2017-09-28 08:43:49,554 [salt.cli.daemons ][WARNING ][891] IMPORTANT: Do not use md5 hashing algorithm! Please set "hash_type" to sha256 in Salt Minion config!
2017-09-28 08:46:50,684 [salt.state       ][ERROR   ][1051] No contents found in top file
2017-09-28 08:46:57,353 [py.warnings      ][WARNING ][1168] /usr/lib/python2.7/dist-packages/salt/utils/templates.py:73: DeprecationWarning: Starting in 2015.5, cmd.run uses python_shell=False by default, which doesn't support shellisms (pipes, env variables, etc). cmd.run is currently aliased to cmd.shell to prevent breakage. Please switch to cmd.shell or set python_shell=True to avoid breakage in the future, when this aliasing is removed.

2017-09-28 08:46:58,140 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:58,142 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:58,143 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:58,145 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:59,300 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:59,308 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:59,340 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:59,343 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:46:59,345 [salt.utils.decorators][ERROR   ][1168] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2017-09-28 08:47:04,866 [salt.loaded.int.module.cmdmod][ERROR   ][1168] Command 'while true; do salt-call saltutil.running|grep fun: && continue; salt-call --local service.restart salt-minion; break; done' failed with return code: None
2017-09-28 08:47:07,121 [salt.loaded.int.module.cmdmod][INFO    ][1801] Executing command ['systemctl', 'status', 'salt-minion.service', '-n', '0'] in directory '/root'
2017-09-28 08:47:07,128 [salt.loaded.int.module.cmdmod][INFO    ][1801] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/root'
2017-09-28 08:47:07,139 [salt.loaded.int.module.cmdmod][INFO    ][1801] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'salt-minion.service'] in directory '/root'
2017-09-28 08:47:07,196 [salt.utils.parsers][WARNING ][891] Minion received a SIGTERM. Exiting.
2017-09-28 08:47:07,476 [salt.cli.daemons ][INFO    ][1857] Setting up the Salt Minion "ctl02.baremetal-mcp-ocata-ovs-ha.local"
2017-09-28 08:47:07,795 [salt.minion      ][INFO    ][1857] Creating minion process manager
2017-09-28 08:47:07,795 [salt.cli.daemons ][WARNING ][1857] IMPORTANT: Do not use md5 hashing algorithm! Please set "hash_type" to sha256 in Salt Minion config!
2017-09-28 08:47:07,795 [salt.cli.daemons ][INFO    ][1857] The Salt Minion is starting up
2017-09-28 08:47:07,796 [salt.minion      ][INFO    ][1857] Minion is starting as user 'root'
2017-09-28 08:47:07,796 [salt.utils.event ][INFO    ][1857] Starting pull socket on /var/run/salt/minion/minion_event_37cabfca03_pull.ipc
2017-09-28 08:47:08,696 [salt.loaded.int.module.cmdmod][INFO    ][1857] Executing command ['date', '+%z'] in directory '/root'
2017-09-28 08:47:08,737 [salt.utils.schedule][INFO    ][1857] Updating job settings for scheduled job: __mine_interval
2017-09-28 08:47:08,739 [salt.minion      ][INFO    ][1857] Added mine.update to scheduler
2017-09-28 08:47:08,776 [salt.minion      ][INFO    ][1857] Minion is ready to receive requests!
2017-09-28 08:47:09,151 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command state.apply with jid 20170928084709127064
2017-09-28 08:47:09,165 [salt.minion      ][INFO    ][1939] Starting a new job with PID 1939
2017-09-28 08:47:09,778 [salt.utils.schedule][INFO    ][1857] Running scheduled job: __mine_interval
2017-09-28 08:47:12,268 [salt.state       ][INFO    ][1939] Loading fresh modules for state activity
2017-09-28 08:47:12,287 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/init.sls'
2017-09-28 08:47:12,417 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/init.sls'
2017-09-28 08:47:12,474 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,520 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/env.sls'
2017-09-28 08:47:12,535 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,582 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/profile.sls'
2017-09-28 08:47:12,605 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,650 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/repo.sls'
2017-09-28 08:47:12,701 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,770 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/package.sls'
2017-09-28 08:47:12,798 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,839 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/timezone.sls'
2017-09-28 08:47:12,858 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,900 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/kernel.sls'
2017-09-28 08:47:12,948 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:12,1000 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/cpu.sls'
2017-09-28 08:47:13,021 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,060 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/sysfs.sls'
2017-09-28 08:47:13,385 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,429 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/locale.sls'
2017-09-28 08:47:13,458 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,503 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/user.sls'
2017-09-28 08:47:13,530 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,575 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/group.sls'
2017-09-28 08:47:13,596 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,636 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/limit.sls'
2017-09-28 08:47:13,663 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,703 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/system/systemd.sls'
2017-09-28 08:47:13,724 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,769 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/network/init.sls'
2017-09-28 08:47:13,785 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,905 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/network/hostname.sls'
2017-09-28 08:47:13,930 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:13,986 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/network/host.sls'
2017-09-28 08:47:14,022 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:14,102 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/network/interface.sls'
2017-09-28 08:47:14,160 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:14,206 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/network/proxy.sls'
2017-09-28 08:47:14,391 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:14,458 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/storage/init.sls'
2017-09-28 08:47:14,478 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:14,523 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/init.sls'
2017-09-28 08:47:14,539 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/client.sls'
2017-09-28 08:47:14,555 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/map.jinja'
2017-09-28 08:47:14,573 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/server.sls'
2017-09-28 08:47:14,587 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/map.jinja'
2017-09-28 08:47:14,602 [salt.state       ][INFO    ][1939] Running state [/etc/environment] at time 08:47:14.602079
2017-09-28 08:47:14,602 [salt.state       ][INFO    ][1939] Executing state file.blockreplace for /etc/environment
2017-09-28 08:47:14,608 [salt.state       ][INFO    ][1939] File changed:
--- 
+++ 
@@ -1 +1,4 @@
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
+# SALT MANAGED VARIABLES - DO NOT EDIT - START
+# +# SALT MANAGED VARIABLES - END

2017-09-28 08:47:14,609 [salt.state       ][INFO    ][1939] Completed state [/etc/environment] at time 08:47:14.608491 duration_in_ms=6.412
2017-09-28 08:47:14,609 [salt.state       ][INFO    ][1939] Running state [/etc/profile.d] at time 08:47:14.608653
2017-09-28 08:47:14,609 [salt.state       ][INFO    ][1939] Executing state file.directory for /etc/profile.d
2017-09-28 08:47:14,610 [salt.state       ][INFO    ][1939] Directory /etc/profile.d is in the correct state
2017-09-28 08:47:14,610 [salt.state       ][INFO    ][1939] Completed state [/etc/profile.d] at time 08:47:14.609632 duration_in_ms=0.979
2017-09-28 08:47:14,917 [salt.state       ][INFO    ][1939] Running state [linux_repo_prereq_pkgs] at time 08:47:14.916856
2017-09-28 08:47:14,917 [salt.state       ][INFO    ][1939] Executing state pkg.installed for linux_repo_prereq_pkgs
2017-09-28 08:47:14,917 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 08:47:14,976 [salt.state       ][INFO    ][1939] All specified packages are already installed
2017-09-28 08:47:14,976 [salt.state       ][INFO    ][1939] Completed state [linux_repo_prereq_pkgs] at time 08:47:14.975771 duration_in_ms=58.914
2017-09-28 08:47:14,976 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack] at time 08:47:14.975969
2017-09-28 08:47:14,976 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack
2017-09-28 08:47:14,976 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack is not present
2017-09-28 08:47:14,977 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack] at time 08:47:14.976528 duration_in_ms=0.559
2017-09-28 08:47:14,977 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mirantis_openstack] at time 08:47:14.976664
2017-09-28 08:47:14,977 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack
2017-09-28 08:47:14,993 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:47:15,011 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:15,044 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:47:15,044 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mirantis_openstack] at time 08:47:15.043867 duration_in_ms=67.203
2017-09-28 08:47:15,061 [salt.state       ][INFO    ][1939] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main] at time 08:47:15.060527
2017-09-28 08:47:15,061 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main
2017-09-28 08:47:19,258 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084719251428
2017-09-28 08:47:19,269 [salt.minion      ][INFO    ][2020] Starting a new job with PID 2020
2017-09-28 08:47:19,281 [salt.minion      ][INFO    ][2020] Returning information for job: 20170928084719251428
2017-09-28 08:47:29,363 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084729357315
2017-09-28 08:47:29,382 [salt.minion      ][INFO    ][2025] Starting a new job with PID 2025
2017-09-28 08:47:29,392 [salt.minion      ][INFO    ][2025] Returning information for job: 20170928084729357315
2017-09-28 08:47:35,280 [salt.state       ][ERROR   ][1939] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 08:47:35,280 [salt.state       ][INFO    ][1939] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main] at time 08:47:35.279988 duration_in_ms=20219.46
2017-09-28 08:47:35,280 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates] at time 08:47:35.280177
2017-09-28 08:47:35,280 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates
2017-09-28 08:47:35,281 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates is not present
2017-09-28 08:47:35,281 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates] at time 08:47:35.280782 duration_in_ms=0.606
2017-09-28 08:47:35,281 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mirantis_openstack_updates] at time 08:47:35.280923
2017-09-28 08:47:35,281 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_updates
2017-09-28 08:47:35,297 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:47:35,313 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:35,347 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:47:35,347 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mirantis_openstack_updates] at time 08:47:35.346941 duration_in_ms=66.018
2017-09-28 08:47:35,348 [salt.state       ][INFO    ][1939] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main] at time 08:47:35.347567
2017-09-28 08:47:35,348 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main
2017-09-28 08:47:39,415 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084739390165
2017-09-28 08:47:39,429 [salt.minion      ][INFO    ][2032] Starting a new job with PID 2032
2017-09-28 08:47:39,440 [salt.minion      ][INFO    ][2032] Returning information for job: 20170928084739390165
2017-09-28 08:47:49,530 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084749520659
2017-09-28 08:47:49,544 [salt.minion      ][INFO    ][2042] Starting a new job with PID 2042
2017-09-28 08:47:49,556 [salt.minion      ][INFO    ][2042] Returning information for job: 20170928084749520659
2017-09-28 08:47:55,410 [salt.state       ][ERROR   ][1939] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 08:47:55,411 [salt.state       ][INFO    ][1939] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main] at time 08:47:55.410495 duration_in_ms=20062.926
2017-09-28 08:47:55,411 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security] at time 08:47:55.410739
2017-09-28 08:47:55,411 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security
2017-09-28 08:47:55,411 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security is not present
2017-09-28 08:47:55,411 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security] at time 08:47:55.411412 duration_in_ms=0.673
2017-09-28 08:47:55,412 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mirantis_openstack_security] at time 08:47:55.411591
2017-09-28 08:47:55,412 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_security
2017-09-28 08:47:55,429 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:47:55,446 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:47:55,481 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:47:55,481 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mirantis_openstack_security] at time 08:47:55.480756 duration_in_ms=69.165
2017-09-28 08:47:55,481 [salt.state       ][INFO    ][1939] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main] at time 08:47:55.481471
2017-09-28 08:47:55,482 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main
2017-09-28 08:47:59,574 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084759562362
2017-09-28 08:47:59,590 [salt.minion      ][INFO    ][2049] Starting a new job with PID 2049
2017-09-28 08:47:59,605 [salt.minion      ][INFO    ][2049] Returning information for job: 20170928084759562362
2017-09-28 08:48:09,657 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084809646105
2017-09-28 08:48:09,685 [salt.minion      ][INFO    ][2059] Starting a new job with PID 2059
2017-09-28 08:48:09,699 [salt.minion      ][INFO    ][2059] Returning information for job: 20170928084809646105
2017-09-28 08:48:15,545 [salt.state       ][ERROR   ][1939] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 08:48:15,546 [salt.state       ][INFO    ][1939] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main] at time 08:48:15.545818 duration_in_ms=20064.345
2017-09-28 08:48:15,546 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mk_openstack] at time 08:48:15.546069
2017-09-28 08:48:15,546 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mk_openstack
2017-09-28 08:48:15,547 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mk_openstack is not present
2017-09-28 08:48:15,547 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mk_openstack] at time 08:48:15.546759 duration_in_ms=0.69
2017-09-28 08:48:15,547 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mk_openstack] at time 08:48:15.546940
2017-09-28 08:48:15,547 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mk_openstack
2017-09-28 08:48:15,565 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:48:15,583 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:48:15,619 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:48:15,619 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mk_openstack] at time 08:48:15.619245 duration_in_ms=72.305
2017-09-28 08:48:15,620 [salt.state       ][INFO    ][1939] Running state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata] at time 08:48:15.620074
2017-09-28 08:48:15,620 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata
2017-09-28 08:48:15,794 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/apt-mk.mirantis.com/public.gpg'] in directory '/root'
2017-09-28 08:48:16,136 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 08:48:19,767 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084819749836
2017-09-28 08:48:19,787 [salt.minion      ][INFO    ][2438] Starting a new job with PID 2438
2017-09-28 08:48:19,797 [salt.minion      ][INFO    ][2438] Returning information for job: 20170928084819749836
2017-09-28 08:48:29,307 [salt.state       ][INFO    ][1939] {'repo': 'deb [arch=amd64] http://apt-mk.mirantis.com/xenial nightly ocata'}
2017-09-28 08:48:29,308 [salt.state       ][INFO    ][1939] Completed state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata] at time 08:48:29.307573 duration_in_ms=13687.498
2017-09-28 08:48:29,308 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mcp_extra] at time 08:48:29.307930
2017-09-28 08:48:29,308 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mcp_extra
2017-09-28 08:48:29,309 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mcp_extra is not present
2017-09-28 08:48:29,309 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mcp_extra] at time 08:48:29.308924 duration_in_ms=0.993
2017-09-28 08:48:29,309 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mcp_extra] at time 08:48:29.309199
2017-09-28 08:48:29,309 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mcp_extra
2017-09-28 08:48:29,328 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:48:29,345 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:48:29,433 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:48:29,434 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mcp_extra] at time 08:48:29.433711 duration_in_ms=124.512
2017-09-28 08:48:29,435 [salt.state       ][INFO    ][1939] Running state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra] at time 08:48:29.434506
2017-09-28 08:48:29,435 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra
2017-09-28 08:48:29,476 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/apt-mk.mirantis.com/public.gpg'] in directory '/root'
2017-09-28 08:48:29,544 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 08:48:29,858 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084829843562
2017-09-28 08:48:29,869 [salt.minion      ][INFO    ][2743] Starting a new job with PID 2743
2017-09-28 08:48:29,880 [salt.minion      ][INFO    ][2743] Returning information for job: 20170928084829843562
2017-09-28 08:48:31,599 [salt.state       ][INFO    ][1939] Configured package repo 'deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra'
2017-09-28 08:48:31,600 [salt.state       ][INFO    ][1939] Completed state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra] at time 08:48:31.599750 duration_in_ms=2165.243
2017-09-28 08:48:31,600 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback] at time 08:48:31.600091
2017-09-28 08:48:31,600 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback
2017-09-28 08:48:31,601 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback is not present
2017-09-28 08:48:31,601 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback] at time 08:48:31.601142 duration_in_ms=1.05
2017-09-28 08:48:31,601 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mirantis_openstack_holdback] at time 08:48:31.601427
2017-09-28 08:48:31,602 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_holdback
2017-09-28 08:48:31,626 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:48:31,642 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:48:31,673 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:48:31,674 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mirantis_openstack_holdback] at time 08:48:31.673694 duration_in_ms=72.267
