The following is an overview of all available configuration options in Nova.
For a sample configuration file, refer to Sample Configuration File.
internal_service_availability_zone
¶Type: | string |
---|---|
Default: | internal |
Availability zone for internal services.
This option determines the availability zone for the various internal nova services, such as ‘nova-scheduler’, ‘nova-conductor’, etc.
Possible values:
default_availability_zone
¶Type: | string |
---|---|
Default: | nova |
Default availability zone for compute services.
This option determines the default availability zone for ‘nova-compute’ services, which will be used if the service(s) do not belong to aggregates with availability zone metadata.
Possible values:
default_schedule_zone
¶Type: | string |
---|---|
Default: | <None> |
Default availability zone for instances.
This option determines the default availability zone for instances, which will be used when a user does not specify one when creating an instance. The instance(s) will be bound to this availability zone for their lifetime.
Possible values:
Related options:
[cinder]/cross_az_attach
password_length
¶Type: | integer |
---|---|
Default: | 12 |
Minimum Value: | 0 |
Length of generated instance admin passwords.
instance_usage_audit_period
¶Type: | string |
---|---|
Default: | month |
Time period to generate instance usages for. It is possible to define optional offset to given period by appending @ character followed by a number defining offset.
Possible values:
hour
, day
, month` or ``year
month@15
will result in monthly audits
starting on 15th day of month.use_rootwrap_daemon
¶Type: | boolean |
---|---|
Default: | False |
Start and use a daemon that can run the commands that need to be run with root privileges. This option is usually enabled on nodes that run nova compute processes.
rootwrap_config
¶Type: | string |
---|---|
Default: | /etc/nova/rootwrap.conf |
Path to the rootwrap configuration file.
Goal of the root wrapper is to allow a service-specific unprivileged user to run a number of actions as the root user in the safest manner possible. The configuration file used here must match the one defined in the sudoers entry.
tempdir
¶Type: | string |
---|---|
Default: | <None> |
Explicitly specify the temporary working directory.
compute_driver
¶Type: | string |
---|---|
Default: | <None> |
Defines which driver to use for controlling virtualization.
Possible values:
libvirt.LibvirtDriver
fake.FakeDriver
ironic.IronicDriver
vmwareapi.VMwareVCDriver
hyperv.HyperVDriver
powervm.PowerVMDriver
zvm.ZVMDriver
allow_resize_to_same_host
¶Type: | boolean |
---|---|
Default: | False |
Allow destination machine to match source for resize. Useful when testing in single-host environments. By default it is not allowed to resize to the same host. Setting this option to true will add the same host to the destination options. Also set to true if you allow the ServerGroupAffinityFilter and need to resize.
non_inheritable_image_properties
¶Type: | list |
---|---|
Default: | ['cache_in_nova', 'bittorrent'] |
Image properties that should not be inherited from the instance when taking a snapshot.
This option gives an opportunity to select which image-properties should not be inherited by newly created snapshots.
Note
The following image properties are never inherited regardless of whether they are listed in this configuration option or not:
Possible values:
max_local_block_devices
¶Type: | integer |
---|---|
Default: | 3 |
Maximum number of devices that will result in a local image being created on the hypervisor node.
A negative number means unlimited. Setting max_local_block_devices
to 0 means that any request that attempts to create a local disk
will fail. This option is meant to limit the number of local discs
(so root local disc that is the result of imageRef
being used when
creating a server, and any other ephemeral and swap disks). 0 does not
mean that images will be automatically converted to volumes and boot
instances from volumes - it just means that all requests that attempt
to create a local disk will fail.
Possible values:
compute_monitors
¶Type: | list |
---|---|
Default: | [] |
A comma-separated list of monitors that can be used for getting compute metrics. You can use the alias/name from the setuptools entry points for nova.compute.monitors.* namespaces. If no namespace is supplied, the “cpu.” namespace is assumed for backwards-compatibility.
NOTE: Only one monitor per namespace (For example: cpu) can be loaded at a time.
Possible values:
An empty list will disable the feature (Default).
An example value that would enable the CPU bandwidth monitor that uses the virt driver variant:
compute_monitors = cpu.virt_driver
default_ephemeral_format
¶Type: | string |
---|---|
Default: | <None> |
The default format an ephemeral_volume will be formatted with on creation.
Possible values:
ext2
ext3
ext4
xfs
ntfs
(only for Windows guests)vif_plugging_is_fatal
¶Type: | boolean |
---|---|
Default: | True |
Determine if instance should boot or fail on VIF plugging timeout.
Nova sends a port update to Neutron after an instance has been scheduled, providing Neutron with the necessary information to finish setup of the port. Once completed, Neutron notifies Nova that it has finished setting up the port, at which point Nova resumes the boot of the instance since network connectivity is now supposed to be present. A timeout will occur if the reply is not received after a given interval.
This option determines what Nova does when the VIF plugging timeout event happens. When enabled, the instance will error out. When disabled, the instance will continue to boot on the assumption that the port is ready.
Possible values:
vif_plugging_timeout
¶Type: | integer |
---|---|
Default: | 300 |
Minimum Value: | 0 |
Timeout for Neutron VIF plugging event message arrival.
Number of seconds to wait for Neutron vif plugging events to arrive before continuing or failing (see ‘vif_plugging_is_fatal’).
If you are hitting timeout failures at scale, consider running rootwrap
in “daemon mode” in the neutron agent via the [agent]/root_helper_daemon
neutron configuration option.
Related options:
vif_plugging_timeout
is set to zero and
vif_plugging_is_fatal
is False, events should not be expected to
arrive at all.arq_binding_timeout
¶Type: | integer |
---|---|
Default: | 300 |
Minimum Value: | 1 |
Timeout for Accelerator Request (ARQ) bind event message arrival.
Number of seconds to wait for ARQ bind resolution event to arrive. The event indicates that every ARQ for an instance has either bound successfully or failed to bind. If it does not arrive, instance bringup is aborted with an exception.
injected_network_template
¶Type: | string |
---|---|
Default: | $pybasedir/nova/virt/interfaces.template |
Path to ‘/etc/network/interfaces’ template.
The path to a template file for the ‘/etc/network/interfaces’-style file, which will be populated by nova and subsequently used by cloudinit. This provides a method to configure network connectivity in environments without a DHCP server.
The template will be rendered using Jinja2 template engine, and receive a
top-level key called interfaces
. This key will contain a list of
dictionaries, one for each interface.
Refer to the cloudinit documentaion for more information:
Possible values:
Related options:
flat_inject
: This must be set to True
to ensure nova embeds network
configuration information in the metadata provided through the config drive.preallocate_images
¶Type: | string |
---|---|
Default: | none |
Valid Values: | none, space |
The image preallocation mode to use.
Image preallocation allows storage for instance images to be allocated up front when the instance is initially provisioned. This ensures immediate feedback is given if enough space isn’t available. In addition, it should significantly improve performance on writes to new blocks and may even improve I/O performance to prewritten blocks due to reduced fragmentation.
Possible values
use_cow_images
¶Type: | boolean |
---|---|
Default: | True |
Enable use of copy-on-write (cow) images.
QEMU/KVM allow the use of qcow2 as backing files. By disabling this, backing files will not be used.
force_raw_images
¶Type: | boolean |
---|---|
Default: | True |
Force conversion of backing images to raw format.
Possible values:
Related options:
compute_driver
: Only the libvirt driver uses this option.[libvirt]/images_type
: If images_type is rbd, setting this option
to False is not allowed. See the bug
https://bugs.launchpad.net/nova/+bug/1816686 for more details.virt_mkfs
¶Type: | multi-valued |
---|---|
Default: | '' |
Name of the mkfs commands for ephemeral device.
The format is <os_type>=<mkfs command>
resize_fs_using_block_device
¶Type: | boolean |
---|---|
Default: | False |
Enable resizing of filesystems via a block device.
If enabled, attempt to resize the filesystem by accessing the image over a block device. This is done by the host and may not be necessary if the image contains a recent version of cloud-init. Possible mechanisms require the nbd driver (for qcow and raw), or loop (for raw).
timeout_nbd
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 0 |
Amount of time, in seconds, to wait for NBD device start up.
pointer_model
¶Type: | string |
---|---|
Default: | usbtablet |
Valid Values: | ps2mouse, usbtablet, <None> |
Generic property to specify the pointer type.
Input devices allow interaction with a graphical framebuffer. For example to provide a graphic tablet for absolute cursor movement.
If set, the ‘hw_pointer_model’ image property takes precedence over this configuration option.
Related options:
Possible values
vcpu_pin_set
¶Type: | string |
---|---|
Default: | <None> |
Mask of host CPUs that can be used for VCPU
resources.
The behavior of this option depends on the definition of the [compute]
cpu_dedicated_set
option and affects the behavior of the [compute]
cpu_shared_set
option.
[compute] cpu_dedicated_set
is defined, defining this option will
result in an error.[compute] cpu_dedicated_set
is not defined, this option will be used
to determine inventory for VCPU
resources and to limit the host CPUs
that both pinned and unpinned instances can be scheduled to, overriding the
[compute] cpu_shared_set
option.Possible values:
A comma-separated list of physical CPU numbers that virtual CPUs can be allocated from. Each element should be either a single CPU number, a range of CPU numbers, or a caret followed by a CPU number to be excluded from a previous range. For example:
vcpu_pin_set = "4-12,^8,15"
Related options:
[compute] cpu_dedicated_set
[compute] cpu_shared_set
Warning
This option is deprecated for removal since 20.0.0. Its value may be silently ignored in the future.
Reason: | This option has been superseded by the [compute] cpu_dedicated_set and [compute] cpu_shared_set options, which allow things like the co-existence of pinned and unpinned instances on the same host (for the libvirt driver). |
---|
reserved_huge_pages
¶Type: | unknown type |
---|---|
Default: | <None> |
Number of huge/large memory pages to reserved per NUMA host cell.
Possible values:
A list of valid key=value which reflect NUMA node ID, page size (Default unit is KiB) and number of pages to be reserved. For example:
reserved_huge_pages = node:0,size:2048,count:64
reserved_huge_pages = node:1,size:1GB,count:1
In this example we are reserving on NUMA node 0 64 pages of 2MiB and on NUMA node 1 1 page of 1GiB.
reserved_host_disk_mb
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Amount of disk resources in MB to make them always available to host. The disk usage gets reported back to the scheduler from nova-compute running on the compute nodes. To prevent the disk resources from being considered as available, this option can be used to reserve disk space for that host.
Possible values:
reserved_host_memory_mb
¶Type: | integer |
---|---|
Default: | 512 |
Minimum Value: | 0 |
Amount of memory in MB to reserve for the host so that it is always available to host processes. The host resources usage is reported back to the scheduler continuously from nova-compute running on the compute node. To prevent the host memory from being considered as available, this option is used to reserve memory for the host.
Possible values:
reserved_host_cpus
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Number of host CPUs to reserve for host processes.
The host resources usage is reported back to the scheduler continuously from
nova-compute running on the compute node. This value is used to determine the
reserved
value reported to placement.
This option cannot be set if the [compute] cpu_shared_set
or [compute]
cpu_dedicated_set
config options have been defined. When these options are
defined, any host CPUs not included in these values are considered reserved for
the host.
Possible values:
Related options:
[compute] cpu_shared_set
[compute] cpu_dedicated_set
cpu_allocation_ratio
¶Type: | floating point |
---|---|
Default: | <None> |
Minimum Value: | 0.0 |
Virtual CPU to physical CPU allocation ratio.
This option is used to influence the hosts selected by the Placement API by
configuring the allocation ratio for VCPU
inventory. In addition, the
AggregateCoreFilter
(deprecated) will fall back to this configuration value
if no per-aggregate setting is found.
Note
This option does not affect PCPU
inventory, which cannot be
overcommitted.
Note
If this option is set to something other than None
or 0.0
, the
allocation ratio will be overwritten by the value of this option, otherwise,
the allocation ratio will not change. Once set to a non-default value, it is
not possible to “unset” the config to get back to the default behavior. If
you want to reset back to the initial value, explicitly specify it to the
value of initial_cpu_allocation_ratio
.
Possible values:
Related options:
initial_cpu_allocation_ratio
ram_allocation_ratio
¶Type: | floating point |
---|---|
Default: | <None> |
Minimum Value: | 0.0 |
Virtual RAM to physical RAM allocation ratio.
This option is used to influence the hosts selected by the Placement API by
configuring the allocation ratio for MEMORY_MB
inventory. In addition, the
AggregateRamFilter
(deprecated) will fall back to this configuration value
if no per-aggregate setting is found.
Note
If this option is set to something other than None
or 0.0
, the
allocation ratio will be overwritten by the value of this option, otherwise,
the allocation ratio will not change. Once set to a non-default value, it is
not possible to “unset” the config to get back to the default behavior. If
you want to reset back to the initial value, explicitly specify it to the
value of initial_ram_allocation_ratio
.
Possible values:
Related options:
initial_ram_allocation_ratio
disk_allocation_ratio
¶Type: | floating point |
---|---|
Default: | <None> |
Minimum Value: | 0.0 |
Virtual disk to physical disk allocation ratio.
This option is used to influence the hosts selected by the Placement API by
configuring the allocation ratio for DISK_GB
inventory. In addition, the
AggregateDiskFilter
(deprecated) will fall back to this configuration value
if no per-aggregate setting is found.
When configured, a ratio greater than 1.0 will result in over-subscription of the available physical disk, which can be useful for more efficiently packing instances created with images that do not use the entire virtual disk, such as sparse or compressed images. It can be set to a value between 0.0 and 1.0 in order to preserve a percentage of the disk for uses other than instances.
Note
If the value is set to >1
, we recommend keeping track of the free disk
space, as the value approaching 0
may result in the incorrect
functioning of instances using it at the moment.
Note
If this option is set to something other than None
or 0.0
, the
allocation ratio will be overwritten by the value of this option, otherwise,
the allocation ratio will not change. Once set to a non-default value, it is
not possible to “unset” the config to get back to the default behavior. If
you want to reset back to the initial value, explicitly specify it to the
value of initial_disk_allocation_ratio
.
Possible values:
Related options:
initial_disk_allocation_ratio
initial_cpu_allocation_ratio
¶Type: | floating point |
---|---|
Default: | 16.0 |
Minimum Value: | 0.0 |
Initial virtual CPU to physical CPU allocation ratio.
This is only used when initially creating the computes_nodes
table record
for a given nova-compute service.
See https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html for more details and usage scenarios.
Related options:
cpu_allocation_ratio
initial_ram_allocation_ratio
¶Type: | floating point |
---|---|
Default: | 1.5 |
Minimum Value: | 0.0 |
Initial virtual RAM to physical RAM allocation ratio.
This is only used when initially creating the computes_nodes
table record
for a given nova-compute service.
See https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html for more details and usage scenarios.
Related options:
ram_allocation_ratio
initial_disk_allocation_ratio
¶Type: | floating point |
---|---|
Default: | 1.0 |
Minimum Value: | 0.0 |
Initial virtual disk to physical disk allocation ratio.
This is only used when initially creating the computes_nodes
table record
for a given nova-compute service.
See https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html for more details and usage scenarios.
Related options:
disk_allocation_ratio
console_host
¶Type: | string |
---|---|
Default: | <current_hostname> |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
Console proxy host to be used to connect to instances on this host. It is the publicly visible name for the console host.
Possible values:
default_access_ip_network_name
¶Type: | string |
---|---|
Default: | <None> |
Name of the network to be used to set access IPs for instances. If there are multiple IPs to choose from, an arbitrary one will be chosen.
Possible values:
instances_path
¶Type: | string |
---|---|
Default: | $state_path/instances |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
Specifies where instances are stored on the hypervisor’s disk. It can point to locally attached storage or a directory on NFS.
Possible values:
Related options:
[workarounds]/ensure_libvirt_rbd_instance_dir_cleanup
instance_usage_audit
¶Type: | boolean |
---|---|
Default: | False |
This option enables periodic compute.instance.exists notifications. Each compute node must be configured to generate system usage data. These notifications are consumed by OpenStack Telemetry service.
live_migration_retry_count
¶Type: | integer |
---|---|
Default: | 30 |
Minimum Value: | 0 |
Maximum number of 1 second retries in live_migration. It specifies number of retries to iptables when it complains. It happens when an user continuously sends live-migration request to same host leading to concurrent request to iptables.
Possible values:
resume_guests_state_on_host_boot
¶Type: | boolean |
---|---|
Default: | False |
This option specifies whether to start guests that were running before the host rebooted. It ensures that all of the instances on a Nova compute node resume their state each time the compute node boots or restarts.
network_allocate_retries
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Number of times to retry network allocation. It is required to attempt network allocation retries if the virtual interface plug fails.
Possible values:
max_concurrent_builds
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 0 |
Limits the maximum number of instance builds to run concurrently by nova-compute. Compute service can attempt to build an infinite number of instances, if asked to do so. This limit is enforced to avoid building unlimited instance concurrently on a compute node. This value can be set per compute node.
Possible Values:
max_concurrent_snapshots
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 0 |
Maximum number of instance snapshot operations to run concurrently. This limit is enforced to prevent snapshots overwhelming the host/network/storage and causing failure. This value can be set per compute node.
Possible Values:
max_concurrent_live_migrations
¶Type: | integer |
---|---|
Default: | 1 |
Minimum Value: | 0 |
Maximum number of live migrations to run concurrently. This limit is enforced to avoid outbound live migrations overwhelming the host/network and causing failures. It is not recommended that you change this unless you are very sure that doing so is safe and stable in your environment.
Possible values:
block_device_allocate_retries
¶Type: | integer |
---|---|
Default: | 60 |
Minimum Value: | 0 |
The number of times to check for a volume to be “available” before attaching it during server create.
When creating a server with block device mappings where source_type
is
one of blank
, image
or snapshot
and the destination_type
is
volume
, the nova-compute
service will create a volume and then attach
it to the server. Before the volume can be attached, it must be in status
“available”. This option controls how many times to check for the created
volume to be “available” before it is attached.
If the operation times out, the volume will be deleted if the block device
mapping delete_on_termination
value is True.
It is recommended to configure the image cache in the block storage service to speed up this operation. See https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html for details.
Possible values:
Related options:
block_device_allocate_retries_interval
- controls the interval between
checkssync_power_state_pool_size
¶Type: | integer |
---|---|
Default: | 1000 |
Number of greenthreads available for use to sync power states.
This option can be used to reduce the number of concurrent requests made to the hypervisor or system with real instance power states for performance reasons, for example, with Ironic.
Possible values:
bandwidth_poll_interval
¶Type: | integer |
---|---|
Default: | 600 |
Interval to pull network bandwidth usage info.
Not supported on all hypervisors. If a hypervisor doesn’t support bandwidth usage, it will not get the info in the usage events.
Possible values:
sync_power_state_interval
¶Type: | integer |
---|---|
Default: | 600 |
Interval to sync power states between the database and the hypervisor.
The interval that Nova checks the actual virtual machine power state and the power state that Nova has in its database. If a user powers down their VM, Nova updates the API to report the VM has been powered down. Should something turn on the VM unexpectedly, Nova will turn the VM back off to keep the system in the expected state.
Possible values:
Related options:
handle_virt_lifecycle_events
in the workarounds
group is
false and this option is negative, then instances that get out
of sync between the hypervisor and the Nova database will have
to be synchronized manually.heal_instance_info_cache_interval
¶Type: | integer |
---|---|
Default: | 60 |
Interval between instance network information cache updates.
Number of seconds after which each compute node runs the task of querying Neutron for all of its instances networking information, then updates the Nova db with that information. Nova will never update it’s cache if this option is set to 0. If we don’t update the cache, the metadata service and nova-api endpoints will be proxying incorrect network data about the instance. So, it is not recommended to set this option to 0.
Possible values:
reclaim_instance_interval
¶Type: | integer |
---|---|
Default: | 0 |
Interval for reclaiming deleted instances.
A value greater than 0 will enable SOFT_DELETE of instances. This option decides whether the server to be deleted will be put into the SOFT_DELETED state. If this value is greater than 0, the deleted server will not be deleted immediately, instead it will be put into a queue until it’s too old (deleted time greater than the value of reclaim_instance_interval). The server can be recovered from the delete queue by using the restore action. If the deleted server remains longer than the value of reclaim_instance_interval, it will be deleted by a periodic task in the compute service automatically.
Note that this option is read from both the API and compute nodes, and must be set globally otherwise servers could be put into a soft deleted state in the API and never actually reclaimed (deleted) on the compute node.
Note
When using this option, you should also configure the [cinder]
auth options, e.g. auth_type
, auth_url
, username
, etc.
Since the reclaim happens in a periodic task, there is no user token
to cleanup volumes attached to any SOFT_DELETED servers so nova must
be configured with administrator role access to cleanup those
resources in cinder.
Possible values:
Related options:
volume_usage_poll_interval
¶Type: | integer |
---|---|
Default: | 0 |
Interval for gathering volume usages.
This option updates the volume usage cache for every volume_usage_poll_interval number of seconds.
Possible values:
shelved_poll_interval
¶Type: | integer |
---|---|
Default: | 3600 |
Interval for polling shelved instances to offload.
The periodic task runs for every shelved_poll_interval number of seconds and checks if there are any shelved instances. If it finds a shelved instance, based on the ‘shelved_offload_time’ config value it offloads the shelved instances. Check ‘shelved_offload_time’ config option description for details.
Possible values:
Related options:
shelved_offload_time
shelved_offload_time
¶Type: | integer |
---|---|
Default: | 0 |
Time before a shelved instance is eligible for removal from a host.
By default this option is set to 0 and the shelved instance will be removed from the hypervisor immediately after shelve operation. Otherwise, the instance will be kept for the value of shelved_offload_time(in seconds) so that during the time period the unshelve action will be faster, then the periodic task will remove the instance from hypervisor after shelved_offload_time passes.
Possible values:
instance_delete_interval
¶Type: | integer |
---|---|
Default: | 300 |
Interval for retrying failed instance file deletes.
This option depends on ‘maximum_instance_delete_attempts’. This option specifies how often to retry deletes whereas ‘maximum_instance_delete_attempts’ specifies the maximum number of retry attempts that can be made.
Possible values:
Related options:
maximum_instance_delete_attempts
from instance_cleaning_opts
group.block_device_allocate_retries_interval
¶Type: | integer |
---|---|
Default: | 3 |
Minimum Value: | 0 |
Interval (in seconds) between block device allocation retries on failures.
This option allows the user to specify the time interval between
consecutive retries. The block_device_allocate_retries
option specifies
the maximum number of retries.
Possible values:
Related options:
block_device_allocate_retries
- controls the number of retriesscheduler_instance_sync_interval
¶Type: | integer |
---|---|
Default: | 120 |
Interval between sending the scheduler a list of current instance UUIDs to verify that its view of instances is in sync with nova.
If the CONF option ‘scheduler_tracks_instance_changes’ is False, the sync calls will not be made. So, changing this option will have no effect.
If the out of sync situations are not very common, this interval can be increased to lower the number of RPC messages being sent. Likewise, if sync issues turn out to be a problem, the interval can be lowered to check more frequently.
Possible values:
Related options:
scheduler_tracks_instance_changes
is set to False.update_resources_interval
¶Type: | integer |
---|---|
Default: | 0 |
Interval for updating compute resources.
This option specifies how often the update_available_resource periodic task should run. A number less than 0 means to disable the task completely. Leaving this at the default of 0 will cause this to run at the default periodic interval. Setting it to any positive value will cause it to run at approximately that number of seconds.
Possible values:
reboot_timeout
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Time interval after which an instance is hard rebooted automatically.
When doing a soft reboot, it is possible that a guest kernel is completely hung in a way that causes the soft reboot task to not ever finish. Setting this option to a time period in seconds will automatically hard reboot an instance if it has been stuck in a rebooting state longer than N seconds.
Possible values:
instance_build_timeout
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Maximum time in seconds that an instance can take to build.
If this timer expires, instance status will be changed to ERROR. Enabling this option will make sure an instance will not be stuck in BUILD state for a longer period.
Possible values:
rescue_timeout
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Interval to wait before un-rescuing an instance stuck in RESCUE.
Possible values:
resize_confirm_window
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Automatically confirm resizes after N seconds.
Resize functionality will save the existing server before resizing. After the resize completes, user is requested to confirm the resize. The user has the opportunity to either confirm or revert all changes. Confirm resize removes the original server and changes server status from resized to active. Setting this option to a time period (in seconds) will automatically confirm the resize if the server is in resized state longer than that time.
Possible values:
shutdown_timeout
¶Type: | integer |
---|---|
Default: | 60 |
Minimum Value: | 0 |
Total time to wait in seconds for an instance to perform a clean shutdown.
It determines the overall period (in seconds) a VM is allowed to perform a clean shutdown. While performing stop, rescue and shelve, rebuild operations, configuring this option gives the VM a chance to perform a controlled shutdown before the instance is powered off. The default timeout is 60 seconds. A value of 0 (zero) means the guest will be powered off immediately with no opportunity for guest OS clean-up.
The timeout value can be overridden on a per image basis by means of os_shutdown_timeout that is an image metadata setting allowing different types of operating systems to specify how much time they need to shut down cleanly.
Possible values:
running_deleted_instance_action
¶Type: | string |
---|---|
Default: | reap |
Valid Values: | reap, log, shutdown, noop |
The compute service periodically checks for instances that have been deleted in the database but remain running on the compute node. The above option enables action to be taken when such instances are identified.
Related options:
running_deleted_instance_poll_interval
running_deleted_instance_timeout
Possible values
running_deleted_instance_poll_interval
¶Type: | integer |
---|---|
Default: | 1800 |
Time interval in seconds to wait between runs for the clean up action. If set to 0, above check will be disabled. If “running_deleted_instance _action” is set to “log” or “reap”, a value greater than 0 must be set.
Possible values:
Related options:
running_deleted_instance_timeout
¶Type: | integer |
---|---|
Default: | 0 |
Time interval in seconds to wait for the instances that have been marked as deleted in database to be eligible for cleanup.
Possible values:
Related options:
maximum_instance_delete_attempts
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 1 |
The number of times to attempt to reap an instance’s files.
This option specifies the maximum number of retry attempts that can be made.
Possible values:
Related options:
[DEFAULT] instance_delete_interval
can be used to disable this option.osapi_compute_unique_server_name_scope
¶Type: | string |
---|---|
Default: | '' |
Valid Values: | ‘’, project, global |
Sets the scope of the check for unique instance names.
The default doesn’t check for unique names. If a scope for the name check is set, a launch of a new instance or an update of an existing instance with a duplicate name will result in an ‘’InstanceExists’’ error. The uniqueness is case-insensitive. Setting this option can increase the usability for end users as they don’t have to distinguish among instances with the same name by their IDs.
Possible values
enable_new_services
¶Type: | boolean |
---|---|
Default: | True |
Enable new nova-compute services on this host automatically.
When a new nova-compute service starts up, it gets registered in the database as an enabled service. Sometimes it can be useful to register new compute services in disabled state and then enabled them at a later point in time. This option only sets this behavior for nova-compute services, it does not auto-disable other services like nova-conductor, nova-scheduler, or nova-osapi_compute.
Possible values:
True
: Each new compute service is enabled as soon as it registers itself.False
: Compute services must be enabled via an os-services REST API call
or with the CLI with nova service-enable <hostname> <binary>
, otherwise
they are not ready to use.instance_name_template
¶Type: | string |
---|---|
Default: | instance-%08x |
Template string to be used to generate instance names.
This template controls the creation of the database name of an instance. This
is not the display name you enter when creating an instance (via Horizon
or CLI). For a new deployment it is advisable to change the default value
(which uses the database autoincrement) to another value which makes use
of the attributes of an instance, like instance-%(uuid)s
. If you
already have instances in your deployment when you change this, your
deployment will break.
Possible values:
%(id)d
or %(uuid)s
or %(hostname)s
.migrate_max_retries
¶Type: | integer |
---|---|
Default: | -1 |
Minimum Value: | -1 |
Number of times to retry live-migration before failing.
Possible values:
config_drive_format
¶Type: | string |
---|---|
Default: | iso9660 |
Valid Values: | iso9660, vfat |
Config drive format.
Config drive format that will contain metadata attached to the instance when it boots.
Related options:
force_config_drive
option set to true
img_config_drive
property for that image.[hyperv] config_drive_cdrom
option to true.Possible values
Warning
This option is deprecated for removal since 19.0.0. Its value may be silently ignored in the future.
