from nova.compute import utils as compute_utils
from nova import context
from nova.i18n import _LI
from nova.network import linux_net
from nova import objects
from nova import utils
from nova.virt import netutils
LOG = logging.getLogger(__name__)
firewall_opts = [
cfg.StrOpt('firewall_driver',
help='Firewall driver '
'(defaults to hypervisor specific iptables driver)'),
cfg.BoolOpt('allow_same_net_traffic',
default=True,
help='Whether to allow network traffic from same network'),
]
CONF = cfg.CONF
CONF.register_opts(firewall_opts)
CONF.import_opt('use_ipv6', 'nova.netconf')
def load_driver(default, *args, **kwargs):
fw_class = importutils.import_class(CONF.firewall_driver or default)
return fw_class(*args, **kwargs)
class FirewallDriver(object):
"""Firewall Driver base class.
_CLI_OPTS = [
cfg.StrOpt('base',
short='b',
default='centos',
choices=BASE_OS_DISTRO,
help='The distro type of the base image.'),
cfg.StrOpt('base-tag', default='latest', help='The base distro image tag'),
cfg.StrOpt('base-image',
help='The base image name. Default is the same with base.'),
cfg.StrOpt('base-arch',
default=hostarch,
choices=BASE_ARCH,
help='The base architecture. Default is same as host.'),
cfg.BoolOpt('use-dumb-init',
default=True,
help='Use dumb-init as init system in containers'),
cfg.BoolOpt('debug',
short='d',
default=False,
help='Turn on debugging log level'),
cfg.BoolOpt('skip-parents',
default=False,
help='Do not rebuild parents of matched images'),
cfg.BoolOpt('skip-existing',
default=False,
help='Do not rebuild images present in the docker cache'),
cfg.DictOpt('build-args', help='Set docker build time variables'),
cfg.BoolOpt('keep',
default=False,
help='Keep failed intermediate containers'),
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
ServiceAvailableGroup = [
cfg.BoolOpt('trove',
default=True,
help="Whether or not Trove is expected to be available")
]
service_available_group = cfg.OptGroup(name='service_available',
title='Available OpenStack services')
database_group = cfg.OptGroup(name='database',
title='Database Service Options')
DatabaseGroup = [
cfg.StrOpt('catalog_type',
default='database',
help="Catalog type of the Database service."),
cfg.StrOpt('db_flavor_ref',
default="1",
from neutron_vpnaas.services.vpn import device_drivers
LOG = logging.getLogger(__name__)
TEMPLATE_PATH = os.path.dirname(os.path.abspath(__file__))
ipsec_opts = [
cfg.StrOpt('config_base_dir',
default='$state_path/ipsec',
help=_('Location to store ipsec server config files')),
cfg.IntOpt('ipsec_status_check_interval',
default=60,
help=_("Interval for checking ipsec status")),
cfg.BoolOpt('enable_detailed_logging',
default=False,
help=_("Enable detail logging for ipsec pluto process. "
"If the flag set to True, the detailed logging will "
"be written into config_base_dir/<pid>/log. "
"Note: This setting applies to OpenSwan and LibreSwan "
"only. StrongSwan logs to syslog.")),
]
cfg.CONF.register_opts(ipsec_opts, 'ipsec')
openswan_opts = [
cfg.StrOpt('ipsec_config_template',
default=os.path.join(TEMPLATE_PATH,
'template/openswan/ipsec.conf.template'),
help=_('Template file for ipsec configuration')),
cfg.StrOpt('ipsec_secret_template',
default=os.path.join(TEMPLATE_PATH,
'template/openswan/ipsec.secret.template'),
help=_('Template file for ipsec secret configuration'))
default=['$remote_db_ip:$remote_db_port'],
help=_('Remote DB cluster host:port pairs.')),
cfg.StrOpt('nb_db_class',
default='etcd_nb_db_driver',
help=_('The driver to use for the NB database')),
cfg.IPOpt('local_ip',
default='127.0.0.1',
help=_('Local host VTEP IP')),
cfg.IPOpt('management_ip',
default='127.0.0.1',
help=_('Local host management IP')),
cfg.ListOpt('tunnel_types',
default=['geneve', 'vxlan', 'gre'],
help=_("The encapsulation types for the tunnels")),
cfg.BoolOpt('enable_dpdk',
default=False,
help=_("Enable dpdk")),
cfg.ListOpt('apps_list',
default=['l2', 'l3_proactive', 'dhcp'],
help=_('List of openflow applications classes to load')),
cfg.StrOpt('integration_bridge', default='br-int',
help=_("Integration bridge to use. "
"Do not change this parameter unless you have a good "
"reason to. This is the name of the OVS integration "
"bridge. There is one per hypervisor. The integration "
"bridge acts as a virtual 'patch bay'. All VM VIFs are "
"attached to this bridge and then 'patched' according "
"to their network connectivity.")),
cfg.BoolOpt('use_centralized_ipv6_DHCP',
default=False,
help=_("Enable IPv6 DHCP by using DHCP agent")),
cfg.IntOpt('v6_allocation_attempts',
default=10,
help=_('Number of times to retry generating v6 addresses'
' before failure. Also implicitly controls how many'
' v6 addresses we assign to any port, as the random'
' values generated will be the same every time.')),
cfg.IntOpt("mac_address_retry_max",
default=20,
help=_("Number of times to attempt to allocate a new MAC"
" address before giving up.")),
cfg.IntOpt("ip_address_retry_max",
default=20,
help=_("Number of times to attempt to allocate a new IP"
" address before giving up.")),
cfg.BoolOpt("ipam_use_synchronization",
default=False,
help=_("Configures whether or not to use the experimental"
" semaphore logic around IPAM")),
cfg.BoolOpt("ipam_select_subnet_v6_locking",
default=True,
help=_("Controls whether or not SELECT ... FOR UPDATE is used"
" when retrieving v6 subnets explicitly."))