2017-09-28 08:48:31,675 [salt.state       ][INFO    ][1939] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main] at time 08:48:31.674478
2017-09-28 08:48:31,675 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main
2017-09-28 08:48:40,045 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084840033479
2017-09-28 08:48:40,060 [salt.minion      ][INFO    ][2831] Starting a new job with PID 2831
2017-09-28 08:48:40,075 [salt.minion      ][INFO    ][2831] Returning information for job: 20170928084840033479
2017-09-28 08:48:50,218 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084850207756
2017-09-28 08:48:50,235 [salt.minion      ][INFO    ][2837] Starting a new job with PID 2837
2017-09-28 08:48:50,253 [salt.minion      ][INFO    ][2837] Returning information for job: 20170928084850207756
2017-09-28 08:48:51,737 [salt.state       ][ERROR   ][1939] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 08:48:51,738 [salt.state       ][INFO    ][1939] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main] at time 08:48:51.737557 duration_in_ms=20063.078
2017-09-28 08:48:51,738 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix] at time 08:48:51.737809
2017-09-28 08:48:51,738 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix
2017-09-28 08:48:51,738 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix is not present
2017-09-28 08:48:51,739 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix] at time 08:48:51.738552 duration_in_ms=0.742
2017-09-28 08:48:51,739 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/mirantis_openstack_hotfix] at time 08:48:51.738745
2017-09-28 08:48:51,739 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_hotfix
2017-09-28 08:48:51,755 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 08:48:51,773 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:48:51,807 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:48:51,807 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/mirantis_openstack_hotfix] at time 08:48:51.807314 duration_in_ms=68.569
2017-09-28 08:48:51,808 [salt.state       ][INFO    ][1939] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main] at time 08:48:51.807993
2017-09-28 08:48:51,808 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main
2017-09-28 08:49:00,298 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084900287045
2017-09-28 08:49:00,312 [salt.minion      ][INFO    ][2844] Starting a new job with PID 2844
2017-09-28 08:49:00,327 [salt.minion      ][INFO    ][2844] Returning information for job: 20170928084900287045
2017-09-28 08:49:10,357 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084910346970
2017-09-28 08:49:10,375 [salt.minion      ][INFO    ][2854] Starting a new job with PID 2854
2017-09-28 08:49:10,390 [salt.minion      ][INFO    ][2854] Returning information for job: 20170928084910346970
2017-09-28 08:49:11,873 [salt.state       ][ERROR   ][1939] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 08:49:11,873 [salt.state       ][INFO    ][1939] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main] at time 08:49:11.873312 duration_in_ms=20065.317
2017-09-28 08:49:11,874 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/99proxies-salt-salt] at time 08:49:11.873563
2017-09-28 08:49:11,874 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-salt
2017-09-28 08:49:11,874 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/99proxies-salt-salt is not present
2017-09-28 08:49:11,874 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/99proxies-salt-salt] at time 08:49:11.874263 duration_in_ms=0.699
2017-09-28 08:49:11,874 [salt.state       ][INFO    ][1939] Running state [/etc/apt/preferences.d/salt] at time 08:49:11.874448
2017-09-28 08:49:11,875 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/preferences.d/salt
2017-09-28 08:49:11,875 [salt.state       ][INFO    ][1939] File /etc/apt/preferences.d/salt is not present
2017-09-28 08:49:11,875 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/preferences.d/salt] at time 08:49:11.875001 duration_in_ms=0.553
2017-09-28 08:49:11,876 [salt.state       ][INFO    ][1939] Running state [deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main] at time 08:49:11.875694
2017-09-28 08:49:11,876 [salt.state       ][INFO    ][1939] Executing state pkgrepo.managed for deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main
2017-09-28 08:49:12,193 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub'] in directory '/root'
2017-09-28 08:49:12,270 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 08:49:14,186 [salt.state       ][INFO    ][1939] Configured package repo 'deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main'
2017-09-28 08:49:14,187 [salt.state       ][INFO    ][1939] Completed state [deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main] at time 08:49:14.186716 duration_in_ms=2311.021
2017-09-28 08:49:14,187 [salt.state       ][INFO    ][1939] Running state [linux_extra_packages_purged] at time 08:49:14.187071
2017-09-28 08:49:14,187 [salt.state       ][INFO    ][1939] Executing state pkg.purged for linux_extra_packages_purged
2017-09-28 08:49:14,202 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', 'purge', 'cloud-init'] in directory '/root'
2017-09-28 08:49:17,913 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 08:49:17,931 [salt.state       ][INFO    ][1939] {'removed': {}, 'installed': {'cloud-init': {'new': '', 'old': '0.7.9-153-g16a7302f-0ubuntu1~16.04.2'}, 'ec2-init': {'new': '', 'old': '1'}}}
2017-09-28 08:49:17,951 [salt.state       ][INFO    ][1939] Loading fresh modules for state activity
2017-09-28 08:49:17,963 [salt.state       ][INFO    ][1939] Completed state [linux_extra_packages_purged] at time 08:49:17.962648 duration_in_ms=3775.576
2017-09-28 08:49:17,967 [salt.state       ][INFO    ][1939] Running state [linux_extra_packages_latest] at time 08:49:17.967287
2017-09-28 08:49:17,968 [salt.state       ][INFO    ][1939] Executing state pkg.latest for linux_extra_packages_latest
2017-09-28 08:49:18,213 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 08:49:20,147 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-cache', '-q', 'policy', 'python-msgpack'] in directory '/root'
2017-09-28 08:49:20,208 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-cache', '-q', 'policy', 'python-pymysql'] in directory '/root'
2017-09-28 08:49:20,251 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-cache', '-q', 'policy', 'mcelog'] in directory '/root'
2017-09-28 08:49:20,295 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'mcelog'] in directory '/root'
2017-09-28 08:49:20,530 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084920517994
2017-09-28 08:49:20,549 [salt.minion      ][INFO    ][3662] Starting a new job with PID 3662
2017-09-28 08:49:20,560 [salt.minion      ][INFO    ][3662] Returning information for job: 20170928084920517994
2017-09-28 08:49:26,865 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 08:49:26,883 [salt.state       ][INFO    ][1939] Made the following changes:
'mcelog' changed from 'absent' to '128+dfsg-1'

2017-09-28 08:49:26,890 [salt.state       ][INFO    ][1939] Loading fresh modules for state activity
2017-09-28 08:49:26,905 [salt.state       ][INFO    ][1939] Completed state [linux_extra_packages_latest] at time 08:49:26.904824 duration_in_ms=8937.536
2017-09-28 08:49:26,916 [salt.state       ][INFO    ][1939] Running state [UTC] at time 08:49:26.915628
2017-09-28 08:49:26,916 [salt.state       ][INFO    ][1939] Executing state timezone.system for UTC
2017-09-28 08:49:26,918 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['timedatectl'] in directory '/root'
2017-09-28 08:49:26,999 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['timedatectl'] in directory '/root'
2017-09-28 08:49:27,008 [salt.state       ][INFO    ][1939] Timezone UTC already set, UTC already set to UTC
2017-09-28 08:49:27,008 [salt.state       ][INFO    ][1939] Completed state [UTC] at time 08:49:27.007792 duration_in_ms=92.162
2017-09-28 08:49:27,017 [salt.state       ][INFO    ][1939] Running state [nf_conntrack] at time 08:49:27.016811
2017-09-28 08:49:27,017 [salt.state       ][INFO    ][1939] Executing state kmod.present for nf_conntrack
2017-09-28 08:49:27,017 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'lsmod' in directory '/root'
2017-09-28 08:49:27,339 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'lsmod' in directory '/root'
2017-09-28 08:49:27,347 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'modprobe nf_conntrack' in directory '/root'
2017-09-28 08:49:27,366 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'lsmod' in directory '/root'
2017-09-28 08:49:27,406 [salt.state       ][INFO    ][1939] {'nf_conntrack': 'loaded'}
2017-09-28 08:49:27,407 [salt.state       ][INFO    ][1939] Completed state [nf_conntrack] at time 08:49:27.406734 duration_in_ms=389.922
2017-09-28 08:49:27,409 [salt.state       ][INFO    ][1939] Running state [kernel.panic] at time 08:49:27.408661
2017-09-28 08:49:27,409 [salt.state       ][INFO    ][1939] Executing state sysctl.present for kernel.panic
2017-09-28 08:49:27,410 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,469 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w kernel.panic="60"' in directory '/root'
2017-09-28 08:49:27,478 [salt.state       ][INFO    ][1939] {'kernel.panic': 60}
2017-09-28 08:49:27,478 [salt.state       ][INFO    ][1939] Completed state [kernel.panic] at time 08:49:27.478218 duration_in_ms=69.556
2017-09-28 08:49:27,479 [salt.state       ][INFO    ][1939] Running state [net.ipv4.tcp_keepalive_probes] at time 08:49:27.478558
2017-09-28 08:49:27,479 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.tcp_keepalive_probes
2017-09-28 08:49:27,479 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,493 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.tcp_keepalive_probes="8"' in directory '/root'
2017-09-28 08:49:27,501 [salt.state       ][INFO    ][1939] {'net.ipv4.tcp_keepalive_probes': 8}
2017-09-28 08:49:27,501 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.tcp_keepalive_probes] at time 08:49:27.501124 duration_in_ms=22.564
2017-09-28 08:49:27,502 [salt.state       ][INFO    ][1939] Running state [fs.file-max] at time 08:49:27.501485
2017-09-28 08:49:27,502 [salt.state       ][INFO    ][1939] Executing state sysctl.present for fs.file-max
2017-09-28 08:49:27,502 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,516 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w fs.file-max="124165"' in directory '/root'
2017-09-28 08:49:27,524 [salt.state       ][INFO    ][1939] {'fs.file-max': 124165}
2017-09-28 08:49:27,524 [salt.state       ][INFO    ][1939] Completed state [fs.file-max] at time 08:49:27.524031 duration_in_ms=22.545
2017-09-28 08:49:27,524 [salt.state       ][INFO    ][1939] Running state [net.core.somaxconn] at time 08:49:27.524403
2017-09-28 08:49:27,525 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.core.somaxconn
2017-09-28 08:49:27,525 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,539 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.core.somaxconn="4096"' in directory '/root'
2017-09-28 08:49:27,547 [salt.state       ][INFO    ][1939] {'net.core.somaxconn': 4096}
2017-09-28 08:49:27,547 [salt.state       ][INFO    ][1939] Completed state [net.core.somaxconn] at time 08:49:27.547361 duration_in_ms=22.958
2017-09-28 08:49:27,548 [salt.state       ][INFO    ][1939] Running state [net.ipv4.tcp_max_syn_backlog] at time 08:49:27.547690
2017-09-28 08:49:27,548 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.tcp_max_syn_backlog
2017-09-28 08:49:27,549 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,562 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.tcp_max_syn_backlog="8192"' in directory '/root'
2017-09-28 08:49:27,570 [salt.state       ][INFO    ][1939] {'net.ipv4.tcp_max_syn_backlog': 8192}
2017-09-28 08:49:27,571 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.tcp_max_syn_backlog] at time 08:49:27.570810 duration_in_ms=23.119
2017-09-28 08:49:27,571 [salt.state       ][INFO    ][1939] Running state [net.ipv4.tcp_tw_reuse] at time 08:49:27.571142
2017-09-28 08:49:27,571 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.tcp_tw_reuse
2017-09-28 08:49:27,572 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,585 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.tcp_tw_reuse="1"' in directory '/root'
2017-09-28 08:49:27,593 [salt.state       ][INFO    ][1939] {'net.ipv4.tcp_tw_reuse': 1}
2017-09-28 08:49:27,593 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.tcp_tw_reuse] at time 08:49:27.593380 duration_in_ms=22.237
2017-09-28 08:49:27,594 [salt.state       ][INFO    ][1939] Running state [net.ipv4.tcp_retries2] at time 08:49:27.593708
2017-09-28 08:49:27,594 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.tcp_retries2
2017-09-28 08:49:27,595 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,608 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.tcp_retries2="5"' in directory '/root'
2017-09-28 08:49:27,615 [salt.state       ][INFO    ][1939] {'net.ipv4.tcp_retries2': 5}
2017-09-28 08:49:27,616 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.tcp_retries2] at time 08:49:27.615682 duration_in_ms=21.973
2017-09-28 08:49:27,616 [salt.state       ][INFO    ][1939] Running state [vm.swappiness] at time 08:49:27.616017
2017-09-28 08:49:27,616 [salt.state       ][INFO    ][1939] Executing state sysctl.present for vm.swappiness
2017-09-28 08:49:27,617 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,631 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w vm.swappiness="10"' in directory '/root'
2017-09-28 08:49:27,638 [salt.state       ][INFO    ][1939] {'vm.swappiness': 10}
2017-09-28 08:49:27,639 [salt.state       ][INFO    ][1939] Completed state [vm.swappiness] at time 08:49:27.638556 duration_in_ms=22.538
2017-09-28 08:49:27,639 [salt.state       ][INFO    ][1939] Running state [net.ipv4.tcp_keepalive_intvl] at time 08:49:27.638893
2017-09-28 08:49:27,639 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.tcp_keepalive_intvl
2017-09-28 08:49:27,640 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,654 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.tcp_keepalive_intvl="3"' in directory '/root'
2017-09-28 08:49:27,661 [salt.state       ][INFO    ][1939] {'net.ipv4.tcp_keepalive_intvl': 3}
2017-09-28 08:49:27,661 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.tcp_keepalive_intvl] at time 08:49:27.661447 duration_in_ms=22.553
2017-09-28 08:49:27,662 [salt.state       ][INFO    ][1939] Running state [net.ipv4.neigh.default.gc_thresh1] at time 08:49:27.661777
2017-09-28 08:49:27,662 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.neigh.default.gc_thresh1
2017-09-28 08:49:27,663 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,676 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.neigh.default.gc_thresh1="4096"' in directory '/root'
2017-09-28 08:49:27,684 [salt.state       ][INFO    ][1939] {'net.ipv4.neigh.default.gc_thresh1': 4096}
2017-09-28 08:49:27,684 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.neigh.default.gc_thresh1] at time 08:49:27.684190 duration_in_ms=22.412
2017-09-28 08:49:27,685 [salt.state       ][INFO    ][1939] Running state [net.ipv4.neigh.default.gc_thresh2] at time 08:49:27.684568
2017-09-28 08:49:27,685 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.neigh.default.gc_thresh2
2017-09-28 08:49:27,685 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,698 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.neigh.default.gc_thresh2="8192"' in directory '/root'
2017-09-28 08:49:27,706 [salt.state       ][INFO    ][1939] {'net.ipv4.neigh.default.gc_thresh2': 8192}
2017-09-28 08:49:27,707 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.neigh.default.gc_thresh2] at time 08:49:27.706927 duration_in_ms=22.358
2017-09-28 08:49:27,707 [salt.state       ][INFO    ][1939] Running state [net.ipv4.neigh.default.gc_thresh3] at time 08:49:27.707253
2017-09-28 08:49:27,708 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.neigh.default.gc_thresh3
2017-09-28 08:49:27,708 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,722 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.neigh.default.gc_thresh3="16384"' in directory '/root'
2017-09-28 08:49:27,730 [salt.state       ][INFO    ][1939] {'net.ipv4.neigh.default.gc_thresh3': 16384}
2017-09-28 08:49:27,731 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.neigh.default.gc_thresh3] at time 08:49:27.730660 duration_in_ms=23.406
2017-09-28 08:49:27,731 [salt.state       ][INFO    ][1939] Running state [net.core.netdev_max_backlog] at time 08:49:27.730996
2017-09-28 08:49:27,731 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.core.netdev_max_backlog
2017-09-28 08:49:27,732 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,745 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.core.netdev_max_backlog="261144"' in directory '/root'
2017-09-28 08:49:27,753 [salt.state       ][INFO    ][1939] {'net.core.netdev_max_backlog': 261144}
2017-09-28 08:49:27,754 [salt.state       ][INFO    ][1939] Completed state [net.core.netdev_max_backlog] at time 08:49:27.753572 duration_in_ms=22.575
2017-09-28 08:49:27,754 [salt.state       ][INFO    ][1939] Running state [net.ipv4.tcp_keepalive_time] at time 08:49:27.753915
2017-09-28 08:49:27,754 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.ipv4.tcp_keepalive_time
2017-09-28 08:49:27,755 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,768 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.ipv4.tcp_keepalive_time="30"' in directory '/root'
2017-09-28 08:49:27,776 [salt.state       ][INFO    ][1939] {'net.ipv4.tcp_keepalive_time': 30}
2017-09-28 08:49:27,777 [salt.state       ][INFO    ][1939] Completed state [net.ipv4.tcp_keepalive_time] at time 08:49:27.776663 duration_in_ms=22.746
2017-09-28 08:49:27,777 [salt.state       ][INFO    ][1939] Running state [net.nf_conntrack_max] at time 08:49:27.777025
2017-09-28 08:49:27,777 [salt.state       ][INFO    ][1939] Executing state sysctl.present for net.nf_conntrack_max
2017-09-28 08:49:27,778 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -a' in directory '/root'
2017-09-28 08:49:27,792 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'sysctl -w net.nf_conntrack_max="1048576"' in directory '/root'
2017-09-28 08:49:27,799 [salt.state       ][INFO    ][1939] {'net.nf_conntrack_max': 1048576}
2017-09-28 08:49:27,800 [salt.state       ][INFO    ][1939] Completed state [net.nf_conntrack_max] at time 08:49:27.799763 duration_in_ms=22.737
2017-09-28 08:49:27,805 [salt.state       ][INFO    ][1939] Running state [linux_sysfs_package] at time 08:49:27.804703
2017-09-28 08:49:27,805 [salt.state       ][INFO    ][1939] Executing state pkg.installed for linux_sysfs_package
2017-09-28 08:49:27,979 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-cache', '-q', 'policy', 'sysfsutils'] in directory '/root'
2017-09-28 08:49:28,024 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 08:49:29,724 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'sysfsutils'] in directory '/root'
2017-09-28 08:49:30,566 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084930553370
2017-09-28 08:49:30,582 [salt.minion      ][INFO    ][4148] Starting a new job with PID 4148
2017-09-28 08:49:30,599 [salt.minion      ][INFO    ][4148] Returning information for job: 20170928084930553370
2017-09-28 08:49:40,597 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084940589781
2017-09-28 08:49:40,619 [salt.minion      ][INFO    ][4209] Starting a new job with PID 4209
2017-09-28 08:49:40,633 [salt.minion      ][INFO    ][4209] Returning information for job: 20170928084940589781
2017-09-28 08:49:45,227 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 08:49:45,244 [salt.state       ][INFO    ][1939] Made the following changes:
