_image_format is used when you use 'virsh dump' at emergency
+# crashdump, and if the specified dump_image_format is not valid, or
+# the requested compression program can't be found, this falls
+# back to "raw" compression.
+#
+# snapshot_image_format specifies the compression algorithm of the memory save
+# image when an external snapshot of a domain is taken. This does not apply
+# on disk image format. It is an error if the specified format isn't valid,
+# or the requested compression program can't be found.
+#
+#save_image_format = "raw"
+#dump_image_format = "raw"
+#snapshot_image_format = "raw"
+
+# When a domain is configured to be auto-dumped when libvirtd receives a
+# watchdog event from qemu guest, libvirtd will save dump files in directory
+# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
+#
+#auto_dump_path = "/var/lib/libvirt/qemu/dump"
+
+# When a domain is configured to be auto-dumped, enabling this flag
+# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
+# virDomainCoreDump API. That is, the system will avoid using the
+# file system cache while writing the dump file, but may cause
+# slower operation.
+#
+#auto_dump_bypass_cache = 0
+
+# When a domain is configured to be auto-started, enabling this flag
+# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
+# with the virDomainCreateWithFlags API. That is, the system will
+# avoid using the file system cache when restoring any managed state
+# file, but may cause slower operation.
+#
+#auto_start_bypass_cache = 0
+
+# If provided by the host and a hugetlbfs mount point is configured,
+# a guest may request huge page backing. When this mount point is
+# unspecified here, determination of a host mount point in /proc/mounts
+# will be attempted. Specifying an explicit mount overrides detection
+# of the same in /proc/mounts. Setting the mount point to "" will
+# disable guest hugepage backing.
+#
+# NB, within this mount point, guests will create memory backing files
+# in a location of $MOUNTPOINT/libvirt/qemu
+#
+#hugetlbfs_mount = "/dev/hugepages"
+#hugetlbfs_mount = ["/run/hugepages/kvm", "/mnt/hugepages_1GB"]
+{%- if compute.hugepages is defined %}
+hugetlbfs_mount = [{%- for mount in compute.hugepages.mount_points %}"{{ mount.path }}"{% if not loop.last %}, {% endif %}{%- endfor %}]
+security_driver="none"
+{%- endif %}
+
+# Path to the setuid helper for creating tap devices. This executable
+# is used to create <source type='bridge'> interfaces when libvirtd is
+# running unprivileged. libvirt invokes the helper directly, instead
+# of using "-netdev bridge", for security reasons.
+#bridge_helper = "/usr/libexec/qemu-bridge-helper"
+
+
+
+# If clear_emulator_capabilities is enabled, libvirt will drop all
+# privileged capabilities of the QEmu/KVM emulator. This is enabled by
+# default.
+#
+# Warning: Disabling this option means that a compromised guest can
+# exploit the privileges and possibly do damage to the host.
+#
+#clear_emulator_capabilities = 1
+
+
+# If enabled, libvirt will have QEMU set its process name to
+# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
+# process will appear as "qemu:VM_NAME" in process listings and
+# other system monitoring tools. By default, QEMU does not set
+# its process title, so the complete QEMU command (emulator and
+# its arguments) appear in process listings.
+#
+#set_process_name = 1
+
+
+# If max_processes is set to a positive integer, libvirt will use
+# it to set the maximum number of processes that can be run by qemu
+# user. This can be used to override default value set by host OS.
+# The same applies to max_files which sets the limit on the maximum
+# number of opened files.
+#
+{%- if compute.qemu is defined %}
+
+{%- if compute.qemu.max_processes is defined %}
+max_processes = {{ compute.qemu.max_processes }}
+{%- endif %}
+
+{%- if compute.qemu.max_files is defined %}
+max_files = {{ compute.qemu.max_files }}
+{%- endif %}
+
+{%- endif %}
+
+# mac_filter enables MAC addressed based filtering on bridge ports.
+# This currently requires ebtables to be installed.
+#
+#mac_filter = 1
+
+
+# By default, PCI devices below non-ACS switch are not allowed to be assigned
+# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
+# be assigned to guests.
+#
+#relaxed_acs_check = 1
+
+
+# If allow_disk_format_probing is enabled, libvirt will probe disk
+# images to attempt to identify their format, when not otherwise
+# specified in the XML. This is disabled by default.
+#
+# WARNING: Enabling probing is a security hole in almost all
+# deployments. It is strongly recommended that users update their
+# guest XML <disk> elements to include <driver type='XXXX'/>
+# elements instead of enabling this option.
+#
+#allow_disk_format_probing = 1
+
+
+# To enable 'Sanlock' project based locking of the file
+# content (to prevent two VMs writing to the same
+# disk), uncomment this
+#
+#lock_manager = "sanlock"
+
+
+
+# Set limit of maximum APIs queued on one domain. All other APIs
+# over this threshold will fail on acquiring job lock. Specially,
+# setting to zero turns this feature off.
+# Note, that job lock is per domain.
+#
+#max_queued = 0
+
+###################################################################
+# Keepalive protocol:
+# This allows qemu driver to detect broken connections to remote
+# libvirtd during peer-to-peer migration. A keepalive message is
+# sent to the daemon after keepalive_interval seconds of inactivity
+# to check if the daemon is still responding; keepalive_count is a
+# maximum number of keepalive messages that are allowed to be sent
+# to the daemon without getting any response before the connection
+# is considered broken. In other words, the connection is
+# automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the daemon. If keepalive_interval is set to
+# -1, qemu driver will not send keepalive requests during
+# peer-to-peer migration; however, the remote libvirtd can still
+# send them and source libvirtd will send responses. When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+
+
+
+# Use seccomp syscall whitelisting in QEMU.
+# 1 = on, 0 = off, -1 = use QEMU default
+# Defaults to -1.
+#
+#seccomp_sandbox = 1
+
+
+
+# Override the listen address for all incoming migrations. Defaults to
+# 0.0.0.0, or :: if both host and qemu are capable of IPv6.
+#migration_address = "127.0.0.1"
+
+
+# Override the port range used for incoming migrations.
+#
+# Minimum must be greater than 0, however when QEMU is not running as root,
+# setting the minimum to be lower than 1024 will not work.
+#
+# Maximum must not be greater than 65535.
+#
+#migration_port_min = 49152
+#migration_port_max = 49215
+cgroup_device_acl = [
+ "/dev/null", "/dev/full", "/dev/zero",
+ "/dev/random", "/dev/urandom",
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+ "/dev/rtc", "/dev/hpet","/dev/net/tun",
+ {%- if compute.get('sriov', false) %}
+ "/dev/vfio/vfio",
+ {% endif %}
+]