]
CONF.register_opts(quark_opts, "QUARK")
# NOTE(mdietz): equivalent to the following line, but converting
# v6 addresses in netaddr is very slow.
# netaddr.IPAddress("::0200:0:0:0").value
MAGIC_INT = 144115188075855872
from oslo_config import cfg
import six
from oslo_messaging._drivers import common as rpc_common
from oslo_messaging._drivers import pool
deprecated_durable_opts = [
cfg.DeprecatedOpt('amqp_durable_queues',
group='DEFAULT'),
cfg.DeprecatedOpt('rabbit_durable_queues',
group='DEFAULT')
]
amqp_opts = [
cfg.BoolOpt('amqp_durable_queues',
default=False,
deprecated_opts=deprecated_durable_opts,
help='Use durable queues in AMQP.'),
cfg.BoolOpt('amqp_auto_delete',
default=False,
deprecated_group='DEFAULT',
help='Auto-delete queues in AMQP.'),
cfg.BoolOpt('send_single_reply',
default=False,
help='Send a single AMQP reply to call message. The current '
'behaviour since oslo-incubator is to send two AMQP '
'replies - first one with the payload, a second one to '
'ensure the other have finish to send the payload. We '
'are going to remove it in the N release, but we must '
'keep backward compatible at the same time. This option '
'provides such compatibility - it defaults to False in '
'Liberty and can be turned on for early adopters with a '
_profiler_opt_group = cfg.OptGroup("profiler",
title="OpenStack cross-service profiling",
help="""
OSprofiler library allows to trace requests going through various OpenStack
services and create the accumulated report of what time was spent on each
request processing step.
""")
_enabled_opt = cfg.BoolOpt("enabled",
default=False,
deprecated_name="profiler_enabled",
help="""
Enable the profiling for all services on this node.
Default value is False (fully disable the profiling feature).
Possible values:
* True: Enables the feature
* False: Disables the feature. The profiling cannot be started via this project
operations. If the profiling is triggered by another project, this project
part will be empty.
""")
_trace_sqlalchemy_opt = cfg.BoolOpt("trace_sqlalchemy",
default=False,
help="""
Enable SQL requests profiling in services.
Default value is False (SQL requests won't be traced).
from oslo_config import cfg
from oslo_log import log as logging
from oslo_versionedobjects import exception as obj_exc
import six
import webob.exc
from webob.util import status_generic_reasons
from webob.util import status_reasons
from cinder.i18n import _
LOG = logging.getLogger(__name__)
exc_log_opts = [
cfg.BoolOpt('fatal_exception_format_errors',
default=False,
help='Make exception message format errors fatal.'),
]
CONF = cfg.CONF
CONF.register_opts(exc_log_opts)
class ConvertedException(webob.exc.WSGIHTTPException):
def __init__(self, code=500, title="", explanation=""):
self.code = code
# There is a strict rule about constructing status line for HTTP:
# '...Status-Line, consisting of the protocol version followed by a
# numeric status code and its associated textual phrase, with each
# element separated by SP characters'
# (http://www.faqs.org/rfcs/rfc2616.html)
from oslo_config import cfg
from magnum.conductor.handlers.common import cert_manager
from magnum.conductor import utils as conductor_utils
docker_opts = [
cfg.StrOpt('docker_remote_api_version',
default='1.20',
help='Docker remote api version. Override it according to '
'specific docker api version in your environment.'),
cfg.IntOpt('default_timeout',
default=60,
help='Default timeout in seconds for docker client '
'operations.'),
cfg.BoolOpt('api_insecure',
default=False,
help='If set, ignore any SSL validation issues'),
cfg.StrOpt('ca_file',
help='Location of CA certificates file for '
'securing docker api requests (tlscacert).'),
cfg.StrOpt('cert_file',
help='Location of TLS certificate file for '
'securing docker api requests (tlscert).'),
cfg.StrOpt('key_file',
help='Location of TLS private key file for '
'securing docker api requests (tlskey).'),
]
CONF = cfg.CONF
CONF.register_opts(docker_opts, 'docker')
cisco_zone_opts = [
cfg.StrOpt('cisco_fc_fabric_address',
default='',
help='Management IP of fabric'),
cfg.StrOpt('cisco_fc_fabric_user', default='', help='Fabric user ID'),
cfg.StrOpt('cisco_fc_fabric_password',
default='',
help='Password for user',
secret=True),
cfg.IntOpt('cisco_fc_fabric_port', default=22, help='Connecting port'),
cfg.StrOpt('cisco_zoning_policy',
default='initiator-target',
help='overridden zoning policy'),
cfg.BoolOpt('cisco_zone_activate',
default=True,
help='overridden zoning activation state'),
cfg.StrOpt('cisco_zone_name_prefix',
default=None,
help='overridden zone name prefix'),
cfg.StrOpt('cisco_zoning_vsan', default=None, help='VSAN of the Fabric'),
]
CONF = cfg.CONF
CONF.register_opts(cisco_zone_opts, 'CISCO_FABRIC_EXAMPLE')
def load_fabric_configurations(fabric_names):
fabric_configs = {}
for fabric_name in fabric_names:
config = Configuration(cisco_zone_opts, fabric_name)
from neutron.agent.common import ovs_lib
from neutron.agent.linux import ip_lib
from neutron.agent.linux import utils
from neutron.common import constants as n_const
from neutron.common import exceptions
from neutron.common import ipv6_utils
from neutron.i18n import _LE, _LI
LOG = logging.getLogger(__name__)
OPTS = [
cfg.StrOpt('ovs_integration_bridge',
default='br-int',
help=_('Name of Open vSwitch bridge to use')),
cfg.BoolOpt('ovs_use_veth',
default=False,
help=_('Uses veth for an interface or not')),
cfg.IntOpt('network_device_mtu', help=_('MTU setting for device.')),
]
@six.add_metaclass(abc.ABCMeta)
class LinuxInterfaceDriver(object):
# from linux IF_NAMESIZE
DEV_NAME_LEN = 14
DEV_NAME_PREFIX = n_const.TAP_DEVICE_PREFIX
def __init__(self, conf):
self.conf = conf
if self.conf.network_device_mtu:
# under the License.
from oslo_config import cfg
auth_opts = [
cfg.BoolOpt("api_rate_limit",
default=False,
deprecated_for_removal=True,
deprecated_group="DEFAULT",
help="""
*DEPRECATED*
Determines whether rate limiting for the API is per-user. This option is only
used by v2 API. Rate limiting is removed from v2.1 API.
* Possible values:
True, False (default)
* Services that use this:
``nova-api``
* Related options:
None
"""),
cfg.StrOpt("auth_strategy",
default="keystone",
choices=("keystone", "noauth2"),
help="""
This determines the strategy to use for authentication: keystone or noauth2.
default=443,
help='Port for connection to VMware vCenter host.'),
cfg.StrOpt('host_username',
help='Username for connection to VMware vCenter host.'),
cfg.StrOpt('host_password',
help='Password for connection to VMware vCenter host.',
secret=True),
cfg.FloatOpt('task_poll_interval',
default=0.5,
help='The interval used for polling of remote tasks.'),
cfg.StrOpt('ca_file',
help='Specify a CA bundle file to use in verifying the '
'vCenter server certificate.'),
cfg.BoolOpt('insecure',
default=False,
help='If true, the vCenter server certificate is not '
'verified. If false, then the default CA truststore is '
'used for verification. This option is ignored if '
'"ca_file" is set.'),
cfg.IntOpt('api_retry_count',
default=10,
help='The number of times we retry on failures, e.g., '
'socket error, etc.'),
cfg.StrOpt('dvs_name', help='The name of the preconfigured DVS.'),
cfg.StrOpt('metadata_mode',
help=_("This value should not be set. It is just required for "
"ensuring that the DVS plugin works with the generic "
"NSX metadata code")),
]
CONF = cfg.CONF
CONF.register_opts(dvs_opts, 'dvs')
from neutron import context as ncontext
from neutron.db import agents_db
from neutron.db.availability_zone import network as network_az
from neutron.db import model_base
from neutron.extensions import agent as ext_agent
from neutron.extensions import dhcpagentscheduler
LOG = logging.getLogger(__name__)
AGENTS_SCHEDULER_OPTS = [
cfg.StrOpt('network_scheduler_driver',
default='neutron.scheduler.'
'dhcp_agent_scheduler.WeightScheduler',
help=_('Driver to use for scheduling network to DHCP agent')),
cfg.BoolOpt('network_auto_schedule',
default=True,
help=_('Allow auto scheduling networks to DHCP agent.')),
cfg.BoolOpt('allow_automatic_dhcp_failover',
default=True,
help=_('Automatically remove networks from offline DHCP '
'agents.')),
cfg.IntOpt('dhcp_agents_per_network',
default=1,
help=_('Number of DHCP agents scheduled to host a tenant '
'network. If this number is greater than 1, the '
'scheduler automatically assigns multiple DHCP agents '
'for a given tenant network, providing high '
'availability for DHCP service.')),
cfg.BoolOpt('enable_services_on_agents_with_admin_state_down',
default=False,
help=_('Enable services on an agent with admin_state_up '
* An integer, where the integer corresponds to the max instances that can be
scheduled on a host.
"""),
cfg.BoolOpt("track_instance_changes",
default=True,
deprecated_name="scheduler_tracks_instance_changes",
deprecated_group="DEFAULT",
help="""
Enable querying of individual hosts for instance information.
The scheduler may need information about the instances on a host in order to
evaluate its filters and weighers. The most common need for this information is
for the (anti-)affinity filters, which need to choose a host based on the
instances already running on a host.
If the configured filters and weighers do not need this information, disabling
this option will improve performance. It may also be disabled when the tracking
overhead proves too heavy, although this will cause classes requiring host
usage data to query the database on each request instead.
This option is only used by the FilterScheduler and its subclasses; if you use
a different scheduler, this option has no effect.
NOTE: In a multi-cell (v2) setup where the cell MQ is separated from the
top-level, computes cannot directly communicate with the scheduler. Thus,
this option cannot be enabled in that scenario. See also the
[workarounds]/disable_group_policy_check_upcall option.