'libsysfs2' changed from 'absent' to '2.1.0+repack-4'
'sysfsutils' changed from 'absent' to '2.1.0+repack-4'

2017-09-28 08:49:45,252 [salt.state       ][INFO    ][1939] Loading fresh modules for state activity
2017-09-28 08:49:45,269 [salt.state       ][INFO    ][1939] Completed state [linux_sysfs_package] at time 08:49:45.268635 duration_in_ms=17463.931
2017-09-28 08:49:45,273 [salt.state       ][INFO    ][1939] Running state [/etc/sysfs.d] at time 08:49:45.272483
2017-09-28 08:49:45,273 [salt.state       ][INFO    ][1939] Executing state file.directory for /etc/sysfs.d
2017-09-28 08:49:45,276 [salt.state       ][INFO    ][1939] Directory /etc/sysfs.d is in the correct state
2017-09-28 08:49:45,276 [salt.state       ][INFO    ][1939] Completed state [/etc/sysfs.d] at time 08:49:45.276159 duration_in_ms=3.676
2017-09-28 08:49:45,368 [salt.state       ][INFO    ][1939] Running state [ondemand] at time 08:49:45.368456
2017-09-28 08:49:45,369 [salt.state       ][INFO    ][1939] Executing state service.dead for ondemand
2017-09-28 08:49:45,371 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'status', 'ondemand.service', '-n', '0'] in directory '/root'
2017-09-28 08:49:45,382 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-active', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,390 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-enabled', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,399 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', 'systemctl', 'stop', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,431 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-active', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,439 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-enabled', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,448 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-enabled', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,459 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', '/usr/sbin/update-rc.d', '-f', 'ondemand', 'remove'] in directory '/root'
2017-09-28 08:49:45,541 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-enabled', 'ondemand.service'] in directory '/root'
2017-09-28 08:49:45,552 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'runlevel' in directory '/root'
2017-09-28 08:49:45,559 [salt.state       ][INFO    ][1939] {'ondemand': True}
2017-09-28 08:49:45,560 [salt.state       ][INFO    ][1939] Completed state [ondemand] at time 08:49:45.559728 duration_in_ms=191.271
2017-09-28 08:49:45,651 [salt.state       ][INFO    ][1939] Running state [cs_CZ.UTF-8] at time 08:49:45.650509
2017-09-28 08:49:45,651 [salt.state       ][INFO    ][1939] Executing state locale.present for cs_CZ.UTF-8
2017-09-28 08:49:45,651 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'locale -a' in directory '/root'
2017-09-28 08:49:45,664 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['locale-gen', 'cs_CZ.UTF-8'] in directory '/root'
2017-09-28 08:49:46,549 [salt.state       ][INFO    ][1939] {'locale': 'cs_CZ.UTF-8'}
2017-09-28 08:49:46,550 [salt.state       ][INFO    ][1939] Completed state [cs_CZ.UTF-8] at time 08:49:46.549580 duration_in_ms=899.07
2017-09-28 08:49:46,550 [salt.state       ][INFO    ][1939] Running state [en_US.UTF-8] at time 08:49:46.549965
2017-09-28 08:49:46,550 [salt.state       ][INFO    ][1939] Executing state locale.present for en_US.UTF-8
2017-09-28 08:49:46,551 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'locale -a' in directory '/root'
2017-09-28 08:49:46,560 [salt.state       ][INFO    ][1939] Locale en_US.UTF-8 is already present
2017-09-28 08:49:46,561 [salt.state       ][INFO    ][1939] Completed state [en_US.UTF-8] at time 08:49:46.560516 duration_in_ms=10.549
2017-09-28 08:49:46,562 [salt.state       ][INFO    ][1939] Running state [en_US.UTF-8] at time 08:49:46.561647
2017-09-28 08:49:46,562 [salt.state       ][INFO    ][1939] Executing state locale.system for en_US.UTF-8
2017-09-28 08:49:46,563 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'localectl' in directory '/root'
2017-09-28 08:49:46,900 [salt.state       ][INFO    ][1939] System locale en_US.UTF-8 already set
2017-09-28 08:49:46,901 [salt.state       ][INFO    ][1939] Completed state [en_US.UTF-8] at time 08:49:46.900666 duration_in_ms=339.016
2017-09-28 08:49:46,914 [salt.state       ][INFO    ][1939] Running state [root] at time 08:49:46.913485
2017-09-28 08:49:46,914 [salt.state       ][INFO    ][1939] Executing state user.present for root
2017-09-28 08:49:46,920 [salt.state       ][INFO    ][1939] {'passwd': 'XXX-REDACTED-XXX', 'lstchg': 17437}
2017-09-28 08:49:46,920 [salt.state       ][INFO    ][1939] Completed state [root] at time 08:49:46.920027 duration_in_ms=6.542
2017-09-28 08:49:46,921 [salt.state       ][INFO    ][1939] Running state [/root] at time 08:49:46.921128
2017-09-28 08:49:46,922 [salt.state       ][INFO    ][1939] Executing state file.directory for /root
2017-09-28 08:49:46,922 [salt.state       ][INFO    ][1939] Directory /root is in the correct state
2017-09-28 08:49:46,923 [salt.state       ][INFO    ][1939] Completed state [/root] at time 08:49:46.922579 duration_in_ms=1.451
2017-09-28 08:49:46,923 [salt.state       ][INFO    ][1939] Running state [/etc/sudoers.d/90-salt-user-root] at time 08:49:46.922951
2017-09-28 08:49:46,923 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/sudoers.d/90-salt-user-root
2017-09-28 08:49:47,052 [salt.state       ][INFO    ][1939] File /etc/sudoers.d/90-salt-user-root is not present
2017-09-28 08:49:47,052 [salt.state       ][INFO    ][1939] Completed state [/etc/sudoers.d/90-salt-user-root] at time 08:49:47.052247 duration_in_ms=129.295
2017-09-28 08:49:47,053 [salt.state       ][INFO    ][1939] Running state [ubuntu] at time 08:49:47.052686
2017-09-28 08:49:47,053 [salt.state       ][INFO    ][1939] Executing state user.present for ubuntu
2017-09-28 08:49:47,054 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['useradd', '-s', '/bin/bash', '-m', '-d', '/home/ubuntu', 'ubuntu'] in directory '/root'
2017-09-28 08:49:49,450 [salt.state       ][INFO    ][1939] {'shell': '/bin/bash', 'workphone': '', 'uid': 1000, 'passwd': 'x', 'roomnumber': '', 'groups': ['ubuntu'], 'home': '/home/ubuntu', 'password': 'XXX-REDACTED-XXX', 'name': 'ubuntu', 'gid': 1000, 'fullname': '', 'homephone': ''}
2017-09-28 08:49:49,451 [salt.state       ][INFO    ][1939] Completed state [ubuntu] at time 08:49:49.450596 duration_in_ms=2397.907
2017-09-28 08:49:49,452 [salt.state       ][INFO    ][1939] Running state [/home/ubuntu] at time 08:49:49.451809
2017-09-28 08:49:49,452 [salt.state       ][INFO    ][1939] Executing state file.directory for /home/ubuntu
2017-09-28 08:49:49,453 [salt.state       ][INFO    ][1939] {'mode': '0700'}
2017-09-28 08:49:49,454 [salt.state       ][INFO    ][1939] Completed state [/home/ubuntu] at time 08:49:49.453550 duration_in_ms=1.741
2017-09-28 08:49:49,454 [salt.state       ][INFO    ][1939] Running state [/etc/sudoers.d/90-salt-user-ubuntu] at time 08:49:49.454311
2017-09-28 08:49:49,455 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/sudoers.d/90-salt-user-ubuntu
2017-09-28 08:49:49,474 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/sudoer'
2017-09-28 08:49:49,478 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command '/usr/sbin/visudo -c -f /tmp/tmpshfoCq' in directory '/root'
2017-09-28 08:49:49,539 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:49:49,540 [salt.state       ][INFO    ][1939] Completed state [/etc/sudoers.d/90-salt-user-ubuntu] at time 08:49:49.539748 duration_in_ms=85.437
2017-09-28 08:49:49,540 [salt.state       ][INFO    ][1939] Running state [/etc/security/limits.d/90-salt-default.conf] at time 08:49:49.540165
2017-09-28 08:49:49,541 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/security/limits.d/90-salt-default.conf
2017-09-28 08:49:49,561 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/limits.conf'
2017-09-28 08:49:49,580 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:49:49,616 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:49:49,616 [salt.state       ][INFO    ][1939] Completed state [/etc/security/limits.d/90-salt-default.conf] at time 08:49:49.616074 duration_in_ms=75.909
2017-09-28 08:49:49,617 [salt.state       ][INFO    ][1939] Running state [/etc/systemd/system.conf.d/90-salt.conf] at time 08:49:49.616498
2017-09-28 08:49:49,617 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/systemd/system.conf.d/90-salt.conf
2017-09-28 08:49:49,633 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/systemd.conf'
2017-09-28 08:49:49,671 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 08:49:49,705 [salt.state       ][INFO    ][1939] File changed:
New file
2017-09-28 08:49:49,705 [salt.state       ][INFO    ][1939] Completed state [/etc/systemd/system.conf.d/90-salt.conf] at time 08:49:49.704947 duration_in_ms=88.449
2017-09-28 08:49:49,706 [salt.state       ][INFO    ][1939] Running state [service.systemctl_reload] at time 08:49:49.706136
2017-09-28 08:49:49,706 [salt.state       ][INFO    ][1939] Executing state module.wait for service.systemctl_reload
2017-09-28 08:49:49,707 [salt.state       ][INFO    ][1939] No changes made for service.systemctl_reload
2017-09-28 08:49:49,707 [salt.state       ][INFO    ][1939] Completed state [service.systemctl_reload] at time 08:49:49.707118 duration_in_ms=0.982
2017-09-28 08:49:49,707 [salt.state       ][INFO    ][1939] Running state [service.systemctl_reload] at time 08:49:49.707414
2017-09-28 08:49:49,708 [salt.state       ][INFO    ][1939] Executing state module.mod_watch for service.systemctl_reload
2017-09-28 08:49:49,708 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', '--system', 'daemon-reload'] in directory '/root'
2017-09-28 08:49:49,744 [salt.state       ][INFO    ][1939] {'ret': True}
2017-09-28 08:49:49,744 [salt.state       ][INFO    ][1939] Completed state [service.systemctl_reload] at time 08:49:49.744141 duration_in_ms=36.725
2017-09-28 08:49:49,745 [salt.state       ][INFO    ][1939] Running state [/etc/hostname] at time 08:49:49.744604
2017-09-28 08:49:49,745 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/hostname
2017-09-28 08:49:49,766 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'linux/files/hostname'
2017-09-28 08:49:49,769 [salt.state       ][INFO    ][1939] File changed:
--- 
+++ 
@@ -1 +1 @@
-ubuntu-1604
+ctl02

2017-09-28 08:49:49,769 [salt.state       ][INFO    ][1939] Completed state [/etc/hostname] at time 08:49:49.769172 duration_in_ms=24.568
2017-09-28 08:49:49,771 [salt.state       ][INFO    ][1939] Running state [hostname ctl02] at time 08:49:49.770846
2017-09-28 08:49:49,771 [salt.state       ][INFO    ][1939] Executing state cmd.wait for hostname ctl02
2017-09-28 08:49:49,772 [salt.state       ][INFO    ][1939] No changes made for hostname ctl02
2017-09-28 08:49:49,772 [salt.state       ][INFO    ][1939] Completed state [hostname ctl02] at time 08:49:49.771779 duration_in_ms=0.933
2017-09-28 08:49:49,772 [salt.state       ][INFO    ][1939] Running state [hostname ctl02] at time 08:49:49.772053
2017-09-28 08:49:49,772 [salt.state       ][INFO    ][1939] Executing state cmd.mod_watch for hostname ctl02
2017-09-28 08:49:49,773 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command 'hostname ctl02' in directory '/root'
2017-09-28 08:49:49,781 [salt.state       ][INFO    ][1939] {'pid': 4421, 'retcode': 0, 'stderr': '', 'stdout': ''}
2017-09-28 08:49:49,782 [salt.state       ][INFO    ][1939] Completed state [hostname ctl02] at time 08:49:49.781476 duration_in_ms=9.421
2017-09-28 08:49:49,849 [salt.state       ][INFO    ][1939] Running state [mdb02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:49.849037
2017-09-28 08:49:49,850 [salt.state       ][INFO    ][1939] Executing state host.present for mdb02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:49,851 [salt.state       ][INFO    ][1939] {'host': 'mdb02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:49,852 [salt.state       ][INFO    ][1939] Completed state [mdb02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:49.851686 duration_in_ms=2.649
2017-09-28 08:49:49,852 [salt.state       ][INFO    ][1939] Running state [mdb02] at time 08:49:49.852082
2017-09-28 08:49:49,853 [salt.state       ][INFO    ][1939] Executing state host.present for mdb02
2017-09-28 08:49:50,021 [salt.state       ][INFO    ][1939] {'host': 'mdb02'}
2017-09-28 08:49:50,021 [salt.state       ][INFO    ][1939] Completed state [mdb02] at time 08:49:50.021306 duration_in_ms=169.224
2017-09-28 08:49:50,022 [salt.state       ][INFO    ][1939] Running state [mdb03] at time 08:49:50.021708
2017-09-28 08:49:50,022 [salt.state       ][INFO    ][1939] Executing state host.present for mdb03
2017-09-28 08:49:50,216 [salt.state       ][INFO    ][1939] {'host': 'mdb03'}
2017-09-28 08:49:50,216 [salt.state       ][INFO    ][1939] Completed state [mdb03] at time 08:49:50.215710 duration_in_ms=194.002
2017-09-28 08:49:50,216 [salt.state       ][INFO    ][1939] Running state [mdb03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.215905
2017-09-28 08:49:50,216 [salt.state       ][INFO    ][1939] Executing state host.present for mdb03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,228 [salt.state       ][INFO    ][1939] {'host': 'mdb03.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,228 [salt.state       ][INFO    ][1939] Completed state [mdb03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.228112 duration_in_ms=12.207
2017-09-28 08:49:50,228 [salt.state       ][INFO    ][1939] Running state [mdb01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.228350
2017-09-28 08:49:50,229 [salt.state       ][INFO    ][1939] Executing state host.present for mdb01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,234 [salt.state       ][INFO    ][1939] {'host': 'mdb01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,234 [salt.state       ][INFO    ][1939] Completed state [mdb01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.234355 duration_in_ms=6.004
2017-09-28 08:49:50,235 [salt.state       ][INFO    ][1939] Running state [mdb01] at time 08:49:50.234566
2017-09-28 08:49:50,235 [salt.state       ][INFO    ][1939] Executing state host.present for mdb01
2017-09-28 08:49:50,240 [salt.state       ][INFO    ][1939] {'host': 'mdb01'}
2017-09-28 08:49:50,240 [salt.state       ][INFO    ][1939] Completed state [mdb01] at time 08:49:50.240194 duration_in_ms=5.628
2017-09-28 08:49:50,240 [salt.state       ][INFO    ][1939] Running state [mdb] at time 08:49:50.240447
2017-09-28 08:49:50,241 [salt.state       ][INFO    ][1939] Executing state host.present for mdb
2017-09-28 08:49:50,246 [salt.state       ][INFO    ][1939] {'host': 'mdb'}
2017-09-28 08:49:50,246 [salt.state       ][INFO    ][1939] Completed state [mdb] at time 08:49:50.246150 duration_in_ms=5.702
2017-09-28 08:49:50,246 [salt.state       ][INFO    ][1939] Running state [mdb.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.246357
2017-09-28 08:49:50,247 [salt.state       ][INFO    ][1939] Executing state host.present for mdb.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,252 [salt.state       ][INFO    ][1939] {'host': 'mdb.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,252 [salt.state       ][INFO    ][1939] Completed state [mdb.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.252317 duration_in_ms=5.96
2017-09-28 08:49:50,253 [salt.state       ][INFO    ][1939] Running state [prx02] at time 08:49:50.252559
2017-09-28 08:49:50,253 [salt.state       ][INFO    ][1939] Executing state host.present for prx02
2017-09-28 08:49:50,258 [salt.state       ][INFO    ][1939] {'host': 'prx02'}
2017-09-28 08:49:50,258 [salt.state       ][INFO    ][1939] Completed state [prx02] at time 08:49:50.258392 duration_in_ms=5.833
2017-09-28 08:49:50,259 [salt.state       ][INFO    ][1939] Running state [prx02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.258594
2017-09-28 08:49:50,259 [salt.state       ][INFO    ][1939] Executing state host.present for prx02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,264 [salt.state       ][INFO    ][1939] {'host': 'prx02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,264 [salt.state       ][INFO    ][1939] Completed state [prx02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.264403 duration_in_ms=5.808
2017-09-28 08:49:50,265 [salt.state       ][INFO    ][1939] Running state [prx01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.264617
2017-09-28 08:49:50,265 [salt.state       ][INFO    ][1939] Executing state host.present for prx01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,270 [salt.state       ][INFO    ][1939] {'host': 'prx01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,270 [salt.state       ][INFO    ][1939] Completed state [prx01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.270218 duration_in_ms=5.601
2017-09-28 08:49:50,270 [salt.state       ][INFO    ][1939] Running state [prx01] at time 08:49:50.270411
2017-09-28 08:49:50,271 [salt.state       ][INFO    ][1939] Executing state host.present for prx01
2017-09-28 08:49:50,276 [salt.state       ][INFO    ][1939] {'host': 'prx01'}
2017-09-28 08:49:50,276 [salt.state       ][INFO    ][1939] Completed state [prx01] at time 08:49:50.276319 duration_in_ms=5.908
2017-09-28 08:49:50,277 [salt.state       ][INFO    ][1939] Running state [kvm01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.276533
2017-09-28 08:49:50,277 [salt.state       ][INFO    ][1939] Executing state host.present for kvm01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,282 [salt.state       ][INFO    ][1939] {'host': 'kvm01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,282 [salt.state       ][INFO    ][1939] Completed state [kvm01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.282303 duration_in_ms=5.77
2017-09-28 08:49:50,283 [salt.state       ][INFO    ][1939] Running state [kvm01] at time 08:49:50.282502
2017-09-28 08:49:50,283 [salt.state       ][INFO    ][1939] Executing state host.present for kvm01
2017-09-28 08:49:50,288 [salt.state       ][INFO    ][1939] {'host': 'kvm01'}
2017-09-28 08:49:50,289 [salt.state       ][INFO    ][1939] Completed state [kvm01] at time 08:49:50.288539 duration_in_ms=6.036
2017-09-28 08:49:50,289 [salt.state       ][INFO    ][1939] Running state [kvm03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.288768
2017-09-28 08:49:50,289 [salt.state       ][INFO    ][1939] Executing state host.present for kvm03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,294 [salt.state       ][INFO    ][1939] {'host': 'kvm03.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,294 [salt.state       ][INFO    ][1939] Completed state [kvm03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.294426 duration_in_ms=5.658
2017-09-28 08:49:50,295 [salt.state       ][INFO    ][1939] Running state [kvm03] at time 08:49:50.294624
2017-09-28 08:49:50,295 [salt.state       ][INFO    ][1939] Executing state host.present for kvm03
2017-09-28 08:49:50,348 [salt.state       ][INFO    ][1939] {'host': 'kvm03'}
2017-09-28 08:49:50,348 [salt.state       ][INFO    ][1939] Completed state [kvm03] at time 08:49:50.348200 duration_in_ms=53.574
2017-09-28 08:49:50,349 [salt.state       ][INFO    ][1939] Running state [kvm02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.348471
2017-09-28 08:49:50,349 [salt.state       ][INFO    ][1939] Executing state host.present for kvm02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,379 [salt.state       ][INFO    ][1939] {'host': 'kvm02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,379 [salt.state       ][INFO    ][1939] Completed state [kvm02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.378806 duration_in_ms=30.335
2017-09-28 08:49:50,379 [salt.state       ][INFO    ][1939] Running state [kvm02] at time 08:49:50.379019
2017-09-28 08:49:50,379 [salt.state       ][INFO    ][1939] Executing state host.present for kvm02