Reason: | This option was originally added as a workaround for bug in libvirt, #1246201, that was resolved in libvirt v1.2.17. As a result, this option is no longer necessary or useful. |
---|
force_config_drive
¶Type: | boolean |
---|---|
Default: | False |
Force injection to take place on a config drive
When this option is set to true config drive functionality will be forced enabled by default, otherwise users can still enable config drives via the REST API or image metadata properties. Launched instances are not affected by this option.
Possible values:
Related options:
mkisofs_cmd
¶Type: | string |
---|---|
Default: | genisoimage |
Name or path of the tool used for ISO image creation.
Use the mkisofs_cmd
flag to set the path where you install the
genisoimage
program. If genisoimage
is on the system path, you do not
need to change the default value.
To use a config drive with Hyper-V, you must set the mkisofs_cmd
value to
the full path to an mkisofs.exe
installation. Additionally, you must set
the qemu_img_cmd
value in the hyperv configuration section to the full path
to an qemu-img
command installation.
Possible values:
Related options:
qemu_img_cmd
value in the hyperv configuration section to the full path to an qemu-img
command installation.my_ip
¶Type: | string |
---|---|
Default: | <host_ipv4> |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
The IP address which the host is using to connect to the management network.
Possible values:
Related options:
my_block_storage_ip
¶Type: | string |
---|---|
Default: | $my_ip |
The IP address which is used to connect to the block storage network.
Possible values:
Related options:
host
¶Type: | string |
---|---|
Default: | <current_hostname> |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
Hostname, FQDN or IP address of this host.
Used as:
Must be valid within AMQP key.
Possible values:
flat_injected
¶Type: | boolean |
---|---|
Default: | False |
This option determines whether the network setup information is injected into the VM before it is booted. While it was originally designed to be used only by nova-network, it is also used by the vmware virt driver to control whether network information is injected into a VM. The libvirt virt driver also uses it when we use config_drive to configure network to control whether network information is injected into a VM.
record
¶Type: | string |
---|---|
Default: | <None> |
Filename that will be used for storing websocket frames received and sent by a proxy service (like VNC, spice, serial) running on this host. If this is not set, no recording will be done.
daemon
¶Type: | boolean |
---|---|
Default: | False |
Run as a background process.
ssl_only
¶Type: | boolean |
---|---|
Default: | False |
Disallow non-encrypted connections.
Related options:
source_is_ipv6
¶Type: | boolean |
---|---|
Default: | False |
Set to True if source host is addressed with IPv6.
cert
¶Type: | string |
---|---|
Default: | self.pem |
Path to SSL certificate file.
Related options:
key
¶Type: | string |
---|---|
Default: | <None> |
SSL key file (if separate from cert).
Related options:
web
¶Type: | string |
---|---|
Default: | /usr/share/spice-html5 |
Path to directory with content which will be served by a web server.
pybasedir
¶Type: | string |
---|---|
Default: | <Path> |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
The directory where the Nova python modules are installed.
This directory is used to store template files for networking and remote console access. It is also the default path for other config options which need to persist Nova internal data. It is very unlikely that you need to change this option from its default value.
Possible values:
Related options:
state_path
bindir
¶Type: | string |
---|---|
Default: | /usr/local/bin |
The directory where the Nova binaries are installed.
This option is only relevant if the networking capabilities from Nova are used (see services below). Nova’s networking capabilities are targeted to be fully replaced by Neutron in the future. It is very unlikely that you need to change this option from its default value.
Possible values:
state_path
¶Type: | string |
---|---|
Default: | $pybasedir |
The top-level directory for maintaining Nova’s state.
This directory is used to store Nova’s internal state. It is used by a
variety of other config options which derive from this. In some scenarios
(for example migrations) it makes sense to use a storage location which is
shared between multiple compute hosts (for example via NFS). Unless the
option instances_path
gets overwritten, this directory can grow very
large.
Possible values:
pybasedir
.long_rpc_timeout
¶Type: | integer |
---|---|
Default: | 1800 |
This option allows setting an alternate timeout value for RPC calls that have the potential to take a long time. If set, RPC calls to other services will use this value for the timeout (in seconds) instead of the global rpc_response_timeout value.
Operations with RPC calls that utilize this value:
Related options:
report_interval
¶Type: | integer |
---|---|
Default: | 10 |
Number of seconds indicating how frequently the state of services on a given hypervisor is reported. Nova needs to know this to determine the overall health of the deployment.
Related Options:
service_down_time
¶Type: | integer |
---|---|
Default: | 60 |
Maximum time in seconds since last check-in for up service
Each compute node periodically updates their database status based on the specified report interval. If the compute node hasn’t updated the status for more than service_down_time, then the compute node is considered down.
Related Options:
periodic_enable
¶Type: | boolean |
---|---|
Default: | True |
Enable periodic tasks.
If set to true, this option allows services to periodically run tasks on the manager.
In case of running multiple schedulers or conductors you may want to run periodic tasks on only one host - in this case disable this option for all hosts but one.
periodic_fuzzy_delay
¶Type: | integer |
---|---|
Default: | 60 |
Minimum Value: | 0 |
Number of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding.
When compute workers are restarted in unison across a cluster, they all end up running the periodic tasks at the same time causing problems for the external services. To mitigate this behavior, periodic_fuzzy_delay option allows you to introduce a random initial delay when starting the periodic task scheduler.
Possible Values:
enabled_apis
¶Type: | list |
---|---|
Default: | ['osapi_compute', 'metadata'] |
List of APIs to be enabled by default.
enabled_ssl_apis
¶Type: | list |
---|---|
Default: | [] |
List of APIs with enabled SSL.
Nova provides SSL support for the API servers. enabled_ssl_apis option allows configuring the SSL support.
osapi_compute_listen
¶Type: | string |
---|---|
Default: | 0.0.0.0 |
IP address on which the OpenStack API will listen.
The OpenStack API service listens on this IP address for incoming requests.
osapi_compute_listen_port
¶Type: | port number |
---|---|
Default: | 8774 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Port on which the OpenStack API will listen.
The OpenStack API service listens on this port number for incoming requests.
osapi_compute_workers
¶Type: | integer |
---|---|
Default: | <None> |
Minimum Value: | 1 |
Number of workers for OpenStack API service. The default will be the number of CPUs available.
OpenStack API services can be configured to run as multi-process (workers). This overcomes the problem of reduction in throughput when API request concurrency increases. OpenStack API service will run in the specified number of processes.
Possible Values:
metadata_listen
¶Type: | string |
---|---|
Default: | 0.0.0.0 |
IP address on which the metadata API will listen.
The metadata API service listens on this IP address for incoming requests.
metadata_listen_port
¶Type: | port number |
---|---|
Default: | 8775 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Port on which the metadata API will listen.
The metadata API service listens on this port number for incoming requests.
metadata_workers
¶Type: | integer |
---|---|
Default: | <None> |
Minimum Value: | 1 |
Number of workers for metadata service. If not specified the number of available CPUs will be used.
The metadata service can be configured to run as multi-process (workers). This overcomes the problem of reduction in throughput when API request concurrency increases. The metadata service will run in the specified number of processes.
Possible Values:
servicegroup_driver
¶Type: | string |
---|---|
Default: | db |
Valid Values: | db, mc |
This option specifies the driver to be used for the servicegroup service.
ServiceGroup API in nova enables checking status of a compute node. When a compute worker running the nova-compute daemon starts, it calls the join API to join the compute group. Services like nova scheduler can query the ServiceGroup API to check if a node is alive. Internally, the ServiceGroup client driver automatically updates the compute worker status. There are multiple backend implementations for this service: Database ServiceGroup driver and Memcache ServiceGroup driver.
Related Options:
service_down_time
(maximum time since last check-in for up service)Possible values
rpc_conn_pool_size
¶Type: | integer |
---|---|
Default: | 30 |
Minimum Value: | 1 |
Size of RPC connection pool.
Group | Name |
---|---|
DEFAULT | rpc_conn_pool_size |
conn_pool_min_size
¶Type: | integer |
---|---|
Default: | 2 |
The pool size limit for connections expiration policy
conn_pool_ttl
¶Type: | integer |
---|---|
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
executor_thread_pool_size
¶Type: | integer |
---|---|
Default: | 64 |
Size of executor thread pool when executor is threading or eventlet.
Group | Name |
---|---|
DEFAULT | rpc_thread_pool_size |
rpc_response_timeout
¶Type: | integer |
---|---|
Default: | 60 |
Seconds to wait for a response from a call.
transport_url
¶Type: | string |
---|---|
Default: | rabbit:// |
The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:
driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
Example: rabbit://rabbitmq:password@127.0.0.1:5672//
For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
control_exchange
¶Type: | string |
---|---|
Default: | openstack |
The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
rpc_ping_enabled
¶Type: | boolean |
---|---|
Default: | False |
Add an endpoint to answer to ping calls. Endpoint is named oslo_rpc_server_ping
run_external_periodic_tasks
¶Type: | boolean |
---|---|
Default: | True |
Some periodic tasks can be run in a separate process. Should we run them here?
backdoor_port
¶Type: | string |
---|---|
Default: | <None> |
Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service’s log file.
backdoor_socket
¶Type: | string |
---|---|
Default: | <None> |
Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with ‘backdoor_port’ in that only one should be provided. If both are provided then the existence of this option overrides the usage of that option. Inside the path {pid} will be replaced with the PID of the current process.
log_options
¶Type: | boolean |
---|---|
Default: | True |
Enables or disables logging values of all registered options when starting a service (at DEBUG level).
graceful_shutdown_timeout
¶Type: | integer |
---|---|
Default: | 60 |
Specify a timeout after which a gracefully shutdown server will exit. Zero value means endless wait.
debug
¶Type: | boolean |
---|---|
Default: | False |
Mutable: | This option can be changed without restarting. |
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
log_config_append
¶Type: | string |
---|---|
Default: | <None> |
Mutable: | This option can be changed without restarting. |
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
Group | Name |
---|---|
DEFAULT | log-config |
DEFAULT | log_config |
log_date_format
¶Type: | string |
---|---|
Default: | %Y-%m-%d %H:%M:%S |
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
log_file
¶Type: | string |
---|---|
Default: | <None> |
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Group | Name |
---|---|
DEFAULT | logfile |
log_dir
¶Type: | string |
---|---|
Default: | <None> |
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Group | Name |
---|---|
DEFAULT | logdir |
watch_log_file
¶Type: | boolean |
---|---|
Default: | False |
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
use_syslog
¶Type: | boolean |
---|---|
Default: | False |
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
use_journal
¶Type: | boolean |
---|---|
Default: | False |
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
syslog_log_facility
¶Type: | string |
---|---|
Default: | LOG_USER |
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
use_json
¶Type: | boolean |
---|---|
Default: | False |
Use JSON formatting for logging. This option is ignored if log_config_append is set.
use_stderr
¶Type: | boolean |
---|---|
Default: | False |
Log output to standard error. This option is ignored if log_config_append is set.
use_eventlog
¶Type: | boolean |
---|---|
Default: | False |
Log output to Windows Event Log.
log_rotate_interval
¶Type: | integer |
---|---|
Default: | 1 |
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto “interval”.
log_rotate_interval_type
¶Type: | string |
---|---|
Default: | days |
Valid Values: | Seconds, Minutes, Hours, Days, Weekday, Midnight |
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
max_logfile_count
¶Type: | integer |
---|---|
Default: | 30 |
Maximum number of rotated log files.
max_logfile_size_mb
¶Type: | integer |
---|---|
Default: | 200 |
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
log_rotation_type
¶Type: | string |
---|---|
Default: | none |
Valid Values: | interval, size, none |
Log rotation type.
Possible values
logging_context_format_string
¶Type: | string |
---|---|
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
logging_default_format_string
¶Type: | string |
---|---|
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
logging_debug_format_suffix
¶Type: | string |
---|---|
Default: | %(funcName)s %(pathname)s:%(lineno)d |
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
logging_exception_prefix
¶Type: | string |
---|---|
Default: | %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
logging_user_identity_format
¶Type: | string |
---|---|
Default: | %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s |
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
default_log_levels
¶Type: | list |
---|---|
Default: | ['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO'] |
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
publish_errors
¶Type: | boolean |
---|---|
Default: | False |
Enables or disables publication of error events.
instance_format
¶Type: | string |
---|---|
Default: | "[instance: %(uuid)s] " |
The format for an instance that is passed with the log message.
instance_uuid_format
¶Type: | string |
---|---|
Default: | "[instance: %(uuid)s] " |
The format for an instance UUID that is passed with the log message.
rate_limit_interval
¶Type: | integer |
---|---|
Default: | 0 |
Interval, number of seconds, of log rate limiting.
rate_limit_burst
¶Type: | integer |
---|---|
Default: | 0 |
Maximum number of logged messages per rate_limit_interval.
rate_limit_except_level
¶Type: | string |
---|---|
Default: | CRITICAL |
Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
fatal_deprecations
¶Type: | boolean |
---|---|
Default: | False |
Enables or disables fatal status of deprecations.
Options under this group are used to define Nova API.
auth_strategy
¶Type: | string |
---|---|
Default: | keystone |
Valid Values: | keystone, noauth2 |
Determine the strategy to use for authentication.
Possible values
Warning
This option is deprecated for removal since 21.0.0. Its value may be silently ignored in the future.
Reason: | The only non-default choice, noauth2 , is for internal development and testing purposes only and should not be used in deployments. This option and its middleware, NoAuthMiddleware[V2_18], will be removed in a future release. |
---|
use_forwarded_for
¶Type: | boolean |
---|---|
Default: | False |
When True, the ‘X-Forwarded-For’ header is treated as the canonical remote address. When False (the default), the ‘remote_address’ header is used.
You should only enable this if you have an HTML sanitizing proxy.
Group | Name |
---|---|
DEFAULT | use_forwarded_for |
config_drive_skip_versions
¶Type: | string |
---|---|
Default: | 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 |
When gathering the existing metadata for a config drive, the EC2-style metadata is returned for all versions that don’t appear in this option. As of the Liberty release, the available versions are:
The option is in the format of a single string, with each version separated by a space.
Possible values:
Group | Name |
---|---|
DEFAULT | config_drive_skip_versions |
vendordata_providers
¶Type: | list |
---|---|
Default: | ['StaticJSON'] |
A list of vendordata providers.
vendordata providers are how deployers can provide metadata via configdrive and metadata that is specific to their deployment.
For more information on the requirements for implementing a vendordata dynamic endpoint, please see the vendordata.rst file in the nova developer reference.
Related options:
vendordata_dynamic_targets
vendordata_dynamic_ssl_certfile
vendordata_dynamic_connect_timeout
vendordata_dynamic_read_timeout
vendordata_dynamic_failure_fatal
Group | Name |
---|---|
DEFAULT | vendordata_providers |
vendordata_dynamic_targets
¶Type: | list |
---|---|
Default: | [] |
A list of targets for the dynamic vendordata provider. These targets are of
the form <name>@<url>
.
The dynamic vendordata provider collects metadata by contacting external REST services and querying them for information about the instance. This behaviour is documented in the vendordata.rst file in the nova developer reference.
Group | Name |
---|---|
DEFAULT | vendordata_dynamic_targets |
vendordata_dynamic_ssl_certfile
¶Type: | string |
---|---|
Default: | '' |
Path to an optional certificate file or CA bundle to verify dynamic vendordata REST services ssl certificates against.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | vendordata_dynamic_ssl_certfile |
vendordata_dynamic_connect_timeout
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 3 |
Maximum wait time for an external REST service to connect.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | vendordata_dynamic_connect_timeout |
vendordata_dynamic_read_timeout
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 0 |
Maximum wait time for an external REST service to return data once connected.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | vendordata_dynamic_read_timeout |
vendordata_dynamic_failure_fatal
¶Type: | boolean |
---|---|
Default: | False |
Should failures to fetch dynamic vendordata be fatal to instance boot?
Related options:
metadata_cache_expiration
¶Type: | integer |
---|---|
Default: | 15 |
Minimum Value: | 0 |
This option is the time (in seconds) to cache metadata. When set to 0, metadata caching is disabled entirely; this is generally not recommended for performance reasons. Increasing this setting should improve response times of the metadata API when under heavy load. Higher values may increase memory usage, and result in longer times for host metadata changes to take effect.
Group | Name |
---|---|
DEFAULT | metadata_cache_expiration |
local_metadata_per_cell
¶Type: | boolean |
---|---|
Default: | False |
Indicates that the nova-metadata API service has been deployed per-cell, so that we can have better performance and data isolation in a multi-cell deployment. Users should consider the use of this configuration depending on how neutron is setup. If you have networks that span cells, you might need to run nova-metadata API service globally. If your networks are segmented along cell boundaries, then you can run nova-metadata API service per cell. When running nova-metadata API service per cell, you should also configure each Neutron metadata-agent to point to the corresponding nova-metadata API service.
dhcp_domain
¶Type: | string |
---|---|
Default: | novalocal |
Domain name used to configure FQDN for instances.
Configure a fully-qualified domain name for instance hostnames. If unset, only the hostname without a domain will be configured.
Possible values:
Group | Name |
---|---|
DEFAULT | dhcp_domain |
vendordata_jsonfile_path
¶Type: | string |
---|---|
Default: | <None> |
Cloud providers may store custom data in vendor data file that will then be available to the instances via the metadata service, and to the rendering of config-drive. The default class for this, JsonFileVendorData, loads this information from a JSON file, whose path is configured by this option. If there is no path set by this option, the class returns an empty dictionary.
Note that when using this to provide static vendor data to a configuration drive, the nova-compute service must be configured with this option and the file must be accessible from the nova-compute host.
Possible values:
Group | Name |
---|---|
DEFAULT | vendordata_jsonfile_path |
max_limit
¶Type: | integer |
---|---|
Default: | 1000 |
Minimum Value: | 0 |
As a query can potentially return many thousands of items, you can limit the maximum number of items in a single response by setting this option.
Group | Name |
---|---|
DEFAULT | osapi_max_limit |
compute_link_prefix
¶Type: | string |
---|---|
Default: | <None> |
This string is prepended to the normal URL that is returned in links to the OpenStack Compute API. If it is empty (the default), the URLs are returned unchanged.
Possible values:
Group | Name |
---|---|
DEFAULT | osapi_compute_link_prefix |
glance_link_prefix
¶Type: | string |
---|---|
Default: | <None> |
This string is prepended to the normal URL that is returned in links to Glance resources. If it is empty (the default), the URLs are returned unchanged.
Possible values:
Group | Name |
---|---|
DEFAULT | osapi_glance_link_prefix |
instance_list_per_project_cells
¶Type: | boolean |
---|---|
Default: | False |
When enabled, this will cause the API to only query cell databases in which the tenant has mapped instances. This requires an additional (fast) query in the API database before each list, but also (potentially) limits the number of cell databases that must be queried to provide the result. If you have a small number of cells, or tenants are likely to have instances in all cells, then this should be False. If you have many cells, especially if you confine tenants to a small subset of those cells, this should be True.
instance_list_cells_batch_strategy
¶Type: | string |
---|---|
Default: | distributed |
Valid Values: | distributed, fixed |
This controls the method by which the API queries cell databases in smaller batches during large instance list operations. If batching is performed, a large instance list operation will request some fraction of the overall API limit from each cell database initially, and will re-request that same batch size as records are consumed (returned) from each cell as necessary. Larger batches mean less chattiness between the API and the database, but potentially more wasted effort processing the results from the database which will not be returned to the user. Any strategy will yield a batch size of at least 100 records, to avoid a user causing many tiny database queries in their request.
Related options:
Possible values
instance_list_cells_batch_fixed_size
. If the limit is smaller than the batch size, the limit will be used instead. If you do not wish batching to be used at all, setting the fixed size equal to the max_limit
value will cause only one request per cell database to be issued.instance_list_cells_batch_fixed_size
¶Type: | integer |
---|---|
Default: | 100 |
Minimum Value: | 100 |
This controls the batch size of instances requested from each cell
database if instance_list_cells_batch_strategy`
is set to fixed
.
This integral value will define the limit issued to each cell every time
a batch of instances is requested, regardless of the number of cells in
the system or any other factors. Per the general logic called out in
the documentation for instance_list_cells_batch_strategy
, the
minimum value for this is 100 records per batch.
Related options:
list_records_by_skipping_down_cells
¶Type: | boolean |
---|---|
Default: | True |
When set to False, this will cause the API to return a 500 error if there is an infrastructure failure like non-responsive cells. If you want the API to skip the down cells and return the results from the up cells set this option to True.
Note that from API microversion 2.69 there could be transient conditions in the deployment where certain records are not available and the results could be partial for certain requests containing those records. In those cases this option will be ignored. See “Handling Down Cells” section of the Compute API guide (https://docs.openstack.org/api-guide/compute/down_cells.html) for more information.
use_neutron_default_nets
¶Type: | boolean |
---|---|
Default: | False |
When True, the TenantNetworkController will query the Neutron API to get the default networks to use.
Related options:
Group | Name |
---|---|
DEFAULT | use_neutron_default_nets |
neutron_default_tenant_id
¶Type: | string |
---|---|
Default: | default |
Tenant ID for getting the default network from Neutron API (also referred in some places as the ‘project ID’) to use.
Related options:
Group | Name |
---|---|
DEFAULT | neutron_default_tenant_id |
enable_instance_password
¶Type: | boolean |
---|---|
Default: | True |
Enables returning of the instance password by the relevant server API calls such as create, rebuild, evacuate, or rescue. If the hypervisor does not support password injection, then the password returned will not be correct, so if your hypervisor does not support password injection, set this to False.
Group | Name |
---|---|
DEFAULT | enable_instance_password |
The Nova API Database is a separate database which is used for information which is used across cells. This database is mandatory since the Mitaka release (13.0.0).
This group should not be configured for the nova-compute
service.
connection
¶Type: | string |
---|---|
Default: | <None> |
The SQLAlchemy connection string to use to connect to the database. Do not set this for the nova-compute
service.
connection_parameters
¶Type: | string |
---|---|
Default: | '' |
Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&…
sqlite_synchronous
¶Type: | boolean |
---|---|
Default: | True |
If True, SQLite uses synchronous mode.
slave_connection
¶Type: | string |
---|---|
Default: | <None> |
The SQLAlchemy connection string to use to connect to the slave database.
mysql_sql_mode
¶Type: | string |
---|---|
Default: | TRADITIONAL |
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
connection_recycle_time
¶Type: | integer |
---|---|
Default: | 3600 |
Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.
Group | Name |
---|---|
api_database | idle_timeout |
max_pool_size
¶Type: | integer |
---|---|
Default: | <None> |
Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.
max_retries
¶Type: | integer |
---|---|
Default: | 10 |
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
retry_interval
¶Type: | integer |
---|---|
Default: | 10 |
Interval between retries of opening a SQL connection.
max_overflow
¶Type: | integer |
---|---|
Default: | <None> |
If set, use this value for max_overflow with SQLAlchemy.
connection_debug
¶Type: | integer |
---|---|
Default: | 0 |
Verbosity of SQL debugging information: 0=None, 100=Everything.
connection_trace
¶Type: | boolean |
---|---|
Default: | False |
Add Python stack traces to SQL as comment strings.
pool_timeout
¶Type: | integer |
---|---|
Default: | <None> |
If set, use this value for pool_timeout with SQLAlchemy.
barbican_endpoint
¶Type: | string |
---|---|
Default: | <None> |
Use this endpoint to connect to Barbican, for example: “http://localhost:9311/”
barbican_api_version
¶Type: | string |
---|---|
Default: | <None> |
Version of the Barbican API, for example: “v1”
auth_endpoint
¶Type: | string |
---|---|
Default: | http://localhost/identity/v3 |
Use this endpoint to connect to Keystone
Group | Name |
---|---|
key_manager | auth_url |
retry_delay
¶Type: | integer |
---|---|
Default: | 1 |
Number of seconds to wait before retrying poll for key creation completion
number_of_retries
¶Type: | integer |
---|---|
Default: | 60 |
Number of times to retry poll for key creation completion
verify_ssl
¶Type: | boolean |
---|---|
Default: | True |
Specifies if insecure TLS (https) requests. If False, the server’s certificate will not be validated, if True, we can set the verify_ssl_path config meanwhile.
verify_ssl_path
¶Type: | string |
---|---|
Default: | <None> |
A path to a bundle or CA certs to check against, or None for requests to attempt to locate and use certificates which verify_ssh is True. If verify_ssl is False, this is ignored.
barbican_endpoint_type
¶Type: | string |
---|---|
Default: | public |
Valid Values: | public, internal, admin |
Specifies the type of endpoint. Allowed values are: public, private, and admin
config_prefix
¶Type: | string |
---|---|
Default: | cache.oslo |
Prefix for building the configuration dictionary for the cache region. This should not need to be changed unless there is another dogpile.cache region with the same configuration name.
expiration_time
¶Type: | integer |
---|---|
Default: | 600 |
Default TTL, in seconds, for any cached item in the dogpile.cache region. This applies to any cached method that doesn’t have an explicit cache expiration time defined for it.
backend
¶Type: | string |
---|---|
Default: | dogpile.cache.null |
Valid Values: | oslo_cache.memcache_pool, oslo_cache.dict, oslo_cache.mongo, oslo_cache.etcd3gw, dogpile.cache.memcached, dogpile.cache.pylibmc, dogpile.cache.bmemcached, dogpile.cache.dbm, dogpile.cache.redis, dogpile.cache.memory, dogpile.cache.memory_pickle, dogpile.cache.null |
Cache backend module. For eventlet-based or environments with hundreds of threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is recommended. For environments with less than 100 threaded servers, Memcached (dogpile.cache.memcached) or Redis (dogpile.cache.redis) is recommended. Test environments with a single instance of the server can use the dogpile.cache.memory backend.
backend_argument
¶Type: | multi-valued |
---|---|
Default: | '' |
Arguments supplied to the backend module. Specify this option once per argument to be passed to the dogpile.cache backend. Example format: “<argname>:<value>”.
proxies
¶Type: | list |
---|---|
Default: | [] |
Proxy classes to import that will affect the way the dogpile.cache backend functions. See the dogpile.cache documentation on changing-backend-behavior.
enabled
¶Type: | boolean |
---|---|
Default: | False |
Global toggle for caching.
debug_cache_backend
¶Type: | boolean |
---|---|
Default: | False |
Extra debugging from the cache backend (cache keys, get/set/delete/etc calls). This is only really useful if you need to see the specific cache-backend get/set/delete calls with the keys/values. Typically this should be left set to false.
memcache_servers
¶Type: | list |
---|---|
Default: | ['localhost:11211'] |
Memcache servers in the format of “host:port”. (dogpile.cache.memcached and oslo_cache.memcache_pool backends only). If a given host refer to an IPv6 or a given domain refer to IPv6 then you should prefix the given address with the address family (inet6
) (e.g inet6[::1]:11211
, inet6:[fd12:3456:789a:1::1]:11211
, inet6:[controller-0.internalapi]:11211
). If the address family is not given then default address family used will be inet
which correspond to IPv4
memcache_dead_retry
¶Type: | integer |
---|---|
Default: | 300 |
Number of seconds memcached server is considered dead before it is tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
memcache_socket_timeout
¶Type: | floating point |
---|---|
Default: | 1.0 |
Timeout in seconds for every call to a server. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
memcache_pool_maxsize
¶Type: | integer |
---|---|
Default: | 10 |
Max total number of open connections to every memcached server. (oslo_cache.memcache_pool backend only).
memcache_pool_unused_timeout
¶Type: | integer |
---|---|
Default: | 60 |
Number of seconds a connection to memcached is held unused in the pool before it is closed. (oslo_cache.memcache_pool backend only).
memcache_pool_connection_get_timeout
¶Type: | integer |
---|---|
Default: | 10 |
Number of seconds that an operation will wait to get a memcache client connection.
tls_enabled
¶Type: | boolean |
---|---|
Default: | False |
Global toggle for TLS usage when comunicating with the caching servers.
tls_cafile
¶Type: | string |
---|---|
Default: | <None> |
Path to a file of concatenated CA certificates in PEM format necessary to establish the caching servers’ authenticity. If tls_enabled is False, this option is ignored.
tls_certfile
¶Type: | string |
---|---|
Default: | <None> |
Path to a single file in PEM format containing the client’s certificate as well as any number of CA certificates needed to establish the certificate’s authenticity. This file is only required when client side authentication is necessary. If tls_enabled is False, this option is ignored.
tls_keyfile
¶Type: | string |
---|---|
Default: | <None> |
Path to a single file containing the client’s private key in. Otherwhise the private key will be taken from the file specified in tls_certfile. If tls_enabled is False, this option is ignored.
tls_allowed_ciphers
¶Type: | string |
---|---|
Default: | <None> |
Set the available ciphers for sockets created with the TLS context. It should be a string in the OpenSSL cipher list format. If not specified, all OpenSSL enabled ciphers will be available.
catalog_info
¶Type: | string |
---|---|
Default: | volumev3::publicURL |
Info to match when looking for cinder in the service catalog.