"""),
cfg.MultiStrOpt("available_filters",
default=["nova.scheduler.filters.all_filters"],
deprecated_name="scheduler_available_filters",
import six
from stevedore import extension
from ceilometer import declarative
from ceilometer import dispatcher
from ceilometer.i18n import _, _LE, _LW
from ceilometer import keystone_client
from ceilometer import utils
NAME_ENCODED = __name__.encode('utf-8')
CACHE_NAMESPACE = uuid.UUID(bytes=md5(NAME_ENCODED).digest())
LOG = log.getLogger(__name__)
dispatcher_opts = [
cfg.BoolOpt('filter_service_activity',
default=True,
help='Filter out samples generated by Gnocchi '
'service activity'),
cfg.StrOpt('filter_project',
default='gnocchi',
help='Gnocchi project used to filter out samples '
'generated by Gnocchi service activity'),
cfg.StrOpt('url',
deprecated_for_removal=True,
help='URL to Gnocchi. default: autodetection'),
cfg.StrOpt('archive_policy',
default=None,
help='The archive policy to use when the dispatcher '
'create a new metric.'),
cfg.StrOpt('resources_definition_file',
default='gnocchi_resources.yaml',
help=_('The Yaml file that defines mapping between samples '
from os_collect_config import exc
from os_collect_config import keystone
from os_collect_config import merger
CONF = cfg.CONF
logger = log.getLogger(__name__)
opts = [
cfg.StrOpt('user-id', help='User ID for API authentication'),
cfg.StrOpt('password', help='Password for API authentication'),
cfg.StrOpt('project-id', help='ID of project for API authentication'),
cfg.StrOpt('auth-url', help='URL for API authentication'),
cfg.StrOpt('queue-id', help='ID of the queue to be checked'),
cfg.BoolOpt('use-websockets',
default=False,
help='Use the websocket transport to connect to Zaqar.'),
cfg.StrOpt('region-name',
help='Region Name for extracting Zaqar endpoint'),
cfg.BoolOpt('ssl-certificate-validation',
help='ssl certificat validation flag for connect to Zaqar',
default=False),
cfg.StrOpt('ca-file', help='CA Cert file for connect to Zaqar'),
]
name = 'zaqar'
class Collector(object):
def __init__(self,
keystoneclient=keystoneclient,
zaqarclient=zaqarclient,
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from nova.conf import paths
network_opts = [
# NOTE(sfinucan): Don't move this option to a group as it will be
# deprecated in a future release.
cfg.BoolOpt("flat_injected",
default=False,
help="""
This option determines whether the network setup information is injected into
the VM before it is booted. While it was originally designed to be used only by
nova-network, it is also used by the vmware and xenapi virt drivers to control
whether network information is injected into a VM.
"""),
cfg.StrOpt("flat_network_bridge",
deprecated_for_removal=True,
deprecated_since='15.0.0',
deprecated_reason="""
nova-network is deprecated, as are any related configuration options.
""",
help="""
This option determines the bridge used for simple network interfaces when no
bridge is specified in the VM creation request.
Please note that this option is only used when using nova-network instead of
Neutron in your deployment.
Related options:
* ``flat_injected``
* ``compute_driver``
"""),
cfg.BoolOpt('disable_agent',
default=False,
help="""
Disables the use of XenAPI agent.
This configuration option suggests whether the use of agent
should be enabled or not regardless of what image properties
are present. Image properties have an effect only when this
is set to ``True``. Read description of config option
``use_agent_default`` for more information.
Services which consume this:
* ``nova-compute``
Possible values:
* True
* False
Related options:
* ``use_agent_default``
"""),
cfg.BoolOpt('use_agent_default',
default=False,
help="""
Whether or not to use the agent by default when its usage is
enabled but not indicated by the image.
Related options:
* None
""")),
cfg.BoolOpt('http_keepalive',
default=True,
help=_("""
Set keep alive option for HTTP over TCP.
Provide a boolean value to determine sending of keep alive packets.
If set to ``False``, the server returns the header
"Connection: close". If set to ``True``, the server returns a
"Connection: Keep-Alive" in its responses. This enables retention of
the same TCP connection for HTTP conversations instead of opening a
new one with each new request.
This option must be set to ``False`` if the client socket connection
needs to be closed explicitly after the response is received and
read successfully by the client.
Possible values:
* True
* False
Related options:
* None
""")),
cfg.IntOpt('client_socket_timeout',
default=900,
min=0,
help=_("""
default='',
help=_('Neutron plugin provider module'),
deprecated_for_removal=True),
cfg.StrOpt('service',
choices=INSTALLED_SERVICES,
help=(_("(Deprecated. Use '--subproject neutron-SERVICE' "
"instead.) The advanced service to execute the "
"command against.")),
deprecated_for_removal=True),
cfg.StrOpt('subproject',
choices=INSTALLED_SUBPROJECTS,
help=(_("The subproject to execute the command against. "
"Can be one of: '%s'.") %
"', '".join(INSTALLED_SUBPROJECTS))),
cfg.BoolOpt('split_branches',
default=False,
help=_("Enforce using split branches file structure."))
]
_quota_opts = [
cfg.StrOpt('quota_driver',
default='',
help=_('Neutron quota driver class'),
deprecated_for_removal=True),
]
_db_opts = [
cfg.StrOpt('connection',
deprecated_name='sql_connection',
default='',
secret=True,
'(e.g. 00:03:E8).'),
cfg.ListOpt(
'hitachi_target_ports',
default=[],
help='IDs of the storage ports used to attach volumes to the '
'controller node. To specify multiple ports, connect them by '
'commas (e.g. CL1-A,CL2-A).'),
cfg.ListOpt(
'hitachi_compute_target_ports',
default=[],
help='IDs of the storage ports used to attach volumes to compute '
'nodes. To specify multiple ports, connect them by commas '
'(e.g. CL1-A,CL2-A).'),
cfg.BoolOpt(
'hitachi_group_create',
default=False,
help='If True, the driver will create host groups or iSCSI targets on '
'storage ports as needed.'),
cfg.BoolOpt(
'hitachi_group_delete',
default=False,
help='If True, the driver will delete host groups or iSCSI targets on '
'storage ports as needed.'),
]
_REQUIRED_COMMON_OPTS = [
'hitachi_storage_id',
'hitachi_pool',
]
CONF = cfg.CONF
VERSION = '1.0'
LOG = logging.getLogger(__name__)
volume_opts = [
cfg.StrOpt('quobyte_volume_url',
default=None,
help=('URL to the Quobyte volume e.g.,'
' quobyte://<DIR host>/<volume name>')),
cfg.StrOpt('quobyte_client_cfg',
default=None,
help=('Path to a Quobyte Client configuration file.')),
cfg.BoolOpt('quobyte_sparsed_volumes',
default=True,
help=('Create volumes as sparse files which take no space.'