2017-09-28 08:49:50,385 [salt.state       ][INFO    ][1939] {'host': 'kvm02'}
2017-09-28 08:49:50,385 [salt.state       ][INFO    ][1939] Completed state [kvm02] at time 08:49:50.384690 duration_in_ms=5.671
2017-09-28 08:49:50,385 [salt.state       ][INFO    ][1939] Running state [dbs.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.384901
2017-09-28 08:49:50,385 [salt.state       ][INFO    ][1939] Executing state host.present for dbs.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,391 [salt.state       ][INFO    ][1939] {'host': 'dbs.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,391 [salt.state       ][INFO    ][1939] Completed state [dbs.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.390689 duration_in_ms=5.788
2017-09-28 08:49:50,391 [salt.state       ][INFO    ][1939] Running state [dbs] at time 08:49:50.390880
2017-09-28 08:49:50,391 [salt.state       ][INFO    ][1939] Executing state host.present for dbs
2017-09-28 08:49:50,397 [salt.state       ][INFO    ][1939] {'host': 'dbs'}
2017-09-28 08:49:50,397 [salt.state       ][INFO    ][1939] Completed state [dbs] at time 08:49:50.396684 duration_in_ms=5.803
2017-09-28 08:49:50,397 [salt.state       ][INFO    ][1939] Running state [prx.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.396896
2017-09-28 08:49:50,397 [salt.state       ][INFO    ][1939] Executing state host.present for prx.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,403 [salt.state       ][INFO    ][1939] {'host': 'prx.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,403 [salt.state       ][INFO    ][1939] Completed state [prx.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.402960 duration_in_ms=6.064
2017-09-28 08:49:50,403 [salt.state       ][INFO    ][1939] Running state [prx] at time 08:49:50.403166
2017-09-28 08:49:50,403 [salt.state       ][INFO    ][1939] Executing state host.present for prx
2017-09-28 08:49:50,409 [salt.state       ][INFO    ][1939] {'host': 'prx'}
2017-09-28 08:49:50,409 [salt.state       ][INFO    ][1939] Completed state [prx] at time 08:49:50.408911 duration_in_ms=5.745
2017-09-28 08:49:50,409 [salt.state       ][INFO    ][1939] Running state [gtw01] at time 08:49:50.409118
2017-09-28 08:49:50,409 [salt.state       ][INFO    ][1939] Executing state host.present for gtw01
2017-09-28 08:49:50,415 [salt.state       ][INFO    ][1939] {'host': 'gtw01'}
2017-09-28 08:49:50,415 [salt.state       ][INFO    ][1939] Completed state [gtw01] at time 08:49:50.414761 duration_in_ms=5.642
2017-09-28 08:49:50,415 [salt.state       ][INFO    ][1939] Running state [gtw01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.414963
2017-09-28 08:49:50,415 [salt.state       ][INFO    ][1939] Executing state host.present for gtw01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,421 [salt.state       ][INFO    ][1939] {'host': 'gtw01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,421 [salt.state       ][INFO    ][1939] Completed state [gtw01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.420746 duration_in_ms=5.783
2017-09-28 08:49:50,421 [salt.state       ][INFO    ][1939] Running state [gtw02] at time 08:49:50.420951
2017-09-28 08:49:50,421 [salt.state       ][INFO    ][1939] Executing state host.present for gtw02
2017-09-28 08:49:50,427 [salt.state       ][INFO    ][1939] {'host': 'gtw02'}
2017-09-28 08:49:50,427 [salt.state       ][INFO    ][1939] Completed state [gtw02] at time 08:49:50.426835 duration_in_ms=5.884
2017-09-28 08:49:50,427 [salt.state       ][INFO    ][1939] Running state [gtw02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.427045
2017-09-28 08:49:50,427 [salt.state       ][INFO    ][1939] Executing state host.present for gtw02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,433 [salt.state       ][INFO    ][1939] {'host': 'gtw02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,433 [salt.state       ][INFO    ][1939] Completed state [gtw02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.432847 duration_in_ms=5.802
2017-09-28 08:49:50,433 [salt.state       ][INFO    ][1939] Running state [msg02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.433057
2017-09-28 08:49:50,433 [salt.state       ][INFO    ][1939] Executing state host.present for msg02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,439 [salt.state       ][INFO    ][1939] {'host': 'msg02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,439 [salt.state       ][INFO    ][1939] Completed state [msg02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.438921 duration_in_ms=5.864
2017-09-28 08:49:50,439 [salt.state       ][INFO    ][1939] Running state [msg02] at time 08:49:50.439112
2017-09-28 08:49:50,439 [salt.state       ][INFO    ][1939] Executing state host.present for msg02
2017-09-28 08:49:50,445 [salt.state       ][INFO    ][1939] {'host': 'msg02'}
2017-09-28 08:49:50,445 [salt.state       ][INFO    ][1939] Completed state [msg02] at time 08:49:50.444947 duration_in_ms=5.834
2017-09-28 08:49:50,445 [salt.state       ][INFO    ][1939] Running state [msg03] at time 08:49:50.445158
2017-09-28 08:49:50,445 [salt.state       ][INFO    ][1939] Executing state host.present for msg03
2017-09-28 08:49:50,451 [salt.state       ][INFO    ][1939] {'host': 'msg03'}
2017-09-28 08:49:50,451 [salt.state       ][INFO    ][1939] Completed state [msg03] at time 08:49:50.451099 duration_in_ms=5.941
2017-09-28 08:49:50,451 [salt.state       ][INFO    ][1939] Running state [msg03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.451306
2017-09-28 08:49:50,452 [salt.state       ][INFO    ][1939] Executing state host.present for msg03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,457 [salt.state       ][INFO    ][1939] {'host': 'msg03.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,457 [salt.state       ][INFO    ][1939] Completed state [msg03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.456863 duration_in_ms=5.557
2017-09-28 08:49:50,457 [salt.state       ][INFO    ][1939] Running state [msg01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.457074
2017-09-28 08:49:50,457 [salt.state       ][INFO    ][1939] Executing state host.present for msg01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,463 [salt.state       ][INFO    ][1939] {'host': 'msg01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,463 [salt.state       ][INFO    ][1939] Completed state [msg01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.462879 duration_in_ms=5.804
2017-09-28 08:49:50,463 [salt.state       ][INFO    ][1939] Running state [msg01] at time 08:49:50.463085
2017-09-28 08:49:50,463 [salt.state       ][INFO    ][1939] Executing state host.present for msg01
2017-09-28 08:49:50,479 [salt.state       ][INFO    ][1939] {'host': 'msg01'}
2017-09-28 08:49:50,480 [salt.state       ][INFO    ][1939] Completed state [msg01] at time 08:49:50.479496 duration_in_ms=16.41
2017-09-28 08:49:50,480 [salt.state       ][INFO    ][1939] Running state [msg] at time 08:49:50.479693
2017-09-28 08:49:50,480 [salt.state       ][INFO    ][1939] Executing state host.present for msg
2017-09-28 08:49:50,647 [salt.state       ][INFO    ][1939] {'host': 'msg'}
2017-09-28 08:49:50,647 [salt.state       ][INFO    ][1939] Completed state [msg] at time 08:49:50.646794 duration_in_ms=167.101
2017-09-28 08:49:50,647 [salt.state       ][INFO    ][1939] Running state [msg.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.647001
2017-09-28 08:49:50,647 [salt.state       ][INFO    ][1939] Executing state host.present for msg.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,653 [salt.state       ][INFO    ][1939] {'host': 'msg.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,653 [salt.state       ][INFO    ][1939] Completed state [msg.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.652680 duration_in_ms=5.678
2017-09-28 08:49:50,653 [salt.state       ][INFO    ][1939] Running state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.652872
2017-09-28 08:49:50,653 [salt.state       ][INFO    ][1939] Executing state host.present for cfg01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,658 [salt.state       ][INFO    ][1939] {'host': 'cfg01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,659 [salt.state       ][INFO    ][1939] Completed state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.658588 duration_in_ms=5.716
2017-09-28 08:49:50,659 [salt.state       ][INFO    ][1939] Running state [cfg01] at time 08:49:50.658781
2017-09-28 08:49:50,659 [salt.state       ][INFO    ][1939] Executing state host.present for cfg01
2017-09-28 08:49:50,665 [salt.state       ][INFO    ][1939] {'host': 'cfg01'}
2017-09-28 08:49:50,665 [salt.state       ][INFO    ][1939] Completed state [cfg01] at time 08:49:50.664794 duration_in_ms=6.013
2017-09-28 08:49:50,665 [salt.state       ][INFO    ][1939] Running state [cmp002] at time 08:49:50.664989
2017-09-28 08:49:50,665 [salt.state       ][INFO    ][1939] Executing state host.present for cmp002
2017-09-28 08:49:50,670 [salt.state       ][INFO    ][1939] {'host': 'cmp002'}
2017-09-28 08:49:50,671 [salt.state       ][INFO    ][1939] Completed state [cmp002] at time 08:49:50.670621 duration_in_ms=5.631
2017-09-28 08:49:50,671 [salt.state       ][INFO    ][1939] Running state [cmp002.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.670815
2017-09-28 08:49:50,671 [salt.state       ][INFO    ][1939] Executing state host.present for cmp002.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,676 [salt.state       ][INFO    ][1939] {'host': 'cmp002.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,677 [salt.state       ][INFO    ][1939] Completed state [cmp002.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.676648 duration_in_ms=5.832
2017-09-28 08:49:50,677 [salt.state       ][INFO    ][1939] Running state [cmp001] at time 08:49:50.676845
2017-09-28 08:49:50,677 [salt.state       ][INFO    ][1939] Executing state host.present for cmp001
2017-09-28 08:49:50,682 [salt.state       ][INFO    ][1939] {'host': 'cmp001'}
2017-09-28 08:49:50,683 [salt.state       ][INFO    ][1939] Completed state [cmp001] at time 08:49:50.682664 duration_in_ms=5.819
2017-09-28 08:49:50,683 [salt.state       ][INFO    ][1939] Running state [cmp001.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.682866
2017-09-28 08:49:50,683 [salt.state       ][INFO    ][1939] Executing state host.present for cmp001.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,689 [salt.state       ][INFO    ][1939] {'host': 'cmp001.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,689 [salt.state       ][INFO    ][1939] Completed state [cmp001.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.688804 duration_in_ms=5.938
2017-09-28 08:49:50,689 [salt.state       ][INFO    ][1939] Running state [dbs01] at time 08:49:50.689013
2017-09-28 08:49:50,689 [salt.state       ][INFO    ][1939] Executing state host.present for dbs01
2017-09-28 08:49:50,695 [salt.state       ][INFO    ][1939] {'host': 'dbs01'}
2017-09-28 08:49:50,695 [salt.state       ][INFO    ][1939] Completed state [dbs01] at time 08:49:50.694684 duration_in_ms=5.671
2017-09-28 08:49:50,695 [salt.state       ][INFO    ][1939] Running state [dbs01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.694885
2017-09-28 08:49:50,695 [salt.state       ][INFO    ][1939] Executing state host.present for dbs01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,701 [salt.state       ][INFO    ][1939] {'host': 'dbs01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,701 [salt.state       ][INFO    ][1939] Completed state [dbs01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.700673 duration_in_ms=5.788
2017-09-28 08:49:50,701 [salt.state       ][INFO    ][1939] Running state [dbs02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.700869
2017-09-28 08:49:50,701 [salt.state       ][INFO    ][1939] Executing state host.present for dbs02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,707 [salt.state       ][INFO    ][1939] {'host': 'dbs02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,707 [salt.state       ][INFO    ][1939] Completed state [dbs02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.706762 duration_in_ms=5.893
2017-09-28 08:49:50,707 [salt.state       ][INFO    ][1939] Running state [dbs02] at time 08:49:50.706970
2017-09-28 08:49:50,707 [salt.state       ][INFO    ][1939] Executing state host.present for dbs02
2017-09-28 08:49:50,713 [salt.state       ][INFO    ][1939] {'host': 'dbs02'}
2017-09-28 08:49:50,713 [salt.state       ][INFO    ][1939] Completed state [dbs02] at time 08:49:50.712828 duration_in_ms=5.857
2017-09-28 08:49:50,713 [salt.state       ][INFO    ][1939] Running state [dbs03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.713044
2017-09-28 08:49:50,713 [salt.state       ][INFO    ][1939] Executing state host.present for dbs03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,715 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928084950706182
2017-09-28 08:49:50,719 [salt.state       ][INFO    ][1939] {'host': 'dbs03.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,719 [salt.state       ][INFO    ][1939] Completed state [dbs03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.718879 duration_in_ms=5.835
2017-09-28 08:49:50,719 [salt.state       ][INFO    ][1939] Running state [dbs03] at time 08:49:50.719055
2017-09-28 08:49:50,719 [salt.state       ][INFO    ][1939] Executing state host.present for dbs03
2017-09-28 08:49:50,725 [salt.state       ][INFO    ][1939] {'host': 'dbs03'}
2017-09-28 08:49:50,725 [salt.state       ][INFO    ][1939] Completed state [dbs03] at time 08:49:50.724668 duration_in_ms=5.613
2017-09-28 08:49:50,725 [salt.state       ][INFO    ][1939] Running state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.724829
2017-09-28 08:49:50,725 [salt.state       ][INFO    ][1939] Executing state host.present for cfg01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,725 [salt.state       ][INFO    ][1939] Host cfg01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.100) already present
2017-09-28 08:49:50,725 [salt.state       ][INFO    ][1939] Completed state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.725427 duration_in_ms=0.598
2017-09-28 08:49:50,726 [salt.state       ][INFO    ][1939] Running state [cfg01] at time 08:49:50.725580
2017-09-28 08:49:50,726 [salt.state       ][INFO    ][1939] Executing state host.present for cfg01
2017-09-28 08:49:50,726 [salt.state       ][INFO    ][1939] Host cfg01 (10.167.4.100) already present
2017-09-28 08:49:50,726 [salt.state       ][INFO    ][1939] Completed state [cfg01] at time 08:49:50.726149 duration_in_ms=0.569
2017-09-28 08:49:50,726 [salt.state       ][INFO    ][1939] Running state [mas01] at time 08:49:50.726300
2017-09-28 08:49:50,726 [salt.state       ][INFO    ][1939] Executing state host.present for mas01
2017-09-28 08:49:50,729 [salt.minion      ][INFO    ][4425] Starting a new job with PID 4425
2017-09-28 08:49:50,731 [salt.state       ][INFO    ][1939] {'host': 'mas01'}
2017-09-28 08:49:50,731 [salt.state       ][INFO    ][1939] Completed state [mas01] at time 08:49:50.730882 duration_in_ms=4.582
2017-09-28 08:49:50,731 [salt.state       ][INFO    ][1939] Running state [mas01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.731085
2017-09-28 08:49:50,731 [salt.state       ][INFO    ][1939] Executing state host.present for mas01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,733 [salt.state       ][INFO    ][1939] {'host': 'mas01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,734 [salt.state       ][INFO    ][1939] Completed state [mas01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.733599 duration_in_ms=2.514
2017-09-28 08:49:50,734 [salt.state       ][INFO    ][1939] Running state [ctl02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.733782
2017-09-28 08:49:50,734 [salt.state       ][INFO    ][1939] Executing state host.present for ctl02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,739 [salt.state       ][INFO    ][1939] {'host': 'ctl02.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,740 [salt.minion      ][INFO    ][4425] Returning information for job: 20170928084950706182
2017-09-28 08:49:50,740 [salt.state       ][INFO    ][1939] Completed state [ctl02.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.739615 duration_in_ms=5.832
2017-09-28 08:49:50,740 [salt.state       ][INFO    ][1939] Running state [ctl02] at time 08:49:50.739790
2017-09-28 08:49:50,740 [salt.state       ][INFO    ][1939] Executing state host.present for ctl02
2017-09-28 08:49:50,745 [salt.state       ][INFO    ][1939] {'host': 'ctl02'}
2017-09-28 08:49:50,746 [salt.state       ][INFO    ][1939] Completed state [ctl02] at time 08:49:50.745643 duration_in_ms=5.853
2017-09-28 08:49:50,746 [salt.state       ][INFO    ][1939] Running state [ctl03] at time 08:49:50.745803
2017-09-28 08:49:50,746 [salt.state       ][INFO    ][1939] Executing state host.present for ctl03
2017-09-28 08:49:50,878 [salt.state       ][INFO    ][1939] {'host': 'ctl03'}
2017-09-28 08:49:50,878 [salt.state       ][INFO    ][1939] Completed state [ctl03] at time 08:49:50.877716 duration_in_ms=131.914
2017-09-28 08:49:50,878 [salt.state       ][INFO    ][1939] Running state [ctl03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.877920
2017-09-28 08:49:50,878 [salt.state       ][INFO    ][1939] Executing state host.present for ctl03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,883 [salt.state       ][INFO    ][1939] {'host': 'ctl03.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,884 [salt.state       ][INFO    ][1939] Completed state [ctl03.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.883642 duration_in_ms=5.722
2017-09-28 08:49:50,884 [salt.state       ][INFO    ][1939] Running state [ctl01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.883844
2017-09-28 08:49:50,884 [salt.state       ][INFO    ][1939] Executing state host.present for ctl01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,890 [salt.state       ][INFO    ][1939] {'host': 'ctl01.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,890 [salt.state       ][INFO    ][1939] Completed state [ctl01.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.889706 duration_in_ms=5.862
2017-09-28 08:49:50,890 [salt.state       ][INFO    ][1939] Running state [ctl01] at time 08:49:50.889946
2017-09-28 08:49:50,890 [salt.state       ][INFO    ][1939] Executing state host.present for ctl01
2017-09-28 08:49:50,906 [salt.state       ][INFO    ][1939] {'host': 'ctl01'}
2017-09-28 08:49:50,907 [salt.state       ][INFO    ][1939] Completed state [ctl01] at time 08:49:50.906586 duration_in_ms=16.64
2017-09-28 08:49:50,907 [salt.state       ][INFO    ][1939] Running state [ctl] at time 08:49:50.906784
2017-09-28 08:49:50,907 [salt.state       ][INFO    ][1939] Executing state host.present for ctl
2017-09-28 08:49:50,912 [salt.state       ][INFO    ][1939] {'host': 'ctl'}
2017-09-28 08:49:50,912 [salt.state       ][INFO    ][1939] Completed state [ctl] at time 08:49:50.912070 duration_in_ms=5.286
2017-09-28 08:49:50,912 [salt.state       ][INFO    ][1939] Running state [ctl.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.912304
2017-09-28 08:49:50,913 [salt.state       ][INFO    ][1939] Executing state host.present for ctl.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 08:49:50,918 [salt.state       ][INFO    ][1939] {'host': 'ctl.baremetal-mcp-ocata-ovs-ha.local'}
2017-09-28 08:49:50,918 [salt.state       ][INFO    ][1939] Completed state [ctl.baremetal-mcp-ocata-ovs-ha.local] at time 08:49:50.918122 duration_in_ms=5.818
2017-09-28 08:49:50,922 [salt.state       ][INFO    ][1939] Running state [ens2] at time 08:49:50.921595
2017-09-28 08:49:50,922 [salt.state       ][INFO    ][1939] Executing state network.managed for ens2
2017-09-28 08:49:51,357 [salt.state       ][INFO    ][1939] Interface ens2 is up to date.