The <service_name>
is optional and omitted by default since it should
not be necessary in most deployments.
Possible values:
Note: Nova does not support the Cinder v2 API since the Nova 17.0.0 Queens release.
Related options:
endpoint_template
¶Type: | string |
---|---|
Default: | <None> |
If this option is set then it will override service catalog lookup with this template for cinder endpoint
Possible values:
Note: Nova does not support the Cinder v2 API since the Nova 17.0.0 Queens release.
Related options:
os_region_name
¶Type: | string |
---|---|
Default: | <None> |
Region name of this node. This is used when picking the URL in the service catalog.
Possible values:
http_retries
¶Type: | integer |
---|---|
Default: | 3 |
Minimum Value: | 0 |
Number of times cinderclient should retry on any failed http call. 0 means connection is attempted only once. Setting it to any positive integer means that on failure connection is retried that many times e.g. setting it to 3 means total attempts to connect will be 4.
Possible values:
cross_az_attach
¶Type: | boolean |
---|---|
Default: | True |
Allow attach between instance and volume in different availability zones.
If False, volumes attached to an instance must be in the same availability zone in Cinder as the instance availability zone in Nova.
This also means care should be taken when booting an instance from a volume where source is not “volume” because Nova will attempt to create a volume using the same availability zone as what is assigned to the instance.
If that AZ is not in Cinder (or allow_availability_zone_fallback=False
in
cinder.conf), the volume create request will fail and the instance will fail
the build request.
By default there is no availability zone restriction on volume attach.
Related options:
[DEFAULT]/default_schedule_zone
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
cinder | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
auth_url
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication URL
system_scope
¶Type: | unknown type |
---|---|
Default: | <None> |
Scope for system operations
domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID to scope to
domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name to scope to
project_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Project ID to scope to
project_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Project name to scope to
project_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID containing project
project_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name containing project
trust_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Trust ID
default_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
default_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
user_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User ID
username
¶Type: | unknown type |
---|---|
Default: | <None> |
Username
Group | Name |
---|---|
cinder | user-name |
cinder | user_name |
user_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain id
user_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain name
password
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s password
tenant_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant ID
tenant_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant Name
consecutive_build_service_disable_threshold
¶Type: | integer |
---|---|
Default: | 10 |
Enables reporting of build failures to the scheduler.
Any nonzero value will enable sending build failure statistics to the scheduler for use by the BuildFailureWeigher.
Possible values:
Related options:
shutdown_retry_interval
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 1 |
Time to wait in seconds before resending an ACPI shutdown signal to instances.
The overall time to wait is set by shutdown_timeout
.
Possible values:
Related options:
shutdown_timeout
resource_provider_association_refresh
¶Type: | integer |
---|---|
Default: | 300 |
Minimum Value: | 0 |
Mutable: | This option can be changed without restarting. |
Interval for updating nova-compute-side cache of the compute node resource provider’s inventories, aggregates, and traits.
This option specifies the number of seconds between attempts to update a provider’s inventories, aggregates and traits in the local cache of the compute node.
A value of zero disables cache refresh completely.
The cache can be cleared manually at any time by sending SIGHUP to the compute process, causing it to be repopulated the next time the data is accessed.
Possible values:
Type: | string |
---|---|
Default: | <None> |
Mask of host CPUs that can be used for VCPU
resources and offloaded
emulator threads.
The behavior of this option depends on the definition of the deprecated
vcpu_pin_set
option.
vcpu_pin_set
is not defined, [compute] cpu_shared_set
will be be
used to provide VCPU
inventory and to determine the host CPUs that
unpinned instances can be scheduled to. It will also be used to determine the
host CPUS that instance emulator threads should be offloaded to for instances
configured with the share
emulator thread policy
(hw:emulator_threads_policy=share
).vcpu_pin_set
is defined, [compute] cpu_shared_set
will only be
used to determine the host CPUs that instance emulator threads should be
offloaded to for instances configured with the share
emulator thread
policy (hw:emulator_threads_policy=share
). vcpu_pin_set
will be used
to provide VCPU
inventory and to determine the host CPUs that both pinned
and unpinned instances can be scheduled to.This behavior will be simplified in a future release when vcpu_pin_set
is
removed.
Possible values:
A comma-separated list of physical CPU numbers that instance VCPUs can be allocated from. Each element should be either a single CPU number, a range of CPU numbers, or a caret followed by a CPU number to be excluded from a previous range. For example:
cpu_shared_set = "4-12,^8,15"
Related options:
[compute] cpu_dedicated_set
: This is the counterpart option for defining
where PCPU
resources should be allocated from.vcpu_pin_set
: A legacy option whose definition may change the behavior of
this option.cpu_dedicated_set
¶Type: | string |
---|---|
Default: | <None> |
Mask of host CPUs that can be used for PCPU
resources.
The behavior of this option affects the behavior of the deprecated
vcpu_pin_set
option.
vcpu_pin_set
will result in an error.vcpu_pin_set
will be used to determine
inventory for VCPU
resources and to limit the host CPUs that both pinned
and unpinned instances can be scheduled to.This behavior will be simplified in a future release when vcpu_pin_set
is
removed.
Possible values:
A comma-separated list of physical CPU numbers that instance VCPUs can be allocated from. Each element should be either a single CPU number, a range of CPU numbers, or a caret followed by a CPU number to be excluded from a previous range. For example:
cpu_dedicated_set = "4-12,^8,15"
Related options:
[compute] cpu_shared_set
: This is the counterpart option for defining
where VCPU
resources should be allocated from.vcpu_pin_set
: A legacy option that this option partially replaces.live_migration_wait_for_vif_plug
¶Type: | boolean |
---|---|
Default: | True |
Determine if the source compute host should wait for a network-vif-plugged
event from the (neutron) networking service before starting the actual transfer
of the guest to the destination compute host.
Note that this option is read on the destination host of a live migration. If you set this option the same on all of your compute hosts, which you should do if you use the same networking backend universally, you do not have to worry about this.
Before starting the transfer of the guest, some setup occurs on the destination
compute host, including plugging virtual interfaces. Depending on the
networking backend on the destination host, a network-vif-plugged
event may be triggered and then received on the source compute host and the
source compute can wait for that event to ensure networking is set up on the
destination host before starting the guest transfer in the hypervisor.
Note
The compute service cannot reliably determine which types of virtual
interfaces (port.binding:vif_type
) will send network-vif-plugged
events without an accompanying port binding:host_id
change.
Open vSwitch and linuxbridge should be OK, but OpenDaylight is at least
one known backend that will not currently work in this case, see bug
https://launchpad.net/bugs/1755890 for more details.
Possible values:
network-vif-plugged
events before starting guest transfernetwork-vif-plugged
events before starting guest
transfer (this is the legacy behavior)Related options:
live_migration_wait_for_vif_plug
is
True and vif_plugging_timeout
is greater than 0, and a timeout is
reached, the live migration process will fail with an error but the guest
transfer will not have started to the destination hostlive_migration_wait_for_vif_plug
is
True, this controls the amount of time to wait before timing out and either
failing if vif_plugging_is_fatal
is True, or simply continuing with the
live migrationmax_concurrent_disk_ops
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Number of concurrent disk-IO-intensive operations (glance image downloads, image format conversions, etc.) that we will do in parallel. If this is set too high then response time suffers. The default value of 0 means no limit.
max_disk_devices_to_attach
¶Type: | integer |
---|---|
Default: | -1 |
Minimum Value: | -1 |
Maximum number of disk devices allowed to attach to a single server. Note
that the number of disks supported by an server depends on the bus used. For
example, the ide
disk bus is limited to 4 attached devices. The configured
maximum is enforced during server create, rebuild, evacuate, unshelve, live
migrate, and attach volume.
Usually, disk bus is determined automatically from the device type or disk
device, and the virtualization type. However, disk bus
can also be specified via a block device mapping or an image property.
See the disk_bus
field in Block Device Mapping in Nova for more
information about specifying disk bus in a block device mapping, and
see https://docs.openstack.org/glance/latest/admin/useful-image-properties.html
for more information about the hw_disk_bus
image property.
Operators changing the [compute]/max_disk_devices_to_attach
on a compute
service that is hosting servers should be aware that it could cause rebuilds to
fail, if the maximum is decreased lower than the number of devices already
attached to servers. For example, if server A has 26 devices attached and an
operators changes [compute]/max_disk_devices_to_attach
to 20, a request to
rebuild server A will fail and go into ERROR state because 26 devices are
already attached and exceed the new configured maximum of 20.
Operators setting [compute]/max_disk_devices_to_attach
should also be aware
that during a cold migration, the configured maximum is only enforced in-place
and the destination is not checked before the move. This means if an operator
has set a maximum of 26 on compute host A and a maximum of 20 on compute host
B, a cold migration of a server with 26 attached devices from compute host A to
compute host B will succeed. Then, once the server is on compute host B, a
subsequent request to rebuild the server will fail and go into ERROR state
because 26 devices are already attached and exceed the configured maximum of 20
on compute host B.
The configured maximum is not enforced on shelved offloaded servers, as they have no compute host.
Warning
If this option is set to 0, the nova-compute
service will fail
to start, as 0 disk devices is an invalid configuration that would
prevent instances from being able to boot.
Possible values:
nova-compute
service to fail to start, as 0 disk devices is an invalid
configuration that would prevent instances from being able to boot.provider_config_location
¶Type: | string |
---|---|
Default: | /etc/nova/provider_config/ |
Location of YAML files containing resource provider configuration data.
These files allow the operator to specify additional custom inventory and traits to assign to one or more resource providers.
Additional documentation is available here:
vmdk_allowed_types
¶Type: | list |
---|---|
Default: | ['streamOptimized', 'monolithicSparse'] |
A list of strings describing allowed VMDK “create-type” subformats that will be allowed. This is recommended to only include single-file-with-sparse-header variants to avoid potential host file exposure due to processing named extents. If this list is empty, then no form of VMDK image will be allowed.
Options under this group are used to define Conductor’s communication, which manager should be act as a proxy between computes and database, and finally, how many worker processes will be used.
workers
¶Type: | integer |
---|---|
Default: | <None> |
Number of workers for OpenStack Conductor service. The default will be the number of CPUs available.
Options under this group allow to tune the configuration of the console proxy service.
Note: in configuration of every compute is a console_host
option,
which allows to select the console proxy service to connect to.
allowed_origins
¶Type: | list |
---|---|
Default: | [] |
Adds list of allowed origins to the console websocket proxy to allow connections from other origin hostnames. Websocket proxy matches the host header with the origin header to prevent cross-site requests. This list specifies if any there are values other than host are allowed in the origin header.
Possible values:
Group | Name |
---|---|
DEFAULT | console_allowed_origins |
ssl_ciphers
¶Type: | string |
---|---|
Default: | <None> |
OpenSSL cipher preference string that specifies what ciphers to allow for TLS connections from clients. For example:
ssl_ciphers = "kEECDH+aECDSA+AES:kEECDH+AES+aRSA:kEDH+aRSA+AES"
See the man page for the OpenSSL ciphers command for details of the cipher preference string format and allowed values:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html
Related options:
ssl_minimum_version
¶Type: | string |
---|---|
Default: | default |
Valid Values: | default, tlsv1_1, tlsv1_2, tlsv1_3 |
Minimum allowed SSL/TLS protocol version.
Related options:
Possible values
token_ttl
¶Type: | integer |
---|---|
Default: | 600 |
Minimum Value: | 0 |
The lifetime of a console auth token (in seconds).
A console auth token is used in authorizing console access for a user. Once the auth token time to live count has elapsed, the token is considered expired. Expired tokens are then deleted.
Group | Name |
---|---|
DEFAULT | console_token_ttl |
allowed_origin
¶Type: | list |
---|---|
Default: | <None> |
Indicate whether this resource may be shared with the domain received in the requests “origin” header. Format: “<protocol>://<host>[:<port>]”, no trailing slash. Example: https://horizon.example.com
allow_credentials
¶Type: | boolean |
---|---|
Default: | True |
Indicate that the actual request can include user credentials
expose_headers
¶Type: | list |
---|---|
Default: | ['X-Auth-Token', 'X-Openstack-Request-Id', 'X-Subject-Token', 'X-Service-Token', 'X-OpenStack-Nova-API-Version', 'OpenStack-API-Version'] |
Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
max_age
¶Type: | integer |
---|---|
Default: | 3600 |
Maximum cache age of CORS preflight requests.
allow_methods
¶Type: | list |
---|---|
Default: | ['GET', 'PUT', 'POST', 'DELETE', 'PATCH'] |
Indicate which methods can be used during the actual request.
allow_headers
¶Type: | list |
---|---|
Default: | ['X-Auth-Token', 'X-Openstack-Request-Id', 'X-Identity-Status', 'X-Roles', 'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id', 'X-OpenStack-Nova-API-Version', 'OpenStack-API-Version'] |
Indicate which header field names may be used during the actual request.
Configuration options for Cyborg (accelerator as a service).
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
service_type
¶Type: | string |
---|---|
Default: | accelerator |
The default service_type for endpoint URL discovery.
service_name
¶Type: | string |
---|---|
Default: | <None> |
The default service_name for endpoint URL discovery.
valid_interfaces
¶Type: | list |
---|---|
Default: | ['internal', 'public'] |
List of interfaces, in order of preference, for endpoint URL.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The default region_name for endpoint URL discovery.
endpoint_override
¶Type: | string |
---|---|
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
connect_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for connection errors.
connect_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
status_code_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for retriable HTTP status codes.
status_code_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
sqlite_synchronous
¶Type: | boolean |
---|---|
Default: | True |
If True, SQLite uses synchronous mode.
Group | Name |
---|---|
DEFAULT | sqlite_synchronous |
backend
¶Type: | string |
---|---|
Default: | sqlalchemy |
The back end to use for the database.
Group | Name |
---|---|
DEFAULT | db_backend |
connection
¶Type: | string |
---|---|
Default: | <None> |
The SQLAlchemy connection string to use to connect to the database.
Group | Name |
---|---|
DEFAULT | sql_connection |
DATABASE | sql_connection |
sql | connection |
slave_connection
¶Type: | string |
---|---|
Default: | <None> |
The SQLAlchemy connection string to use to connect to the slave database.
mysql_sql_mode
¶Type: | string |
---|---|
Default: | TRADITIONAL |
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
mysql_enable_ndb
¶Type: | boolean |
---|---|
Default: | False |
If True, transparently enables support for handling MySQL Cluster (NDB).
connection_recycle_time
¶Type: | integer |
---|---|
Default: | 3600 |
Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.
Group | Name |
---|---|
DATABASE | idle_timeout |
database | idle_timeout |
DEFAULT | sql_idle_timeout |
DATABASE | sql_idle_timeout |
sql | idle_timeout |
max_pool_size
¶Type: | integer |
---|---|
Default: | 5 |
Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.
Group | Name |
---|---|
DEFAULT | sql_max_pool_size |
DATABASE | sql_max_pool_size |
max_retries
¶Type: | integer |
---|---|
Default: | 10 |
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
Group | Name |
---|---|
DEFAULT | sql_max_retries |
DATABASE | sql_max_retries |
retry_interval
¶Type: | integer |
---|---|
Default: | 10 |
Interval between retries of opening a SQL connection.
Group | Name |
---|---|
DEFAULT | sql_retry_interval |
DATABASE | reconnect_interval |
max_overflow
¶Type: | integer |
---|---|
Default: | 50 |
If set, use this value for max_overflow with SQLAlchemy.
Group | Name |
---|---|
DEFAULT | sql_max_overflow |
DATABASE | sqlalchemy_max_overflow |
connection_debug
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Maximum Value: | 100 |
Verbosity of SQL debugging information: 0=None, 100=Everything.
Group | Name |
---|---|
DEFAULT | sql_connection_debug |
connection_trace
¶Type: | boolean |
---|---|
Default: | False |
Add Python stack traces to SQL as comment strings.
Group | Name |
---|---|
DEFAULT | sql_connection_trace |
pool_timeout
¶Type: | integer |
---|---|
Default: | <None> |
If set, use this value for pool_timeout with SQLAlchemy.
Group | Name |
---|---|
DATABASE | sqlalchemy_pool_timeout |
use_db_reconnect
¶Type: | boolean |
---|---|
Default: | False |
Enable the experimental use of database reconnect on connection lost.
db_retry_interval
¶Type: | integer |
---|---|
Default: | 1 |
Seconds between retries of a database transaction.
db_inc_retry_interval
¶Type: | boolean |
---|---|
Default: | True |
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
db_max_retry_interval
¶Type: | integer |
---|---|
Default: | 10 |
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
db_max_retries
¶Type: | integer |
---|---|
Default: | 20 |
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
connection_parameters
¶Type: | string |
---|---|
Default: | '' |
Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&…
use_tpool
¶Type: | boolean |
---|---|
Default: | False |
Enable the experimental use of thread pooling for all DB API calls
Group | Name |
---|---|
DEFAULT | dbapi_use_tpool |
enabled_vgpu_types
¶Type: | list |
---|---|
Default: | [] |
The vGPU types enabled in the compute node.
Some pGPUs (e.g. NVIDIA GRID K1) support different vGPU types. User can use this option to specify a list of enabled vGPU types that may be assigned to a guest instance.
If more than one single vGPU type is provided, then for each vGPU type an
additional section, [vgpu_$(VGPU_TYPE)]
, must be added to the configuration
file. Each section then must be configured with a single configuration
option, device_addresses
, which should be a list of PCI addresses
corresponding to the physical GPU(s) to assign to this type.
If one or more sections are missing (meaning that a specific type is not wanted
to use for at least one physical GPU) or if no device addresses are provided,
then Nova will only use the first type that was provided by
[devices]/enabled_vgpu_types
.
If the same PCI address is provided for two different types, nova-compute will return an InvalidLibvirtGPUConfig exception at restart.
An example is as the following:
[devices]
enabled_vgpu_types = nvidia-35, nvidia-36
[vgpu_nvidia-35]
device_addresses = 0000:84:00.0,0000:85:00.0
[vgpu_nvidia-36]
device_addresses = 0000:86:00.0
enabled
¶Type: | boolean |
---|---|
Default: | False |
Enables/disables LVM ephemeral storage encryption.
cipher
¶Type: | string |
---|---|
Default: | aes-xts-plain64 |
Cipher-mode string to be used.
The cipher and mode to be used to encrypt ephemeral storage. The set of cipher-mode combinations available depends on kernel support. According to the dm-crypt documentation, the cipher is expected to be in the format: “<cipher>-<chainmode>-<ivmode>”.
Possible values:
/proc/crypto
.key_size
¶Type: | integer |
---|---|
Default: | 512 |
Minimum Value: | 1 |
Encryption key length in bits.
The bit length of the encryption key to be used to encrypt ephemeral storage. In XTS mode only half of the bits are used for encryption key.
host_subset_size
¶Type: | integer |
---|---|
Default: | 1 |
Minimum Value: | 1 |
Size of subset of best hosts selected by scheduler.
New instances will be scheduled on a host chosen randomly from a subset of the N best hosts, where N is the value set by this option.
Setting this to a value greater than 1 will reduce the chance that multiple scheduler processes handling similar requests will select the same host, creating a potential race condition. By selecting a host randomly from the N hosts that best fit the request, the chance of a conflict is reduced. However, the higher you set this value, the less optimal the chosen host may be for a given request.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Group | Name |
---|---|
DEFAULT | scheduler_host_subset_size |
max_io_ops_per_host
¶Type: | integer |
---|---|
Default: | 8 |
The number of instances that can be actively performing IO on a host.
Instances performing IO includes those in the following states: build, resize, snapshot, migrate, rescue, unshelve.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘io_ops_filter’ filter is enabled.
Possible values:
Group | Name |
---|---|
DEFAULT | max_io_ops_per_host |
max_instances_per_host
¶Type: | integer |
---|---|
Default: | 50 |
Minimum Value: | 1 |
Maximum number of instances that can exist on a host.
If you need to limit the number of instances on any given host, set this option to the maximum number of instances you want to allow. The NumInstancesFilter and AggregateNumInstancesFilter will reject any host that has at least as many instances as this option’s value.
This option is only used by the FilterScheduler and its subclasses; if you use
a different scheduler, this option has no effect. Also note that this setting
only affects scheduling if the NumInstancesFilter
or
AggregateNumInstancesFilter
filter is enabled.
Possible values:
Group | Name |
---|---|
DEFAULT | max_instances_per_host |
track_instance_changes
¶Type: | boolean |
---|---|
Default: | True |
Enable querying of individual hosts for instance information.
The scheduler may need information about the instances on a host in order to evaluate its filters and weighers. The most common need for this information is for the (anti-)affinity filters, which need to choose a host based on the instances already running on a host.
If the configured filters and weighers do not need this information, disabling this option will improve performance. It may also be disabled when the tracking overhead proves too heavy, although this will cause classes requiring host usage data to query the database on each request instead.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
NOTE: In a multi-cell (v2) setup where the cell MQ is separated from the top-level, computes cannot directly communicate with the scheduler. Thus, this option cannot be enabled in that scenario. See also the [workarounds]/disable_group_policy_check_upcall option.
Group | Name |
---|---|
DEFAULT | scheduler_tracks_instance_changes |
available_filters
¶Type: | multi-valued |
---|---|
Default: | nova.scheduler.filters.all_filters |
Filters that the scheduler can use.
An unordered list of the filter classes the nova scheduler may apply. Only the filters specified in the ‘enabled_filters’ option will be used, but any filter appearing in that option must also be included in this list.
By default, this is set to all filters that are included with nova.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | scheduler_available_filters |
enabled_filters
¶Type: | list |
---|---|
Default: | ['AvailabilityZoneFilter', 'ComputeFilter', 'ComputeCapabilitiesFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter'] |
Filters that the scheduler will use.
An ordered list of filter class names that will be used for filtering hosts. These filters will be applied in the order they are listed so place your most restrictive filters first to make the filtering process more efficient.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | scheduler_default_filters |
weight_classes
¶Type: | list |
---|---|
Default: | ['nova.scheduler.weights.all_weighers'] |
Weighers that the scheduler will use.
Only hosts which pass the filters are weighed. The weight for any host starts at 0, and the weighers order these hosts by adding to or subtracting from the weight assigned by the previous weigher. Weights may become negative. An instance will be scheduled to one of the N most-weighted hosts, where N is ‘scheduler_host_subset_size’.
By default, this is set to all weighers that are included with Nova.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Group | Name |
---|---|
DEFAULT | scheduler_weight_classes |
ram_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
RAM weight multipler ratio.
This option determines how hosts with more or less available RAM are weighed. A positive value will result in the scheduler preferring hosts with more available RAM, and a negative number will result in the scheduler preferring hosts with less available RAM. Another way to look at it is that positive values for this option will tend to spread instances across many hosts, while negative values will tend to fill up (stack) hosts as much as possible before scheduling to a less-used host. The absolute value, whether positive or negative, controls how strong the RAM weigher is relative to other weighers.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘ram’ weigher is enabled.
Possible values:
Group | Name |
---|---|
DEFAULT | ram_weight_multiplier |
cpu_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
CPU weight multiplier ratio.
Multiplier used for weighting free vCPUs. Negative numbers indicate stacking rather than spreading.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘cpu’ weigher is enabled.
Possible values:
Related options:
filter_scheduler.weight_classes
: This weigher must be added to list of
enabled weight classes if the weight_classes
setting is set to a
non-default value.disk_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
Disk weight multipler ratio.
Multiplier used for weighing free disk space. Negative numbers mean to stack vs spread.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘disk’ weigher is enabled.
Possible values:
Group | Name |
---|---|
DEFAULT | disk_weight_multiplier |
io_ops_weight_multiplier
¶Type: | floating point |
---|---|
Default: | -1.0 |
IO operations weight multipler ratio.
This option determines how hosts with differing workloads are weighed. Negative values, such as the default, will result in the scheduler preferring hosts with lighter workloads whereas positive values will prefer hosts with heavier workloads. Another way to look at it is that positive values for this option will tend to schedule instances onto hosts that are already busy, while negative values will tend to distribute the workload across more hosts. The absolute value, whether positive or negative, controls how strong the io_ops weigher is relative to other weighers.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘io_ops’ weigher is enabled.
Possible values:
Group | Name |
---|---|
DEFAULT | io_ops_weight_multiplier |
pci_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
Minimum Value: | 0.0 |
PCI device affinity weight multiplier.
The PCI device affinity weighter computes a weighting based on the number of
PCI devices on the host and the number of PCI devices requested by the
instance. The NUMATopologyFilter
filter must be enabled for this to have
any significance. For more information, refer to the filter documentation:
Possible values:
soft_affinity_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
Minimum Value: | 0.0 |
Multiplier used for weighing hosts for group soft-affinity.
Possible values:
soft_anti_affinity_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
Minimum Value: | 0.0 |
Multiplier used for weighing hosts for group soft-anti-affinity.
Possible values:
build_failure_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1000000.0 |
Multiplier used for weighing hosts that have had recent build failures.
This option determines how much weight is placed on a compute node with recent build failures. Build failures may indicate a failing, misconfigured, or otherwise ailing compute node, and avoiding it during scheduling may be beneficial. The weight is inversely proportional to the number of recent build failures the compute node has experienced. This value should be set to some high value to offset weight given by other enabled weighers due to available resources. To disable weighing compute hosts by the number of recent failures, set this to zero.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
cross_cell_move_weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1000000.0 |
Multiplier used for weighing hosts during a cross-cell move.
This option determines how much weight is placed on a host which is within the same source cell when moving a server, for example during cross-cell resize. By default, when moving an instance, the scheduler will prefer hosts within the same cell since cross-cell move operations can be slower and riskier due to the complicated nature of cross-cell migrations.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Similarly, if your cloud is not configured to support cross-cell migrations, then this option has no effect.
The value of this configuration option can be overridden per host aggregate by setting the aggregate metadata key with the same name (cross_cell_move_weight_multiplier).
Possible values:
shuffle_best_same_weighed_hosts
¶Type: | boolean |
---|---|
Default: | False |
Enable spreading the instances between hosts with the same best weight.
Enabling it is beneficial for cases when host_subset_size is 1 (default), but there is a large number of hosts with same maximal weight. This scenario is common in Ironic deployments where there are typically many baremetal nodes with identical weights returned to the scheduler. In such case enabling this option will reduce contention and chances for rescheduling events. At the same time it will make the instance packing (even in unweighed case) less dense.
image_properties_default_architecture
¶Type: | string |
---|---|
Default: | <None> |
Valid Values: | alpha, armv6, armv7l, armv7b, aarch64, cris, i686, ia64, lm32, m68k, microblaze, microblazeel, mips, mipsel, mips64, mips64el, openrisc, parisc, parisc64, ppc, ppcle, ppc64, ppc64le, ppcemb, s390, s390x, sh4, sh4eb, sparc, sparc64, unicore32, x86_64, xtensa, xtensaeb |
The default architecture to be used when using the image properties filter.
When using the ImagePropertiesFilter, it is possible that you want to define a default architecture to make the user experience easier and avoid having something like x86_64 images landing on aarch64 compute nodes because the user did not specify the ‘hw_architecture’ property in Glance.
Possible values:
isolated_images
¶Type: | list |
---|---|
Default: | [] |
List of UUIDs for images that can only be run on certain hosts.
If there is a need to restrict some images to only run on certain designated hosts, list those image UUIDs here.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘IsolatedHostsFilter’ filter is enabled.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | isolated_images |
isolated_hosts
¶Type: | list |
---|---|
Default: | [] |
List of hosts that can only run certain images.
If there is a need to restrict some images to only run on certain designated hosts, list those host names here.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘IsolatedHostsFilter’ filter is enabled.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | isolated_hosts |
restrict_isolated_hosts_to_isolated_images
¶Type: | boolean |
---|---|
Default: | True |
Prevent non-isolated images from being built on isolated hosts.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘IsolatedHostsFilter’ filter is enabled. Even then, this option doesn’t affect the behavior of requests for isolated images, which will always be restricted to isolated hosts.
Related options:
Group | Name |
---|---|
DEFAULT | restrict_isolated_hosts_to_isolated_images |
aggregate_image_properties_isolation_namespace
¶Type: | string |
---|---|
Default: | <None> |
Image property namespace for use in the host aggregate.