' If set to False, volume is created as regular file.'
'In such case volume creation takes a lot of time.')),
cfg.BoolOpt('quobyte_qcow2_volumes',
default=True,
help=('Create volumes as QCOW2 files rather than raw files.')),
cfg.StrOpt('quobyte_mount_point_base',
default='$state_path/mnt',
help=('Base dir containing the mount point'
' for the Quobyte volume.')),
]
CONF = cfg.CONF
CONF.register_opts(volume_opts)
def register_opts(ignore_errors=False):
rbac_opts = [
cfg.BoolOpt('enable', default=False, help='Enable RBAC.'),
cfg.BoolOpt(
'sync_remote_groups',
default=False,
help=
'True to synchronize remote groups returned by the auth backed for each '
'StackStorm user with local StackStorm roles based on the group to role '
'mapping definition files.'),
cfg.BoolOpt(
'permission_isolation',
default=False,
help=
'Isolate resources by user. For now, these resources only include rules and '
'executions. All resources can only be viewed or executed by the owning user '
'except the admin and system_user who can view or run everything.')
]
do_register_opts(rbac_opts, 'rbac', ignore_errors)
system_user_opts = [
cfg.StrOpt('user', default='stanley', help='Default system user.'),
cfg.StrOpt('ssh_key_file',
default='/home/stanley/.ssh/stanley_rsa',
help='SSH private key for the system user.')
]
do_register_opts(system_user_opts, 'system_user', ignore_errors)
schema_opts = [
cfg.IntOpt('version', default=4,
help='Version of JSON schema to use.'),
cfg.StrOpt('draft',
default='http://json-schema.org/draft-04/schema#',
help='URL to the JSON schema draft.')
]
do_register_opts(schema_opts, 'schema', ignore_errors)
system_opts = [
cfg.BoolOpt('debug', default=False, help='Enable debug mode.'),
cfg.StrOpt('base_path',
default='/opt/stackstorm',
help='Base path to all st2 artifacts.'),
cfg.BoolOpt(
'validate_trigger_parameters',
default=False,
help=
'True to validate parameters for non-system trigger types when creating'
'a rule. By default, only parameters for system triggers are validated'
),
cfg.BoolOpt(
'validate_trigger_payload',
default=False,
help=
'True to validate payload for non-system trigger types when dispatching a trigger '
'inside the sensor. By default, only payload for system triggers is validated.'
)
]
do_register_opts(system_opts, 'system', ignore_errors)
system_packs_base_path = os.path.join(cfg.CONF.system.base_path, 'packs')
system_runners_base_path = os.path.join(cfg.CONF.system.base_path,
'runners')
content_opts = [
cfg.StrOpt('pack_group',
default='st2packs',
help='User group that can write to packs directory.'),
cfg.StrOpt('system_packs_base_path',
default=system_packs_base_path,
help='Path to the directory which contains system packs.'),
cfg.StrOpt(
'system_runners_base_path',
default=system_runners_base_path,
help='Path to the directory which contains system runners.'),
cfg.StrOpt('packs_base_paths',
default=None,
help='Paths which will be searched for integration packs.'),
cfg.StrOpt('runners_base_paths',
default=None,
help='Paths which will be searched for runners.'),
cfg.ListOpt(
'index_url',
default=['https://index.stackstorm.org/v1/index.json'],
help=
'A URL pointing to the pack index. StackStorm Exchange is used by '
'default. Use a comma-separated list for multiple indexes if you '
'want to get other packs discovered with "st2 pack search".'),
]
do_register_opts(content_opts, 'content', ignore_errors)
webui_opts = [
cfg.StrOpt(
'webui_base_url',
default='https://%s' % socket.getfqdn(),
help=
'Base https URL to access st2 Web UI. This is used to construct history URLs '
'that are sent out when chatops is used to kick off executions.')
]
do_register_opts(webui_opts, 'webui', ignore_errors)
db_opts = [
cfg.StrOpt('host', default='127.0.0.1', help='host of db server'),
cfg.IntOpt('port', default=27017, help='port of db server'),
cfg.StrOpt('db_name', default='st2', help='name of database'),
cfg.StrOpt('username', help='username for db login'),
cfg.StrOpt('password', help='password for db login'),
cfg.IntOpt('connection_retry_max_delay_m',
default=3,
help='Connection retry total time (minutes).'),
cfg.IntOpt('connection_retry_backoff_max_s',
default=10,
help='Connection retry backoff max (seconds).'),
cfg.IntOpt('connection_retry_backoff_mul',
default=1,
help='Backoff multiplier (seconds).'),
cfg.BoolOpt('ssl',
default=False,
help='Create the connection to mongodb using SSL'),
cfg.StrOpt(
'ssl_keyfile',
default=None,
help=
'Private keyfile used to identify the local connection against MongoDB.'