2017-09-28 08:49:51,357 [salt.state       ][INFO    ][1939] Completed state [ens2] at time 08:49:51.356829 duration_in_ms=435.233
2017-09-28 08:49:51,357 [salt.state       ][INFO    ][1939] Running state [ens3] at time 08:49:51.357031
2017-09-28 08:49:51,357 [salt.state       ][INFO    ][1939] Executing state network.managed for ens3
2017-09-28 08:49:51,374 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['ifdown', 'ens3'] in directory '/root'
2017-09-28 08:49:51,444 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['ifup', 'ens3'] in directory '/root'
2017-09-28 08:49:51,516 [salt.state       ][INFO    ][1939] {'interface': u'--- \n+++ \n@@ -1,3 +1,5 @@\n auto ens3\n\n-iface ens3 inet dhcp\n\n+iface ens3 inet static\n\n+    address 10.167.4.12\n\n+    netmask 255.255.255.0\n\n \n', 'status': 'Interface ens3 restart to validate'}
2017-09-28 08:49:51,516 [salt.state       ][INFO    ][1939] Completed state [ens3] at time 08:49:51.515813 duration_in_ms=158.78
2017-09-28 08:49:51,516 [salt.state       ][INFO    ][1939] Running state [/etc/profile.d/proxy.sh] at time 08:49:51.516041
2017-09-28 08:49:51,516 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/profile.d/proxy.sh
2017-09-28 08:49:51,517 [salt.state       ][INFO    ][1939] File /etc/profile.d/proxy.sh is not present
2017-09-28 08:49:51,517 [salt.state       ][INFO    ][1939] Completed state [/etc/profile.d/proxy.sh] at time 08:49:51.516692 duration_in_ms=0.651
2017-09-28 08:49:51,517 [salt.state       ][INFO    ][1939] Running state [/etc/apt/apt.conf.d/95proxies] at time 08:49:51.516843
2017-09-28 08:49:51,517 [salt.state       ][INFO    ][1939] Executing state file.absent for /etc/apt/apt.conf.d/95proxies
2017-09-28 08:49:51,517 [salt.state       ][INFO    ][1939] File /etc/apt/apt.conf.d/95proxies is not present
2017-09-28 08:49:51,517 [salt.state       ][INFO    ][1939] Completed state [/etc/apt/apt.conf.d/95proxies] at time 08:49:51.517291 duration_in_ms=0.447
2017-09-28 08:49:51,522 [salt.state       ][INFO    ][1939] Running state [ntp] at time 08:49:51.521524
2017-09-28 08:49:51,522 [salt.state       ][INFO    ][1939] Executing state pkg.installed for ntp
2017-09-28 08:49:51,644 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ntp'] in directory '/root'
2017-09-28 08:50:00,768 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928085000754465
2017-09-28 08:50:00,782 [salt.minion      ][INFO    ][4726] Starting a new job with PID 4726
2017-09-28 08:50:00,945 [salt.minion      ][INFO    ][4726] Returning information for job: 20170928085000754465
2017-09-28 08:50:02,006 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 08:50:02,025 [salt.state       ][INFO    ][1939] Made the following changes:
'ntp' changed from 'absent' to '1:4.2.8p4+dfsg-3ubuntu5.7'
'libopts25' changed from 'absent' to '1:5.18.7-3'

2017-09-28 08:50:02,032 [salt.state       ][INFO    ][1939] Loading fresh modules for state activity
2017-09-28 08:50:02,044 [salt.state       ][INFO    ][1939] Completed state [ntp] at time 08:50:02.043855 duration_in_ms=10522.33
2017-09-28 08:50:02,046 [salt.state       ][INFO    ][1939] Running state [/etc/ntp.conf] at time 08:50:02.046070
2017-09-28 08:50:02,046 [salt.state       ][INFO    ][1939] Executing state file.managed for /etc/ntp.conf
2017-09-28 08:50:02,065 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/files/ntp.conf'
2017-09-28 08:50:02,091 [salt.fileclient  ][INFO    ][1939] Fetching file from saltenv 'base', ** done ** 'ntp/map.jinja'
2017-09-28 08:50:02,099 [salt.state       ][INFO    ][1939] File changed:
--- 
+++ 
@@ -1,66 +1,24 @@
-# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
 
-driftfile /var/lib/ntp/ntp.drift
 
-# Enable this if you want statistics to be logged.
-#statsdir /var/log/ntpstats/
+# ntpd will only synchronize your clock.
 
-statistics loopstats peerstats clockstats
-filegen loopstats file loopstats type day enable
-filegen peerstats file peerstats type day enable
-filegen clockstats file clockstats type day enable
+# For details, see:
+# - the ntp.conf man page
+# - http://support.ntp.org/bin/view/Support/GettingStarted
+# - https://wiki.archlinux.org/index.php/Network_Time_Protocol_daemon
 
-# Specify one or more NTP servers.
+# Associate to cloud NTP pool servers
+server 1.pool.ntp.org iburst
+server 0.pool.ntp.org
 
-# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
-# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
-# more information.
-pool 0.ubuntu.pool.ntp.org iburst
-pool 1.ubuntu.pool.ntp.org iburst
-pool 2.ubuntu.pool.ntp.org iburst
-pool 3.ubuntu.pool.ntp.org iburst
-
-# Use Ubuntu's ntp server as a fallback.
-pool ntp.ubuntu.com
-
-# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
-# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
-# might also be helpful.
-#
-# Note that "restrict" applies to both servers and clients, so a configuration
-# that might be intended to block requests from certain clients could also end
-# up blocking replies from your own upstream servers.
-
-# By default, exchange time with everybody, but don't allow configuration.
-restrict -4 default kod notrap nomodify nopeer noquery limited
-restrict -6 default kod notrap nomodify nopeer noquery limited
-
-# Local users may interrogate the ntp server more closely.
+# Only allow read-only access from localhost
+restrict default noquery nopeer
 restrict 127.0.0.1
 restrict ::1
 
-# Needed for adding pool entries
-restrict source notrap nomodify noquery
-
-# Clients from this (example!) subnet have unlimited access, but only if
-# cryptographically authenticated.
-#restrict 192.168.123.0 mask 255.255.255.0 notrust
+# mode7 is required for collectd monitoring
 
 
-# If you want to provide time to your local subnet, change the next line.
-# (Again, the address is an example only.)
-#broadcast 192.168.123.255
-
-# If you want to listen to time broadcasts on your local subnet, de-comment the
-# next lines.  Please do this only if you trust everybody on the network!
-#disable auth
-#broadcastclient
-
-#Changes recquired to use pps synchonisation as explained in documentation:
-#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918
-
-#server 127.127.8.1 mode 135 prefer    # Meinberg GPS167 with PPS
-#fudge 127.127.8.1 time1 0.0042        # relative to PPS for my hardware
-
-#server 127.127.22.1                   # ATOM(PPS)
-#fudge 127.127.22.1 flag3 1            # enable PPS API
+# Location of drift file
+driftfile /var/lib/ntp/ntp.drift
+logfile /var/log/ntp.log
2017-09-28 08:50:02,100 [salt.state       ][INFO    ][1939] Completed state [/etc/ntp.conf] at time 08:50:02.099614 duration_in_ms=53.544
2017-09-28 08:50:02,161 [salt.state       ][INFO    ][1939] Running state [ntp] at time 08:50:02.161391
2017-09-28 08:50:02,162 [salt.state       ][INFO    ][1939] Executing state service.running for ntp
2017-09-28 08:50:02,163 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'status', 'ntp.service', '-n', '0'] in directory '/root'
2017-09-28 08:50:02,172 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-active', 'ntp.service'] in directory '/root'
2017-09-28 08:50:02,179 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-enabled', 'ntp.service'] in directory '/root'
2017-09-28 08:50:02,187 [salt.state       ][INFO    ][1939] The service ntp is already running
2017-09-28 08:50:02,187 [salt.state       ][INFO    ][1939] Completed state [ntp] at time 08:50:02.187350 duration_in_ms=25.958
2017-09-28 08:50:02,188 [salt.state       ][INFO    ][1939] Running state [ntp] at time 08:50:02.187507
2017-09-28 08:50:02,188 [salt.state       ][INFO    ][1939] Executing state service.mod_watch for ntp
2017-09-28 08:50:02,188 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-active', 'ntp.service'] in directory '/root'
2017-09-28 08:50:02,195 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemctl', 'is-enabled', 'ntp.service'] in directory '/root'
2017-09-28 08:50:02,204 [salt.loaded.int.module.cmdmod][INFO    ][1939] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'ntp.service'] in directory '/root'
2017-09-28 08:50:02,253 [salt.state       ][INFO    ][1939] {'ntp': True}
2017-09-28 08:50:02,253 [salt.state       ][INFO    ][1939] Completed state [ntp] at time 08:50:02.253296 duration_in_ms=65.787
2017-09-28 08:50:02,256 [salt.minion      ][INFO    ][1939] Returning information for job: 20170928084709127064
2017-09-28 09:00:49,293 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command state.apply with jid 20170928090049285450
2017-09-28 09:00:49,312 [salt.minion      ][INFO    ][5408] Starting a new job with PID 5408
2017-09-28 09:00:52,401 [salt.state       ][INFO    ][5408] Loading fresh modules for state activity
2017-09-28 09:00:52,651 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/init.sls'
2017-09-28 09:00:52,677 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/init.sls'
2017-09-28 09:00:52,736 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:52,821 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/env.sls'
2017-09-28 09:00:52,852 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:52,909 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/profile.sls'
2017-09-28 09:00:52,931 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:52,982 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/repo.sls'
2017-09-28 09:00:53,040 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,109 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/package.sls'
2017-09-28 09:00:53,137 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,182 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/timezone.sls'
2017-09-28 09:00:53,196 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,243 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/kernel.sls'
2017-09-28 09:00:53,286 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,338 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/cpu.sls'
2017-09-28 09:00:53,363 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,408 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/sysfs.sls'
2017-09-28 09:00:53,434 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,500 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/locale.sls'
2017-09-28 09:00:53,531 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,583 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/user.sls'
2017-09-28 09:00:53,610 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,657 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/group.sls'
2017-09-28 09:00:53,723 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,766 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/limit.sls'
2017-09-28 09:00:53,795 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,837 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/system/systemd.sls'
2017-09-28 09:00:53,871 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,918 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/network/init.sls'
2017-09-28 09:00:53,942 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:53,984 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/network/hostname.sls'
2017-09-28 09:00:54,010 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:54,054 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/network/host.sls'
2017-09-28 09:00:54,089 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:54,169 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/network/interface.sls'
2017-09-28 09:00:54,234 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:54,279 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/network/proxy.sls'
2017-09-28 09:00:54,302 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:54,435 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/storage/init.sls'
2017-09-28 09:00:54,455 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:54,500 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/init.sls'
2017-09-28 09:00:54,514 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/client.sls'
2017-09-28 09:00:54,529 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/map.jinja'
2017-09-28 09:00:54,546 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/server.sls'
2017-09-28 09:00:54,563 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/map.jinja'
2017-09-28 09:00:54,576 [salt.state       ][INFO    ][5408] Running state [/etc/environment] at time 09:00:54.576021
2017-09-28 09:00:54,576 [salt.state       ][INFO    ][5408] Executing state file.blockreplace for /etc/environment
2017-09-28 09:00:54,582 [salt.state       ][INFO    ][5408] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
 # SALT MANAGED VARIABLES - DO NOT EDIT - START
+# 
 # # SALT MANAGED VARIABLES - END

2017-09-28 09:00:54,583 [salt.state       ][INFO    ][5408] Completed state [/etc/environment] at time 09:00:54.582667 duration_in_ms=6.646
2017-09-28 09:00:54,583 [salt.state       ][INFO    ][5408] Running state [/etc/profile.d] at time 09:00:54.582969
2017-09-28 09:00:54,583 [salt.state       ][INFO    ][5408] Executing state file.directory for /etc/profile.d
2017-09-28 09:00:54,584 [salt.state       ][INFO    ][5408] Directory /etc/profile.d is in the correct state
2017-09-28 09:00:54,584 [salt.state       ][INFO    ][5408] Completed state [/etc/profile.d] at time 09:00:54.584434 duration_in_ms=1.465
2017-09-28 09:00:54,845 [salt.state       ][INFO    ][5408] Running state [linux_repo_prereq_pkgs] at time 09:00:54.845378
2017-09-28 09:00:54,846 [salt.state       ][INFO    ][5408] Executing state pkg.installed for linux_repo_prereq_pkgs
2017-09-28 09:00:54,846 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:00:55,319 [salt.state       ][INFO    ][5408] All specified packages are already installed
2017-09-28 09:00:55,319 [salt.state       ][INFO    ][5408] Completed state [linux_repo_prereq_pkgs] at time 09:00:55.319089 duration_in_ms=473.711
2017-09-28 09:00:55,319 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack] at time 09:00:55.319443
2017-09-28 09:00:55,320 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack
2017-09-28 09:00:55,320 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack is not present
2017-09-28 09:00:55,320 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack] at time 09:00:55.320455 duration_in_ms=1.011
2017-09-28 09:00:55,321 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mirantis_openstack] at time 09:00:55.320742
2017-09-28 09:00:55,321 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack
2017-09-28 09:00:55,350 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:00:55,367 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:00:55,400 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mirantis_openstack is in the correct state
2017-09-28 09:00:55,400 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mirantis_openstack] at time 09:00:55.399850 duration_in_ms=79.107
2017-09-28 09:00:55,402 [salt.state       ][INFO    ][5408] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main] at time 09:00:55.401725
2017-09-28 09:00:55,402 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main
2017-09-28 09:00:59,394 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090059378106
2017-09-28 09:00:59,411 [salt.minion      ][INFO    ][5473] Starting a new job with PID 5473
2017-09-28 09:00:59,480 [salt.minion      ][INFO    ][5473] Returning information for job: 20170928090059378106
2017-09-28 09:01:09,534 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090109525887
2017-09-28 09:01:09,554 [salt.minion      ][INFO    ][5478] Starting a new job with PID 5478
2017-09-28 09:01:09,568 [salt.minion      ][INFO    ][5478] Returning information for job: 20170928090109525887
2017-09-28 09:01:15,458 [salt.state       ][ERROR   ][5408] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 09:01:15,459 [salt.state       ][INFO    ][5408] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main] at time 09:01:15.458500 duration_in_ms=20056.772
2017-09-28 09:01:15,470 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates] at time 09:01:15.469765
2017-09-28 09:01:15,470 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates
2017-09-28 09:01:15,470 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates is not present
2017-09-28 09:01:15,471 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_updates] at time 09:01:15.470611 duration_in_ms=0.847
2017-09-28 09:01:15,471 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mirantis_openstack_updates] at time 09:01:15.470793
2017-09-28 09:01:15,471 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_updates
2017-09-28 09:01:15,490 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:01:15,509 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:01:15,544 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mirantis_openstack_updates is in the correct state
2017-09-28 09:01:15,544 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mirantis_openstack_updates] at time 09:01:15.543812 duration_in_ms=73.018
2017-09-28 09:01:15,545 [salt.state       ][INFO    ][5408] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main] at time 09:01:15.544643
2017-09-28 09:01:15,545 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main
2017-09-28 09:01:19,571 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090119545249
2017-09-28 09:01:19,588 [salt.minion      ][INFO    ][5485] Starting a new job with PID 5485
2017-09-28 09:01:19,601 [salt.minion      ][INFO    ][5485] Returning information for job: 20170928090119545249
2017-09-28 09:01:29,596 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090129588065
2017-09-28 09:01:29,612 [salt.minion      ][INFO    ][5495] Starting a new job with PID 5495
2017-09-28 09:01:29,628 [salt.minion      ][INFO    ][5495] Returning information for job: 20170928090129588065
2017-09-28 09:01:35,666 [salt.state       ][ERROR   ][5408] Failed to configure repo 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main': Error: HTTP 599: Timeout reading http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key
2017-09-28 09:01:35,666 [salt.state       ][INFO    ][5408] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-updates main] at time 09:01:35.666449 duration_in_ms=20121.806
2017-09-28 09:01:35,679 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security] at time 09:01:35.679016
2017-09-28 09:01:35,679 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security
2017-09-28 09:01:35,680 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security is not present
2017-09-28 09:01:35,680 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_security] at time 09:01:35.679674 duration_in_ms=0.658
2017-09-28 09:01:35,680 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mirantis_openstack_security] at time 09:01:35.679828
2017-09-28 09:01:35,680 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_security
2017-09-28 09:01:35,699 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:01:35,718 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:01:35,750 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mirantis_openstack_security is in the correct state
2017-09-28 09:01:35,751 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mirantis_openstack_security] at time 09:01:35.750580 duration_in_ms=70.751
2017-09-28 09:01:35,751 [salt.state       ][INFO    ][5408] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main] at time 09:01:35.751361
2017-09-28 09:01:35,752 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main
2017-09-28 09:01:35,844 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key'] in directory '/root'
2017-09-28 09:01:35,929 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:01:38,043 [salt.state       ][INFO    ][5408] {'repo': 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main'}
2017-09-28 09:01:38,043 [salt.state       ][INFO    ][5408] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-security main] at time 09:01:38.043417 duration_in_ms=2292.054
2017-09-28 09:01:38,044 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mk_openstack] at time 09:01:38.043795
2017-09-28 09:01:38,044 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mk_openstack
2017-09-28 09:01:38,045 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mk_openstack is not present
2017-09-28 09:01:38,045 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mk_openstack] at time 09:01:38.044953 duration_in_ms=1.158
2017-09-28 09:01:38,045 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mk_openstack] at time 09:01:38.045264
2017-09-28 09:01:38,046 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mk_openstack
2017-09-28 09:01:38,093 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:01:38,113 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:01:38,145 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mk_openstack is in the correct state
2017-09-28 09:01:38,145 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mk_openstack] at time 09:01:38.145329 duration_in_ms=100.064
2017-09-28 09:01:38,146 [salt.state       ][INFO    ][5408] Running state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata] at time 09:01:38.146205