Images and hosts can be configured so that certain images can only be scheduled to hosts in a particular aggregate. This is done with metadata values set on the host aggregate that are identified by beginning with the value of this option. If the host is part of an aggregate with such a metadata key, the image in the request spec must have the value of that metadata in its properties in order for the scheduler to consider the host as acceptable.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘aggregate_image_properties_isolation’ filter is enabled.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | aggregate_image_properties_isolation_namespace |
aggregate_image_properties_isolation_separator
¶Type: | string |
---|---|
Default: | . |
Separator character(s) for image property namespace and name.
When using the aggregate_image_properties_isolation filter, the relevant metadata keys are prefixed with the namespace defined in the aggregate_image_properties_isolation_namespace configuration option plus a separator. This option defines the separator to be used.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the ‘aggregate_image_properties_isolation’ filter is enabled.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | aggregate_image_properties_isolation_separator |
Configuration options for the Image service
api_servers
¶Type: | list |
---|---|
Default: | <None> |
List of glance api servers endpoints available to nova.
https is used for ssl-based glance api servers.
NOTE: The preferred mechanism for endpoint discovery is via keystoneauth1 loading options. Only use api_servers if you need multiple endpoints and are unable to use a load balancer for some reason.
Possible values:
Warning
This option is deprecated for removal since 21.0.0. Its value may be silently ignored in the future.
Reason: | Support for image service configuration via standard keystoneauth1 Adapter options was added in the 17.0.0 Queens release. The api_servers option was retained temporarily to allow consumers time to cut over to a real load balancing solution. |
---|
num_retries
¶Type: | integer |
---|---|
Default: | 3 |
Minimum Value: | 0 |
Enable glance operation retries.
Specifies the number of retries when uploading / downloading an image to / from glance. 0 means no retries.
allowed_direct_url_schemes
¶Type: | list |
---|---|
Default: | [] |
List of url schemes that can be directly accessed.
This option specifies a list of url schemes that can be downloaded directly via the direct_url. This direct_URL can be fetched from Image metadata which can be used by nova to get the image more efficiently. nova-compute could benefit from this by invoking a copy when it has access to the same file system as glance.
Possible values:
Warning
This option is deprecated for removal since 17.0.0. Its value may be silently ignored in the future.
Reason: | This was originally added for the ‘nova.image.download.file’ FileTransfer extension which was removed in the 16.0.0 Pike release. The ‘nova.image.download.modules’ extension point is not maintained and there is no indication of its use in production clouds. |
---|
verify_glance_signatures
¶Type: | boolean |
---|---|
Default: | False |
Enable image signature verification.
nova uses the image signature metadata from glance and verifies the signature of a signed image while downloading that image. If the image signature cannot be verified or if the image signature metadata is either incomplete or unavailable, then nova will not boot the image and instead will place the instance into an error state. This provides end users with stronger assurances of the integrity of the image data they are using to create servers.
Related options:
enable_certificate_validation
¶Type: | boolean |
---|---|
Default: | False |
Enable certificate validation for image signature verification.
During image signature verification nova will first verify the validity of the image’s signing certificate using the set of trusted certificates associated with the instance. If certificate validation fails, signature verification will not be performed and the instance will be placed into an error state. This provides end users with stronger assurances that the image data is unmodified and trustworthy. If left disabled, image signature verification can still occur but the end user will not have any assurance that the signing certificate used to generate the image signature is still trustworthy.
Related options:
Warning
This option is deprecated for removal since 16.0.0. Its value may be silently ignored in the future.
Reason: | This option is intended to ease the transition for deployments leveraging image signature verification. The intended state long-term is for signature verification and certificate validation to always happen together. |
---|
default_trusted_certificate_ids
¶Type: | list |
---|---|
Default: | [] |
List of certificate IDs for certificates that should be trusted.
May be used as a default list of trusted certificate IDs for certificate validation. The value of this option will be ignored if the user provides a list of trusted certificate IDs with an instance API request. The value of this option will be persisted with the instance data if signature verification and certificate validation are enabled and if the user did not provide an alternative list. If left empty when certificate validation is enabled the user must provide a list of trusted certificate IDs otherwise certificate validation will fail.
Related options:
enable_rbd_download
¶Type: | boolean |
---|---|
Default: | False |
Enable download of Glance images directly via RBD.
Allow compute hosts to quickly download and cache images localy directly from Ceph rather than slow dowloads from the Glance API. This can reduce download time for images in the ten to hundreds of GBs from tens of minutes to tens of seconds, but requires a Ceph-based deployment and access from the compute nodes to Ceph.
Related options:
[glance] rbd_user
[glance] rbd_connect_timeout
[glance] rbd_pool
[glance] rbd_ceph_conf
rbd_user
¶Type: | string |
---|---|
Default: | '' |
The RADOS client name for accessing Glance images stored as rbd volumes.
Related options:
[glance] enable_rbd_download
is set to True.rbd_connect_timeout
¶Type: | integer |
---|---|
Default: | 5 |
The RADOS client timeout in seconds when initially connecting to the cluster.
Related options:
[glance] enable_rbd_download
is set to True.rbd_pool
¶Type: | string |
---|---|
Default: | '' |
The RADOS pool in which the Glance images are stored as rbd volumes.
Related options:
[glance] enable_rbd_download
is set to True.rbd_ceph_conf
¶Type: | string |
---|---|
Default: | '' |
Path to the ceph configuration file to use.
Related options:
[glance] enable_rbd_download
is set to True.debug
¶Type: | boolean |
---|---|
Default: | False |
Enable or disable debug logging with glanceclient.
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
service_type
¶Type: | string |
---|---|
Default: | image |
The default service_type for endpoint URL discovery.
service_name
¶Type: | string |
---|---|
Default: | <None> |
The default service_name for endpoint URL discovery.
valid_interfaces
¶Type: | list |
---|---|
Default: | ['internal', 'public'] |
List of interfaces, in order of preference, for endpoint URL.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The default region_name for endpoint URL discovery.
endpoint_override
¶Type: | string |
---|---|
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
connect_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for connection errors.
connect_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
status_code_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for retriable HTTP status codes.
status_code_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
libguestfs is a set of tools for accessing and modifying virtual machine (VM) disk images. You can use this for viewing and editing files inside guests, scripting changes to VMs, monitoring disk used/free statistics, creating guests, P2V, V2V, performing backups, cloning VMs, building VMs, formatting disks and resizing disks.
debug
¶Type: | boolean |
---|---|
Default: | False |
Enable/disables guestfs logging.
This configures guestfs to debug messages and push them to OpenStack logging system. When set to True, it traces libguestfs API calls and enable verbose debug messages. In order to use the above feature, “libguestfs” package must be installed.
Related options:
Since libguestfs access and modifies VM’s managed by libvirt, below options should be set to give access to those VM’s.
libvirt.inject_key
libvirt.inject_partition
libvirt.inject_password
path
¶Type: | string |
---|---|
Default: | /healthcheck |
The path to respond to healtcheck requests on.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
detailed
¶Type: | boolean |
---|---|
Default: | False |
Show more detailed information as part of the response. Security note: Enabling this option may expose sensitive details about the service being monitored. Be sure to verify that it will not violate your security policies.
backends
¶Type: | list |
---|---|
Default: | [] |
Additional backends that can perform health checks and report that information back as part of a request.
disable_by_file_path
¶Type: | string |
---|---|
Default: | <None> |
Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin.
disable_by_file_paths
¶Type: | list |
---|---|
Default: | [] |
Check the presence of a file based on a port to determine if an application is running on a port. Expects a “port:path” list of strings. Used by DisableByFilesPortsHealthcheck plugin.
The hyperv feature allows you to configure the Hyper-V hypervisor driver to be used within an OpenStack deployment.
dynamic_memory_ratio
¶Type: | floating point |
---|---|
Default: | 1.0 |
Dynamic memory ratio
Enables dynamic memory allocation (ballooning) when set to a value greater than 1. The value expresses the ratio between the total RAM assigned to an instance and its startup RAM amount. For example a ratio of 2.0 for an instance with 1024MB of RAM implies 512MB of RAM allocated at startup.
Possible values:
enable_instance_metrics_collection
¶Type: | boolean |
---|---|
Default: | False |
Enable instance metrics collection
Enables metrics collections for an instance by using Hyper-V’s metric APIs. Collected data can be retrieved by other apps and services, e.g.: Ceilometer.
Type: | string |
---|---|
Default: | '' |
Instances path share
The name of a Windows share mapped to the “instances_path” dir and used by the resize feature to copy files to the target host. If left blank, an administrative share (hidden network share) will be used, looking for the same “instances_path” used locally.
Possible values:
Related options:
limit_cpu_features
¶Type: | boolean |
---|---|
Default: | False |
Limit CPU features
This flag is needed to support live migration to hosts with different CPU features and checked during instance creation in order to limit the CPU features used by the instance.
mounted_disk_query_retry_count
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 0 |
Mounted disk query retry count
The number of times to retry checking for a mounted disk. The query runs until the device can be found or the retry count is reached.
Possible values:
Related options:
mounted_disk_query_retry_interval
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 0 |
Mounted disk query retry interval
Interval between checks for a mounted disk, in seconds.
Possible values:
Related options:
power_state_check_timeframe
¶Type: | integer |
---|---|
Default: | 60 |
Minimum Value: | 0 |
Power state check timeframe
The timeframe to be checked for instance power state changes. This option is used to fetch the state of the instance from Hyper-V through the WMI interface, within the specified timeframe.
Possible values:
power_state_event_polling_interval
¶Type: | integer |
---|---|
Default: | 2 |
Minimum Value: | 0 |
Power state event polling interval
Instance power state change event polling frequency. Sets the listener interval for power state events to the given value. This option enhances the internal lifecycle notifications of instances that reboot themselves. It is unlikely that an operator has to change this value.
Possible values:
qemu_img_cmd
¶Type: | string |
---|---|
Default: | qemu-img.exe |
qemu-img command
qemu-img is required for some of the image related operations like converting between different image types. You can get it from here: (http://qemu.weilnetz.de/) or you can install the Cloudbase OpenStack Hyper-V Compute Driver (https://cloudbase.it/openstack-hyperv-driver/) which automatically sets the proper path for this config option. You can either give the full path of qemu-img.exe or set its path in the PATH environment variable and leave this option to the default value.
Possible values:
Related options:
mkisofs_cmd
value to the full path to an mkisofs.exe
installation.vswitch_name
¶Type: | string |
---|---|
Default: | <None> |
External virtual switch name
The Hyper-V Virtual Switch is a software-based layer-2 Ethernet network switch that is available with the installation of the Hyper-V server role. The switch includes programmatically managed and extensible capabilities to connect virtual machines to both virtual networks and the physical network. In addition, Hyper-V Virtual Switch provides policy enforcement for security, isolation, and service levels. The vSwitch represented by this config option must be an external one (not internal or private).
Possible values:
wait_soft_reboot_seconds
¶Type: | integer |
---|---|
Default: | 60 |
Minimum Value: | 0 |
Wait soft reboot seconds
Number of seconds to wait for instance to shut down after soft reboot request is made. We fall back to hard reboot if instance does not shutdown within this window.
Possible values:
config_drive_cdrom
¶Type: | boolean |
---|---|
Default: | False |
Mount config drive as a CD drive.
OpenStack can be configured to write instance metadata to a config drive, which is then attached to the instance before it boots. The config drive can be attached as a disk drive (default) or as a CD drive.
Related options:
force_config_drive
option set to True
or when the REST API call to create an instance will have
--config-drive=True
flag.config_drive_format
option must be set to iso9660
in order to use
CD drive as the config drive image.mkisofs_cmd
value to the full path to an mkisofs.exe
installation.
Additionally, you must set the qemu_img_cmd
value to the full path
to an qemu-img
command installation.force_config_drive
option to True
.config_drive_inject_password
¶Type: | boolean |
---|---|
Default: | False |
Inject password to config drive.
When enabled, the admin password will be available from the config drive image.
Related options:
force_config_drive
.volume_attach_retry_count
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 0 |
Volume attach retry count
The number of times to retry attaching a volume. Volume attachment is retried until success or the given retry count is reached.
Possible values:
Related options:
volume_attach_retry_interval
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 0 |
Volume attach retry interval
Interval between volume attachment attempts, in seconds.
Possible values:
Related options:
enable_remotefx
¶Type: | boolean |
---|---|
Default: | False |
Enable RemoteFX feature
This requires at least one DirectX 11 capable graphics adapter for Windows / Hyper-V Server 2012 R2 or newer and RDS-Virtualization feature has to be enabled.
Instances with RemoteFX can be requested with the following flavor extra specs:
os:resolution. Guest VM screen resolution size. Acceptable values:
1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
3840x2160
is only available on Windows / Hyper-V Server 2016.
os:monitors. Guest VM number of monitors. Acceptable values:
[1, 4] - Windows / Hyper-V Server 2012 R2
[1, 8] - Windows / Hyper-V Server 2016
os:vram. Guest VM VRAM amount. Only available on Windows / Hyper-V Server 2016. Acceptable values:
64, 128, 256, 512, 1024
use_multipath_io
¶Type: | boolean |
---|---|
Default: | False |
Use multipath connections when attaching iSCSI or FC disks.
This requires the Multipath IO Windows feature to be enabled. MPIO must be configured to claim such devices.
iscsi_initiator_list
¶Type: | list |
---|---|
Default: | [] |
List of iSCSI initiators that will be used for estabilishing iSCSI sessions.
If none are specified, the Microsoft iSCSI initiator service will choose the initiator.
A collection of options specific to image caching.
manager_interval
¶Type: | integer |
---|---|
Default: | 2400 |
Minimum Value: | -1 |
Number of seconds to wait between runs of the image cache manager.
Note that when using shared storage for the [DEFAULT]/instances_path
configuration option across multiple nova-compute services, this periodic
could process a large number of instances. Similarly, using a compute driver
that manages a cluster (like vmwareapi.VMwareVCDriver) could result in
processing a large number of instances. Therefore you may need to adjust the
time interval for the anticipated load, or only run on one nova-compute
service within a shared storage aggregate.
Possible values:
Related options:
[DEFAULT]/compute_driver
[DEFAULT]/instances_path
Group | Name |
---|---|
DEFAULT | image_cache_manager_interval |
subdirectory_name
¶Type: | string |
---|---|
Default: | _base |
Location of cached images.
This is NOT the full path - just a folder name relative to ‘$instances_path’. For per-compute-host cached images, set to ‘_base_$my_ip’
Group | Name |
---|---|
DEFAULT | image_cache_subdirectory_name |
remove_unused_base_images
¶Type: | boolean |
---|---|
Default: | True |
Should unused base images be removed?
Group | Name |
---|---|
DEFAULT | remove_unused_base_images |
remove_unused_original_minimum_age_seconds
¶Type: | integer |
---|---|
Default: | 86400 |
Unused unresized base images younger than this will not be removed.
Group | Name |
---|---|
DEFAULT | remove_unused_original_minimum_age_seconds |
remove_unused_resized_minimum_age_seconds
¶Type: | integer |
---|---|
Default: | 3600 |
Unused resized base images younger than this will not be removed.
Group | Name |
---|---|
libvirt | remove_unused_resized_minimum_age_seconds |
precache_concurrency
¶Type: | integer |
---|---|
Default: | 1 |
Minimum Value: | 1 |
Maximum number of compute hosts to trigger image precaching in parallel.
When an image precache request is made, compute nodes will be contacted to initiate the download. This number constrains the number of those that will happen in parallel. Higher numbers will cause more computes to work in parallel and may result in reduced time to complete the operation, but may also DDoS the image service. Lower numbers will result in more sequential operation, lower image service load, but likely longer runtime to completion.
Configuration options for Ironic driver (Bare Metal). If using the Ironic driver following options must be set: * auth_type * auth_url * project_name * username * password * project_domain_id or project_domain_name * user_domain_id or user_domain_name
api_max_retries
¶Type: | integer |
---|---|
Default: | 60 |
Minimum Value: | 0 |
The number of times to retry when a request conflicts. If set to 0, only try once, no retries.
Related options:
api_retry_interval
¶Type: | integer |
---|---|
Default: | 2 |
Minimum Value: | 0 |
The number of seconds to wait before retrying the request.
Related options:
serial_console_state_timeout
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 0 |
Timeout (seconds) to wait for node serial console state changed. Set to 0 to disable timeout.
partition_key
¶Type: | string |
---|---|
Default: | <None> |
Mutable: | This option can be changed without restarting. |
Case-insensitive key to limit the set of nodes that may be managed by this service to the set of nodes in Ironic which have a matching conductor_group property. If unset, all available nodes will be eligible to be managed by this service. Note that setting this to the empty string (""
) will match the default conductor group, and is different than leaving the option unset.
peer_list
¶Type: | list |
---|---|
Default: | [] |
Mutable: | This option can be changed without restarting. |
List of hostnames for all nova-compute services (including this host) with this partition_key config value. Nodes matching the partition_key value will be distributed between all services specified here. If partition_key is unset, this option is ignored.
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
ironic | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
auth_url
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication URL
system_scope
¶Type: | unknown type |
---|---|
Default: | <None> |
Scope for system operations
domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID to scope to
domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name to scope to
project_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Project ID to scope to
project_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Project name to scope to
project_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID containing project
project_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name containing project
trust_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Trust ID
user_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User ID
username
¶Type: | unknown type |
---|---|
Default: | <None> |
Username
Group | Name |
---|---|
ironic | user-name |
ironic | user_name |
user_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain id
user_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain name
password
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s password
service_type
¶Type: | string |
---|---|
Default: | baremetal |
The default service_type for endpoint URL discovery.
service_name
¶Type: | string |
---|---|
Default: | <None> |
The default service_name for endpoint URL discovery.
valid_interfaces
¶Type: | list |
---|---|
Default: | ['internal', 'public'] |
List of interfaces, in order of preference, for endpoint URL.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The default region_name for endpoint URL discovery.
endpoint_override
¶Type: | string |
---|---|
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
connect_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for connection errors.
connect_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
status_code_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for retriable HTTP status codes.
status_code_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
fixed_key
¶Type: | string |
---|---|
Default: | <None> |
Fixed key returned by key manager, specified in hex.
Possible values:
Group | Name |
---|---|
keymgr | fixed_key |
backend
¶Type: | string |
---|---|
Default: | barbican |
Specify the key manager implementation. Options are “barbican” and “vault”. Default is “barbican”. Will support the values earlier set using [key_manager]/api_class for some time.
Group | Name |
---|---|
key_manager | api_class |
auth_type
¶Type: | string |
---|---|
Default: | <None> |
The type of authentication credential to create. Possible values are ‘token’, ‘password’, ‘keystone_token’, and ‘keystone_password’. Required if no context is passed to the credential factory.
token
¶Type: | string |
---|---|
Default: | <None> |
Token for authentication. Required for ‘token’ and ‘keystone_token’ auth_type if no context is passed to the credential factory.
username
¶Type: | string |
---|---|
Default: | <None> |
Username for authentication. Required for ‘password’ auth_type. Optional for the ‘keystone_password’ auth_type.
password
¶Type: | string |
---|---|
Default: | <None> |
Password for authentication. Required for ‘password’ and ‘keystone_password’ auth_type.
auth_url
¶Type: | string |
---|---|
Default: | <None> |
Use this endpoint to connect to Keystone.
user_id
¶Type: | string |
---|---|
Default: | <None> |
User ID for authentication. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
user_domain_id
¶Type: | string |
---|---|
Default: | <None> |
User’s domain ID for authentication. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
user_domain_name
¶Type: | string |
---|---|
Default: | <None> |
User’s domain name for authentication. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
trust_id
¶Type: | string |
---|---|
Default: | <None> |
Trust ID for trust scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
domain_id
¶Type: | string |
---|---|
Default: | <None> |
Domain ID for domain scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
domain_name
¶Type: | string |
---|---|
Default: | <None> |
Domain name for domain scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
project_id
¶Type: | string |
---|---|
Default: | <None> |
Project ID for project scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
project_name
¶Type: | string |
---|---|
Default: | <None> |
Project name for project scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
project_domain_id
¶Type: | string |
---|---|
Default: | <None> |
Project’s domain ID for project. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
project_domain_name
¶Type: | string |
---|---|
Default: | <None> |
Project’s domain name for project. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
reauthenticate
¶Type: | boolean |
---|---|
Default: | True |
Allow fetching a new token if the current one is going to expire. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
Configuration options for the identity service
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
service_type
¶Type: | string |
---|---|
Default: | identity |
The default service_type for endpoint URL discovery.
service_name
¶Type: | string |
---|---|
Default: | <None> |
The default service_name for endpoint URL discovery.
valid_interfaces
¶Type: | list |
---|---|
Default: | ['internal', 'public'] |
List of interfaces, in order of preference, for endpoint URL.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The default region_name for endpoint URL discovery.
endpoint_override
¶Type: | string |
---|---|
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
connect_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for connection errors.
connect_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
status_code_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for retriable HTTP status codes.
status_code_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
www_authenticate_uri
¶Type: | string |
---|---|
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.
Group | Name |
---|---|
keystone_authtoken | auth_uri |
auth_uri
¶Type: | string |
---|---|
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release.
Warning
This option is deprecated for removal since Queens. Its value may be silently ignored in the future.
Reason: | The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release. |
---|
auth_version
¶Type: | string |
---|---|
Default: | <None> |
API version of the Identity API endpoint.
interface
¶Type: | string |
---|---|
Default: | internal |
Interface to use for the Identity API endpoint. Valid values are “public”, “internal” (default) or “admin”.
delay_auth_decision
¶Type: | boolean |
---|---|
Default: | False |
Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
http_connect_timeout
¶Type: | integer |
---|---|
Default: | <None> |
Request timeout value for communicating with Identity API server.
http_request_max_retries
¶Type: | integer |
---|---|
Default: | 3 |
How many times are we trying to reconnect when communicating with Identity API Server.
cache
¶Type: | string |
---|---|
Default: | <None> |
Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers
option instead.
certfile
¶Type: | string |
---|---|
Default: | <None> |
Required if identity server requires client certificate
keyfile
¶Type: | string |
---|---|
Default: | <None> |
Required if identity server requires client certificate
cafile
¶Type: | string |
---|---|
Default: | <None> |
A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The region in which the identity server can be found.
memcached_servers
¶Type: | list |
---|---|
Default: | <None> |
Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
Group | Name |
---|---|
keystone_authtoken | memcache_servers |
token_cache_time
¶Type: | integer |
---|---|
Default: | 300 |
In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
memcache_security_strategy
¶Type: | string |
---|---|
Default: | None |
Valid Values: | None, MAC, ENCRYPT |
(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
memcache_secret_key
¶Type: | string |
---|---|
Default: | <None> |
(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
memcache_pool_dead_retry
¶Type: | integer |
---|---|
Default: | 300 |
(Optional) Number of seconds memcached server is considered dead before it is tried again.
memcache_pool_maxsize
¶Type: | integer |
---|---|
Default: | 10 |
(Optional) Maximum total number of open connections to every memcached server.
memcache_pool_socket_timeout
¶Type: | integer |
---|---|
Default: | 3 |
(Optional) Socket timeout in seconds for communicating with a memcached server.
memcache_pool_unused_timeout
¶Type: | integer |
---|---|
Default: | 60 |
(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
memcache_pool_conn_get_timeout
¶Type: | integer |
---|---|
Default: | 10 |
(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
memcache_use_advanced_pool
¶Type: | boolean |
---|---|
Default: | False |
(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
include_service_catalog
¶Type: | boolean |
---|---|
Default: | True |
(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
enforce_token_bind
¶Type: | string |
---|---|
Default: | permissive |
Used to control the use and type of token binding. Can be set to: “disabled” to not check token binding. “permissive” (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. “strict” like “permissive” but if the bind type is unknown the token will be rejected. “required” any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
service_token_roles
¶Type: | list |
---|---|
Default: | ['service'] |
A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.
service_token_roles_required
¶Type: | boolean |
---|---|
Default: | False |
For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.
service_type
¶Type: | string |
---|---|
Default: | <None> |
The name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
keystone_authtoken | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
Libvirt options allows cloud administrator to configure related libvirt hypervisor driver to be used within an OpenStack deployment.
Almost all of the libvirt config options are influence by virt_type
config
which describes the virtualization type (or so called domain type) libvirt
should use for specific features such as live migration, snapshot.
rescue_image_id
¶Type: | string |
---|---|
Default: | <None> |
The ID of the image to boot from to rescue data from a corrupted instance.
If the rescue REST API operation doesn’t provide an ID of an image to use, the image which is referenced by this ID is used. If this option is not set, the image from the instance is used.
Possible values:
rescue_kernel_id
and rescue_ramdisk_id
too. If nothing is set, the image of the instance
is used.Related options:
rescue_kernel_id
: If the chosen rescue image allows the separate
definition of its kernel disk, the value of this option is used,
if specified. This is the case when Amazon’s AMI/AKI/ARI image
format is used for the rescue image.rescue_ramdisk_id
: If the chosen rescue image allows the separate
definition of its RAM disk, the value of this option is used if,
specified. This is the case when Amazon’s AMI/AKI/ARI image
format is used for the rescue image.rescue_kernel_id
¶Type: | string |
---|---|
Default: | <None> |
The ID of the kernel (AKI) image to use with the rescue image.
If the chosen rescue image allows the separate definition of its kernel disk, the value of this option is used, if specified. This is the case when Amazon’s AMI/AKI/ARI image format is used for the rescue image.
Possible values:
Related options:
rescue_image_id
: If that option points to an image in Amazon’s
AMI/AKI/ARI image format, it’s useful to use rescue_kernel_id
too.rescue_ramdisk_id
¶Type: | string |
---|---|
Default: | <None> |
The ID of the RAM disk (ARI) image to use with the rescue image.
If the chosen rescue image allows the separate definition of its RAM disk, the value of this option is used, if specified. This is the case when Amazon’s AMI/AKI/ARI image format is used for the rescue image.
Possible values:
Related options:
rescue_image_id
: If that option points to an image in Amazon’s
AMI/AKI/ARI image format, it’s useful to use rescue_ramdisk_id
too.virt_type
¶Type: | string |
---|---|
Default: | kvm |
Valid Values: | kvm, lxc, qemu, uml, xen, parallels |
Describes the virtualization type (or so called domain type) libvirt should use.
The choice of this type must match the underlying virtualization strategy you have chosen for this host.
Related options:
connection_uri
: depends on thisdisk_prefix
: depends on thiscpu_mode
: depends on thiscpu_models
: depends on thisconnection_uri
¶Type: | string |
---|---|
Default: | '' |
Overrides the default libvirt URI of the chosen virtualization type.
If set, Nova will use this URI to connect to libvirt.
Possible values:
qemu:///system
or xen+ssh://oirase/
for example.
This is only necessary if the URI differs to the commonly known URIs
for the chosen virtualization type.Related options:
virt_type
: Influences what is used as default value here.inject_password
¶Type: | boolean |
---|---|
Default: | False |
Allow the injection of an admin password for instance only at create
and
rebuild
process.
There is no agent needed within the image to do this. If libguestfs is available on the host, it will be used. Otherwise nbd is used. The file system of the image will be mounted and the admin password, which is provided in the REST API call will be injected as password for the root user. If no root user is available, the instance won’t be launched and an error is thrown. Be aware that the injection is not possible when the instance gets launched from a volume.
Linux distribution guest only.
Possible values:
Related options:
inject_partition
: That option will decide about the discovery and usage
of the file system. It also can disable the injection at all.inject_key
¶Type: | boolean |
---|---|
Default: | False |
Allow the injection of an SSH key at boot time.
There is no agent needed within the image to do this. If libguestfs is
available on the host, it will be used. Otherwise nbd is used. The file
system of the image will be mounted and the SSH key, which is provided
in the REST API call will be injected as SSH key for the root user and
appended to the authorized_keys
of that user. The SELinux context will
be set if necessary. Be aware that the injection is not possible when the
instance gets launched from a volume.
This config option will enable directly modifying the instance disk and does not affect what cloud-init may do using data from config_drive option or the metadata service.
Linux distribution guest only.
Related options:
inject_partition
: That option will decide about the discovery and usage
of the file system. It also can disable the injection at all.inject_partition
¶Type: | integer |
---|---|
Default: | -2 |
Minimum Value: | -2 |
Determines the way how the file system is chosen to inject data into it.
libguestfs will be used a first solution to inject data. If that’s not available on the host, the image will be locally mounted on the host as a fallback solution. If libguestfs is not able to determine the root partition (because there are more or less than one root partition) or cannot mount the file system it will result in an error and the instance won’t be boot.
Possible values:
Linux distribution guest only.