),
cfg.StrOpt(
'ssl_certfile',
default=None,
help='Certificate file used to identify the localconnection'),
cfg.StrOpt(
'ssl_cert_reqs',
default=None,
choices='none, optional, required',
help=
'Specifies whether a certificate is required from the other side of the '
'connection, and whether it will be validated if provided'),
cfg.StrOpt(
'ssl_ca_certs',
default=None,
help=
'ca_certs file contains a set of concatenated CA certificates, which are '
'used to validate certificates passed from MongoDB.'),
cfg.BoolOpt(
'ssl_match_hostname',
default=True,
help=
'If True and `ssl_cert_reqs` is not None, enables hostname verification'
)
]
do_register_opts(db_opts, 'database', ignore_errors)
messaging_opts = [
# It would be nice to be able to deprecate url and completely switch to using
# url. However, this will be a breaking change and will have impact so allowing both.
cfg.StrOpt('url',
default='amqp://*****:*****@127.0.0.1:5672//',
help='URL of the messaging server.'),
cfg.ListOpt(
'cluster_urls',
default=[],
help='URL of all the nodes in a messaging service cluster.'),
cfg.IntOpt(
'connection_retries',
default=10,
help='How many times should we retry connection before failing.'),
cfg.IntOpt('connection_retry_wait',
default=10000,
help='How long should we wait between connection retries.')
]
do_register_opts(messaging_opts, 'messaging', ignore_errors)
syslog_opts = [
cfg.StrOpt('host',
default='127.0.0.1',
help='Host for the syslog server.'),
cfg.IntOpt('port', default=514, help='Port for the syslog server.'),
cfg.StrOpt('facility', default='local7',
help='Syslog facility level.'),
cfg.StrOpt('protocol',
default='udp',
help='Transport protocol to use (udp / tcp).')
]
do_register_opts(syslog_opts, 'syslog', ignore_errors)
log_opts = [
cfg.ListOpt('excludes',
default='',
help='Exclusion list of loggers to omit.'),
cfg.BoolOpt(
'redirect_stderr',
default=False,
help='Controls if stderr should be redirected to the logs.'),
cfg.BoolOpt('mask_secrets',
default=True,
help='True to mask secrets in the log files.'),
cfg.ListOpt(
'mask_secrets_blacklist',
default=[],
help=
'Blacklist of additional attribute names to mask in the log messages.'
)
]
do_register_opts(log_opts, 'log', ignore_errors)
# Common API options
api_opts = [
cfg.StrOpt('host',
default='127.0.0.1',
help='StackStorm API server host'),
cfg.IntOpt('port', default=9101, help='StackStorm API server port'),
cfg.ListOpt('allow_origin',
default=['http://127.0.0.1:3000'],
help='List of origins allowed for api, auth and stream'),
cfg.BoolOpt('mask_secrets',
default=True,
help='True to mask secrets in the API responses')
]
do_register_opts(api_opts, 'api', ignore_errors)
# Key Value store options
keyvalue_opts = [
cfg.BoolOpt(
'enable_encryption',
default=True,
help=
'Allow encryption of values in key value stored qualified as "secret".'
),
cfg.StrOpt(
'encryption_key_path',
default='',
help=
'Location of the symmetric encryption key for encrypting values in kvstore. '
'This key should be in JSON and should\'ve been generated using keyczar.'
)
]
do_register_opts(keyvalue_opts, group='keyvalue')
# Common auth options
auth_opts = [
cfg.StrOpt('api_url',
default=None,
help='Base URL to the API endpoint excluding the version'),
cfg.BoolOpt('enable',
default=True,
help='Enable authentication middleware.'),
cfg.IntOpt('token_ttl',
default=(24 * 60 * 60),
help='Access token ttl in seconds.'),
# This TTL is used for tokens which belong to StackStorm services
cfg.IntOpt('service_token_ttl',
default=(24 * 60 * 60),
help='Service token ttl in seconds.')
]
do_register_opts(auth_opts, 'auth', ignore_errors)
# Runner options
default_python_bin_path = sys.executable
default_python3_bin_path = find_executable('python3')
base_dir = os.path.dirname(os.path.realpath(default_python_bin_path))
default_virtualenv_bin_path = os.path.join(base_dir, 'virtualenv')
action_runner_opts = [
# Common runner options
cfg.StrOpt('logging',
default='conf/logging.conf',
help='location of the logging.conf file'),
# Python runner options
cfg.StrOpt('python_binary',
default=default_python_bin_path,
help='Python binary which will be used by Python actions.'),
cfg.StrOpt(
'python3_binary',
default=default_python3_bin_path,
help=
'Python 3 binary which will be used by Python actions for packs which '
'use Python 3 virtual environment'),
cfg.StrOpt(
'virtualenv_binary',
default=default_virtualenv_bin_path,
help=
'Virtualenv binary which should be used to create pack virtualenvs.'
),
cfg.StrOpt(
'python_runner_log_level',
default=PYTHON_RUNNER_DEFAULT_LOG_LEVEL,
help=
'Default log level to use for Python runner actions. Can be overriden on '
'invocation basis using "log_level" runner parameter.'),
cfg.ListOpt(
'virtualenv_opts',
default=['--system-site-packages'],
help=
'List of virtualenv options to be passsed to "virtualenv" command that '
'creates pack virtualenv.'),
cfg.BoolOpt(
'stream_output',
default=True,
help=
'True to store and stream action output (stdout and stderr) in real-time.'
)
]
do_register_opts(action_runner_opts, group='actionrunner')
dispatcher_pool_opts = [
cfg.IntOpt(
'workflows_pool_size',
default=40,
help='Internal pool size for dispatcher used by workflow actions.'