2017-09-28 09:01:38,147 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata
2017-09-28 09:01:38,208 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/apt-mk.mirantis.com/public.gpg'] in directory '/root'
2017-09-28 09:01:38,281 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:01:39,634 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090139627619
2017-09-28 09:01:39,652 [salt.minion      ][INFO    ][6370] Starting a new job with PID 6370
2017-09-28 09:01:39,668 [salt.minion      ][INFO    ][6370] Returning information for job: 20170928090139627619
2017-09-28 09:01:40,700 [salt.state       ][INFO    ][5408] Configured package repo 'deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata'
2017-09-28 09:01:40,875 [salt.state       ][INFO    ][5408] Completed state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly ocata] at time 09:01:40.875391 duration_in_ms=2729.184
2017-09-28 09:01:40,876 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mcp_extra] at time 09:01:40.875850
2017-09-28 09:01:40,876 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mcp_extra
2017-09-28 09:01:40,877 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mcp_extra is not present
2017-09-28 09:01:40,877 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mcp_extra] at time 09:01:40.877063 duration_in_ms=1.213
2017-09-28 09:01:40,877 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mcp_extra] at time 09:01:40.877427
2017-09-28 09:01:40,878 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mcp_extra
2017-09-28 09:01:40,897 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:01:40,916 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:01:40,949 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mcp_extra is in the correct state
2017-09-28 09:01:40,949 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mcp_extra] at time 09:01:40.948968 duration_in_ms=71.541
2017-09-28 09:01:40,950 [salt.state       ][INFO    ][5408] Running state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra] at time 09:01:40.949836
2017-09-28 09:01:40,950 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra
2017-09-28 09:01:40,996 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/apt-mk.mirantis.com/public.gpg'] in directory '/root'
2017-09-28 09:01:41,069 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:01:49,664 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090149658880
2017-09-28 09:01:49,686 [salt.minion      ][INFO    ][6758] Starting a new job with PID 6758
2017-09-28 09:01:49,701 [salt.minion      ][INFO    ][6758] Returning information for job: 20170928090149658880
2017-09-28 09:01:59,706 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090159700281
2017-09-28 09:01:59,731 [salt.minion      ][INFO    ][6763] Starting a new job with PID 6763
2017-09-28 09:01:59,747 [salt.minion      ][INFO    ][6763] Returning information for job: 20170928090159700281
2017-09-28 09:02:09,922 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090209915104
2017-09-28 09:02:09,940 [salt.minion      ][INFO    ][6773] Starting a new job with PID 6773
2017-09-28 09:02:09,956 [salt.minion      ][INFO    ][6773] Returning information for job: 20170928090209915104
2017-09-28 09:02:19,956 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090219950261
2017-09-28 09:02:19,976 [salt.minion      ][INFO    ][6778] Starting a new job with PID 6778
2017-09-28 09:02:19,990 [salt.minion      ][INFO    ][6778] Returning information for job: 20170928090219950261
2017-09-28 09:02:29,995 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090229991846
2017-09-28 09:02:30,017 [salt.minion      ][INFO    ][6788] Starting a new job with PID 6788
2017-09-28 09:02:30,033 [salt.minion      ][INFO    ][6788] Returning information for job: 20170928090229991846
2017-09-28 09:02:40,016 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090240013001
2017-09-28 09:02:40,046 [salt.minion      ][INFO    ][6793] Starting a new job with PID 6793
2017-09-28 09:02:40,060 [salt.minion      ][INFO    ][6793] Returning information for job: 20170928090240013001
2017-09-28 09:02:50,064 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090250059308
2017-09-28 09:02:50,083 [salt.minion      ][INFO    ][6803] Starting a new job with PID 6803
2017-09-28 09:02:50,099 [salt.minion      ][INFO    ][6803] Returning information for job: 20170928090250059308
2017-09-28 09:03:00,099 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090300095703
2017-09-28 09:03:00,114 [salt.minion      ][INFO    ][6892] Starting a new job with PID 6892
2017-09-28 09:03:00,126 [salt.minion      ][INFO    ][6892] Returning information for job: 20170928090300095703
2017-09-28 09:03:10,144 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090310137551
2017-09-28 09:03:10,163 [salt.minion      ][INFO    ][6897] Starting a new job with PID 6897
2017-09-28 09:03:10,177 [salt.minion      ][INFO    ][6897] Returning information for job: 20170928090310137551
2017-09-28 09:03:20,202 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090320190286
2017-09-28 09:03:20,223 [salt.minion      ][INFO    ][6974] Starting a new job with PID 6974
2017-09-28 09:03:20,235 [salt.minion      ][INFO    ][6974] Returning information for job: 20170928090320190286
2017-09-28 09:03:30,252 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090330237234
2017-09-28 09:03:30,269 [salt.minion      ][INFO    ][6979] Starting a new job with PID 6979
2017-09-28 09:03:30,281 [salt.minion      ][INFO    ][6979] Returning information for job: 20170928090330237234
2017-09-28 09:03:40,296 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090340281114
2017-09-28 09:03:40,316 [salt.minion      ][INFO    ][6984] Starting a new job with PID 6984
2017-09-28 09:03:40,327 [salt.minion      ][INFO    ][6984] Returning information for job: 20170928090340281114
2017-09-28 09:03:42,500 [salt.state       ][INFO    ][5408] Configured package repo 'deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra'
2017-09-28 09:03:42,501 [salt.state       ][INFO    ][5408] Completed state [deb [arch=amd64] http://apt-mk.mirantis.com/xenial/ nightly extra] at time 09:03:42.500487 duration_in_ms=121550.648
2017-09-28 09:03:42,501 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback] at time 09:03:42.500842
2017-09-28 09:03:42,501 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback
2017-09-28 09:03:42,502 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback is not present
2017-09-28 09:03:42,502 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_holdback] at time 09:03:42.501825 duration_in_ms=0.982
2017-09-28 09:03:42,502 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mirantis_openstack_holdback] at time 09:03:42.502102
2017-09-28 09:03:42,502 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_holdback
2017-09-28 09:03:42,520 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:03:42,538 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:03:42,569 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mirantis_openstack_holdback is in the correct state
2017-09-28 09:03:42,569 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mirantis_openstack_holdback] at time 09:03:42.569156 duration_in_ms=67.053
2017-09-28 09:03:42,570 [salt.state       ][INFO    ][5408] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main] at time 09:03:42.569927
2017-09-28 09:03:42,570 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main
2017-09-28 09:03:42,678 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key'] in directory '/root'
2017-09-28 09:03:42,756 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:03:44,811 [salt.state       ][INFO    ][5408] {'repo': 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main'}
2017-09-28 09:03:44,811 [salt.state       ][INFO    ][5408] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-holdback main] at time 09:03:44.810872 duration_in_ms=2240.944
2017-09-28 09:03:44,811 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix] at time 09:03:44.811081
2017-09-28 09:03:44,811 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix
2017-09-28 09:03:44,812 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix is not present
2017-09-28 09:03:44,812 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-mirantis_openstack_hotfix] at time 09:03:44.811676 duration_in_ms=0.595
2017-09-28 09:03:44,812 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/mirantis_openstack_hotfix] at time 09:03:44.811814
2017-09-28 09:03:44,812 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/apt/preferences.d/mirantis_openstack_hotfix
2017-09-28 09:03:44,829 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/preferences_repo'
2017-09-28 09:03:44,847 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:03:44,879 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/mirantis_openstack_hotfix is in the correct state
2017-09-28 09:03:44,879 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/mirantis_openstack_hotfix] at time 09:03:44.879379 duration_in_ms=67.563
2017-09-28 09:03:44,880 [salt.state       ][INFO    ][5408] Running state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main] at time 09:03:44.880133
2017-09-28 09:03:44,880 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main
2017-09-28 09:03:44,929 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key'] in directory '/root'
2017-09-28 09:03:45,009 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:03:47,373 [salt.state       ][INFO    ][5408] {'repo': 'deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main'}
2017-09-28 09:03:47,373 [salt.state       ][INFO    ][5408] Completed state [deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata-hotfix main] at time 09:03:47.373237 duration_in_ms=2493.103
2017-09-28 09:03:47,373 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/99proxies-salt-salt] at time 09:03:47.373432
2017-09-28 09:03:47,374 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/99proxies-salt-salt
2017-09-28 09:03:47,374 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/99proxies-salt-salt is not present
2017-09-28 09:03:47,374 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/99proxies-salt-salt] at time 09:03:47.373992 duration_in_ms=0.559
2017-09-28 09:03:47,374 [salt.state       ][INFO    ][5408] Running state [/etc/apt/preferences.d/salt] at time 09:03:47.374130
2017-09-28 09:03:47,374 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/preferences.d/salt
2017-09-28 09:03:47,374 [salt.state       ][INFO    ][5408] File /etc/apt/preferences.d/salt is not present
2017-09-28 09:03:47,375 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/preferences.d/salt] at time 09:03:47.374538 duration_in_ms=0.408
2017-09-28 09:03:47,375 [salt.state       ][INFO    ][5408] Running state [deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main] at time 09:03:47.375172
2017-09-28 09:03:47,375 [salt.state       ][INFO    ][5408] Executing state pkgrepo.managed for deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main
2017-09-28 09:03:47,612 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-key', 'add', '/var/cache/salt/minion/extrn_files/base/repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub'] in directory '/root'
2017-09-28 09:03:47,688 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:03:50,337 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090350324286
2017-09-28 09:03:50,359 [salt.minion      ][INFO    ][8387] Starting a new job with PID 8387
2017-09-28 09:03:50,406 [salt.minion      ][INFO    ][8387] Returning information for job: 20170928090350324286
2017-09-28 09:04:00,447 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090400428707
2017-09-28 09:04:00,467 [salt.minion      ][INFO    ][8392] Starting a new job with PID 8392
2017-09-28 09:04:00,481 [salt.minion      ][INFO    ][8392] Returning information for job: 20170928090400428707
2017-09-28 09:04:10,505 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090410493462
2017-09-28 09:04:10,524 [salt.minion      ][INFO    ][8397] Starting a new job with PID 8397
2017-09-28 09:04:10,536 [salt.minion      ][INFO    ][8397] Returning information for job: 20170928090410493462
2017-09-28 09:04:20,579 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090420567470
2017-09-28 09:04:20,596 [salt.minion      ][INFO    ][8407] Starting a new job with PID 8407
2017-09-28 09:04:20,611 [salt.minion      ][INFO    ][8407] Returning information for job: 20170928090420567470
2017-09-28 09:04:30,638 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090430626901
2017-09-28 09:04:30,663 [salt.minion      ][INFO    ][8412] Starting a new job with PID 8412
2017-09-28 09:04:30,678 [salt.minion      ][INFO    ][8412] Returning information for job: 20170928090430626901
2017-09-28 09:04:40,724 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090440713595
2017-09-28 09:04:40,747 [salt.minion      ][INFO    ][8417] Starting a new job with PID 8417
2017-09-28 09:04:40,763 [salt.minion      ][INFO    ][8417] Returning information for job: 20170928090440713595
2017-09-28 09:04:50,790 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090450780015
2017-09-28 09:04:50,808 [salt.minion      ][INFO    ][8427] Starting a new job with PID 8427
2017-09-28 09:04:50,819 [salt.minion      ][INFO    ][8427] Returning information for job: 20170928090450780015
2017-09-28 09:05:00,859 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090500849361
2017-09-28 09:05:00,884 [salt.minion      ][INFO    ][8432] Starting a new job with PID 8432
2017-09-28 09:05:00,897 [salt.minion      ][INFO    ][8432] Returning information for job: 20170928090500849361
2017-09-28 09:05:10,940 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090510931183
2017-09-28 09:05:10,956 [salt.minion      ][INFO    ][8437] Starting a new job with PID 8437
2017-09-28 09:05:10,968 [salt.minion      ][INFO    ][8437] Returning information for job: 20170928090510931183
2017-09-28 09:05:21,028 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090521019664
2017-09-28 09:05:21,046 [salt.minion      ][INFO    ][8447] Starting a new job with PID 8447
2017-09-28 09:05:21,058 [salt.minion      ][INFO    ][8447] Returning information for job: 20170928090521019664
2017-09-28 09:05:31,119 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090531110502
2017-09-28 09:05:31,137 [salt.minion      ][INFO    ][8452] Starting a new job with PID 8452
2017-09-28 09:05:31,150 [salt.minion      ][INFO    ][8452] Returning information for job: 20170928090531110502
2017-09-28 09:05:41,209 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090541202079
2017-09-28 09:05:41,227 [salt.minion      ][INFO    ][8462] Starting a new job with PID 8462
2017-09-28 09:05:41,241 [salt.minion      ][INFO    ][8462] Returning information for job: 20170928090541202079
2017-09-28 09:05:49,267 [salt.state       ][INFO    ][5408] Configured package repo 'deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main'
2017-09-28 09:05:49,267 [salt.state       ][INFO    ][5408] Completed state [deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main] at time 09:05:49.267356 duration_in_ms=121892.184
2017-09-28 09:05:49,268 [salt.state       ][INFO    ][5408] Running state [linux_extra_packages_purged] at time 09:05:49.267688
2017-09-28 09:05:49,268 [salt.state       ][INFO    ][5408] Executing state pkg.purged for linux_extra_packages_purged
2017-09-28 09:05:49,273 [salt.state       ][INFO    ][5408] All specified packages are already absent
2017-09-28 09:05:49,274 [salt.state       ][INFO    ][5408] Completed state [linux_extra_packages_purged] at time 09:05:49.273479 duration_in_ms=5.792
2017-09-28 09:05:49,274 [salt.state       ][INFO    ][5408] Running state [linux_extra_packages_latest] at time 09:05:49.273748
2017-09-28 09:05:49,274 [salt.state       ][INFO    ][5408] Executing state pkg.latest for linux_extra_packages_latest
2017-09-28 09:05:49,277 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:05:51,308 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928090551302108
2017-09-28 09:05:51,331 [salt.minion      ][INFO    ][8996] Starting a new job with PID 8996
2017-09-28 09:05:51,346 [salt.minion      ][INFO    ][8996] Returning information for job: 20170928090551302108
2017-09-28 09:05:51,774 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-cache', '-q', 'policy', 'python-msgpack'] in directory '/root'
2017-09-28 09:05:51,817 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-cache', '-q', 'policy', 'python-pymysql'] in directory '/root'
2017-09-28 09:05:51,858 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['apt-cache', '-q', 'policy', 'mcelog'] in directory '/root'
2017-09-28 09:05:51,899 [salt.state       ][INFO    ][5408] All packages are up-to-date (mcelog, python-msgpack, python-pymysql).
2017-09-28 09:05:51,899 [salt.state       ][INFO    ][5408] Completed state [linux_extra_packages_latest] at time 09:05:51.899092 duration_in_ms=2625.342
2017-09-28 09:05:51,900 [salt.state       ][INFO    ][5408] Running state [UTC] at time 09:05:51.899762
2017-09-28 09:05:51,900 [salt.state       ][INFO    ][5408] Executing state timezone.system for UTC
2017-09-28 09:05:51,901 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['timedatectl'] in directory '/root'
2017-09-28 09:05:51,941 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['timedatectl'] in directory '/root'
2017-09-28 09:05:51,952 [salt.state       ][INFO    ][5408] Timezone UTC already set, UTC already set to UTC
2017-09-28 09:05:51,952 [salt.state       ][INFO    ][5408] Completed state [UTC] at time 09:05:51.952303 duration_in_ms=52.539
2017-09-28 09:05:51,953 [salt.state       ][INFO    ][5408] Running state [nf_conntrack] at time 09:05:51.952973
2017-09-28 09:05:51,953 [salt.state       ][INFO    ][5408] Executing state kmod.present for nf_conntrack
2017-09-28 09:05:51,954 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'lsmod' in directory '/root'
2017-09-28 09:05:51,963 [salt.state       ][INFO    ][5408] Kernel module nf_conntrack is already present
2017-09-28 09:05:51,963 [salt.state       ][INFO    ][5408] Completed state [nf_conntrack] at time 09:05:51.963371 duration_in_ms=10.397
2017-09-28 09:05:51,964 [salt.state       ][INFO    ][5408] Running state [kernel.panic] at time 09:05:51.963959
2017-09-28 09:05:51,964 [salt.state       ][INFO    ][5408] Executing state sysctl.present for kernel.panic
2017-09-28 09:05:51,974 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:51,989 [salt.state       ][INFO    ][5408] Sysctl value kernel.panic = 60 is already set
2017-09-28 09:05:51,990 [salt.state       ][INFO    ][5408] Completed state [kernel.panic] at time 09:05:51.989663 duration_in_ms=25.703
2017-09-28 09:05:51,990 [salt.state       ][INFO    ][5408] Running state [net.ipv4.tcp_keepalive_probes] at time 09:05:51.990003
2017-09-28 09:05:51,990 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.tcp_keepalive_probes
2017-09-28 09:05:51,991 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,006 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.tcp_keepalive_probes = 8 is already set
2017-09-28 09:05:52,007 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.tcp_keepalive_probes] at time 09:05:52.006659 duration_in_ms=16.654
2017-09-28 09:05:52,007 [salt.state       ][INFO    ][5408] Running state [fs.file-max] at time 09:05:52.007001
2017-09-28 09:05:52,007 [salt.state       ][INFO    ][5408] Executing state sysctl.present for fs.file-max
2017-09-28 09:05:52,008 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,023 [salt.state       ][INFO    ][5408] Sysctl value fs.file-max = 124165 is already set
2017-09-28 09:05:52,024 [salt.state       ][INFO    ][5408] Completed state [fs.file-max] at time 09:05:52.023733 duration_in_ms=16.731
2017-09-28 09:05:52,024 [salt.state       ][INFO    ][5408] Running state [net.core.somaxconn] at time 09:05:52.024076
2017-09-28 09:05:52,024 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.core.somaxconn
2017-09-28 09:05:52,025 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,040 [salt.state       ][INFO    ][5408] Sysctl value net.core.somaxconn = 4096 is already set
2017-09-28 09:05:52,041 [salt.state       ][INFO    ][5408] Completed state [net.core.somaxconn] at time 09:05:52.040700 duration_in_ms=16.621
2017-09-28 09:05:52,041 [salt.state       ][INFO    ][5408] Running state [net.ipv4.tcp_max_syn_backlog] at time 09:05:52.041045
2017-09-28 09:05:52,041 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.tcp_max_syn_backlog
2017-09-28 09:05:52,042 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,059 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.tcp_max_syn_backlog = 8192 is already set
2017-09-28 09:05:52,059 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.tcp_max_syn_backlog] at time 09:05:52.059276 duration_in_ms=18.228
2017-09-28 09:05:52,060 [salt.state       ][INFO    ][5408] Running state [net.ipv4.tcp_tw_reuse] at time 09:05:52.059658