Related options:
inject_key
: If this option allows the injection of a SSH key it depends
on value greater or equal to -1 for inject_partition
.inject_password
: If this option allows the injection of an admin password
it depends on value greater or equal to -1 for inject_partition
.guestfs
You can enable the debug log level of libguestfs with this
config option. A more verbose output will help in debugging issues.virt_type
: If you use lxc
as virt_type it will be treated as a
single partition imageuse_usb_tablet
¶Type: | boolean |
---|---|
Default: | True |
Enable a mouse cursor within a graphical VNC or SPICE sessions.
This will only be taken into account if the VM is fully virtualized and VNC and/or SPICE is enabled. If the node doesn’t support a graphical framebuffer, then it is valid to set this to False.
Related options:
[vnc]enabled
: If VNC is enabled, use_usb_tablet
will have an effect.[spice]enabled
+ [spice].agent_enabled
: If SPICE is enabled and the
spice agent is disabled, the config value of use_usb_tablet
will have
an effect.Warning
This option is deprecated for removal since 14.0.0. Its value may be silently ignored in the future.
Reason: | This option is being replaced by the ‘pointer_model’ option. |
---|
live_migration_scheme
¶Type: | string |
---|---|
Default: | <None> |
URI scheme used for live migration.
Override the default libvirt live migration scheme (which is dependent on virt_type). If this option is set to None, nova will automatically choose a sensible default based on the hypervisor. It is not recommended that you change this unless you are very sure that hypervisor supports a particular scheme.
Related options:
virt_type
: This option is meaningful only when virt_type
is set to
kvm or qemu.live_migration_uri
: If live_migration_uri
value is not None, the
scheme used for live migration is taken from live_migration_uri
instead.live_migration_inbound_addr
¶Type: | host address |
---|---|
Default: | <None> |
Target used for live migration traffic.
If this option is set to None, the hostname of the migration target compute node will be used.
This option is useful in environments where the live-migration traffic can impact the network plane significantly. A separate network for live-migration traffic can then use this config option and avoids the impact on the management network.
Related options:
live_migration_tunnelled
: The live_migration_inbound_addr value is
ignored if tunneling is enabled.live_migration_uri
¶Type: | string |
---|---|
Default: | <None> |
Live migration target URI to use.
Override the default libvirt live migration target URI (which is dependent on virt_type). Any included “%s” is replaced with the migration target hostname.
If this option is set to None (which is the default), Nova will automatically generate the live_migration_uri value based on only 4 supported virt_type in following list:
Related options:
live_migration_inbound_addr
: If live_migration_inbound_addr
value
is not None and live_migration_tunnelled
is False, the ip/hostname
address of target compute node is used instead of live_migration_uri
as
the uri for live migration.live_migration_scheme
: If live_migration_uri
is not set, the scheme
used for live migration is taken from live_migration_scheme
instead.Warning
This option is deprecated for removal since 15.0.0. Its value may be silently ignored in the future.
Reason: | live_migration_uri is deprecated for removal in favor of two other options that allow to change live migration scheme and target URI: live_migration_scheme and live_migration_inbound_addr respectively. |
---|
live_migration_tunnelled
¶Type: | boolean |
---|---|
Default: | False |
Enable tunnelled migration.
This option enables the tunnelled migration feature, where migration data is transported over the libvirtd connection. If enabled, we use the VIR_MIGRATE_TUNNELLED migration flag, avoiding the need to configure the network to allow direct hypervisor to hypervisor communication. If False, use the native transport. If not set, Nova will choose a sensible default based on, for example the availability of native encryption support in the hypervisor. Enabling this option will definitely impact performance massively.
Note that this option is NOT compatible with use of block migration.
Related options:
live_migration_inbound_addr
: The live_migration_inbound_addr value is
ignored if tunneling is enabled.live_migration_bandwidth
¶Type: | integer |
---|---|
Default: | 0 |
Maximum bandwidth(in MiB/s) to be used during migration.
If set to 0, the hypervisor will choose a suitable default. Some hypervisors do not support this feature and will return an error if bandwidth is not 0. Please refer to the libvirt documentation for further details.
live_migration_downtime
¶Type: | integer |
---|---|
Default: | 500 |
Minimum Value: | 100 |
Maximum permitted downtime, in milliseconds, for live migration switchover.
Will be rounded up to a minimum of 100ms. You can increase this value if you want to allow live-migrations to complete faster, or avoid live-migration timeout errors by allowing the guest to be paused for longer during the live-migration switch over.
Related options:
live_migration_downtime_steps
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 3 |
Number of incremental steps to reach max downtime value.
Will be rounded up to a minimum of 3 steps.
live_migration_downtime_delay
¶Type: | integer |
---|---|
Default: | 75 |
Minimum Value: | 3 |
Time to wait, in seconds, between each step increase of the migration downtime.
Minimum delay is 3 seconds. Value is per GiB of guest RAM + disk to be transferred, with lower bound of a minimum of 2 GiB per device.
live_migration_completion_timeout
¶Type: | integer |
---|---|
Default: | 800 |
Minimum Value: | 0 |
Mutable: | This option can be changed without restarting. |
Time to wait, in seconds, for migration to successfully complete transferring data before aborting the operation.
Value is per GiB of guest RAM + disk to be transferred, with lower bound of a minimum of 2 GiB. Should usually be larger than downtime delay * downtime steps. Set to 0 to disable timeouts.
Related options:
live_migration_timeout_action
¶Type: | string |
---|---|
Default: | abort |
Valid Values: | abort, force_complete |
Mutable: | This option can be changed without restarting. |
This option will be used to determine what action will be taken against a
VM after live_migration_completion_timeout
expires. By default, the live
migrate operation will be aborted after completion timeout. If it is set to
force_complete
, the compute service will either pause the VM or trigger
post-copy depending on if post copy is enabled and available
(live_migration_permit_post_copy
is set to True).
Related options:
live_migration_permit_post_copy
¶Type: | boolean |
---|---|
Default: | False |
This option allows nova to switch an on-going live migration to post-copy mode, i.e., switch the active VM to the one on the destination node before the migration is complete, therefore ensuring an upper bound on the memory that needs to be transferred. Post-copy requires libvirt>=1.3.3 and QEMU>=2.5.0.
When permitted, post-copy mode will be automatically activated if
we reach the timeout defined by live_migration_completion_timeout
and
live_migration_timeout_action
is set to ‘force_complete’. Note if you
change to no timeout or choose to use ‘abort’,
i.e. live_migration_completion_timeout = 0
, then there will be no
automatic switch to post-copy.
The live-migration force complete API also uses post-copy when permitted. If post-copy mode is not available, force complete falls back to pausing the VM to ensure the live-migration operation will complete.
When using post-copy mode, if the source and destination hosts lose network connectivity, the VM being live-migrated will need to be rebooted. For more details, please see the Administration guide.
Related options:
live_migration_permit_auto_converge
¶Type: | boolean |
---|---|
Default: | False |
This option allows nova to start live migration with auto converge on.
Auto converge throttles down CPU if a progress of on-going live migration is slow. Auto converge will only be used if this flag is set to True and post copy is not permitted or post copy is unavailable due to the version of libvirt and QEMU in use.
Related options:
- live_migration_permit_post_copy
snapshot_image_format
¶Type: | string |
---|---|
Default: | <None> |
Valid Values: | raw, qcow2, vmdk, vdi |
Determine the snapshot image format when sending to the image service.
If set, this decides what format is used when sending the snapshot to the image service. If not set, defaults to same type as source image.
Possible values
live_migration_with_native_tls
¶Type: | boolean |
---|---|
Default: | False |
Use QEMU-native TLS encryption when live migrating.
This option will allow both migration stream (guest RAM plus device state) and disk stream to be transported over native TLS, i.e. TLS support built into QEMU.
Prerequisite: TLS environment is configured correctly on all relevant Compute nodes. This means, Certificate Authority (CA), server, client certificates, their corresponding keys, and their file permisssions are in place, and are validated.
Notes:
live_migration_with_native_tls
is the
preferred config attribute instead of live_migration_tunnelled
.live_migration_tunnelled
will be deprecated in the long-term
for two main reasons: (a) it incurs a huge performance penalty; and
(b) it is not compatible with block migration. Therefore, if your
compute nodes have at least libvirt 4.4.0 and QEMU 2.11.0, it is
strongly recommended to use live_migration_with_native_tls
.live_migration_tunnelled
and
live_migration_with_native_tls
should not be used at the same
time.live_migration_tunnelled
, the
live_migration_with_native_tls
is compatible with block
migration. That is, with this option, NBD stream, over which disks
are migrated to a target host, will be encrypted.Related options:
live_migration_tunnelled
: This transports migration stream (but not
disk stream) over libvirtd.
disk_prefix
¶Type: | string |
---|---|
Default: | <None> |
Override the default disk prefix for the devices attached to an instance.
If set, this is used to identify a free disk device name for a bus.
Possible values:
Related options:
virt_type
: Influences which device type is used, which determines
the default disk prefix.wait_soft_reboot_seconds
¶Type: | integer |
---|---|
Default: | 120 |
Number of seconds to wait for instance to shut down after soft reboot request is made. We fall back to hard reboot if instance does not shutdown within this window.
cpu_mode
¶Type: | string |
---|---|
Default: | <None> |
Valid Values: | host-model, host-passthrough, custom, none |
Is used to set the CPU mode an instance should have.
If virt_type="kvm|qemu"
, it will default to host-model
, otherwise it
will default to none
.
Related options:
cpu_models
: This should be set ONLY when cpu_mode
is set to
custom
. Otherwise, it would result in an error and the instance launch
will fail.Possible values
[libvirt]cpu_models
[libvirt] virt_type
as KVM/QEMU, the default CPU model from QEMU will be used, which provides a basic set of CPU features that are compatible with most hostscpu_models
¶Type: | list |
---|---|
Default: | [] |
An ordered list of CPU models the host supports.
It is expected that the list is ordered so that the more common and less
advanced CPU models are listed earlier. Here is an example:
SandyBridge,IvyBridge,Haswell,Broadwell
, the latter CPU model’s features is
richer that the previous CPU model.
Possible values:
/usr/share/libvirt/cpu_map.xml
for
libvirt prior to version 4.7.0 or /usr/share/libvirt/cpu_map/*.xml
for version 4.7.0 and higher.Related options:
cpu_mode
: This should be set to custom
ONLY when you want to
configure (via cpu_models
) a specific named CPU model. Otherwise, it
would result in an error and the instance launch will fail.virt_type
: Only the virtualization types kvm
and qemu
use this.Note
Be careful to only specify models which can be fully supported in hardware.
Group | Name |
---|---|
libvirt | cpu_model |
cpu_model_extra_flags
¶Type: | list |
---|---|
Default: | [] |
This allows specifying granular CPU feature flags when configuring CPU
models. For example, to explicitly specify the pcid
(Process-Context ID, an Intel processor feature – which is now required
to address the guest performance degradation as a result of applying the
“Meltdown” CVE fixes to certain Intel CPU models) flag to the
“IvyBridge” virtual CPU model:
[libvirt]
cpu_mode = custom
cpu_models = IvyBridge
cpu_model_extra_flags = pcid
To specify multiple CPU flags (e.g. the Intel VMX
to expose the
virtualization extensions to the guest, or pdpe1gb
to configure 1GB
huge pages for CPU models that do not provide it):
[libvirt]
cpu_mode = custom
cpu_models = Haswell-noTSX-IBRS
cpu_model_extra_flags = PCID, VMX, pdpe1gb
As it can be noticed from above, the cpu_model_extra_flags
config
attribute is case insensitive. And specifying extra flags is valid in
combination with all the three possible values for cpu_mode
:
custom
(this also requires an explicit cpu_models
to be
specified), host-model
, or host-passthrough
. A valid example
for allowing extra CPU flags even for host-passthrough
mode is that
sometimes QEMU may disable certain CPU features – e.g. Intel’s
“invtsc”, Invariable Time Stamp Counter, CPU flag. And if you need to
expose that CPU flag to the Nova instance, the you need to explicitly
ask for it.
The possible values for cpu_model_extra_flags
depends on the CPU
model in use. Refer to /usr/share/libvirt/cpu_map.xml
for libvirt
prior to version 4.7.0 or /usr/share/libvirt/cpu_map/*.xml
thereafter
for possible CPU feature flags for a given CPU model.
Note that when using this config attribute to set the ‘PCID’ CPU flag
with the custom
CPU mode, not all virtual (i.e. libvirt / QEMU) CPU
models need it:
The libvirt driver’s default CPU mode, host-model
, will do the right
thing with respect to handling ‘PCID’ CPU flag for the guest –
assuming you are running updated processor microcode, host and guest
kernel, libvirt, and QEMU. The other mode, host-passthrough
, checks
if ‘PCID’ is available in the hardware, and if so directly passes it
through to the Nova guests. Thus, in context of ‘PCID’, with either of
these CPU modes (host-model
or host-passthrough
), there is no
need to use the cpu_model_extra_flags
.
Related options:
snapshots_directory
¶Type: | string |
---|---|
Default: | $instances_path/snapshots |
Location where libvirt driver will store snapshots before uploading them to image service
xen_hvmloader_path
¶Type: | string |
---|---|
Default: | /usr/lib/xen/boot/hvmloader |
Location where the Xen hvmloader is kept
disk_cachemodes
¶Type: | list |
---|---|
Default: | [] |
Specific cache modes to use for different disk types.
For example: file=directsync,block=none,network=writeback
For local or direct-attached storage, it is recommended that you use writethrough (default) mode, as it ensures data integrity and has acceptable I/O performance for applications running in the guest, especially for read operations. However, caching mode none is recommended for remote NFS storage, because direct I/O operations (O_DIRECT) perform better than synchronous I/O operations (with O_SYNC). Caching mode none effectively turns all guest I/O operations into direct I/O operations on the host, which is the NFS client in this environment.
Possible cache modes:
none
, if the host
file system is capable of Linux’s ‘O_DIRECT’ semantics; otherwise
writeback
. For volume drivers, the default is driver-dependent:
none
for everything except for SMBFS and Virtuzzo (which use
writeback
).rng_dev_path
¶Type: | string |
---|---|
Default: | /dev/urandom |
The path to an RNG (Random Number Generator) device that will be used as
the source of entropy on the host. Since libvirt 1.3.4, any path (that
returns random numbers when read) is accepted. The recommended source
of entropy is /dev/urandom
– it is non-blocking, therefore
relatively fast; and avoids the limitations of /dev/random
, which is
a legacy interface. For more details (and comparision between different
RNG sources), refer to the “Usage” section in the Linux kernel API
documentation for [u]random
:
http://man7.org/linux/man-pages/man4/urandom.4.html and
http://man7.org/linux/man-pages/man7/random.7.html.
hw_machine_type
¶Type: | list |
---|---|
Default: | <None> |
For qemu or KVM guests, set this option to specify a default machine type per host architecture. You can find a list of supported machine types in your environment by checking the output of the virsh capabilities command. The format of the value for this config option is host-arch=machine-type
. For example: x86_64=machinetype1,armv7l=machinetype2
.
sysinfo_serial
¶Type: | string |
---|---|
Default: | unique |
Valid Values: | none, os, hardware, auto, unique |
The data source used to the populate the host “serial” UUID exposed to guest
in the virtual BIOS. All choices except unique
will change the serial when
migrating the instance to another host. Changing the choice of this option will
also affect existing instances on this host once they are stopped and started
again. It is recommended to use the default choice (unique
) since that will
not change when an instance is migrated. However, if you have a need for
per-host serials in addition to per-instance serial numbers, then consider
restricting flavors via host aggregates.
Possible values
/etc/machine-id
file.libvirtd.conf
.mem_stats_period_seconds
¶Type: | integer |
---|---|
Default: | 10 |
A number of seconds to memory usage statistics period. Zero or negative value mean to disable memory usage statistics.
uid_maps
¶Type: | list |
---|---|
Default: | [] |
List of uid targets and ranges.Syntax is guest-uid:host-uid:count. Maximum of 5 allowed.
gid_maps
¶Type: | list |
---|---|
Default: | [] |
List of guid targets and ranges.Syntax is guest-gid:host-gid:count. Maximum of 5 allowed.
realtime_scheduler_priority
¶Type: | integer |
---|---|
Default: | 1 |
In a realtime host context vCPUs for guest will run in that scheduling priority. Priority depends on the host kernel (usually 1-99)
enabled_perf_events
¶Type: | list |
---|---|
Default: | [] |
Performance events to monitor and collect statistics for.
This will allow you to specify a list of events to monitor low-level
performance of guests, and collect related statistics via the libvirt
driver, which in turn uses the Linux kernel’s perf
infrastructure.
With this config attribute set, Nova will generate libvirt guest XML to
monitor the specified events.
For example, to monitor the count of CPU cycles (total/elapsed) and the count of cache misses, enable them as follows:
[libvirt]
enabled_perf_events = cpu_clock, cache_misses
Possible values: A string list. The list of supported events can be
found here. Note that Intel CMT events - cmt
, mbmbt
and
mbml
- are unsupported by recent Linux kernel versions (4.14+) and will be
ignored by nova.
num_pcie_ports
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Maximum Value: | 28 |
The number of PCIe ports an instance will get.
Libvirt allows a custom number of PCIe ports (pcie-root-port controllers) a target instance will get. Some will be used by default, rest will be available for hotplug use.
By default we have just 1-2 free ports which limits hotplug.
More info: https://github.com/qemu/qemu/blob/master/docs/pcie.txt
Due to QEMU limitations for aarch64/virt maximum value is set to ‘28’.
Default value ‘0’ moves calculating amount of ports to libvirt.
file_backed_memory
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Available capacity in MiB for file-backed memory.
Set to 0 to disable file-backed memory.
When enabled, instances will create memory files in the directory specified
in /etc/libvirt/qemu.conf
’s memory_backing_dir
option. The default
location is /var/lib/libvirt/qemu/ram
.
When enabled, the value defined for this option is reported as the node memory capacity. Compute node system memory will be used as a cache for file-backed memory, via the kernel’s pagecache mechanism.
Note
This feature is not compatible with hugepages.
Note
This feature is not compatible with memory overcommit.
Related options:
virt_type
must be set to kvm
or qemu
.ram_allocation_ratio
must be set to 1.0.num_memory_encrypted_guests
¶Type: | integer |
---|---|
Default: | <None> |
Minimum Value: | 0 |
Maximum number of guests with encrypted memory which can run concurrently on this compute host.
For now this is only relevant for AMD machines which support SEV (Secure Encrypted Virtualization). Such machines have a limited number of slots in their memory controller for storing encryption keys. Each running guest with encrypted memory will consume one of these slots.
The option may be reused for other equivalent technologies in the future. If the machine does not support memory encryption, the option will be ignored and inventory will be set to 0.
If the machine does support memory encryption, for now a value of
None
means an effectively unlimited inventory, i.e. no limit will
be imposed by Nova on the number of SEV guests which can be launched,
even though the underlying hardware will enforce its own limit.
However it is expected that in the future, auto-detection of the
inventory from the hardware will become possible, at which point
None
will cause auto-detection to automatically impose the correct
limit.
Note
It is recommended to read the deployment documentation’s section on this option before deciding whether to configure this setting or leave it at the default.
Related options:
libvirt.virt_type
must be set to kvm
.x86_64=q35
in
libvirt.hw_machine_type
; see
Deploying SEV-capable infrastructure for more on this.images_type
¶Type: | string |
---|---|
Default: | default |
Valid Values: | raw, flat, qcow2, lvm, rbd, ploop, default |
VM Images format.
If default is specified, then use_cow_images flag is used instead of this one.
Related options:
images_volume_group
¶Type: | string |
---|---|
Default: | <None> |
LVM Volume Group that is used for VM images, when you specify images_type=lvm
Related options:
sparse_logical_volumes
¶Type: | boolean |
---|---|
Default: | False |
Create sparse logical volumes (with virtualsize) if this flag is set to True.
Warning
This option is deprecated for removal since 18.0.0. Its value may be silently ignored in the future.
Reason: | Sparse logical volumes is a feature that is not tested hence not supported. LVM logical volumes are preallocated by default. If you want thin provisioning, use Cinder thin-provisioned volumes. |
---|
images_rbd_pool
¶Type: | string |
---|---|
Default: | rbd |
The RADOS pool in which rbd volumes are stored
images_rbd_ceph_conf
¶Type: | string |
---|---|
Default: | '' |
Path to the ceph configuration file to use
images_rbd_glance_store_name
¶Type: | string |
---|---|
Default: | '' |
The name of the Glance store that represents the rbd cluster in use by this node. If set, this will allow Nova to request that Glance copy an image from an existing non-local store into the one named by this option before booting so that proper Copy-on-Write behavior is maintained.
Related options:
rbd
images_rbd_glance_copy_poll_interval
¶Type: | integer |
---|---|
Default: | 15 |
The interval in seconds with which to poll Glance after asking for it to copy an image to the local rbd store. This affects how often we ask Glance to report on copy completion, and thus should be short enough that we notice quickly, but not too aggressive that we generate undue load on the Glance server.
Related options:
rbd
images_rbd_glance_copy_timeout
¶Type: | integer |
---|---|
Default: | 600 |
The overall maximum time we will wait for Glance to complete an image copy to our local rbd store. This should be long enough to allow large images to be copied over the network link between our local store and the one where images typically reside. The downside of setting this too long is just to catch the case where the image copy is stalled or proceeding too slowly to be useful. Actual errors will be reported by Glance and noticed according to the poll interval.
Related options:
* images_type - must be set to rbd
* images_rbd_glance_store_name - must be set to a store name
* images_rbd_glance_copy_poll_interval - controls the failure time-to-notice
hw_disk_discard
¶Type: | string |
---|---|
Default: | <None> |
Valid Values: | ignore, unmap |
Discard option for nova managed disks.
Requires:
volume_clear
¶Type: | string |
---|---|
Default: | zero |
Valid Values: | zero, shred, none |
Method used to wipe ephemeral disks when they are deleted. Only takes effect if LVM is set as backing storage.
Related options:
lvm
Possible values
volume_clear_size
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | 0 |
Size of area in MiB, counting from the beginning of the allocated volume,
that will be cleared using method set in volume_clear
option.
Possible values:
Related options:
lvm
none
for this option to have any impactsnapshot_compression
¶Type: | boolean |
---|---|
Default: | False |
Enable snapshot compression for qcow2
images.
Note: you can set snapshot_image_format
to qcow2
to force all
snapshots to be in qcow2
format, independently from their original image
type.
Related options:
use_virtio_for_bridges
¶Type: | boolean |
---|---|
Default: | True |
Use virtio for bridge interfaces with KVM/QEMU
volume_use_multipath
¶Type: | boolean |
---|---|
Default: | False |
Use multipath connection of the iSCSI or FC volume
Volumes can be connected in the LibVirt as multipath devices. This will provide high availability and fault tolerance.
Group | Name |
---|---|
libvirt | iscsi_use_multipath |
num_volume_scan_tries
¶Type: | integer |
---|---|
Default: | 5 |
Number of times to scan given storage protocol to find volume.
Group | Name |
---|---|
libvirt | num_iscsi_scan_tries |
num_aoe_discover_tries
¶Type: | integer |
---|---|
Default: | 3 |
Number of times to rediscover AoE target to find volume.
Nova provides support for block storage attaching to hosts via AOE (ATA over Ethernet). This option allows the user to specify the maximum number of retry attempts that can be made to discover the AoE device.
iscsi_iface
¶Type: | string |
---|---|
Default: | <None> |
The iSCSI transport iface to use to connect to target in case offload support is desired.
Default format is of the form <transport_name>.<hwaddress> where <transport_name> is one of (be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx, ocs) and <hwaddress> is the MAC address of the interface and can be generated via the iscsiadm -m iface command. Do not confuse the iscsi_iface parameter to be provided here with the actual transport name.
Group | Name |
---|---|
libvirt | iscsi_transport |
num_iser_scan_tries
¶Type: | integer |
---|---|
Default: | 5 |
Number of times to scan iSER target to find volume.
iSER is a server network protocol that extends iSCSI protocol to use Remote Direct Memory Access (RDMA). This option allows the user to specify the maximum number of scan attempts that can be made to find iSER volume.
iser_use_multipath
¶Type: | boolean |
---|---|
Default: | False |
Use multipath connection of the iSER volume.
iSER volumes can be connected as multipath devices. This will provide high availability and fault tolerance.
rbd_user
¶Type: | string |
---|---|
Default: | <None> |
The RADOS client name for accessing rbd(RADOS Block Devices) volumes.
Libvirt will refer to this user when connecting and authenticating with the Ceph RBD server.
rbd_secret_uuid
¶Type: | string |
---|---|
Default: | <None> |
The libvirt UUID of the secret for the rbd_user volumes.
rbd_connect_timeout
¶Type: | integer |
---|---|
Default: | 5 |
The RADOS client timeout in seconds when initially connecting to the cluster.
rbd_destroy_volume_retry_interval
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | 0 |
Number of seconds to wait between each consecutive retry to destroy a RBD volume.
Related options:
rbd_destroy_volume_retries
¶Type: | integer |
---|---|
Default: | 12 |
Minimum Value: | 0 |
Number of retries to destroy a RBD volume.
Related options:
nfs_mount_point_base
¶Type: | string |
---|---|
Default: | $state_path/mnt |
Directory where the NFS volume is mounted on the compute node. The default is ‘mnt’ directory of the location where nova’s Python module is installed.
NFS provides shared storage for the OpenStack Block Storage service.
Possible values:
nfs_mount_options
¶Type: | string |
---|---|
Default: | <None> |
Mount options passed to the NFS client. See section of the nfs man page for details.
Mount options controls the way the filesystem is mounted and how the NFS client behaves when accessing files on this mount point.
Possible values:
quobyte_mount_point_base
¶Type: | string |
---|---|
Default: | $state_path/mnt |
Directory where the Quobyte volume is mounted on the compute node.
Nova supports Quobyte volume driver that enables storing Block Storage service volumes on a Quobyte storage back end. This Option specifies the path of the directory where Quobyte volume is mounted.
Possible values:
quobyte_client_cfg
¶Type: | string |
---|---|
Default: | <None> |
Path to a Quobyte Client configuration file.
smbfs_mount_point_base
¶Type: | string |
---|---|
Default: | $state_path/mnt |
Directory where the SMBFS shares are mounted on the compute node.
smbfs_mount_options
¶Type: | string |
---|---|
Default: | '' |
Mount options passed to the SMBFS client.
Provide SMBFS options as a single string containing all parameters.
See mount.cifs man page for details. Note that the libvirt-qemu uid
and gid
must be specified.
remote_filesystem_transport
¶Type: | string |
---|---|
Default: | ssh |
Valid Values: | ssh, rsync |
libvirt’s transport method for remote file operations.
Because libvirt cannot use RPC to copy files over network to/from other compute nodes, other method must be used for:
vzstorage_mount_point_base
¶Type: | string |
---|---|
Default: | $state_path/mnt |
Directory where the Virtuozzo Storage clusters are mounted on the compute node.
This option defines non-standard mountpoint for Vzstorage cluster.
Related options:
vzstorage_mount_user
¶Type: | string |
---|---|
Default: | stack |
Mount owner user name.
This option defines the owner user of Vzstorage cluster mountpoint.
Related options:
vzstorage_mount_group
¶Type: | string |
---|---|
Default: | qemu |
Mount owner group name.
This option defines the owner group of Vzstorage cluster mountpoint.
Related options:
vzstorage_mount_perms
¶Type: | string |
---|---|
Default: | 0770 |
Mount access mode.
This option defines the access bits of Vzstorage cluster mountpoint, in the format similar to one of chmod(1) utility, like this: 0770. It consists of one to four digits ranging from 0 to 7, with missing lead digits assumed to be 0’s.
Related options:
vzstorage_log_path
¶Type: | string |
---|---|
Default: | /var/log/vstorage/%(cluster_name)s/nova.log.gz |
Path to vzstorage client log.
This option defines the log of cluster operations, it should include “%(cluster_name)s” template to separate logs from multiple shares.
Related options:
vzstorage_cache_path
¶Type: | string |
---|---|
Default: | <None> |
Path to the SSD cache file.
You can attach an SSD drive to a client and configure the drive to store a local cache of frequently accessed data. By having a local cache on a client’s SSD drive, you can increase the overall cluster performance by up to 10 and more times. WARNING! There is a lot of SSD models which are not server grade and may loose arbitrary set of data changes on power loss. Such SSDs should not be used in Vstorage and are dangerous as may lead to data corruptions and inconsistencies. Please consult with the manual on which SSD models are known to be safe or verify it using vstorage-hwflush-check(1) utility.