),
cfg.IntOpt(
'actions_pool_size',
default=60,
help='Internal pool size for dispatcher used by regular actions.')
]
do_register_opts(dispatcher_pool_opts, group='actionrunner')
ssh_runner_opts = [
cfg.StrOpt('remote_dir',
default='/tmp',
help='Location of the script on the remote filesystem.'),
cfg.BoolOpt(
'allow_partial_failure',
default=False,
help=
'How partial success of actions run on multiple nodes should be treated.'
),
cfg.IntOpt(
'max_parallel_actions',
default=50,
help='Max number of parallel remote SSH actions that should be run. '
'Works only with Paramiko SSH runner.'),
cfg.BoolOpt(
'use_ssh_config',
default=False,
help='Use the .ssh/config file. Useful to override ports etc.'),
cfg.StrOpt('ssh_config_file_path',
default='~/.ssh/config',
help='Path to the ssh config file.')
]
do_register_opts(ssh_runner_opts, group='ssh_runner')
cloudslang_opts = [
cfg.StrOpt('home_dir',
default='/opt/cslang',
help='CloudSlang home directory.'),
]
do_register_opts(cloudslang_opts, group='cloudslang')
# Common options (used by action runner and sensor container)
action_sensor_opts = [
cfg.BoolOpt(
'enable',
default=True,
help=
'Whether to enable or disable the ability to post a trigger on action.'
),
]
do_register_opts(action_sensor_opts, group='action_sensor')
# Common options for content
pack_lib_opts = [
cfg.BoolOpt(
'enable_common_libs',
default=False,
help='Enable/Disable support for pack common libs. '
'Setting this config to ``True`` would allow you to '
'place common library code for sensors and actions in lib/ folder '
'in packs and use them in python sensors and actions. '
'See https://docs.stackstorm.com/reference/'
'sharing_code_sensors_actions.html '
'for details.')
]
do_register_opts(pack_lib_opts, group='packs')
# Coordination options
coord_opts = [
cfg.StrOpt('url',
default=None,
help='Endpoint for the coordination server.'),
cfg.IntOpt('lock_timeout',
default=60,
help='TTL for the lock if backend suports it.')
]
do_register_opts(coord_opts, 'coordination', ignore_errors)
# Mistral options
mistral_opts = [
cfg.StrOpt('v2_base_url',
default='http://127.0.0.1:8989/v2',
help='v2 API root endpoint.'),
cfg.IntOpt('retry_exp_msec',
default=1000,
help='Multiplier for the exponential backoff.'),
cfg.IntOpt('retry_exp_max_msec',
default=300000,
help='Max time for each set of backoff.'),
cfg.IntOpt('retry_stop_max_msec',
default=600000,
help='Max time to stop retrying.'),
cfg.StrOpt('keystone_username',
default=None,
help='Username for authentication.'),
cfg.StrOpt('keystone_password',
default=None,
help='Password for authentication.'),
cfg.StrOpt('keystone_project_name',
default=None,
help='OpenStack project scope.'),
cfg.StrOpt('keystone_auth_url',
default=None,
help='Auth endpoint for Keystone.'),
cfg.StrOpt('cacert',
default=None,
help='Optional certificate to validate endpoint.'),
cfg.BoolOpt('insecure',
default=False,
help='Allow insecure communication with Mistral.'),
cfg.BoolOpt('enable_polling',
default=False,
help='Enable results tracking and disable callbacks.'),
cfg.FloatOpt('jitter_interval',
default=0.1,
help='Jitter interval to smooth out HTTP requests '
'to mistral tasks and executions API.'),
cfg.StrOpt('api_url',
default=None,
help='URL Mistral uses to talk back to the API.'
'If not provided it defaults to public API URL. '
'Note: This needs to be a base URL without API '
'version (e.g. http://127.0.0.1:9101)')
]
do_register_opts(mistral_opts,
group='mistral',
ignore_errors=ignore_errors)
# Results Tracker query module options
# Note that these are currently used only by mistral query module.
query_opts = [
cfg.IntOpt(
'thread_pool_size',
default=10,
help='Number of threads to use to query external workflow systems.'
),
cfg.FloatOpt(
'query_interval',
default=5,
help='Time interval between queries to external workflow system.'),
cfg.FloatOpt(
'empty_q_sleep_time',
default=1,
help='Sleep delay in between queries when query queue is empty.'),
cfg.FloatOpt(
'no_workers_sleep_time',
default=1,
help='Sleep delay for query when there is no more worker in pool.')
]
do_register_opts(query_opts,
group='resultstracker',
ignore_errors=ignore_errors)
# XXX: This is required for us to support deprecated config group results_tracker
query_opts = [
cfg.IntOpt(
'thread_pool_size',
help='Number of threads to use to query external workflow systems.'
),
cfg.FloatOpt(
'query_interval',
help='Time interval between subsequent queries for a context '
'to external workflow system.')
]
do_register_opts(query_opts,
group='results_tracker',
ignore_errors=ignore_errors)
# Common stream options
stream_opts = [
cfg.IntOpt(
'heartbeat',
default=25,
help='Send empty message every N seconds to keep connection open')
]
do_register_opts(stream_opts, group='stream', ignore_errors=ignore_errors)
# Common CLI options
cli_opts = [
cfg.BoolOpt(
'debug',
default=False,
help=
'Enable debug mode. By default this will set all log levels to DEBUG.'
