2 # Show more verbose log output (sets INFO log level output)
6 # Show debugging output in logs (sets DEBUG log level output)
9 # Address to bind the API server
12 # Port the bind the API server to
15 # If `log_file` is omitted and `use_syslog` is false, then log messages are
16 # sent to stdout as a fallback.
17 log_file = /var/log/escalator/api.log
19 # Backlog requests when creating socket
22 # TCP_KEEPIDLE value in seconds when creating socket.
23 # Not supported on OS X.
26 # The number of child process workers that will be
27 # created to service API requests. The default will be
28 # equal to the number of CPUs available. (integer value)
31 # Maximum line size of message headers to be accepted.
32 # max_header_line may need to be increased when using large tokens
33 # (typically those generated by the Keystone v3 API with big service
35 # max_header_line = 16384
37 # Role used to identify an authenticated user as administrator
40 # Allow unauthenticated users to access the API with read-only
41 # privileges. This only applies when using ContextMiddleware.
42 #allow_anonymous_access = False
45 # Property Protections config file
46 # This file contains the rules for property protections and the roles/policies
48 # If this config value is not specified, by default, property protections
50 # If a value is specified and the file is not found, then the escalator-api
51 # service will not start.
52 #property_protection_file =
54 # Specify whether 'roles' or 'policies' are used in the
55 # property_protection_file.
56 # The default value for property_protection_rule_format is 'roles'.
57 #property_protection_rule_format = roles
59 # Public url to use for versions endpoint. The default is None,
60 # which will use the request's host_url attribute to populate the URL base.
61 # If Escalator is operating behind a proxy, you will want to change this to
62 # represent the proxy's URL.
63 #public_endpoint=<None>
65 # http_keepalive option. If False, server will return the header
66 # "Connection: close", If True, server will return "Connection: Keep-Alive"
67 # in its responses. In order to close the client socket connection
68 # explicitly after the response is sent and read successfully by the client,
69 # you simply have to set this option to False when you create a wsgi server.
70 #http_keepalive = True
72 # ================= Syslog Options ============================
74 # Send logs to syslog (/dev/log) instead of to file specified
78 # Facility to use. If unset defaults to LOG_USER.
79 #syslog_log_facility = LOG_LOCAL0
81 # ================= SSL Options ===============================
83 # Certificate file to use when starting API server securely
84 #cert_file = /path/to/certfile
86 # Private key file to use when starting API server securely
87 #key_file = /path/to/keyfile
89 # CA certificate file to use to verify connecting clients
90 #ca_file = /path/to/cafile
92 # ================= Security Options ==========================
94 # AES key for encrypting store 'location' metadata, including
95 # -- if used -- Swift or S3 credentials
96 # Should be set to a random string of length 16, 24 or 32 bytes
97 #metadata_encryption_key = <16, 24 or 32 char registry metadata key>
100 # Digest algorithm which will be used for digital signature, the default is
101 # sha1 in Kilo for a smooth upgrade process, and it will be updated with
102 # sha256 in next release(L). Use command
103 # "openssl list-message-digest-algorithms" to get the available algorithms
104 # supported by the version of OpenSSL on the platform. Examples are 'sha1',
105 # 'sha256', 'sha512', etc.
106 #digest_algorithm = sha1
110 # ============ Notification System Options =====================
112 # Driver or drivers to handle sending notifications. Set to
113 # 'messaging' to send notifications to a message queue.
114 # notification_driver = noop
116 # Default publisher_id for outgoing notifications.
117 # default_publisher_id = image.localhost
119 # List of disabled notifications. A notification can be given either as a
120 # notification type to disable a single event, or as a notification group
121 # prefix to disable all events within a group.
122 # Example: if this config option is set to
123 # ["image.create", "metadef_namespace"], then "image.create" notification will
124 # not be sent after image is created and none of the notifications for
125 # metadefinition namespaces will be sent.
126 # disabled_notifications = []
128 # Messaging driver used for 'messaging' notifications driver
129 # rpc_backend = 'rabbit'
131 # Configuration options if sending notifications via rabbitmq (these are
133 rabbit_host = localhost
135 rabbit_use_ssl = false
136 rabbit_userid = guest
137 rabbit_password = guest
138 rabbit_virtual_host = /
139 rabbit_notification_exchange = escalator
140 rabbit_notification_topic = notifications
141 rabbit_durable_queues = False
143 # Configuration options if sending notifications via Qpid (these are
145 qpid_notification_exchange = escalator
146 qpid_notification_topic = notifications
147 qpid_hostname = localhost
151 qpid_sasl_mechanisms =
152 qpid_reconnect_timeout = 0
153 qpid_reconnect_limit = 0
154 qpid_reconnect_interval_min = 0
155 qpid_reconnect_interval_max = 0
156 qpid_reconnect_interval = 0
158 # Set to 'ssl' to enable SSL
160 qpid_tcp_nodelay = True
162 # ============ Delayed Delete Options =============================
164 # Turn on/off delayed delete
165 delayed_delete = False
167 # Delayed delete time in seconds
170 # =============== Policy Options ==================================
173 # The JSON file that defines policies.
174 # Deprecated group/name - [DEFAULT]/policy_file
175 #policy_file = policy.json
177 # Default rule. Enforced when a requested rule is not found.
178 # Deprecated group/name - [DEFAULT]/policy_default_rule
179 #policy_default_rule = default
181 # Directories where policy configuration files are stored.
182 # They can be relative to any directory in the search path
183 # defined by the config_dir option, or absolute paths.
184 # The file defined by policy_file must exist for these
185 # directories to be searched.
186 # Deprecated group/name - [DEFAULT]/policy_dirs
187 #policy_dirs = policy.d
189 # =============== Database Options =================================
191 identity_uri = http://127.0.0.1:35357
192 admin_tenant_name = %SERVICE_TENANT_NAME%
193 admin_user = %SERVICE_USER%
194 admin_password = %SERVICE_PASSWORD%
195 revocation_cache_time = 10
198 # Partial name of a pipeline in your paste configuration file with the
199 # service name removed. For example, if your paste section name is
200 # [pipeline:escalator-api-keystone], you would configure the flavor below
205 # If False fully disable profiling feature.
209 # ============ Sheepdog Store Options =============================
211 sheepdog_store_address = localhost
213 sheepdog_store_port = 7000
215 # Images will be chunked into objects of this size (in megabytes).
216 # For best performance, this should be a power of two