This option defines the path which should include “%(cluster_name)s” template to separate caches from multiple shares.
Related options:
vzstorage_mount_opts
¶Type: | list |
---|---|
Default: | [] |
Extra mount options for pstorage-mount
For full description of them, see https://static.openvz.org/vz-man/man1/pstorage-mount.1.gz.html Format is a python string representation of arguments list, like: “[‘-v’, ‘-R’, ‘500’]” Shouldn’t include -c, -l, -C, -u, -g and -m as those have explicit vzstorage_* options.
Related options:
rx_queue_size
¶Type: | unknown type |
---|---|
Default: | <None> |
Valid Values: | 256, 512, 1024 |
Configure virtio rx queue size.
This option is only usable for virtio-net device with vhost and vhost-user backend. Available only with QEMU/KVM. Requires libvirt v2.3 QEMU v2.7.
tx_queue_size
¶Type: | unknown type |
---|---|
Default: | <None> |
Valid Values: | 256, 512, 1024 |
Configure virtio tx queue size.
This option is only usable for virtio-net device with vhost-user backend. Available only with QEMU/KVM. Requires libvirt v3.7 QEMU v2.10.
max_queues
¶Type: | integer |
---|---|
Default: | <None> |
Minimum Value: | 1 |
The maximum number of virtio queue pairs that can be enabled when creating a multiqueue guest. The number of virtio queues allocated will be the lesser of the CPUs requested by the guest and the max value defined. By default, this value is set to none meaning the legacy limits based on the reported kernel major version will be used.
num_nvme_discover_tries
¶Type: | integer |
---|---|
Default: | 5 |
Number of times to rediscover NVMe target to find volume
Nova provides support for block storage attaching to hosts via NVMe (Non-Volatile Memory Express). This option allows the user to specify the maximum number of retry attempts that can be made to discover the NVMe device.
pmem_namespaces
¶Type: | list |
---|---|
Default: | [] |
Configure persistent memory(pmem) namespaces.
These namespaces must have been already created on the host. This config option is in the following format:
"$LABEL:$NSNAME[|$NSNAME][,$LABEL:$NSNAME[|$NSNAME]]"
$NSNAME
is the name of the pmem namespace.$LABEL
represents one resource class, this is used to generateCUSTOM_PMEM_NAMESPACE_$LABEL
.For example:
[libvirt]
pmem_namespaces=128G:ns0|ns1|ns2|ns3,262144MB:ns4|ns5,MEDIUM:ns6|ns7
swtpm_enabled
¶Type: | boolean |
---|---|
Default: | False |
Enable emulated TPM (Trusted Platform Module) in guests.
swtpm_user
¶Type: | string |
---|---|
Default: | tss |
User that swtpm binary runs as.
When using emulated TPM, the swtpm
binary will run to emulate a TPM
device. The user this binary runs as depends on libvirt configuration, with
tss
being the default.
In order to support cold migration and resize, nova needs to know what user the swtpm binary is running as in order to ensure that files get the proper ownership after being moved between nodes.
Related options:
swtpm_group
must also be set.swtpm_group
¶Type: | string |
---|---|
Default: | tss |
Group that swtpm binary runs as.
When using emulated TPM, the swtpm
binary will run to emulate a TPM
device. The user this binary runs as depends on libvirt configuration, with
tss
being the default.
In order to support cold migration and resize, nova needs to know what group the swtpm binary is running as in order to ensure that files get the proper ownership after being moved between nodes.
Related options:
swtpm_user
must also be set.Configuration options for metrics
Options under this group allow to adjust how values assigned to metrics are calculated.
weight_multiplier
¶Type: | floating point |
---|---|
Default: | 1.0 |
When using metrics to weight the suitability of a host, you can use this option to change how the calculated weight influences the weight assigned to a host as follows:
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
weight_setting
¶Type: | list |
---|---|
Default: | [] |
This setting specifies the metrics to be weighed and the relative ratios for each metric. This should be a single string value, consisting of a series of one or more ‘name=ratio’ pairs, separated by commas, where ‘name’ is the name of the metric to be weighed, and ‘ratio’ is the relative weight for that metric.
Note that if the ratio is set to 0, the metric value is ignored, and instead the weight will be set to the value of the ‘weight_of_unavailable’ option.
As an example, let’s consider the case where this option is set to:
name1=1.0, name2=-1.3
The final weight will be:
(name1.value * 1.0) + (name2.value * -1.3)
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
required
¶Type: | boolean |
---|---|
Default: | True |
This setting determines how any unavailable metrics are treated. If this option is set to True, any hosts for which a metric is unavailable will raise an exception, so it is recommended to also use the MetricFilter to filter out those hosts before weighing.
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
Type: | floating point |
---|---|
Default: | -10000.0 |
When any of the following conditions are met, this value will be used in place of any actual metric value:
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.
Possible values:
Related options:
Nova compute node uses WebMKS, a desktop sharing protocol to provide instance console access to VM’s created by VMware hypervisors.
Related options: Following options must be set to provide console access. * mksproxy_base_url * enabled
mksproxy_base_url
¶Type: | URI |
---|---|
Default: | http://127.0.0.1:6090/ |
Location of MKS web console proxy
The URL in the response points to a WebMKS proxy which starts proxying between client and corresponding vCenter server where instance runs. In order to use the web based console access, WebMKS proxy should be installed and configured
Possible values:
http://host:port/
or
https://host:port/
enabled
¶Type: | boolean |
---|---|
Default: | False |
Enables graphical console access for virtual machines.
Configuration options for neutron (network connectivity as a service).
ovs_bridge
¶Type: | string |
---|---|
Default: | br-int |
Default name for the Open vSwitch integration bridge.
Specifies the name of an integration bridge interface used by OpenvSwitch. This option is only used if Neutron does not specify the OVS bridge name in port binding responses.
default_floating_pool
¶Type: | string |
---|---|
Default: | nova |
Default name for the floating IP pool.
Specifies the name of floating IP pool used for allocating floating IPs. This option is only used if Neutron does not specify the floating IP pool name in port binding reponses.
extension_sync_interval
¶Type: | integer |
---|---|
Default: | 600 |
Minimum Value: | 0 |
Integer value representing the number of seconds to wait before querying Neutron for extensions. After this number of seconds the next time Nova needs to create a resource in Neutron it will requery Neutron for the extensions that it has loaded. Setting value to 0 will refresh the extensions with no wait.
physnets
¶Type: | list |
---|---|
Default: | [] |
List of physnets present on this host.
For each physnet listed, an additional section,
[neutron_physnet_$PHYSNET]
, will be added to the configuration file. Each
section must be configured with a single configuration option, numa_nodes
,
which should be a list of node IDs for all NUMA nodes this physnet is
associated with. For example:
[neutron]
physnets = foo, bar
[neutron_physnet_foo]
numa_nodes = 0
[neutron_physnet_bar]
numa_nodes = 0,1
Any physnet that is not listed using this option will be treated as having no particular NUMA node affinity.
Tunnelled networks (VXLAN, GRE, …) cannot be accounted for in this way and
are instead configured using the [neutron_tunnel]
group. For example:
[neutron_tunnel]
numa_nodes = 1
Related options:
[neutron_tunnel] numa_nodes
can be used to configure NUMA affinity for
all tunneled networks[neutron_physnet_$PHYSNET] numa_nodes
must be configured for each value
of $PHYSNET
specified by this optionhttp_retries
¶Type: | integer |
---|---|
Default: | 3 |
Minimum Value: | 0 |
Number of times neutronclient should retry on any failed http call.
0 means connection is attempted only once. Setting it to any positive integer means that on failure connection is retried that many times e.g. setting it to 3 means total attempts to connect will be 4.
Possible values:
service_metadata_proxy
¶Type: | boolean |
---|---|
Default: | False |
When set to True, this option indicates that Neutron will be used to proxy metadata requests and resolve instance ids. Otherwise, the instance ID must be passed to the metadata request in the ‘X-Instance-ID’ header.
Related options:
Type: | string |
---|---|
Default: | '' |
This option holds the shared secret string used to validate proxy requests to Neutron metadata requests. In order to be used, the ‘X-Metadata-Provider-Signature’ header must be supplied in the request.
Related options:
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
neutron | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
auth_url
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication URL
system_scope
¶Type: | unknown type |
---|---|
Default: | <None> |
Scope for system operations
domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID to scope to
domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name to scope to
project_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Project ID to scope to
project_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Project name to scope to
project_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID containing project
project_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name containing project
trust_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Trust ID
default_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
default_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
user_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User ID
username
¶Type: | unknown type |
---|---|
Default: | <None> |
Username
Group | Name |
---|---|
neutron | user-name |
neutron | user_name |
user_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain id
user_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain name
password
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s password
tenant_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant ID
tenant_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant Name
service_type
¶Type: | string |
---|---|
Default: | network |
The default service_type for endpoint URL discovery.
service_name
¶Type: | string |
---|---|
Default: | <None> |
The default service_name for endpoint URL discovery.
valid_interfaces
¶Type: | list |
---|---|
Default: | ['internal', 'public'] |
List of interfaces, in order of preference, for endpoint URL.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The default region_name for endpoint URL discovery.
endpoint_override
¶Type: | string |
---|---|
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
connect_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for connection errors.
connect_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
status_code_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for retriable HTTP status codes.
status_code_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
Most of the actions in Nova which manipulate the system state generate notifications which are posted to the messaging component (e.g. RabbitMQ) and can be consumed by any service outside the OpenStack. More technical details at https://docs.openstack.org/nova/latest/reference/notifications.html
notify_on_state_change
¶Type: | string |
---|---|
Default: | <None> |
Valid Values: | <None>, vm_state, vm_and_task_state |
If set, send compute.instance.update notifications on instance state changes.
Please refer to https://docs.openstack.org/nova/latest/reference/notifications.html for additional information on notifications.
Possible values
old_state
and state
fields. The old_task_state
and new_task_state
fields will be set to the current task_state of the instanceGroup | Name |
---|---|
DEFAULT | notify_on_state_change |
default_level
¶Type: | string |
---|---|
Default: | INFO |
Valid Values: | DEBUG, INFO, WARN, ERROR, CRITICAL |
Default notification level for outgoing notifications.
Group | Name |
---|---|
DEFAULT | default_notification_level |
notification_format
¶Type: | string |
---|---|
Default: | unversioned |
Valid Values: | both, versioned, unversioned |
Specifies which notification format shall be emitted by nova.
The versioned notification interface are in feature parity with the legacy interface and the versioned interface is actively developed so new consumers should used the versioned interface.
However, the legacy interface is heavily used by ceilometer and other mature OpenStack components so it remains the default.
Note that notifications can be completely disabled by setting driver=noop
in the [oslo_messaging_notifications]
group.
The list of versioned notifications is visible in https://docs.openstack.org/nova/latest/reference/notifications.html
Possible values
Group | Name |
---|---|
DEFAULT | notification_format |
versioned_notifications_topics
¶Type: | list |
---|---|
Default: | ['versioned_notifications'] |
Specifies the topics for the versioned notifications issued by nova.
The default value is fine for most deployments and rarely needs to be changed. However, if you have a third-party service that consumes versioned notifications, it might be worth getting a topic for that service. Nova will send a message containing a versioned notification payload to each topic queue in this list.
The list of versioned notifications is visible in https://docs.openstack.org/nova/latest/reference/notifications.html
bdms_in_notifications
¶Type: | boolean |
---|---|
Default: | False |
If enabled, include block device information in the versioned notification payload. Sending block device information is disabled by default as providing that information can incur some overhead on the system since the information may need to be loaded from the database.
disable_process_locking
¶Type: | boolean |
---|---|
Default: | False |
Enables or disables inter-process locks.
Group | Name |
---|---|
DEFAULT | disable_process_locking |
lock_path
¶Type: | string |
---|---|
Default: | <None> |
Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.
Group | Name |
---|---|
DEFAULT | lock_path |
container_name
¶Type: | string |
---|---|
Default: | <None> |
Name for the AMQP container. must be globally unique. Defaults to a generated UUID
Group | Name |
---|---|
amqp1 | container_name |
idle_timeout
¶Type: | integer |
---|---|
Default: | 0 |
Timeout for inactive connections (in seconds)
Group | Name |
---|---|
amqp1 | idle_timeout |
trace
¶Type: | boolean |
---|---|
Default: | False |
Debug: dump AMQP frames to stdout
Group | Name |
---|---|
amqp1 | trace |
ssl
¶Type: | boolean |
---|---|
Default: | False |
Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate.
ssl_ca_file
¶Type: | string |
---|---|
Default: | '' |
CA certificate PEM file used to verify the server’s certificate
Group | Name |
---|---|
amqp1 | ssl_ca_file |
ssl_cert_file
¶Type: | string |
---|---|
Default: | '' |
Self-identifying certificate PEM file for client authentication
Group | Name |
---|---|
amqp1 | ssl_cert_file |
ssl_key_file
¶Type: | string |
---|---|
Default: | '' |
Private key PEM file used to sign ssl_cert_file certificate (optional)
Group | Name |
---|---|
amqp1 | ssl_key_file |
ssl_key_password
¶Type: | string |
---|---|
Default: | <None> |
Password for decrypting ssl_key_file (if encrypted)
Group | Name |
---|---|
amqp1 | ssl_key_password |
ssl_verify_vhost
¶Type: | boolean |
---|---|
Default: | False |
By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name.
sasl_mechanisms
¶Type: | string |
---|---|
Default: | '' |
Space separated list of acceptable SASL mechanisms
Group | Name |
---|---|
amqp1 | sasl_mechanisms |
sasl_config_dir
¶Type: | string |
---|---|
Default: | '' |
Path to directory that contains the SASL configuration
Group | Name |
---|---|
amqp1 | sasl_config_dir |
sasl_config_name
¶Type: | string |
---|---|
Default: | '' |
Name of configuration file (without .conf suffix)
Group | Name |
---|---|
amqp1 | sasl_config_name |
sasl_default_realm
¶Type: | string |
---|---|
Default: | '' |
SASL realm to use if no realm present in username
connection_retry_interval
¶Type: | integer |
---|---|
Default: | 1 |
Minimum Value: | 1 |
Seconds to pause before attempting to re-connect.
connection_retry_backoff
¶Type: | integer |
---|---|
Default: | 2 |
Minimum Value: | 0 |
Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt.
connection_retry_interval_max
¶Type: | integer |
---|---|
Default: | 30 |
Minimum Value: | 1 |
Maximum limit for connection_retry_interval + connection_retry_backoff
link_retry_delay
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 1 |
Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error.
default_reply_retry
¶Type: | integer |
---|---|
Default: | 0 |
Minimum Value: | -1 |
The maximum number of attempts to re-send a reply message which failed due to a recoverable error.
default_reply_timeout
¶Type: | integer |
---|---|
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc reply message delivery.
default_send_timeout
¶Type: | integer |
---|---|
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry.
default_notify_timeout
¶Type: | integer |
---|---|
Default: | 30 |
Minimum Value: | 5 |
The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry.
default_sender_link_timeout
¶Type: | integer |
---|---|
Default: | 600 |
Minimum Value: | 1 |
The duration to schedule a purge of idle sender links. Detach link after expiry.
addressing_mode
¶Type: | string |
---|---|
Default: | dynamic |
Indicates the addressing mode used by the driver. Permitted values: ‘legacy’ - use legacy non-routable addressing ‘routable’ - use routable addresses ‘dynamic’ - use legacy addresses if the message bus does not support routing otherwise use routable addressing
pseudo_vhost
¶Type: | boolean |
---|---|
Default: | True |
Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private ‘subnet’ per virtual host. Set to False if the message bus supports virtual hosting using the ‘hostname’ field in the AMQP 1.0 Open performative as the name of the virtual host.
server_request_prefix
¶Type: | string |
---|---|
Default: | exclusive |
address prefix used when sending to a specific server
Group | Name |
---|---|
amqp1 | server_request_prefix |
broadcast_prefix
¶Type: | string |
---|---|
Default: | broadcast |
address prefix used when broadcasting to all servers
Group | Name |
---|---|
amqp1 | broadcast_prefix |
group_request_prefix
¶Type: | string |
---|---|
Default: | unicast |
address prefix when sending to any server in group
Group | Name |
---|---|
amqp1 | group_request_prefix |
rpc_address_prefix
¶Type: | string |
---|---|
Default: | openstack.org/om/rpc |
Address prefix for all generated RPC addresses
notify_address_prefix
¶Type: | string |
---|---|
Default: | openstack.org/om/notify |
Address prefix for all generated Notification addresses
multicast_address
¶Type: | string |
---|---|
Default: | multicast |
Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages.
unicast_address
¶Type: | string |
---|---|
Default: | unicast |
Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination.
anycast_address
¶Type: | string |
---|---|
Default: | anycast |
Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers.
default_notification_exchange
¶Type: | string |
---|---|
Default: | <None> |
Exchange name used in notification addresses. Exchange name resolution precedence: Target.exchange if set else default_notification_exchange if set else control_exchange if set else ‘notify’
default_rpc_exchange
¶Type: | string |
---|---|
Default: | <None> |
Exchange name used in RPC addresses. Exchange name resolution precedence: Target.exchange if set else default_rpc_exchange if set else control_exchange if set else ‘rpc’
reply_link_credit
¶Type: | integer |
---|---|
Default: | 200 |
Minimum Value: | 1 |
Window size for incoming RPC Reply messages.
rpc_server_credit
¶Type: | integer |
---|---|
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming RPC Request messages
notify_server_credit
¶Type: | integer |
---|---|
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming Notification messages
pre_settled
¶Type: | multi-valued |
---|---|
Default: | rpc-cast |
Default: | rpc-reply |
Send messages of this type pre-settled. Pre-settled messages will not receive acknowledgement from the peer. Note well: pre-settled messages may be silently discarded if the delivery fails. Permitted values: ‘rpc-call’ - send RPC Calls pre-settled ‘rpc-reply’- send RPC Replies pre-settled ‘rpc-cast’ - Send RPC Casts pre-settled ‘notify’ - Send Notifications pre-settled
kafka_max_fetch_bytes
¶Type: | integer |
---|---|
Default: | 1048576 |
Max fetch bytes of Kafka consumer
kafka_consumer_timeout
¶Type: | floating point |
---|---|
Default: | 1.0 |
Default timeout(s) for Kafka consumers
pool_size
¶Type: | integer |
---|---|
Default: | 10 |
Pool Size for Kafka Consumers
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: | Driver no longer uses connection pool. |
---|
conn_pool_min_size
¶Type: | integer |
---|---|
Default: | 2 |
The pool size limit for connections expiration policy
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: | Driver no longer uses connection pool. |
---|
conn_pool_ttl
¶Type: | integer |
---|---|
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: | Driver no longer uses connection pool. |
---|
consumer_group
¶Type: | string |
---|---|
Default: | oslo_messaging_consumer |
Group id for Kafka consumer. Consumers in one group will coordinate message consumption
producer_batch_timeout
¶Type: | floating point |
---|---|
Default: | 0.0 |
Upper bound on the delay for KafkaProducer batching in seconds
producer_batch_size
¶Type: | integer |
---|---|
Default: | 16384 |
Size of batch for the producer async send
compression_codec
¶Type: | string |
---|---|
Default: | none |
Valid Values: | none, gzip, snappy, lz4, zstd |
The compression codec for all data generated by the producer. If not set, compression will not be used. Note that the allowed values of this depend on the kafka version
enable_auto_commit
¶Type: | boolean |
---|---|
Default: | False |
Enable asynchronous consumer commits
max_poll_records
¶Type: | integer |
---|---|
Default: | 500 |
The maximum number of records returned in a poll call
security_protocol
¶Type: | string |
---|---|
Default: | PLAINTEXT |
Valid Values: | PLAINTEXT, SASL_PLAINTEXT, SSL, SASL_SSL |
Protocol used to communicate with brokers
sasl_mechanism
¶Type: | string |
---|---|
Default: | PLAIN |
Mechanism when security protocol is SASL
ssl_cafile
¶Type: | string |
---|---|
Default: | '' |
CA certificate PEM file used to verify the server certificate
ssl_client_cert_file
¶Type: | string |
---|---|
Default: | '' |
Client certificate PEM file used for authentication.
ssl_client_key_file
¶Type: | string |
---|---|
Default: | '' |
Client key PEM file used for authentication.
ssl_client_key_password
¶Type: | string |
---|---|
Default: | '' |
Client key password file used for authentication.
driver
¶Type: | multi-valued |
---|---|
Default: | '' |
The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop
Group | Name |
---|---|
DEFAULT | notification_driver |
transport_url
¶Type: | string |
---|---|
Default: | <None> |
A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.
Group | Name |
---|---|
DEFAULT | notification_transport_url |
topics
¶Type: | list |
---|---|
Default: | ['notifications'] |
AMQP topic used for OpenStack notifications.
Group | Name |
---|---|
rpc_notifier2 | topics |
DEFAULT | notification_topics |
retry
¶Type: | integer |
---|---|
Default: | -1 |
The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
amqp_durable_queues
¶Type: | boolean |
---|---|
Default: | False |
Use durable queues in AMQP.
amqp_auto_delete
¶Type: | boolean |
---|---|
Default: | False |
Auto-delete queues in AMQP.
Group | Name |
---|---|
DEFAULT | amqp_auto_delete |
ssl
¶Type: | boolean |
---|---|
Default: | False |
Connect over SSL.
Group | Name |
---|---|
oslo_messaging_rabbit | rabbit_use_ssl |
ssl_version
¶Type: | string |
---|---|
Default: | '' |
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
Group | Name |
---|---|
oslo_messaging_rabbit | kombu_ssl_version |
ssl_key_file
¶Type: | string |
---|---|
Default: | '' |
SSL key file (valid only if SSL enabled).
Group | Name |
---|---|
oslo_messaging_rabbit | kombu_ssl_keyfile |
ssl_cert_file
¶Type: | string |
---|---|
Default: | '' |
SSL cert file (valid only if SSL enabled).
Group | Name |
---|---|
oslo_messaging_rabbit | kombu_ssl_certfile |
ssl_ca_file
¶Type: | string |
---|---|
Default: | '' |
SSL certification authority file (valid only if SSL enabled).
Group | Name |
---|---|
oslo_messaging_rabbit | kombu_ssl_ca_certs |
heartbeat_in_pthread
¶Type: | boolean |
---|---|
Default: | False |
EXPERIMENTAL: Run the health check heartbeat thread through a native python thread. By default if this option isn’t provided the health check heartbeat will inherit the execution model from the parent process. By example if the parent process have monkey patched the stdlib by using eventlet/greenlet then the heartbeat will be run through a green thread.
kombu_reconnect_delay
¶Type: | floating point |
---|---|
Default: | 1.0 |
How long to wait before reconnecting in response to an AMQP consumer cancel notification.
Group | Name |
---|---|
DEFAULT | kombu_reconnect_delay |
kombu_compression
¶Type: | string |
---|---|
Default: | <None> |
EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions.
kombu_missing_consumer_retry_timeout
¶Type: | integer |
---|---|
Default: | 60 |
How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.
Group | Name |
---|---|
oslo_messaging_rabbit | kombu_reconnect_timeout |
kombu_failover_strategy
¶Type: | string |
---|---|
Default: | round-robin |
Valid Values: | round-robin, shuffle |
Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.
rabbit_login_method
¶Type: | string |
---|---|
Default: | AMQPLAIN |
Valid Values: | PLAIN, AMQPLAIN, RABBIT-CR-DEMO |
The RabbitMQ login method.
Group | Name |
---|---|
DEFAULT | rabbit_login_method |
rabbit_retry_interval
¶Type: | integer |
---|---|
Default: | 1 |
How frequently to retry connecting with RabbitMQ.
rabbit_retry_backoff
¶Type: | integer |
---|---|
Default: | 2 |
How long to backoff for between retries when connecting to RabbitMQ.
Group | Name |
---|---|
DEFAULT | rabbit_retry_backoff |
rabbit_interval_max
¶Type: | integer |
---|---|
Default: | 30 |
Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
rabbit_ha_queues
¶Type: | boolean |
---|---|
Default: | False |
Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: “rabbitmqctl set_policy HA ‘^(?!amq.).*’ ‘{“ha-mode”: “all”}’ “
Group | Name |
---|---|
DEFAULT | rabbit_ha_queues |
rabbit_transient_queues_ttl
¶Type: | integer |
---|---|
Default: | 1800 |
Minimum Value: | 1 |
Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.
rabbit_qos_prefetch_count
¶Type: | integer |
---|---|
Default: | 0 |
Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.
heartbeat_timeout_threshold
¶Type: | integer |
---|---|
Default: | 60 |
Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disables heartbeat).
heartbeat_rate
¶Type: | integer |
---|---|
Default: | 2 |
How often times during the heartbeat_timeout_threshold we check the heartbeat.
direct_mandatory_flag
¶Type: | boolean |
---|---|
Default: | True |
(DEPRECATED) Enable/Disable the RabbitMQ mandatory flag for direct send. The direct send is used as reply, so the MessageUndeliverable exception is raised in case the client queue does not exist.MessageUndeliverable exception will be used to loop for a timeout to lets a chance to sender to recover.This flag is deprecated and it will not be possible to deactivate this functionality anymore
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: | Mandatory flag no longer deactivable. |
---|
enable_cancel_on_failover
¶Type: | boolean |
---|---|
Default: | False |
Enable x-cancel-on-ha-failover flag so that rabbitmq server will cancel and notify consumerswhen queue is down
max_request_body_size
¶Type: | integer |
---|---|
Default: | 114688 |
The maximum body size for each request, in bytes.
Group | Name |
---|---|
DEFAULT | osapi_max_request_body_size |
DEFAULT | max_request_body_size |
secure_proxy_ssl_header
¶Type: | string |
---|---|
Default: | X-Forwarded-Proto |
The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
enable_proxy_headers_parsing
¶Type: | boolean |
---|---|
Default: | False |
Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.
enforce_scope
¶Type: | boolean |
---|---|
Default: | False |
This option controls whether or not to enforce scope when evaluating policies. If True
, the scope of the token used in the request is compared to the scope_types
of the policy being enforced. If the scopes do not match, an InvalidScope
exception will be raised. If False
, a message will be logged informing operators that policies are being invoked with mismatching scope.
enforce_new_defaults
¶Type: | boolean |
---|---|
Default: | False |
This option controls whether or not to use old deprecated defaults when evaluating policies. If True
, the old deprecated defaults are not going to be evaluated. This means if any existing token is allowed for old defaults but is disallowed for new defaults, it will be disallowed. It is encouraged to enable this flag along with the enforce_scope
flag so that you can get the benefits of new defaults and scope_type
together
policy_file
¶Type: | string |
---|---|
Default: | policy.yaml |
The relative or absolute path of a file that maps roles to permissions for a given service. Relative paths must be specified in relation to the configuration file setting this option.
Group | Name |
---|---|
DEFAULT | policy_file |
policy_default_rule
¶Type: | string |
---|---|
Default: | default |
Default rule. Enforced when a requested rule is not found.
Group | Name |
---|---|
DEFAULT | policy_default_rule |
policy_dirs
¶Type: | multi-valued |
---|---|
Default: | policy.d |
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
Group | Name |
---|---|
DEFAULT | policy_dirs |
remote_content_type
¶Type: | string |
---|---|
Default: | application/x-www-form-urlencoded |
Valid Values: | application/x-www-form-urlencoded, application/json |
Content Type to send and receive data for REST based policy check
remote_ssl_verify_server_crt
¶Type: | boolean |
---|---|
Default: | False |
server identity verification for REST based policy check
remote_ssl_ca_crt_file
¶Type: | string |
---|---|
Default: | <None> |
Absolute path to ca cert file for REST based policy check
remote_ssl_client_crt_file
¶Type: | string |
---|---|
Default: | <None> |
Absolute path to client cert for REST based policy check
remote_ssl_client_key_file
¶Type: | string |
---|---|
Default: | <None> |
Absolute path client key file REST based policy check
alias
¶Type: | multi-valued |
---|---|
Default: | '' |
An alias for a PCI passthrough device requirement.
This allows users to specify the alias in the extra specs for a flavor, without needing to repeat all the PCI property requirements.
This should be configured for the nova-api
service and, assuming you wish
to use move operations, for each nova-compute
service.