2017-09-28 09:05:52,060 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.tcp_tw_reuse
2017-09-28 09:05:52,061 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,077 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.tcp_tw_reuse = 1 is already set
2017-09-28 09:05:52,078 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.tcp_tw_reuse] at time 09:05:52.077869 duration_in_ms=18.21
2017-09-28 09:05:52,078 [salt.state       ][INFO    ][5408] Running state [net.ipv4.tcp_retries2] at time 09:05:52.078204
2017-09-28 09:05:52,079 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.tcp_retries2
2017-09-28 09:05:52,079 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,094 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.tcp_retries2 = 5 is already set
2017-09-28 09:05:52,095 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.tcp_retries2] at time 09:05:52.094737 duration_in_ms=16.53
2017-09-28 09:05:52,095 [salt.state       ][INFO    ][5408] Running state [vm.swappiness] at time 09:05:52.095094
2017-09-28 09:05:52,095 [salt.state       ][INFO    ][5408] Executing state sysctl.present for vm.swappiness
2017-09-28 09:05:52,096 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,112 [salt.state       ][INFO    ][5408] Sysctl value vm.swappiness = 10 is already set
2017-09-28 09:05:52,112 [salt.state       ][INFO    ][5408] Completed state [vm.swappiness] at time 09:05:52.112165 duration_in_ms=17.069
2017-09-28 09:05:52,113 [salt.state       ][INFO    ][5408] Running state [net.ipv4.tcp_keepalive_intvl] at time 09:05:52.112532
2017-09-28 09:05:52,113 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.tcp_keepalive_intvl
2017-09-28 09:05:52,113 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,129 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.tcp_keepalive_intvl = 3 is already set
2017-09-28 09:05:52,130 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.tcp_keepalive_intvl] at time 09:05:52.129761 duration_in_ms=17.227
2017-09-28 09:05:52,130 [salt.state       ][INFO    ][5408] Running state [net.ipv4.neigh.default.gc_thresh1] at time 09:05:52.130100
2017-09-28 09:05:52,130 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.neigh.default.gc_thresh1
2017-09-28 09:05:52,131 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,147 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.neigh.default.gc_thresh1 = 4096 is already set
2017-09-28 09:05:52,147 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.neigh.default.gc_thresh1] at time 09:05:52.147037 duration_in_ms=16.935
2017-09-28 09:05:52,147 [salt.state       ][INFO    ][5408] Running state [net.ipv4.neigh.default.gc_thresh2] at time 09:05:52.147385
2017-09-28 09:05:52,148 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.neigh.default.gc_thresh2
2017-09-28 09:05:52,148 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,164 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.neigh.default.gc_thresh2 = 8192 is already set
2017-09-28 09:05:52,165 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.neigh.default.gc_thresh2] at time 09:05:52.164698 duration_in_ms=17.311
2017-09-28 09:05:52,165 [salt.state       ][INFO    ][5408] Running state [net.ipv4.neigh.default.gc_thresh3] at time 09:05:52.165027
2017-09-28 09:05:52,165 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.neigh.default.gc_thresh3
2017-09-28 09:05:52,166 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,182 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.neigh.default.gc_thresh3 = 16384 is already set
2017-09-28 09:05:52,182 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.neigh.default.gc_thresh3] at time 09:05:52.182263 duration_in_ms=17.234
2017-09-28 09:05:52,183 [salt.state       ][INFO    ][5408] Running state [net.core.netdev_max_backlog] at time 09:05:52.182601
2017-09-28 09:05:52,183 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.core.netdev_max_backlog
2017-09-28 09:05:52,183 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,199 [salt.state       ][INFO    ][5408] Sysctl value net.core.netdev_max_backlog = 261144 is already set
2017-09-28 09:05:52,200 [salt.state       ][INFO    ][5408] Completed state [net.core.netdev_max_backlog] at time 09:05:52.199838 duration_in_ms=17.235
2017-09-28 09:05:52,200 [salt.state       ][INFO    ][5408] Running state [net.ipv4.tcp_keepalive_time] at time 09:05:52.200177
2017-09-28 09:05:52,201 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.ipv4.tcp_keepalive_time
2017-09-28 09:05:52,201 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,216 [salt.state       ][INFO    ][5408] Sysctl value net.ipv4.tcp_keepalive_time = 30 is already set
2017-09-28 09:05:52,217 [salt.state       ][INFO    ][5408] Completed state [net.ipv4.tcp_keepalive_time] at time 09:05:52.216826 duration_in_ms=16.646
2017-09-28 09:05:52,217 [salt.state       ][INFO    ][5408] Running state [net.nf_conntrack_max] at time 09:05:52.217160
2017-09-28 09:05:52,218 [salt.state       ][INFO    ][5408] Executing state sysctl.present for net.nf_conntrack_max
2017-09-28 09:05:52,218 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'sysctl -a' in directory '/root'
2017-09-28 09:05:52,233 [salt.state       ][INFO    ][5408] Sysctl value net.nf_conntrack_max = 1048576 is already set
2017-09-28 09:05:52,234 [salt.state       ][INFO    ][5408] Completed state [net.nf_conntrack_max] at time 09:05:52.233725 duration_in_ms=16.564
2017-09-28 09:05:52,234 [salt.state       ][INFO    ][5408] Running state [linux_sysfs_package] at time 09:05:52.234067
2017-09-28 09:05:52,234 [salt.state       ][INFO    ][5408] Executing state pkg.installed for linux_sysfs_package
2017-09-28 09:05:52,237 [salt.state       ][INFO    ][5408] All specified packages are already installed
2017-09-28 09:05:52,238 [salt.state       ][INFO    ][5408] Completed state [linux_sysfs_package] at time 09:05:52.237565 duration_in_ms=3.498
2017-09-28 09:05:52,239 [salt.state       ][INFO    ][5408] Running state [/etc/sysfs.d] at time 09:05:52.238527
2017-09-28 09:05:52,239 [salt.state       ][INFO    ][5408] Executing state file.directory for /etc/sysfs.d
2017-09-28 09:05:52,239 [salt.state       ][INFO    ][5408] Directory /etc/sysfs.d is in the correct state
2017-09-28 09:05:52,240 [salt.state       ][INFO    ][5408] Completed state [/etc/sysfs.d] at time 09:05:52.239575 duration_in_ms=1.048
2017-09-28 09:05:52,240 [salt.state       ][INFO    ][5408] Running state [ondemand] at time 09:05:52.240136
2017-09-28 09:05:52,240 [salt.state       ][INFO    ][5408] Executing state service.dead for ondemand
2017-09-28 09:05:52,241 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['systemctl', 'status', 'ondemand.service', '-n', '0'] in directory '/root'
2017-09-28 09:05:52,253 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['systemctl', 'is-active', 'ondemand.service'] in directory '/root'
2017-09-28 09:05:52,264 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['systemctl', 'is-enabled', 'ondemand.service'] in directory '/root'
2017-09-28 09:05:52,278 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'runlevel' in directory '/root'
2017-09-28 09:05:52,289 [salt.state       ][INFO    ][5408] The service ondemand is already dead
2017-09-28 09:05:52,289 [salt.state       ][INFO    ][5408] Completed state [ondemand] at time 09:05:52.288995 duration_in_ms=48.857
2017-09-28 09:05:52,290 [salt.state       ][INFO    ][5408] Running state [cs_CZ.UTF-8] at time 09:05:52.289673
2017-09-28 09:05:52,290 [salt.state       ][INFO    ][5408] Executing state locale.present for cs_CZ.UTF-8
2017-09-28 09:05:52,290 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'locale -a' in directory '/root'
2017-09-28 09:05:52,300 [salt.state       ][INFO    ][5408] Locale cs_CZ.UTF-8 is already present
2017-09-28 09:05:52,300 [salt.state       ][INFO    ][5408] Completed state [cs_CZ.UTF-8] at time 09:05:52.299964 duration_in_ms=10.288
2017-09-28 09:05:52,300 [salt.state       ][INFO    ][5408] Running state [en_US.UTF-8] at time 09:05:52.300308
2017-09-28 09:05:52,301 [salt.state       ][INFO    ][5408] Executing state locale.present for en_US.UTF-8
2017-09-28 09:05:52,301 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'locale -a' in directory '/root'
2017-09-28 09:05:52,311 [salt.state       ][INFO    ][5408] Locale en_US.UTF-8 is already present
2017-09-28 09:05:52,311 [salt.state       ][INFO    ][5408] Completed state [en_US.UTF-8] at time 09:05:52.310918 duration_in_ms=10.608
2017-09-28 09:05:52,312 [salt.state       ][INFO    ][5408] Running state [en_US.UTF-8] at time 09:05:52.311970
2017-09-28 09:05:52,312 [salt.state       ][INFO    ][5408] Executing state locale.system for en_US.UTF-8
2017-09-28 09:05:52,313 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'localectl' in directory '/root'
2017-09-28 09:05:52,354 [salt.state       ][INFO    ][5408] System locale en_US.UTF-8 already set
2017-09-28 09:05:52,354 [salt.state       ][INFO    ][5408] Completed state [en_US.UTF-8] at time 09:05:52.354340 duration_in_ms=42.368
2017-09-28 09:05:52,355 [salt.state       ][INFO    ][5408] Running state [root] at time 09:05:52.355279
2017-09-28 09:05:52,355 [salt.state       ][INFO    ][5408] Executing state user.present for root
2017-09-28 09:05:52,356 [salt.state       ][INFO    ][5408] User root is present and up to date
2017-09-28 09:05:52,356 [salt.state       ][INFO    ][5408] Completed state [root] at time 09:05:52.356442 duration_in_ms=1.162
2017-09-28 09:05:52,357 [salt.state       ][INFO    ][5408] Running state [/root] at time 09:05:52.357187
2017-09-28 09:05:52,357 [salt.state       ][INFO    ][5408] Executing state file.directory for /root
2017-09-28 09:05:52,358 [salt.state       ][INFO    ][5408] Directory /root is in the correct state
2017-09-28 09:05:52,358 [salt.state       ][INFO    ][5408] Completed state [/root] at time 09:05:52.357926 duration_in_ms=0.739
2017-09-28 09:05:52,358 [salt.state       ][INFO    ][5408] Running state [/etc/sudoers.d/90-salt-user-root] at time 09:05:52.358058
2017-09-28 09:05:52,358 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/sudoers.d/90-salt-user-root
2017-09-28 09:05:52,358 [salt.state       ][INFO    ][5408] File /etc/sudoers.d/90-salt-user-root is not present
2017-09-28 09:05:52,359 [salt.state       ][INFO    ][5408] Completed state [/etc/sudoers.d/90-salt-user-root] at time 09:05:52.358499 duration_in_ms=0.441
2017-09-28 09:05:52,359 [salt.state       ][INFO    ][5408] Running state [ubuntu] at time 09:05:52.358640
2017-09-28 09:05:52,359 [salt.state       ][INFO    ][5408] Executing state user.present for ubuntu
2017-09-28 09:05:52,359 [salt.state       ][INFO    ][5408] User ubuntu is present and up to date
2017-09-28 09:05:52,359 [salt.state       ][INFO    ][5408] Completed state [ubuntu] at time 09:05:52.359446 duration_in_ms=0.806
2017-09-28 09:05:52,360 [salt.state       ][INFO    ][5408] Running state [/home/ubuntu] at time 09:05:52.360054
2017-09-28 09:05:52,360 [salt.state       ][INFO    ][5408] Executing state file.directory for /home/ubuntu
2017-09-28 09:05:52,361 [salt.state       ][INFO    ][5408] Directory /home/ubuntu is in the correct state
2017-09-28 09:05:52,361 [salt.state       ][INFO    ][5408] Completed state [/home/ubuntu] at time 09:05:52.360718 duration_in_ms=0.664
2017-09-28 09:05:52,361 [salt.state       ][INFO    ][5408] Running state [/etc/sudoers.d/90-salt-user-ubuntu] at time 09:05:52.361233
2017-09-28 09:05:52,361 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/sudoers.d/90-salt-user-ubuntu
2017-09-28 09:05:52,383 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/sudoer'
2017-09-28 09:05:52,404 [salt.state       ][INFO    ][5408] File /etc/sudoers.d/90-salt-user-ubuntu is in the correct state
2017-09-28 09:05:52,405 [salt.state       ][INFO    ][5408] Completed state [/etc/sudoers.d/90-salt-user-ubuntu] at time 09:05:52.404495 duration_in_ms=43.262
2017-09-28 09:05:52,405 [salt.state       ][INFO    ][5408] Running state [/etc/security/limits.d/90-salt-default.conf] at time 09:05:52.404641
2017-09-28 09:05:52,405 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/security/limits.d/90-salt-default.conf
2017-09-28 09:05:52,426 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/limits.conf'
2017-09-28 09:05:52,444 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:05:52,477 [salt.state       ][INFO    ][5408] File /etc/security/limits.d/90-salt-default.conf is in the correct state
2017-09-28 09:05:52,477 [salt.state       ][INFO    ][5408] Completed state [/etc/security/limits.d/90-salt-default.conf] at time 09:05:52.477155 duration_in_ms=72.514
2017-09-28 09:05:52,477 [salt.state       ][INFO    ][5408] Running state [/etc/systemd/system.conf.d/90-salt.conf] at time 09:05:52.477318
2017-09-28 09:05:52,477 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/systemd/system.conf.d/90-salt.conf
2017-09-28 09:05:52,492 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/systemd.conf'
2017-09-28 09:05:52,509 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/map.jinja'
2017-09-28 09:05:52,540 [salt.state       ][INFO    ][5408] File /etc/systemd/system.conf.d/90-salt.conf is in the correct state
2017-09-28 09:05:52,540 [salt.state       ][INFO    ][5408] Completed state [/etc/systemd/system.conf.d/90-salt.conf] at time 09:05:52.540061 duration_in_ms=62.742
2017-09-28 09:05:52,541 [salt.state       ][INFO    ][5408] Running state [service.systemctl_reload] at time 09:05:52.540951
2017-09-28 09:05:52,541 [salt.state       ][INFO    ][5408] Executing state module.wait for service.systemctl_reload
2017-09-28 09:05:52,541 [salt.state       ][INFO    ][5408] No changes made for service.systemctl_reload
2017-09-28 09:05:52,541 [salt.state       ][INFO    ][5408] Completed state [service.systemctl_reload] at time 09:05:52.541383 duration_in_ms=0.432
2017-09-28 09:05:52,542 [salt.state       ][INFO    ][5408] Running state [/etc/hostname] at time 09:05:52.541508
2017-09-28 09:05:52,542 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/hostname
2017-09-28 09:05:52,557 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'linux/files/hostname'
2017-09-28 09:05:52,558 [salt.state       ][INFO    ][5408] File /etc/hostname is in the correct state
2017-09-28 09:05:52,558 [salt.state       ][INFO    ][5408] Completed state [/etc/hostname] at time 09:05:52.558149 duration_in_ms=16.64
2017-09-28 09:05:52,559 [salt.state       ][INFO    ][5408] Running state [hostname ctl02] at time 09:05:52.559027
2017-09-28 09:05:52,559 [salt.state       ][INFO    ][5408] Executing state cmd.wait for hostname ctl02
2017-09-28 09:05:52,559 [salt.state       ][INFO    ][5408] No changes made for hostname ctl02
2017-09-28 09:05:52,559 [salt.state       ][INFO    ][5408] Completed state [hostname ctl02] at time 09:05:52.559460 duration_in_ms=0.434
2017-09-28 09:05:52,560 [salt.state       ][INFO    ][5408] Running state [mdb02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.559785
2017-09-28 09:05:52,560 [salt.state       ][INFO    ][5408] Executing state host.present for mdb02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,560 [salt.state       ][INFO    ][5408] Host mdb02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.77) already present
2017-09-28 09:05:52,560 [salt.state       ][INFO    ][5408] Completed state [mdb02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.560367 duration_in_ms=0.582
2017-09-28 09:05:52,561 [salt.state       ][INFO    ][5408] Running state [mdb02] at time 09:05:52.560512
2017-09-28 09:05:52,561 [salt.state       ][INFO    ][5408] Executing state host.present for mdb02
2017-09-28 09:05:52,561 [salt.state       ][INFO    ][5408] Host mdb02 (10.167.4.77) already present
2017-09-28 09:05:52,561 [salt.state       ][INFO    ][5408] Completed state [mdb02] at time 09:05:52.561059 duration_in_ms=0.547
2017-09-28 09:05:52,561 [salt.state       ][INFO    ][5408] Running state [mdb03] at time 09:05:52.561204
2017-09-28 09:05:52,561 [salt.state       ][INFO    ][5408] Executing state host.present for mdb03
2017-09-28 09:05:52,562 [salt.state       ][INFO    ][5408] Host mdb03 (10.167.4.78) already present
2017-09-28 09:05:52,562 [salt.state       ][INFO    ][5408] Completed state [mdb03] at time 09:05:52.561790 duration_in_ms=0.587
2017-09-28 09:05:52,562 [salt.state       ][INFO    ][5408] Running state [mdb03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.561929
2017-09-28 09:05:52,562 [salt.state       ][INFO    ][5408] Executing state host.present for mdb03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,562 [salt.state       ][INFO    ][5408] Host mdb03.baremetal-mcp-ocata-ovs-ha.local (10.167.4.78) already present
2017-09-28 09:05:52,562 [salt.state       ][INFO    ][5408] Completed state [mdb03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.562445 duration_in_ms=0.517
2017-09-28 09:05:52,563 [salt.state       ][INFO    ][5408] Running state [mdb01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.562584
2017-09-28 09:05:52,563 [salt.state       ][INFO    ][5408] Executing state host.present for mdb01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,563 [salt.state       ][INFO    ][5408] Host mdb01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.76) already present
2017-09-28 09:05:52,563 [salt.state       ][INFO    ][5408] Completed state [mdb01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.563099 duration_in_ms=0.516
2017-09-28 09:05:52,563 [salt.state       ][INFO    ][5408] Running state [mdb01] at time 09:05:52.563239
2017-09-28 09:05:52,563 [salt.state       ][INFO    ][5408] Executing state host.present for mdb01
2017-09-28 09:05:52,564 [salt.state       ][INFO    ][5408] Host mdb01 (10.167.4.76) already present
2017-09-28 09:05:52,564 [salt.state       ][INFO    ][5408] Completed state [mdb01] at time 09:05:52.563753 duration_in_ms=0.514
2017-09-28 09:05:52,564 [salt.state       ][INFO    ][5408] Running state [mdb] at time 09:05:52.563890
2017-09-28 09:05:52,564 [salt.state       ][INFO    ][5408] Executing state host.present for mdb
2017-09-28 09:05:52,564 [salt.state       ][INFO    ][5408] Host mdb (10.167.4.75) already present
2017-09-28 09:05:52,564 [salt.state       ][INFO    ][5408] Completed state [mdb] at time 09:05:52.564417 duration_in_ms=0.527
2017-09-28 09:05:52,565 [salt.state       ][INFO    ][5408] Running state [mdb.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.564552
2017-09-28 09:05:52,565 [salt.state       ][INFO    ][5408] Executing state host.present for mdb.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,565 [salt.state       ][INFO    ][5408] Host mdb.baremetal-mcp-ocata-ovs-ha.local (10.167.4.75) already present
2017-09-28 09:05:52,565 [salt.state       ][INFO    ][5408] Completed state [mdb.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.565070 duration_in_ms=0.518
2017-09-28 09:05:52,565 [salt.state       ][INFO    ][5408] Running state [prx02] at time 09:05:52.565210
2017-09-28 09:05:52,565 [salt.state       ][INFO    ][5408] Executing state host.present for prx02
2017-09-28 09:05:52,566 [salt.state       ][INFO    ][5408] Host prx02 (10.167.4.82) already present
2017-09-28 09:05:52,566 [salt.state       ][INFO    ][5408] Completed state [prx02] at time 09:05:52.565765 duration_in_ms=0.555
2017-09-28 09:05:52,566 [salt.state       ][INFO    ][5408] Running state [prx02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.565900
2017-09-28 09:05:52,566 [salt.state       ][INFO    ][5408] Executing state host.present for prx02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,566 [salt.state       ][INFO    ][5408] Host prx02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.82) already present
2017-09-28 09:05:52,566 [salt.state       ][INFO    ][5408] Completed state [prx02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.566415 duration_in_ms=0.515
2017-09-28 09:05:52,567 [salt.state       ][INFO    ][5408] Running state [prx01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.566552
2017-09-28 09:05:52,567 [salt.state       ][INFO    ][5408] Executing state host.present for prx01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,567 [salt.state       ][INFO    ][5408] Host prx01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.81) already present
2017-09-28 09:05:52,567 [salt.state       ][INFO    ][5408] Completed state [prx01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.567073 duration_in_ms=0.52
2017-09-28 09:05:52,567 [salt.state       ][INFO    ][5408] Running state [prx01] at time 09:05:52.567211
2017-09-28 09:05:52,567 [salt.state       ][INFO    ][5408] Executing state host.present for prx01
2017-09-28 09:05:52,568 [salt.state       ][INFO    ][5408] Host prx01 (10.167.4.81) already present
2017-09-28 09:05:52,568 [salt.state       ][INFO    ][5408] Completed state [prx01] at time 09:05:52.567735 duration_in_ms=0.523
2017-09-28 09:05:52,568 [salt.state       ][INFO    ][5408] Running state [kvm01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.567872