),
cfg.BoolOpt(
'profile',
default=False,
help=
'Enable profile mode. In the profile mode all the MongoDB queries and '
'related profile data are logged.'),
cfg.BoolOpt(
'use-debugger',
default=True,
help='Enables debugger. Note that using this option changes how the '
'eventlet library is used to support async IO. This could result in '
'failures that do not occur under normal operation.')
]
do_register_cli_opts(cli_opts, ignore_errors=ignore_errors)
# Metrics Options stream options
metrics_opts = [
cfg.StrOpt('driver',
default='noop',
help='Driver type for metrics collection.'),
cfg.StrOpt(
'host',
default='127.0.0.1',
help=
'Destination server to connect to if driver requires connection.'),
cfg.IntOpt(
'port',
default=8125,
help='Destination port to connect to if driver requires connection.'
),
]
do_register_opts(metrics_opts,
group='metrics',
ignore_errors=ignore_errors)
This value controls how often (in seconds) the scheduler should attempt
to discover new hosts that have been added to cells. If negative (the
default), no automatic discovery will occur.
Deployments where compute nodes come and go frequently may want this
enabled, where others may prefer to manually discover hosts when one
is added to avoid any overhead from constantly checking. If enabled,
every time this runs, we will select any unmapped hosts out of each
cell database on every run.
"""),
# WRS extension - prevent normalization of weights; post-analysis of scheduler
# logs requires unaltered values
cfg.BoolOpt("normalize_weigher",
default=False,
help="""
Normalize weigher list values between 0 and 1.0.
"""),
]
filter_scheduler_group = cfg.OptGroup(name="filter_scheduler",
title="Filter scheduler options")
filter_scheduler_opts = [
cfg.IntOpt("host_subset_size",
default=1,
min=1,
deprecated_name="scheduler_host_subset_size",
deprecated_group="DEFAULT",
help="""
Size of subset of best hosts selected by scheduler.
* ``virt_type``: Influences what is used as default value here.
"""),
cfg.BoolOpt('inject_password',
default=False,
help="""
Allow the injection of an admin password for instance only at ``create`` and
``rebuild`` process.
There is no agent needed within the image to do this. If *libguestfs* is
available on the host, it will be used. Otherwise *nbd* is used. The file
system of the image will be mounted and the admin password, which is provided
in the REST API call will be injected as password for the root user. If no
root user is available, the instance won't be launched and an error is thrown.
Be aware that the injection is *not* possible when the instance gets launched
from a volume.
*Linux* distribution guest only.
Possible values:
* True: Allows the injection.
* False: Disallows the injection. Any via the REST API provided admin password
will be silently ignored.
Related options:
* ``inject_partition``: That option will decide about the discovery and usage
of the file system. It also can disable the injection at all.
"""),
cfg.BoolOpt('inject_key',
default=False,
from nova.virt.libvirt import dmcrypt
from nova.virt.libvirt import lvm
from nova.virt.libvirt import rbd_utils
from nova.virt.libvirt import utils as libvirt_utils
__imagebackend_opts = [
cfg.StrOpt('images_type',
default='default',
help='VM Images format. Acceptable values are: raw, qcow2, lvm,'
' rbd, default. If default is specified,'
' then use_cow_images flag is used instead of this one.'),
cfg.StrOpt('images_volume_group',
help='LVM Volume Group that is used for VM images, when you'
' specify images_type=lvm.'),
cfg.BoolOpt('sparse_logical_volumes',
default=False,
help='Create sparse logical volumes (with virtualsize)'
' if this flag is set to True.'),
cfg.StrOpt('images_rbd_pool',
default='rbd',
help='The RADOS pool in which rbd volumes are stored'),
cfg.StrOpt(
'images_rbd_ceph_conf',
default='', # default determined by librados
help='Path to the ceph configuration file to use'),
cfg.StrOpt('hw_disk_discard',
help='Discard option for nova managed disks (valid options '
'are: ignore, unmap). Need Libvirt(1.0.6) Qemu1.5 '
'(raw format) Qemu1.6(qcow2 format)'),
]
CONF = cfg.CONF
from neutron_lib import exceptions
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
import six
from neutron._i18n import _, _LE
from neutron.agent.common import utils
from neutron.common import exceptions as n_exc
from neutron.common import utils as common_utils
LOG = logging.getLogger(__name__)
OPTS = [
cfg.BoolOpt('ip_lib_force_root',
default=False,
help=_('Force ip_lib calls to use the root helper')),
]
LOOPBACK_DEVNAME = 'lo'
GRE_TUNNEL_DEVICE_NAMES = ['gre0', 'gretap0']
SYS_NET_PATH = '/sys/class/net'
DEFAULT_GW_PATTERN = re.compile(r"via (\S+)")
METRIC_PATTERN = re.compile(r"metric (\S+)")
DEVICE_NAME_PATTERN = re.compile(r"(\d+?): (\S+?):.*")
def remove_interface_suffix(interface):
"""Remove a possible "<if>@<endpoint>" suffix from an interface' name.
cfg.StrOpt(
'postgresql_airflow_db',
default=(
'postgresql+psycopg2://shipyard:changeme'
'@postgresql.ucp:5432/airflow'
),
help='The database for airflow'
),
cfg.IntOpt(
'pool_size',
default=15,
help='The SQLalchemy database connection pool size.'
),
cfg.BoolOpt(
'pool_pre_ping',
default=True,
help='Should DB connections be validated prior to use.'
),
cfg.IntOpt(
'pool_timeout',
default=30,
help=('How long a request for a connection should wait before '
'one becomes available.')
),
cfg.IntOpt(
'pool_overflow',
default=10,
help=('How many connections above pool_size are allowed to be '
'open during high usage.')
),
cfg.IntOpt(