Possible Values:
A dictionary of JSON values which describe the aliases. For example:
alias = {
"name": "QuickAssist",
"product_id": "0443",
"vendor_id": "8086",
"device_type": "type-PCI",
"numa_policy": "required"
}
This defines an alias for the Intel QuickAssist card. (multi valued). Valid key values are :
name
Name of the PCI alias.
product_id
Product ID of the device in hexadecimal.
vendor_id
Vendor ID of the device in hexadecimal.
device_type
Type of PCI device. Valid values are: type-PCI
, type-PF
and
type-VF
. Note that "device_type": "type-PF"
must be specified
if you wish to passthrough a device that supports SR-IOV in its entirety.
numa_policy
Required NUMA affinity of device. Valid values are: legacy
,
preferred
and required
.
Supports multiple aliases by repeating the option (not by specifying a list value):
alias = {
"name": "QuickAssist-1",
"product_id": "0443",
"vendor_id": "8086",
"device_type": "type-PCI",
"numa_policy": "required"
}
alias = {
"name": "QuickAssist-2",
"product_id": "0444",
"vendor_id": "8086",
"device_type": "type-PCI",
"numa_policy": "required"
}
Group | Name |
---|---|
DEFAULT | pci_alias |
passthrough_whitelist
¶Type: | multi-valued |
---|---|
Default: | '' |
White list of PCI devices available to VMs.
Possible values:
A JSON dictionary which describe a whitelisted PCI device. It should take the following format:
["vendor_id": "<id>",] ["product_id": "<id>",]
["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
"devname": "<name>",]
{"<tag>": "<tag_value>",}
Where [
indicates zero or one occurrences, {
indicates zero or
multiple occurrences, and |
mutually exclusive options. Note that any
missing fields are automatically wildcarded.
Valid key values are :
vendor_id
Vendor ID of the device in hexadecimal.
product_id
Product ID of the device in hexadecimal.
address
PCI address of the device. Both traditional glob style and regular expression syntax is supported. Please note that the address fields are restricted to the following maximum values:
devname
Device name of the device (for e.g. interface name). Not all PCI devices have a name.
<tag>
Additional <tag>
and <tag_value>
used for matching PCI devices.
Supported <tag>
values are :
physical_network
trusted
Valid examples are:
passthrough_whitelist = {"devname":"eth0",
"physical_network":"physnet"}
passthrough_whitelist = {"address":"*:0a:00.*"}
passthrough_whitelist = {"address":":0a:00.",
"physical_network":"physnet1"}
passthrough_whitelist = {"vendor_id":"1137",
"product_id":"0071"}
passthrough_whitelist = {"vendor_id":"1137",
"product_id":"0071",
"address": "0000:0a:00.1",
"physical_network":"physnet1"}
passthrough_whitelist = {"address":{"domain": ".*",
"bus": "02", "slot": "01",
"function": "[2-7]"},
"physical_network":"physnet1"}
passthrough_whitelist = {"address":{"domain": ".*",
"bus": "02", "slot": "0[1-2]",
"function": ".*"},
"physical_network":"physnet1"}
passthrough_whitelist = {"devname": "eth0", "physical_network":"physnet1",
"trusted": "true"}
The following are invalid, as they specify mutually exclusive options:
passthrough_whitelist = {"devname":"eth0",
"physical_network":"physnet",
"address":"*:0a:00.*"}
A JSON list of JSON dictionaries corresponding to the above format. For example:
passthrough_whitelist = [{"product_id":"0001", "vendor_id":"8086"},
{"product_id":"0002", "vendor_id":"8086"}]
Group | Name |
---|---|
DEFAULT | pci_passthrough_whitelist |
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
placement | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
auth_url
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication URL
system_scope
¶Type: | unknown type |
---|---|
Default: | <None> |
Scope for system operations
domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID to scope to
domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name to scope to
project_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Project ID to scope to
project_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Project name to scope to
project_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID containing project
project_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name containing project
trust_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Trust ID
default_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
default_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
user_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User ID
username
¶Type: | unknown type |
---|---|
Default: | <None> |
Username
Group | Name |
---|---|
placement | user-name |
placement | user_name |
user_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain id
user_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain name
password
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s password
tenant_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant ID
tenant_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant Name
service_type
¶Type: | string |
---|---|
Default: | placement |
The default service_type for endpoint URL discovery.
service_name
¶Type: | string |
---|---|
Default: | <None> |
The default service_name for endpoint URL discovery.
valid_interfaces
¶Type: | list |
---|---|
Default: | ['internal', 'public'] |
List of interfaces, in order of preference, for endpoint URL.
region_name
¶Type: | string |
---|---|
Default: | <None> |
The default region_name for endpoint URL discovery.
endpoint_override
¶Type: | string |
---|---|
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
connect_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for connection errors.
connect_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
status_code_retries
¶Type: | integer |
---|---|
Default: | <None> |
The maximum number of retries that should be attempted for retriable HTTP status codes.
status_code_retry_delay
¶Type: | floating point |
---|---|
Default: | <None> |
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
PowerVM options allow cloud administrators to configure how OpenStack will work with the PowerVM hypervisor.
proc_units_factor
¶Type: | floating point |
---|---|
Default: | 0.1 |
Minimum Value: | 0.05 |
Maximum Value: | 1 |
Factor used to calculate the amount of physical processor compute power given to each vCPU. E.g. A value of 1.0 means a whole physical processor, whereas 0.05 means 1/20th of a physical processor.
disk_driver
¶Type: | string |
---|---|
Default: | localdisk |
Valid Values: | localdisk, ssp |
The disk driver to use for PowerVM disks. PowerVM provides support for localdisk and PowerVM Shared Storage Pool disk drivers.
Related options:
volume_group_name
¶Type: | string |
---|---|
Default: | '' |
Volume Group to use for block device operations. If disk_driver is localdisk, then this attribute must be specified. It is strongly recommended NOT to use rootvg since that is used by the management partition and filling it will cause failures.
Configuration options for the oslo.privsep daemon. Note that this group name can be changed by the consuming service. Check the service’s docs to see if this is the case.
user
¶Type: | string |
---|---|
Default: | <None> |
User that the privsep daemon should run as.
group
¶Type: | string |
---|---|
Default: | <None> |
Group that the privsep daemon should run as.
capabilities
¶Type: | unknown type |
---|---|
Default: | [] |
List of Linux capabilities retained by the privsep daemon.
thread_pool_size
¶Type: | integer |
---|---|
Default: | multiprocessing.cpu_count() |
Minimum Value: | 1 |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
The number of threads available for privsep to concurrently run processes. Defaults to the number of CPU cores in the system.
helper_command
¶Type: | string |
---|---|
Default: | <None> |
Command to invoke to start the privsep daemon if not using the “fork” method. If not specified, a default is generated using “sudo privsep-helper” and arguments designed to recreate the current configuration. This command must accept suitable –privsep_context and –privsep_sock_path arguments.
enabled
¶Type: | boolean |
---|---|
Default: | False |
Enable the profiling for all services on this node.
Default value is False (fully disable the profiling feature).
Possible values:
Group | Name |
---|---|
profiler | profiler_enabled |
trace_sqlalchemy
¶Type: | boolean |
---|---|
Default: | False |
Enable SQL requests profiling in services.
Default value is False (SQL requests won’t be traced).
Possible values:
hmac_keys
¶Type: | string |
---|---|
Default: | SECRET_KEY |
Secret key(s) to use for encrypting context data for performance profiling.
This string value should have the following format: <key1>[,<key2>,…<keyn>], where each key is some random string. A user who triggers the profiling via the REST API has to set one of these keys in the headers of the REST API call to include profiling results of this node for this particular project.
Both “enabled” flag and “hmac_keys” config options should be set to enable profiling. Also, to generate correct profiling information across all services at least one key needs to be consistent between OpenStack projects. This ensures it can be used from client side to generate the trace, containing information from all possible resources.
connection_string
¶Type: | string |
---|---|
Default: | messaging:// |
Connection string for a notifier backend.
Default value is messaging://
which sets the notifier to oslo_messaging.
Examples of possible values:
messaging://
- use oslo_messaging driver for sending spans.redis://127.0.0.1:6379
- use redis driver for sending spans.mongodb://127.0.0.1:27017
- use mongodb driver for sending spans.elasticsearch://127.0.0.1:9200
- use elasticsearch driver for sending
spans.jaeger://127.0.0.1:6831
- use jaeger tracing as driver for sending spans.es_doc_type
¶Type: | string |
---|---|
Default: | notification |
Document type for notification indexing in elasticsearch.
es_scroll_time
¶Type: | string |
---|---|
Default: | 2m |
This parameter is a time value parameter (for example: es_scroll_time=2m), indicating for how long the nodes that participate in the search will maintain relevant resources in order to continue and support it.
es_scroll_size
¶Type: | integer |
---|---|
Default: | 10000 |
Elasticsearch splits large requests in batches. This parameter defines maximum size of each batch (for example: es_scroll_size=10000).
socket_timeout
¶Type: | floating point |
---|---|
Default: | 0.1 |
Redissentinel provides a timeout option on the connections. This parameter defines that timeout (for example: socket_timeout=0.1).
sentinel_service_name
¶Type: | string |
---|---|
Default: | mymaster |
Redissentinel uses a service name to identify a master redis service.
This parameter defines the name (for example:
sentinal_service_name=mymaster
).
filter_error_trace
¶Type: | boolean |
---|---|
Default: | False |
Enable filter traces that contain error/exception to a separated place.
Default value is set to False.
Possible values:
Quota options allow to manage quotas in openstack deployment.
instances
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | -1 |
The number of instances allowed per project.
Possible Values
Group | Name |
---|---|
DEFAULT | quota_instances |
cores
¶Type: | integer |
---|---|
Default: | 20 |
Minimum Value: | -1 |
The number of instance cores or vCPUs allowed per project.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_cores |
ram
¶Type: | integer |
---|---|
Default: | 51200 |
Minimum Value: | -1 |
The number of megabytes of instance RAM allowed per project.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_ram |
metadata_items
¶Type: | integer |
---|---|
Default: | 128 |
Minimum Value: | -1 |
The number of metadata items allowed per instance.
Users can associate metadata with an instance during instance creation. This metadata takes the form of key-value pairs.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_metadata_items |
injected_files
¶Type: | integer |
---|---|
Default: | 5 |
Minimum Value: | -1 |
The number of injected files allowed.
File injection allows users to customize the personality of an instance by
injecting data into it upon boot. Only text file injection is permitted: binary
or ZIP files are not accepted. During file injection, any existing files that
match specified files are renamed to include .bak
extension appended with a
timestamp.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_injected_files |
injected_file_content_bytes
¶Type: | integer |
---|---|
Default: | 10240 |
Minimum Value: | -1 |
The number of bytes allowed per injected file.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_injected_file_content_bytes |
injected_file_path_length
¶Type: | integer |
---|---|
Default: | 255 |
Minimum Value: | -1 |
The maximum allowed injected file path length.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_injected_file_path_length |
key_pairs
¶Type: | integer |
---|---|
Default: | 100 |
Minimum Value: | -1 |
The maximum number of key pairs allowed per user.
Users can create at least one key pair for each project and use the key pair for multiple instances that belong to that project.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_key_pairs |
server_groups
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | -1 |
The maxiumum number of server groups per project.
Server groups are used to control the affinity and anti-affinity scheduling policy for a group of servers or instances. Reducing the quota will not affect any existing group, but new servers will not be allowed into groups that have become over quota.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_server_groups |
server_group_members
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | -1 |
The maximum number of servers per server group.
Possible values:
Group | Name |
---|---|
DEFAULT | quota_server_group_members |
driver
¶Type: | string |
---|---|
Default: | nova.quota.DbQuotaDriver |
Valid Values: | nova.quota.DbQuotaDriver, nova.quota.NoopQuotaDriver |
Provides abstraction for quota checks. Users can configure a specific driver to use for quota checks.
Possible values
quota_*
configuration options for default quota limit values. Counts quota usage on-demand.recheck_quota
¶Type: | boolean |
---|---|
Default: | True |
Recheck quota after resource creation to prevent allowing quota to be exceeded.
This defaults to True (recheck quota after resource creation) but can be set to False to avoid additional load if allowing quota to be exceeded because of racing requests is considered acceptable. For example, when set to False, if a user makes highly parallel REST API requests to create servers, it will be possible for them to create more servers than their allowed quota during the race. If their quota is 10 servers, they might be able to create 50 during the burst. After the burst, they will not be able to create any more servers but they will be able to keep their 50 servers until they delete them.
The initial quota check is done before resources are created, so if multiple parallel requests arrive at the same time, all could pass the quota check and create resources, potentially exceeding quota. When recheck_quota is True, quota will be checked a second time after resources have been created and if the resource is over quota, it will be deleted and OverQuota will be raised, usually resulting in a 403 response to the REST API user. This makes it impossible for a user to exceed their quota with the caveat that it will, however, be possible for a REST API user to be rejected with a 403 response in the event of a collision close to reaching their quota limit, even if the user has enough quota available when they made the request.
count_usage_from_placement
¶Type: | boolean |
---|---|
Default: | False |
Enable the counting of quota usage from the placement service.
Starting in Train, it is possible to count quota usage for cores and ram from the placement service and instances from the API database instead of counting from cell databases.
This works well if there is only one Nova deployment running per placement deployment. However, if an operator is running more than one Nova deployment sharing a placement deployment, they should not set this option to True because currently the placement service has no way to partition resource providers per Nova deployment. When this option is left as the default or set to False, Nova will use the legacy counting method to count quota usage for instances, cores, and ram from its cell databases.
Note that quota usage behavior related to resizes will be affected if this option is set to True. Placement resource allocations are claimed on the destination while holding allocations on the source during a resize, until the resize is confirmed or reverted. During this time, when the server is in VERIFY_RESIZE state, quota usage will reflect resource consumption on both the source and the destination. This can be beneficial as it reserves space for a revert of a downsize, but it also means quota usage will be inflated until a resize is confirmed or reverted.
Behavior will also be different for unscheduled servers in ERROR state. A server in ERROR state that has never been scheduled to a compute host will not have placement allocations, so it will not consume quota usage for cores and ram.
Behavior will be different for servers in SHELVED_OFFLOADED state. A server in SHELVED_OFFLOADED state will not have placement allocations, so it will not consume quota usage for cores and ram. Note that because of this, it will be possible for a request to unshelve a server to be rejected if the user does not have enough quota available to support the cores and ram needed by the server to be unshelved.
The populate_queued_for_delete
and populate_user_id
online data
migrations must be completed before usage can be counted from placement. Until
the data migration is complete, the system will fall back to legacy quota usage
counting from cell databases depending on the result of an EXISTS database
query during each quota check, if this configuration option is set to True.
Operators who want to avoid the performance hit from the EXISTS queries should
wait to set this configuration option to True until after they have completed
their online data migrations via nova-manage db online_data_migrations
.
Options under this group enable and configure Remote Desktop Protocol ( RDP) related features.
This group is only relevant to Hyper-V users.
enabled
¶Type: | boolean |
---|---|
Default: | False |
Enable Remote Desktop Protocol (RDP) related features.
Hyper-V, unlike the majority of the hypervisors employed on Nova compute nodes, uses RDP instead of VNC and SPICE as a desktop sharing protocol to provide instance console access. This option enables RDP for graphical console access for virtual machines created by Hyper-V.
Note: RDP should only be enabled on compute nodes that support the Hyper-V virtualization platform.
Related options:
compute_driver
: Must be hyperv.html5_proxy_base_url
¶Type: | URI |
---|---|
Default: | http://127.0.0.1:6083/ |
The URL an end user would use to connect to the RDP HTML5 console proxy. The console proxy service is called with this token-embedded URL and establishes the connection to the proper instance.
An RDP HTML5 console proxy service will need to be configured to listen on the address configured here. Typically the console proxy service would be run on a controller node. The localhost address used as default would only work in a single node environment i.e. devstack.
An RDP HTML5 proxy allows a user to access via the web the text or graphical console of any Windows server or workstation using RDP. RDP HTML5 console proxy services include FreeRDP, wsgate. See https://github.com/FreeRDP/FreeRDP-WebConnect
Possible values:
<scheme>://<ip-address>:<port-number>/
The scheme must be identical to the scheme configured for the RDP HTML5
console proxy service. It is http
or https
.
The IP address must be identical to the address on which the RDP HTML5 console proxy service is listening.
The port must be identical to the port on which the RDP HTML5 console proxy service is listening.
Related options:
rdp.enabled
: Must be set to True
for html5_proxy_base_url
to be
effective.host
¶Type: | host address |
---|---|
Default: | <None> |
Debug host (IP or name) to connect to.
This command line parameter is used when you want to connect to a nova service via a debugger running on a different host.
Note that using the remote debug option changes how nova uses the eventlet library to support async IO. This could result in failures that do not occur under normal operation. Use at your own risk.
Possible Values:
IP address of a remote host as a command line parameter to a nova service. For example:
nova-compute --config-file /etc/nova/nova.conf --remote_debug-host <IP address of the debugger>
port
¶Type: | port number |
---|---|
Default: | <None> |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Debug port to connect to.
This command line parameter allows you to specify the port you want to use to connect to a nova service via a debugger running on different host.
Note that using the remote debug option changes how nova uses the eventlet library to support async IO. This could result in failures that do not occur under normal operation. Use at your own risk.
Possible Values:
Port number you want to use as a command line parameter to a nova service. For example:
nova-compute --config-file /etc/nova/nova.conf --remote_debug-host <IP address of the debugger> --remote_debug-port <port debugger is listening on>.
driver
¶Type: | string |
---|---|
Default: | filter_scheduler |
The class of the driver used by the scheduler. This should be chosen from one of the entrypoints under the namespace ‘nova.scheduler.driver’ of file ‘setup.cfg’. If nothing is specified in this option, the ‘filter_scheduler’ is used.
Possible values:
setup.cfg
file.Related options:
Group | Name |
---|---|
DEFAULT | scheduler_driver |
Warning
This option is deprecated for removal since 21.0.0. Its value may be silently ignored in the future.
Reason: | nova no longer provides any in-tree filters except for the ‘filter_scheduler’ scheduler. This filter is considered flexible and pluggable enough for all use cases and can be extended through the use of custom, out-of-tree filters and weighers along with powerful, in-tree filters like the ‘AggregateInstanceExtraSpecsFilter’ and ‘ComputeCapabilitiesFilter’ filters. |
---|
periodic_task_interval
¶Type: | integer |
---|---|
Default: | 60 |
Periodic task interval.
This value controls how often (in seconds) to run periodic tasks in the scheduler. The specific tasks that are run for each period are determined by the particular scheduler being used. Currently there are no in-tree scheduler driver that use this option.
If this is larger than the nova-service ‘service_down_time’ setting, the ComputeFilter (if enabled) may think the compute service is down. As each scheduler can work a little differently than the others, be sure to test this with your selected scheduler.
Possible values:
Related options:
nova-service service_down_time
max_attempts
¶Type: | integer |
---|---|
Default: | 3 |
Minimum Value: | 1 |
This is the maximum number of attempts that will be made for a given instance build/move operation. It limits the number of alternate hosts returned by the scheduler. When that list of hosts is exhausted, a MaxRetriesExceeded exception is raised and the instance is set to an error state.
Possible values:
Group | Name |
---|---|
DEFAULT | scheduler_max_attempts |
discover_hosts_in_cells_interval
¶Type: | integer |
---|---|
Default: | -1 |
Minimum Value: | -1 |
Periodic task interval.
This value controls how often (in seconds) the scheduler should attempt to discover new hosts that have been added to cells. If negative (the default), no automatic discovery will occur.
Deployments where compute nodes come and go frequently may want this enabled, where others may prefer to manually discover hosts when one is added to avoid any overhead from constantly checking. If enabled, every time this runs, we will select any unmapped hosts out of each cell database on every run.
max_placement_results
¶Type: | integer |
---|---|
Default: | 1000 |
Minimum Value: | 1 |
This setting determines the maximum limit on results received from the placement service during a scheduling operation. It effectively limits the number of hosts that may be considered for scheduling requests that match a large number of candidates.
A value of 1 (the minimum) will effectively defer scheduling to the placement service strictly on “will it fit” grounds. A higher value will put an upper cap on the number of results the scheduler will consider during the filtering and weighing process. Large deployments may need to set this lower than the total number of hosts available to limit memory consumption, network traffic, etc. of the scheduler.
This option is only used by the FilterScheduler; if you use a different scheduler, this option has no effect.
workers
¶Type: | integer |
---|---|
Default: | <None> |
Minimum Value: | 0 |
Number of workers for the nova-scheduler service. The default will be the number of CPUs available if using the “filter_scheduler” scheduler driver, otherwise the default will be 1.
limit_tenants_to_placement_aggregate
¶Type: | boolean |
---|---|
Default: | False |
This setting causes the scheduler to look up a host aggregate with the metadata key of filter_tenant_id set to the project of an incoming request, and request results from placement be limited to that aggregate. Multiple tenants may be added to a single aggregate by appending a serial number to the key, such as filter_tenant_id:123.
The matching aggregate UUID must be mirrored in placement for proper operation. If no host aggregate with the tenant id is found, or that aggregate does not match one in placement, the result will be the same as not finding any suitable hosts for the request.
See also the placement_aggregate_required_for_tenants option.
placement_aggregate_required_for_tenants
¶Type: | boolean |
---|---|
Default: | False |
This setting, when limit_tenants_to_placement_aggregate=True, will control whether or not a tenant with no aggregate affinity will be allowed to schedule to any available node. If aggregates are used to limit some tenants but not all, then this should be False. If all tenants should be confined via aggregate, then this should be True to prevent them from receiving unrestricted scheduling to any available node.
See also the limit_tenants_to_placement_aggregate option.
query_placement_for_availability_zone
¶Type: | boolean |
---|---|
Default: | False |
This setting causes the scheduler to look up a host aggregate with the metadata key of availability_zone set to the value provided by an incoming request, and request results from placement be limited to that aggregate.
The matching aggregate UUID must be mirrored in placement for proper operation. If no host aggregate with the availability_zone key is found, or that aggregate does not match one in placement, the result will be the same as not finding any suitable hosts.
Note that if you enable this flag, you can disable the (less efficient) AvailabilityZoneFilter in the scheduler.
query_placement_for_image_type_support
¶Type: | boolean |
---|---|
Default: | False |
This setting causes the scheduler to ask placement only for compute
hosts that support the disk_format
of the image used in the request.
enable_isolated_aggregate_filtering
¶Type: | boolean |
---|---|
Default: | False |
This setting allows the scheduler to restrict hosts in aggregates based on
matching required traits in the aggregate metadata and the instance
flavor/image. If an aggregate is configured with a property with key
trait:$TRAIT_NAME
and value required
, the instance flavor extra_specs
and/or image metadata must also contain trait:$TRAIT_NAME=required
to be
eligible to be scheduled to hosts in that aggregate. More technical details
at https://docs.openstack.org/nova/latest/reference/isolate-aggregates.html
image_metadata_prefilter
¶Type: | boolean |
---|---|
Default: | False |
This setting causes the scheduler to transform well known image metadata properties into placement required traits to filter host based on image metadata. This feature requires host support and is currently supported by the following compute drivers:
libvirt.LibvirtDriver
(since Ussuri (21.0.0))The serial console feature allows you to connect to a guest in case a graphical console like VNC, RDP or SPICE is not available. This is only currently supported for the libvirt, Ironic and hyper-v drivers.
enabled
¶Type: | boolean |
---|---|
Default: | False |
Enable the serial console feature.
In order to use this feature, the service nova-serialproxy
needs to run.
This service is typically executed on the controller node.
port_range
¶Type: | string |
---|---|
Default: | 10000:20000 |
A range of TCP ports a guest can use for its backend.
Each instance which gets created will use one port out of this range. If the range is not big enough to provide another port for an new instance, this instance won’t get launched.
Possible values:
^\d+:\d+$
For example
10000:20000
. Be sure that the first port number is lower than the second
port number and that both are in range from 0 to 65535.base_url
¶Type: | URI |
---|---|
Default: | ws://127.0.0.1:6083/ |
The URL an end user would use to connect to the nova-serialproxy
service.
The nova-serialproxy
service is called with this token enriched URL
and establishes the connection to the proper instance.
Related options:
nova-serialproxy
service is listening (see option serialproxy_host
in this section).serialproxy_port
of this
section.wss://
instead of the unsecured ws://
. The options cert
and key
in the [DEFAULT]
section have to be set for that.proxyclient_address
¶Type: | string |
---|---|
Default: | 127.0.0.1 |
The IP address to which proxy clients (like nova-serialproxy
) should
connect to get the serial console of an instance.
This is typically the IP address of the host of a nova-compute
service.
serialproxy_host
¶Type: | string |
---|---|
Default: | 0.0.0.0 |
The IP address which is used by the nova-serialproxy
service to listen
for incoming requests.
The nova-serialproxy
service listens on this IP address for incoming
connection requests to instances which expose serial console.
Related options:
base_url
of this section or use 0.0.0.0
to listen on all addresses.serialproxy_port
¶Type: | port number |
---|---|
Default: | 6083 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
The port number which is used by the nova-serialproxy
service to listen
for incoming requests.
The nova-serialproxy
service listens on this port number for incoming
connection requests to instances which expose serial console.
Related options:
base_url
of this section.Configuration options for service to service authentication using a service token. These options allow sending a service token along with the user’s token when contacting external REST APIs.
send_service_user_token
¶Type: | boolean |
---|---|
Default: | False |
When True, if sending a user token to a REST API, also send a service token.
Nova often reuses the user token provided to the nova-api to talk to other REST APIs, such as Cinder, Glance and Neutron. It is possible that while the user token was valid when the request was made to Nova, the token may expire before it reaches the other service. To avoid any failures, and to make it clear it is Nova calling the service on the user’s behalf, we include a service token along with the user token. Should the user’s token have expired, a valid service token ensures the REST API request will still be accepted by the keystone middleware.
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
service_user | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
auth_url
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication URL
system_scope
¶Type: | unknown type |
---|---|
Default: | <None> |
Scope for system operations
domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID to scope to
domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name to scope to
project_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Project ID to scope to
project_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Project name to scope to
project_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID containing project
project_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name containing project
trust_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Trust ID
default_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
default_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
user_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User ID
username
¶Type: | unknown type |
---|---|
Default: | <None> |
Username
Group | Name |
---|---|
service_user | user-name |
service_user | user_name |
user_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain id
user_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain name
password
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s password
tenant_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant ID
tenant_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant Name
SPICE console feature allows you to connect to a guest virtual machine. SPICE is a replacement for fairly limited VNC protocol.
Following requirements must be met in order to use SPICE:
enabled
¶Type: | boolean |
---|---|
Default: | False |
Enable SPICE related features.
Related options:
agent_enabled
¶Type: | boolean |
---|---|
Default: | True |
Enable the SPICE guest agent support on the instances.
The Spice agent works with the Spice protocol to offer a better guest console experience. However, the Spice console can still be used without the Spice Agent. With the Spice agent installed the following features are enabled:
html5proxy_base_url
¶Type: | URI |
---|---|
Default: | http://127.0.0.1:6082/spice_auto.html |
Location of the SPICE HTML5 console proxy.
End user would use this URL to connect to the nova-spicehtml5proxy` service. This service will forward request to the console of an instance.
In order to use SPICE console, the service nova-spicehtml5proxy
should be
running. This service is typically launched on the controller node.
Possible values:
http://host:port/spice_auto.html
where host is the node running nova-spicehtml5proxy
and the port is
typically 6082. Consider not using default value as it is not well defined
for any real deployment.Related options:
html5proxy_host
and html5proxy_port
options.
The access URL returned by the compute node must have the host
and port where the nova-spicehtml5proxy
service is listening.server_listen
¶Type: | string |
---|---|
Default: | 127.0.0.1 |
The address where the SPICE server running on the instances should listen.
Typically, the nova-spicehtml5proxy
proxy client runs on the controller
node and connects over the private network to this address on the compute
node(s).
Possible values:
server_proxyclient_address
¶Type: | string |
---|---|
Default: | 127.0.0.1 |
The address used by nova-spicehtml5proxy
client to connect to instance
console.
Typically, the nova-spicehtml5proxy
proxy client runs on the
controller node and connects over the private network to this address on the
compute node(s).
Possible values:
Related options:
server_listen
option.
The proxy client must be able to access the address specified in
server_listen
using the value of this option.html5proxy_host
¶Type: | host address |
---|---|
Default: | 0.0.0.0 |
IP address or a hostname on which the nova-spicehtml5proxy
service
listens for incoming requests.
Related options:
html5proxy_base_url
option.
The nova-spicehtml5proxy
service must be listening on a host that is
accessible from the HTML5 client.html5proxy_port
¶Type: | port number |
---|---|
Default: | 6082 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Port on which the nova-spicehtml5proxy
service listens for incoming
requests.
Related options:
html5proxy_base_url
option.
The nova-spicehtml5proxy
service must be listening on a port that is
accessible from the HTML5 client.upgrade_levels options are used to set version cap for RPC messages sent between different nova services.
By default all services send messages using the latest version they know about.
The compute upgrade level is an important part of rolling upgrades where old and new nova-compute services run side by side.
The other options can largely be ignored, and are only kept to help with a possible future backport issue.
compute
¶Type: | string |
---|---|
Default: | <None> |
Compute RPC API version cap.
By default, we always send messages using the most recent version the client knows about.
Where you have old and new compute services running, you should set this to the lowest deployed version. This is to guarantee that all services never send messages that one of the compute nodes can’t understand. Note that we only support upgrading from release N to release N+1.
Set this option to “auto” if you want to let the compute RPC module automatically determine what version to use based on the service versions in the deployment.
Possible values:
cert
¶Type: | string |
---|---|
Default: | <None> |
Cert RPC API version cap.
Possible values:
Warning
This option is deprecated for removal since 18.0.0. Its value may be silently ignored in the future.
Reason: | The nova-cert service was removed in 16.0.0 (Pike) so this option is no longer used. |
---|
scheduler
¶Type: | string |
---|---|
Default: | <None> |
Scheduler RPC API version cap.
Possible values:
conductor
¶Type: | string |
---|---|
Default: | <None> |
Conductor RPC API version cap.
Possible values:
baseapi
¶Type: | string |
---|---|
Default: | <None> |
Base API RPC API version cap.
Possible values:
root_token_id
¶Type: | string |
---|---|
Default: | <None> |
root token for vault
approle_role_id
¶Type: | string |
---|---|
Default: | <None> |
AppRole role_id for authentication with vault
approle_secret_id
¶Type: | string |
---|---|
Default: | <None> |
AppRole secret_id for authentication with vault
kv_mountpoint
¶Type: | string |
---|---|
Default: | secret |
Mountpoint of KV store in Vault to use, for example: secret
kv_version
¶Type: | integer |
---|---|
Default: | 2 |
Version of KV store in Vault to use, for example: 2
vault_url
¶Type: | string |
---|---|
Default: | http://127.0.0.1:8200 |
Use this endpoint to connect to Vault, for example: “http://127.0.0.1:8200”
ssl_ca_crt_file
¶Type: | string |
---|---|
Default: | <None> |
Absolute path to ca cert file
use_ssl
¶Type: | boolean |
---|---|
Default: | False |
SSL Enabled/Disabled
Options within this group control the authentication of the vendordata subsystem of the metadata API server (and config drive) with external systems.
cafile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate cert file
keyfile
¶Type: | string |
---|---|
Default: | <None> |
PEM encoded client certificate key file
insecure
¶Type: | boolean |
---|---|
Default: | False |
Verify HTTPS connections.
timeout
¶Type: | integer |
---|---|
Default: | <None> |
Timeout value for http requests
collect_timing
¶Type: | boolean |
---|---|
Default: | False |
Collect per-API call timing information.
split_loggers
¶Type: | boolean |
---|---|
Default: | False |
Log requests to multiple loggers.
auth_type
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication type to load
Group | Name |
---|---|
vendordata_dynamic_auth | auth_plugin |
auth_section
¶Type: | unknown type |
---|---|
Default: | <None> |
Config Section from which to load plugin specific options
auth_url
¶Type: | unknown type |
---|---|
Default: | <None> |
Authentication URL
system_scope
¶Type: | unknown type |
---|---|
Default: | <None> |
Scope for system operations
domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID to scope to
domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name to scope to
project_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Project ID to scope to
project_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Project name to scope to
project_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain ID containing project
project_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Domain name containing project
trust_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Trust ID
default_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
default_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
user_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User ID
username
¶Type: | unknown type |
---|---|
Default: | <None> |
Username
Group | Name |
---|---|
vendordata_dynamic_auth | user-name |
vendordata_dynamic_auth | user_name |
user_domain_id
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain id
user_domain_name
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s domain name
password
¶Type: | unknown type |
---|---|
Default: | <None> |
User’s password
tenant_id
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant ID
tenant_name
¶Type: | unknown type |
---|---|
Default: | <None> |
Tenant Name
Related options: Following options must be set in order to launch VMware-based virtual machines.
integration_bridge
¶Type: | string |
---|---|
Default: | <None> |
This option should be configured only when using the NSX-MH Neutron plugin. This is the name of the integration bridge on the ESXi server or host. This should not be set for any other Neutron plugin. Hence the default value is not set.
Possible values:
console_delay_seconds
¶Type: | integer |
---|---|
Default: | <None> |
Minimum Value: | 0 |
Set this value if affected by an increased network latency causing repeated characters when typing in a remote console.
serial_port_service_uri
¶Type: | string |
---|---|
Default: | <None> |
Identifies the remote system where the serial port traffic will be sent.
This option adds a virtual serial port which sends console output to a configurable service URI. At the service URI address there will be virtual serial port concentrator that will collect console logs. If this is not set, no serial ports will be added to the created VMs.
Possible values:
serial_port_proxy_uri
¶Type: | URI |
---|---|
Default: | <None> |
Identifies a proxy service that provides network access to the serial_port_service_uri.
Possible values:
Related options: This option is ignored if serial_port_service_uri is not specified. * serial_port_service_uri
serial_log_dir
¶Type: | string |
---|---|
Default: | /opt/vmware/vspc |
Specifies the directory where the Virtual Serial Port Concentrator is storing console log files. It should match the ‘serial_log_dir’ config value of VSPC.
host_ip
¶Type: | host address |
---|---|
Default: | <None> |
Hostname or IP address for connection to VMware vCenter host.
host_port
¶Type: | port number |
---|---|
Default: | 443 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Port for connection to VMware vCenter host.
host_username
¶Type: | string |
---|---|
Default: | <None> |
Username for connection to VMware vCenter host.
host_password
¶Type: | string |
---|---|
Default: | <None> |
Password for connection to VMware vCenter host.
ca_file
¶Type: | string |
---|---|
Default: | <None> |
Specifies the CA bundle file to be used in verifying the vCenter server certificate.
insecure
¶Type: | boolean |
---|---|
Default: | False |
If true, the vCenter server certificate is not verified. If false, then the default CA truststore is used for verification.
Related options: * ca_file: This option is ignored if “ca_file” is set.
cluster_name
¶Type: | string |
---|---|
Default: | <None> |
Name of a VMware Cluster ComputeResource.
datastore_regex
¶Type: | string |
---|---|
Default: | <None> |
Regular expression pattern to match the name of datastore.
The datastore_regex setting specifies the datastores to use with Compute. For example, datastore_regex=”nas.*” selects all the data stores that have a name starting with “nas”.
NOTE: If no regex is given, it just picks the datastore with the most freespace.
Possible values:
task_poll_interval
¶Type: | floating point |
---|---|
Default: | 0.5 |
Time interval in seconds to poll remote tasks invoked on VMware VC server.
api_retry_count
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 0 |
Number of times VMware vCenter server API must be retried on connection failures, e.g. socket error, etc.
vnc_port
¶Type: | port number |
---|---|
Default: | 5900 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
This option specifies VNC starting port.
Every VM created by ESX host has an option of enabling VNC client for remote connection. Above option ‘vnc_port’ helps you to set default starting port for the VNC client.
Possible values:
Related options: Below options should be set to enable VNC client. * vnc.enabled = True * vnc_port_total
vnc_port_total
¶Type: | integer |
---|---|
Default: | 10000 |
Minimum Value: | 0 |
Total number of VNC ports.
vnc_keymap
¶Type: | string |
---|---|
Default: | en-us |
Keymap for VNC.
The keyboard mapping (keymap) determines which keyboard layout a VNC session should use by default.
Possible values:
use_linked_clone
¶Type: | boolean |
---|---|
Default: | True |
This option enables/disables the use of linked clone.
The ESX hypervisor requires a copy of the VMDK file in order to boot up a virtual machine. The compute driver must download the VMDK via HTTP from the OpenStack Image service to a datastore that is visible to the hypervisor and cache it. Subsequent virtual machines that need the VMDK use the cached version and don’t have to copy the file again from the OpenStack Image service.
If set to false, even with a cached VMDK, there is still a copy operation from the cache location to the hypervisor file directory in the shared datastore. If set to true, the above copy operation is avoided as it creates copy of the virtual machine that shares virtual disks with its parent VM.
connection_pool_size
¶Type: | integer |
---|---|
Default: | 10 |
Minimum Value: | 10 |
This option sets the http connection pool size
The connection pool size is the maximum number of connections from nova to vSphere. It should only be increased if there are warnings indicating that the connection pool is full, otherwise, the default should suffice.
pbm_enabled
¶Type: | boolean |
---|---|
Default: | False |
This option enables or disables storage policy based placement of instances.
Related options:
pbm_wsdl_location
¶Type: | string |
---|---|
Default: | <None> |
This option specifies the PBM service WSDL file location URL.
Setting this will disable storage policy based placement of instances.
Possible values:
pbm_default_policy
¶Type: | string |
---|---|
Default: | <None> |
This option specifies the default policy to be used.
If pbm_enabled is set and there is no defined storage policy for the specific request, then this policy will be used.
Possible values:
Related options:
maximum_objects
¶Type: | integer |
---|---|
Default: | 100 |
Minimum Value: | 0 |
This option specifies the limit on the maximum number of objects to return in a single result.
A positive value will cause the operation to suspend the retrieval when the count of objects reaches the specified limit. The server may still limit the count to something less than the configured value. Any remaining objects may be retrieved with additional requests.
cache_prefix
¶Type: | string |
---|---|
Default: | <None> |
This option adds a prefix to the folder where cached images are stored
This is not the full path - just a folder prefix. This should only be used when a datastore cache is shared between compute nodes.
Note: This should only be used when the compute nodes are running on same host or they have a shared file system.
Possible values:
Virtual Network Computer (VNC) can be used to provide remote desktop console access to instances for tenants and/or administrators.
enabled
¶Type: | boolean |
---|---|
Default: | True |
Enable VNC related features.
Guests will get created with graphical devices to support this. Clients (for example Horizon) can then establish a VNC connection to the guest.
Group | Name |
---|---|
DEFAULT | vnc_enabled |
server_listen
¶Type: | host address |
---|---|
Default: | 127.0.0.1 |
The IP address or hostname on which an instance should listen to for incoming VNC connection requests on this node.
Group | Name |
---|---|
DEFAULT | vncserver_listen |
vnc | vncserver_listen |
server_proxyclient_address
¶Type: | host address |
---|---|
Default: | 127.0.0.1 |
Private, internal IP address or hostname of VNC console proxy.
The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients.
This option sets the private address to which proxy clients, such as
nova-novncproxy
, should connect to.
Group | Name |
---|---|
DEFAULT | vncserver_proxyclient_address |
vnc | vncserver_proxyclient_address |
novncproxy_base_url
¶Type: | URI |
---|---|
Default: | http://127.0.0.1:6080/vnc_auto.html |
Public address of noVNC VNC console proxy.
The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients. noVNC provides VNC support through a websocket-based client.
This option sets the public base URL to which client systems will connect. noVNC clients can use this address to connect to the noVNC instance and, by extension, the VNC sessions.
If using noVNC >= 1.0.0, you should use vnc_lite.html
instead of
vnc_auto.html
.
Related options:
Group | Name |
---|---|
DEFAULT | novncproxy_base_url |
novncproxy_host
¶Type: | string |
---|---|
Default: | 0.0.0.0 |
IP address that the noVNC console proxy should bind to.
The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients. noVNC provides VNC support through a websocket-based client.
This option sets the private address to which the noVNC console proxy service should bind to.
Related options:
Group | Name |
---|---|
DEFAULT | novncproxy_host |
novncproxy_port
¶Type: | port number |
---|---|
Default: | 6080 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Port that the noVNC console proxy should bind to.
The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients. noVNC provides VNC support through a websocket-based client.
This option sets the private port to which the noVNC console proxy service should bind to.
Related options:
Group | Name |
---|---|
DEFAULT | novncproxy_port |
auth_schemes
¶Type: | list |
---|---|
Default: | ['none'] |
The authentication schemes to use with the compute node.
Control what RFB authentication schemes are permitted for connections between the proxy and the compute host. If multiple schemes are enabled, the first matching scheme will be used, thus the strongest schemes should be listed first.
Related options:
[vnc]vencrypt_client_key
, [vnc]vencrypt_client_cert
: must also be setvencrypt_client_key
¶Type: | string |
---|---|
Default: | <None> |
The path to the client certificate PEM file (for x509)
The fully qualified path to a PEM file containing the private key which the VNC proxy server presents to the compute node during VNC authentication.
Related options:
vnc.auth_schemes
: must include vencrypt
vnc.vencrypt_client_cert
: must also be setvencrypt_client_cert
¶Type: | string |
---|---|
Default: | <None> |
The path to the client key file (for x509)
The fully qualified path to a PEM file containing the x509 certificate which the VNC proxy server presents to the compute node during VNC authentication.
Realted options:
vnc.auth_schemes
: must include vencrypt
vnc.vencrypt_client_key
: must also be setvencrypt_ca_certs
¶Type: | string |
---|---|
Default: | <None> |
The path to the CA certificate PEM file
The fully qualified path to a PEM file containing one or more x509 certificates for the certificate authorities used by the compute node VNC server.
Related options:
vnc.auth_schemes
: must include vencrypt
A collection of workarounds used to mitigate bugs or issues found in system tools (e.g. Libvirt or QEMU) or Nova itself under certain conditions. These should only be enabled in exceptional circumstances. All options are linked against bug IDs, where more information on the issue can be found.
disable_rootwrap
¶Type: | boolean |
---|---|
Default: | False |
Use sudo instead of rootwrap.
Allow fallback to sudo for performance reasons.
For more information, refer to the bug report:
Possible values:
Interdependencies to other options:
disable_libvirt_livesnapshot
¶Type: | boolean |
---|---|
Default: | False |
Disable live snapshots when using the libvirt driver.
Live snapshots allow the snapshot of the disk to happen without an interruption to the guest, using coordination with a guest agent to quiesce the filesystem.
When using libvirt 1.2.2 live snapshots fail intermittently under load (likely related to concurrent libvirt/qemu operations). This config option provides a mechanism to disable live snapshot, in favor of cold snapshot, while this is resolved. Cold snapshot causes an instance outage while the guest is going through the snapshotting process.
For more information, refer to the bug report:
Possible values:
Warning
This option is deprecated for removal since 19.0.0. Its value may be silently ignored in the future.
Reason: | This option was added to work around issues with libvirt 1.2.2. We no longer support this version of libvirt, which means this workaround is no longer necessary. It will be removed in a future release. |
---|
handle_virt_lifecycle_events
¶Type: | boolean |
---|---|
Default: | True |
Enable handling of events emitted from compute drivers.
Many compute drivers emit lifecycle events, which are events that occur when, for example, an instance is starting or stopping. If the instance is going through task state changes due to an API operation, like resize, the events are ignored.
This is an advanced feature which allows the hypervisor to signal to the compute service that an unexpected state change has occurred in an instance and that the instance can be shutdown automatically. Unfortunately, this can race in some conditions, for example in reboot operations or when the compute service or when host is rebooted (planned or due to an outage). If such races are common, then it is advisable to disable this feature.
Care should be taken when this feature is disabled and ‘sync_power_state_interval’ is set to a negative value. In this case, any instances that get out of sync between the hypervisor and the Nova database will have to be synchronized manually.
For more information, refer to the bug report: https://bugs.launchpad.net/bugs/1444630
Interdependencies to other options:
sync_power_state_interval
is negative and this feature is disabled,
then instances that get out of sync between the hypervisor and the Nova
database will have to be synchronized manually.disable_group_policy_check_upcall
¶Type: | boolean |
---|---|
Default: | False |
Disable the server group policy check upcall in compute.
In order to detect races with server group affinity policy, the compute service attempts to validate that the policy was not violated by the scheduler. It does this by making an upcall to the API database to list the instances in the server group for one that it is booting, which violates our api/cell isolation goals. Eventually this will be solved by proper affinity guarantees in the scheduler and placement service, but until then, this late check is needed to ensure proper affinity policy.
Operators that desire api/cell isolation over this check should enable this flag, which will avoid making that upcall from compute.
Related options:
enable_numa_live_migration
¶Type: | boolean |
---|---|
Default: | False |
Enable live migration of instances with NUMA topologies.
Live migration of instances with NUMA topologies when using the libvirt driver is only supported in deployments that have been fully upgraded to Train. In previous versions, or in mixed Stein/Train deployments with a rolling upgrade in progress, live migration of instances with NUMA topologies is disabled by default when using the libvirt driver. This includes live migration of instances with CPU pinning or hugepages. CPU pinning and huge page information for such instances is not currently re-calculated, as noted in bug #1289064. This means that if instances were already present on the destination host, the migrated instance could be placed on the same dedicated cores as these instances or use hugepages allocated for another instance. Alternately, if the host platforms were not homogeneous, the instance could be assigned to non-existent cores or be inadvertently split across host NUMA nodes.
Despite these known issues, there may be cases where live migration is necessary. By enabling this option, operators that are aware of the issues and are willing to manually work around them can enable live migration support for these instances.
Related options:
compute_driver
: Only the libvirt driver is affected.Warning
This option is deprecated for removal since 20.0.0. Its value may be silently ignored in the future.
Reason: | This option was added to mitigate known issues when live migrating instances with a NUMA topology with the libvirt driver. Those issues are resolved in Train. Clouds using the libvirt driver and fully upgraded to Train support NUMA-aware live migration. This option will be removed in a future release. |
---|
ensure_libvirt_rbd_instance_dir_cleanup
¶Type: | boolean |
---|---|
Default: | False |
Ensure the instance directory is removed during clean up when using rbd.
When enabled this workaround will ensure that the instance directory is always
removed during cleanup on hosts using [libvirt]/images_type=rbd
. This
avoids the following bugs with evacuation and revert resize clean up that lead
to the instance directory remaining on the host:
https://bugs.launchpad.net/nova/+bug/1414895
https://bugs.launchpad.net/nova/+bug/1761062
Both of these bugs can then result in DestinationDiskExists
errors being
raised if the instances ever attempt to return to the host.
Warning
Operators will need to ensure that the instance directory itself,
specified by [DEFAULT]/instances_path
, is not shared between computes
before enabling this workaround otherwise the console.log, kernels, ramdisks
and any additional files being used by the running instance will be lost.
Related options:
compute_driver
(libvirt)[libvirt]/images_type
(rbd)instances_path
disable_fallback_pcpu_query
¶Type: | boolean |
---|---|
Default: | False |
Disable fallback request for VCPU allocations when using pinned instances.
Starting in Train, compute nodes using the libvirt virt driver can report
PCPU
inventory and will use this for pinned instances. The scheduler will
automatically translate requests using the legacy CPU pinning-related flavor
extra specs, hw:cpu_policy
and hw:cpu_thread_policy
, their image
metadata property equivalents, and the emulator threads pinning flavor extra
spec, hw:emulator_threads_policy
, to new placement requests. However,
compute nodes require additional configuration in order to report PCPU
inventory and this configuration may not be present immediately after an
upgrade. To ensure pinned instances can be created without this additional
configuration, the scheduler will make a second request to placement for
old-style VCPU
-based allocations and fallback to these allocation
candidates if necessary. This has a slight performance impact and is not
necessary on new or upgraded deployments where the new configuration has been
set on all hosts. By setting this option, the second lookup is disabled and the
scheduler will only request PCPU
-based allocations.
Warning
This option is deprecated for removal since 20.0.0. Its value may be silently ignored in the future.
never_download_image_if_on_rbd
¶Type: | boolean |
---|---|
Default: | False |
When booting from an image on a ceph-backed compute node, if the image does not already reside on the ceph cluster (as would be the case if glance is also using the same cluster), nova will download the image from glance and upload it to ceph itself. If using multiple ceph clusters, this may cause nova to unintentionally duplicate the image in a non-COW-able way in the local ceph deployment, wasting space.
For more information, refer to the bug report:
https://bugs.launchpad.net/nova/+bug/1858877
Enabling this option will cause nova to refuse to boot an instance if it would require downloading the image from glance and uploading it to ceph itself.
Related options:
compute_driver
(libvirt)[libvirt]/images_type
(rbd)disable_native_luksv1
¶Type: | boolean |
---|---|
Default: | False |
When attaching encrypted LUKSv1 Cinder volumes to instances the Libvirt driver configures the encrypted disks to be natively decrypted by QEMU.
A performance issue has been discovered in the libgcrypt library used by QEMU that serverly limits the I/O performance in this scenario.
For more information please refer to the following bug report:
RFE: hardware accelerated AES-XTS mode https://bugzilla.redhat.com/show_bug.cgi?id=1762765
Enabling this workaround option will cause Nova to use the legacy dm-crypt based os-brick encryptor to decrypt the LUKSv1 volume.
Note that enabling this option while using volumes that do not provide a host
block device such as Ceph will result in a failure to boot from or attach the
volume to an instance. See the [workarounds]/rbd_block_device
option for a
way to avoid this for RBD.
Related options:
compute_driver
(libvirt)rbd_block_device
(workarounds)rbd_volume_local_attach
¶Type: | boolean |
---|---|
Default: | False |
Attach RBD Cinder volumes to the compute as host block devices.
When enabled this option instructs os-brick to connect RBD volumes locally on the compute host as block devices instead of natively through QEMU.
This workaround does not currently support extending attached volumes.
This can be used with the disable_native_luksv1 workaround configuration option to avoid the recently discovered performance issues found within the libgcrypt library.
This workaround is temporary and will be removed during the W release once all impacted distributions have been able to update their versions of the libgcrypt library.
Related options:
compute_driver
(libvirt)disable_qemu_native_luksv1
(workarounds)reserve_disk_resource_for_image_cache
¶Type: | boolean |
---|---|
Default: | False |
If it is set to True then the libvirt driver will reserve DISK_GB resource for
the images stored in the image cache. If the
DEFAULT.instances_path
is on different disk partition
than the image cache directory then the driver will not reserve resource for
the cache.
Such disk reservation is done by a periodic task in the resource tracker that
runs every update_resources_interval
seconds. So the
reservation is not updated immediately when an image is cached.
Related options:
wait_for_vif_plugged_event_during_hard_reboot
¶Type: | list |
---|---|
Default: | [] |
The libvirt virt driver implements power on and hard reboot by tearing down every vif of the instance being rebooted then plug them again. By default nova does not wait for network-vif-plugged event from neutron before it lets the instance run. This can cause the instance to requests the IP via DHCP before the neutron backend has a chance to set up the networking backend after the vif plug.
This flag defines which vifs nova expects network-vif-plugged events from during hard reboot. The possible values are neutron port vnic types:
Adding a vnic_type
to this configuration makes Nova wait for a
network-vif-plugged event for each of the instance’s vifs having the specific
vnic_type
before unpausing the instance, similarly to how new instance
creation works.
Please note that not all neutron networking backends send plug time events, for
certain vnic_type
therefore this config is empty by default.
The ml2/ovs and the networking-odl backends are known to send plug time events
for ports with normal
vnic_type
so it is safe to add normal
to this
config if you are using only those backends in the compute host.
The neutron in-tree SRIOV backend does not reliably send network-vif-plugged
event during plug time for ports with direct
vnic_type and never sends
that event for port with direct-physical
vnic_type during plug time. For
other vnic_type
and backend pairs, please consult the developers of the
backend.
Related options:
Options under this group are used to configure WSGI (Web Server Gateway Interface). WSGI is used to serve API requests.
api_paste_config
¶Type: | string |
---|---|
Default: | api-paste.ini |
This option represents a file name for the paste.deploy config for nova-api.
Possible values:
Group | Name |
---|---|
DEFAULT | api_paste_config |
wsgi_log_format
¶Type: | string |
---|---|
Default: | %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f |
It represents a python format string that is used as the template to generate log lines. The following values can be formatted into it: client_ip, date_time, request_line, status_code, body_length, wall_seconds.
This option is used for building custom request loglines when running nova-api under eventlet. If used under uwsgi or apache, this option has no effect.
Possible values:
Group | Name |
---|---|
DEFAULT | wsgi_log_format |
Warning
This option is deprecated for removal since 16.0.0. Its value may be silently ignored in the future.
Reason: | This option only works when running nova-api under eventlet, and encodes very eventlet specific pieces of information. Starting in Pike the preferred model for running nova-api is under uwsgi or apache mod_wsgi. |
---|
secure_proxy_ssl_header
¶Type: | string |
---|---|
Default: | <None> |
This option specifies the HTTP header used to determine the protocol scheme for the original request, even if it was removed by a SSL terminating proxy.
Possible values:
HTTP_X_FORWARDED_PROTO
WARNING: Do not set this unless you know what you are doing.
Make sure ALL of the following are true before setting this (assuming the values from the example above):
If any of those are not true, you should keep this setting set to None.
Group | Name |
---|---|
DEFAULT | secure_proxy_ssl_header |
ssl_ca_file
¶Type: | string |
---|---|
Default: | <None> |
This option allows setting path to the CA certificate file that should be used to verify connecting clients.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | ssl_ca_file |
ssl_cert_file
¶Type: | string |
---|---|
Default: | <None> |
This option allows setting path to the SSL certificate of API server.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | ssl_cert_file |
ssl_key_file
¶Type: | string |
---|---|
Default: | <None> |
This option specifies the path to the file where SSL private key of API server is stored when SSL is in effect.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | ssl_key_file |
tcp_keepidle
¶Type: | integer |
---|---|
Default: | 600 |
Minimum Value: | 0 |
This option sets the value of TCP_KEEPIDLE in seconds for each server socket. It specifies the duration of time to keep connection active. TCP generates a KEEPALIVE transmission for an application that requests to keep connection active. Not supported on OS X.
Related options:
Group | Name |
---|---|
DEFAULT | tcp_keepidle |
default_pool_size
¶Type: | integer |
---|---|
Default: | 1000 |
Minimum Value: | 0 |
This option specifies the size of the pool of greenthreads used by wsgi. It is possible to limit the number of concurrent connections using this option.
Group | Name |
---|---|
DEFAULT | wsgi_default_pool_size |
max_header_line
¶Type: | integer |
---|---|
Default: | 16384 |
Minimum Value: | 0 |
This option specifies the maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs).
Since TCP is a stream based protocol, in order to reuse a connection, the HTTP has to have a way to indicate the end of the previous response and beginning of the next. Hence, in a keep_alive case, all messages must have a self-defined message length.
Group | Name |
---|---|
DEFAULT | max_header_line |
keep_alive
¶Type: | boolean |
---|---|
Default: | True |
This option allows using the same TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new one for every single request/response pair. HTTP keep-alive indicates HTTP connection reuse.
Possible values:
Related options:
Group | Name |
---|---|
DEFAULT | wsgi_keep_alive |
client_socket_timeout
¶Type: | integer |
---|---|
Default: | 900 |
Minimum Value: | 0 |
This option specifies the timeout for client connections’ socket operations. If an incoming connection is idle for this number of seconds it will be closed. It indicates timeout on individual read/writes on the socket connection. To wait forever set to 0.
Group | Name |
---|---|
DEFAULT | client_socket_timeout |
zvm options allows cloud administrator to configure related z/VM hypervisor driver to be used within an OpenStack deployment.
zVM options are used when the compute_driver is set to use zVM (compute_driver=zvm.ZVMDriver)
cloud_connector_url
¶Type: | URI |
---|---|
Default: | http://zvm.example.org:8080/ |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
URL to be used to communicate with z/VM Cloud Connector.
ca_file
¶Type: | string |
---|---|
Default: | <None> |
CA certificate file to be verified in httpd server with TLS enabled
A string, it must be a path to a CA bundle to use.
image_tmp_path
¶Type: | string |
---|---|
Default: | $state_path/images |
This option has a sample default set, which means that its actual default value may vary from the one documented above.
The path at which images will be stored (snapshot, deploy, etc).
Images used for deploy and images captured via snapshot need to be stored on the local disk of the compute host. This configuration identifies the directory location.
reachable_timeout
¶Type: | integer |
---|---|
Default: | 300 |
Timeout (seconds) to wait for an instance to start.
The z/VM driver relies on communication between the instance and cloud connector. After an instance is created, it must have enough time to wait for all the network info to be written into the user directory. The driver will keep rechecking network status to the instance with the timeout value, If setting network failed, it will notify the user that starting the instance failed and put the instance in ERROR state. The underlying z/VM guest will then be deleted.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.