2017-09-28 09:05:52,568 [salt.state       ][INFO    ][5408] Executing state host.present for kvm01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,568 [salt.state       ][INFO    ][5408] Host kvm01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.141) already present
2017-09-28 09:05:52,568 [salt.state       ][INFO    ][5408] Completed state [kvm01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.568427 duration_in_ms=0.554
2017-09-28 09:05:52,569 [salt.state       ][INFO    ][5408] Running state [kvm01] at time 09:05:52.568568
2017-09-28 09:05:52,569 [salt.state       ][INFO    ][5408] Executing state host.present for kvm01
2017-09-28 09:05:52,569 [salt.state       ][INFO    ][5408] Host kvm01 (10.167.4.141) already present
2017-09-28 09:05:52,569 [salt.state       ][INFO    ][5408] Completed state [kvm01] at time 09:05:52.569104 duration_in_ms=0.535
2017-09-28 09:05:52,569 [salt.state       ][INFO    ][5408] Running state [kvm03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.569239
2017-09-28 09:05:52,569 [salt.state       ][INFO    ][5408] Executing state host.present for kvm03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,570 [salt.state       ][INFO    ][5408] Host kvm03.baremetal-mcp-ocata-ovs-ha.local (10.167.4.143) already present
2017-09-28 09:05:52,570 [salt.state       ][INFO    ][5408] Completed state [kvm03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.569795 duration_in_ms=0.556
2017-09-28 09:05:52,570 [salt.state       ][INFO    ][5408] Running state [kvm03] at time 09:05:52.569933
2017-09-28 09:05:52,570 [salt.state       ][INFO    ][5408] Executing state host.present for kvm03
2017-09-28 09:05:52,570 [salt.state       ][INFO    ][5408] Host kvm03 (10.167.4.143) already present
2017-09-28 09:05:52,571 [salt.state       ][INFO    ][5408] Completed state [kvm03] at time 09:05:52.570587 duration_in_ms=0.654
2017-09-28 09:05:52,571 [salt.state       ][INFO    ][5408] Running state [kvm02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.570727
2017-09-28 09:05:52,571 [salt.state       ][INFO    ][5408] Executing state host.present for kvm02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,571 [salt.state       ][INFO    ][5408] Host kvm02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.142) already present
2017-09-28 09:05:52,571 [salt.state       ][INFO    ][5408] Completed state [kvm02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.571242 duration_in_ms=0.515
2017-09-28 09:05:52,571 [salt.state       ][INFO    ][5408] Running state [kvm02] at time 09:05:52.571379
2017-09-28 09:05:52,572 [salt.state       ][INFO    ][5408] Executing state host.present for kvm02
2017-09-28 09:05:52,572 [salt.state       ][INFO    ][5408] Host kvm02 (10.167.4.142) already present
2017-09-28 09:05:52,572 [salt.state       ][INFO    ][5408] Completed state [kvm02] at time 09:05:52.571906 duration_in_ms=0.527
2017-09-28 09:05:52,572 [salt.state       ][INFO    ][5408] Running state [dbs.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.572053
2017-09-28 09:05:52,572 [salt.state       ][INFO    ][5408] Executing state host.present for dbs.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,572 [salt.state       ][INFO    ][5408] Host dbs.baremetal-mcp-ocata-ovs-ha.local (10.167.4.50) already present
2017-09-28 09:05:52,573 [salt.state       ][INFO    ][5408] Completed state [dbs.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.572578 duration_in_ms=0.524
2017-09-28 09:05:52,573 [salt.state       ][INFO    ][5408] Running state [dbs] at time 09:05:52.572721
2017-09-28 09:05:52,573 [salt.state       ][INFO    ][5408] Executing state host.present for dbs
2017-09-28 09:05:52,573 [salt.state       ][INFO    ][5408] Host dbs (10.167.4.50) already present
2017-09-28 09:05:52,573 [salt.state       ][INFO    ][5408] Completed state [dbs] at time 09:05:52.573229 duration_in_ms=0.508
2017-09-28 09:05:52,573 [salt.state       ][INFO    ][5408] Running state [prx.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.573386
2017-09-28 09:05:52,574 [salt.state       ][INFO    ][5408] Executing state host.present for prx.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,574 [salt.state       ][INFO    ][5408] Host prx.baremetal-mcp-ocata-ovs-ha.local (10.167.4.80) already present
2017-09-28 09:05:52,574 [salt.state       ][INFO    ][5408] Completed state [prx.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.573914 duration_in_ms=0.528
2017-09-28 09:05:52,574 [salt.state       ][INFO    ][5408] Running state [prx] at time 09:05:52.574049
2017-09-28 09:05:52,574 [salt.state       ][INFO    ][5408] Executing state host.present for prx
2017-09-28 09:05:52,574 [salt.state       ][INFO    ][5408] Host prx (10.167.4.80) already present
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Completed state [prx] at time 09:05:52.574559 duration_in_ms=0.509
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Running state [gtw01] at time 09:05:52.574692
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Executing state host.present for gtw01
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Host gtw01 (10.167.4.124) already present
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Completed state [gtw01] at time 09:05:52.575199 duration_in_ms=0.506
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Running state [gtw01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.575337
2017-09-28 09:05:52,575 [salt.state       ][INFO    ][5408] Executing state host.present for gtw01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,576 [salt.state       ][INFO    ][5408] Host gtw01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.124) already present
2017-09-28 09:05:52,576 [salt.state       ][INFO    ][5408] Completed state [gtw01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.575850 duration_in_ms=0.513
2017-09-28 09:05:52,576 [salt.state       ][INFO    ][5408] Running state [gtw02] at time 09:05:52.575984
2017-09-28 09:05:52,576 [salt.state       ][INFO    ][5408] Executing state host.present for gtw02
2017-09-28 09:05:52,576 [salt.state       ][INFO    ][5408] Host gtw02 (10.167.4.125) already present
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Completed state [gtw02] at time 09:05:52.576504 duration_in_ms=0.519
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Running state [gtw02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.576640
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Executing state host.present for gtw02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Host gtw02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.125) already present
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Completed state [gtw02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.577151 duration_in_ms=0.511
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Running state [msg02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.577307
2017-09-28 09:05:52,577 [salt.state       ][INFO    ][5408] Executing state host.present for msg02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,578 [salt.state       ][INFO    ][5408] Host msg02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.42) already present
2017-09-28 09:05:52,578 [salt.state       ][INFO    ][5408] Completed state [msg02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.577838 duration_in_ms=0.531
2017-09-28 09:05:52,578 [salt.state       ][INFO    ][5408] Running state [msg02] at time 09:05:52.577975
2017-09-28 09:05:52,578 [salt.state       ][INFO    ][5408] Executing state host.present for msg02
2017-09-28 09:05:52,578 [salt.state       ][INFO    ][5408] Host msg02 (10.167.4.42) already present
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Completed state [msg02] at time 09:05:52.578486 duration_in_ms=0.511
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Running state [msg03] at time 09:05:52.578620
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Executing state host.present for msg03
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Host msg03 (10.167.4.43) already present
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Completed state [msg03] at time 09:05:52.579126 duration_in_ms=0.506
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Running state [msg03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.579262
2017-09-28 09:05:52,579 [salt.state       ][INFO    ][5408] Executing state host.present for msg03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,580 [salt.state       ][INFO    ][5408] Host msg03.baremetal-mcp-ocata-ovs-ha.local (10.167.4.43) already present
2017-09-28 09:05:52,580 [salt.state       ][INFO    ][5408] Completed state [msg03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.579772 duration_in_ms=0.511
2017-09-28 09:05:52,580 [salt.state       ][INFO    ][5408] Running state [msg01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.579909
2017-09-28 09:05:52,580 [salt.state       ][INFO    ][5408] Executing state host.present for msg01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,580 [salt.state       ][INFO    ][5408] Host msg01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.41) already present
2017-09-28 09:05:52,580 [salt.state       ][INFO    ][5408] Completed state [msg01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.580433 duration_in_ms=0.524
2017-09-28 09:05:52,581 [salt.state       ][INFO    ][5408] Running state [msg01] at time 09:05:52.580567
2017-09-28 09:05:52,581 [salt.state       ][INFO    ][5408] Executing state host.present for msg01
2017-09-28 09:05:52,581 [salt.state       ][INFO    ][5408] Host msg01 (10.167.4.41) already present
2017-09-28 09:05:52,581 [salt.state       ][INFO    ][5408] Completed state [msg01] at time 09:05:52.581077 duration_in_ms=0.51
2017-09-28 09:05:52,581 [salt.state       ][INFO    ][5408] Running state [msg] at time 09:05:52.581214
2017-09-28 09:05:52,581 [salt.state       ][INFO    ][5408] Executing state host.present for msg
2017-09-28 09:05:52,582 [salt.state       ][INFO    ][5408] Host msg (10.167.4.40) already present
2017-09-28 09:05:52,582 [salt.state       ][INFO    ][5408] Completed state [msg] at time 09:05:52.581764 duration_in_ms=0.55
2017-09-28 09:05:52,582 [salt.state       ][INFO    ][5408] Running state [msg.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.581900
2017-09-28 09:05:52,582 [salt.state       ][INFO    ][5408] Executing state host.present for msg.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,582 [salt.state       ][INFO    ][5408] Host msg.baremetal-mcp-ocata-ovs-ha.local (10.167.4.40) already present
2017-09-28 09:05:52,582 [salt.state       ][INFO    ][5408] Completed state [msg.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.582428 duration_in_ms=0.527
2017-09-28 09:05:52,583 [salt.state       ][INFO    ][5408] Running state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.582577
2017-09-28 09:05:52,583 [salt.state       ][INFO    ][5408] Executing state host.present for cfg01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,583 [salt.state       ][INFO    ][5408] Host cfg01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.100) already present
2017-09-28 09:05:52,583 [salt.state       ][INFO    ][5408] Completed state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.583091 duration_in_ms=0.513
2017-09-28 09:05:52,583 [salt.state       ][INFO    ][5408] Running state [cfg01] at time 09:05:52.583227
2017-09-28 09:05:52,583 [salt.state       ][INFO    ][5408] Executing state host.present for cfg01
2017-09-28 09:05:52,584 [salt.state       ][INFO    ][5408] Host cfg01 (10.167.4.100) already present
2017-09-28 09:05:52,584 [salt.state       ][INFO    ][5408] Completed state [cfg01] at time 09:05:52.583741 duration_in_ms=0.515
2017-09-28 09:05:52,584 [salt.state       ][INFO    ][5408] Running state [cmp002] at time 09:05:52.583875
2017-09-28 09:05:52,584 [salt.state       ][INFO    ][5408] Executing state host.present for cmp002
2017-09-28 09:05:52,584 [salt.state       ][INFO    ][5408] Host cmp002 (10.167.4.102) already present
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Completed state [cmp002] at time 09:05:52.584495 duration_in_ms=0.62
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Running state [cmp002.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.584633
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Executing state host.present for cmp002.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Host cmp002.baremetal-mcp-ocata-ovs-ha.local (10.167.4.102) already present
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Completed state [cmp002.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.585147 duration_in_ms=0.515
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Running state [cmp001] at time 09:05:52.585304
2017-09-28 09:05:52,585 [salt.state       ][INFO    ][5408] Executing state host.present for cmp001
2017-09-28 09:05:52,586 [salt.state       ][INFO    ][5408] Host cmp001 (10.167.4.101) already present
2017-09-28 09:05:52,586 [salt.state       ][INFO    ][5408] Completed state [cmp001] at time 09:05:52.585835 duration_in_ms=0.531
2017-09-28 09:05:52,586 [salt.state       ][INFO    ][5408] Running state [cmp001.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.585972
2017-09-28 09:05:52,586 [salt.state       ][INFO    ][5408] Executing state host.present for cmp001.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,586 [salt.state       ][INFO    ][5408] Host cmp001.baremetal-mcp-ocata-ovs-ha.local (10.167.4.101) already present
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Completed state [cmp001.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.586481 duration_in_ms=0.509
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Running state [dbs01] at time 09:05:52.586616
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Executing state host.present for dbs01
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Host dbs01 (10.167.4.51) already present
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Completed state [dbs01] at time 09:05:52.587126 duration_in_ms=0.509
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Running state [dbs01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.587259
2017-09-28 09:05:52,587 [salt.state       ][INFO    ][5408] Executing state host.present for dbs01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,588 [salt.state       ][INFO    ][5408] Host dbs01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.51) already present
2017-09-28 09:05:52,588 [salt.state       ][INFO    ][5408] Completed state [dbs01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.587771 duration_in_ms=0.511
2017-09-28 09:05:52,588 [salt.state       ][INFO    ][5408] Running state [dbs02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.587907
2017-09-28 09:05:52,588 [salt.state       ][INFO    ][5408] Executing state host.present for dbs02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,588 [salt.state       ][INFO    ][5408] Host dbs02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.52) already present
2017-09-28 09:05:52,588 [salt.state       ][INFO    ][5408] Completed state [dbs02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.588446 duration_in_ms=0.54
2017-09-28 09:05:52,589 [salt.state       ][INFO    ][5408] Running state [dbs02] at time 09:05:52.588582
2017-09-28 09:05:52,589 [salt.state       ][INFO    ][5408] Executing state host.present for dbs02
2017-09-28 09:05:52,589 [salt.state       ][INFO    ][5408] Host dbs02 (10.167.4.52) already present
2017-09-28 09:05:52,589 [salt.state       ][INFO    ][5408] Completed state [dbs02] at time 09:05:52.589098 duration_in_ms=0.515
2017-09-28 09:05:52,589 [salt.state       ][INFO    ][5408] Running state [dbs03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.589235
2017-09-28 09:05:52,589 [salt.state       ][INFO    ][5408] Executing state host.present for dbs03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,590 [salt.state       ][INFO    ][5408] Host dbs03.baremetal-mcp-ocata-ovs-ha.local (10.167.4.53) already present
2017-09-28 09:05:52,590 [salt.state       ][INFO    ][5408] Completed state [dbs03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.589787 duration_in_ms=0.552
2017-09-28 09:05:52,590 [salt.state       ][INFO    ][5408] Running state [dbs03] at time 09:05:52.589923
2017-09-28 09:05:52,590 [salt.state       ][INFO    ][5408] Executing state host.present for dbs03
2017-09-28 09:05:52,590 [salt.state       ][INFO    ][5408] Host dbs03 (10.167.4.53) already present
2017-09-28 09:05:52,590 [salt.state       ][INFO    ][5408] Completed state [dbs03] at time 09:05:52.590436 duration_in_ms=0.512
2017-09-28 09:05:52,591 [salt.state       ][INFO    ][5408] Running state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.590569
2017-09-28 09:05:52,591 [salt.state       ][INFO    ][5408] Executing state host.present for cfg01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,591 [salt.state       ][INFO    ][5408] Host cfg01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.100) already present
2017-09-28 09:05:52,591 [salt.state       ][INFO    ][5408] Completed state [cfg01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.591085 duration_in_ms=0.515
2017-09-28 09:05:52,591 [salt.state       ][INFO    ][5408] Running state [cfg01] at time 09:05:52.591220
2017-09-28 09:05:52,591 [salt.state       ][INFO    ][5408] Executing state host.present for cfg01
2017-09-28 09:05:52,592 [salt.state       ][INFO    ][5408] Host cfg01 (10.167.4.100) already present
2017-09-28 09:05:52,592 [salt.state       ][INFO    ][5408] Completed state [cfg01] at time 09:05:52.591732 duration_in_ms=0.511
2017-09-28 09:05:52,592 [salt.state       ][INFO    ][5408] Running state [mas01] at time 09:05:52.591866
2017-09-28 09:05:52,592 [salt.state       ][INFO    ][5408] Executing state host.present for mas01
2017-09-28 09:05:52,592 [salt.state       ][INFO    ][5408] Host mas01 (10.167.4.3) already present
2017-09-28 09:05:52,592 [salt.state       ][INFO    ][5408] Completed state [mas01] at time 09:05:52.592395 duration_in_ms=0.528
2017-09-28 09:05:52,593 [salt.state       ][INFO    ][5408] Running state [mas01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.592532
2017-09-28 09:05:52,593 [salt.state       ][INFO    ][5408] Executing state host.present for mas01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,593 [salt.state       ][INFO    ][5408] Host mas01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.3) already present
2017-09-28 09:05:52,593 [salt.state       ][INFO    ][5408] Completed state [mas01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.593050 duration_in_ms=0.518
2017-09-28 09:05:52,593 [salt.state       ][INFO    ][5408] Running state [ctl02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.593188
2017-09-28 09:05:52,593 [salt.state       ][INFO    ][5408] Executing state host.present for ctl02.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:52,594 [salt.state       ][INFO    ][5408] Host ctl02.baremetal-mcp-ocata-ovs-ha.local (10.167.4.12) already present
2017-09-28 09:05:52,594 [salt.state       ][INFO    ][5408] Completed state [ctl02.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:52.593750 duration_in_ms=0.562
2017-09-28 09:05:52,594 [salt.state       ][INFO    ][5408] Running state [ctl02] at time 09:05:52.593887
2017-09-28 09:05:52,594 [salt.state       ][INFO    ][5408] Executing state host.present for ctl02
2017-09-28 09:05:52,594 [salt.state       ][INFO    ][5408] Host ctl02 (10.167.4.12) already present
2017-09-28 09:05:52,594 [salt.state       ][INFO    ][5408] Completed state [ctl02] at time 09:05:52.594428 duration_in_ms=0.541
2017-09-28 09:05:52,595 [salt.state       ][INFO    ][5408] Running state [file.replace] at time 09:05:52.595053
2017-09-28 09:05:52,595 [salt.state       ][INFO    ][5408] Executing state module.run for file.replace
2017-09-28 09:05:53,097 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command 'grep -q "ctl02 ctl02.baremetal-mcp-ocata-ovs-ha.local" /etc/hosts' in directory '/root'
2017-09-28 09:05:53,109 [salt.state       ][INFO    ][5408] onlyif execution failed
2017-09-28 09:05:53,109 [salt.state       ][INFO    ][5408] Completed state [file.replace] at time 09:05:53.109413 duration_in_ms=514.359
2017-09-28 09:05:53,110 [salt.state       ][INFO    ][5408] Running state [ctl03] at time 09:05:53.109672
2017-09-28 09:05:53,110 [salt.state       ][INFO    ][5408] Executing state host.present for ctl03
2017-09-28 09:05:53,110 [salt.state       ][INFO    ][5408] Host ctl03 (10.167.4.13) already present
2017-09-28 09:05:53,111 [salt.state       ][INFO    ][5408] Completed state [ctl03] at time 09:05:53.110549 duration_in_ms=0.876
2017-09-28 09:05:53,111 [salt.state       ][INFO    ][5408] Running state [ctl03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:53.110718
2017-09-28 09:05:53,111 [salt.state       ][INFO    ][5408] Executing state host.present for ctl03.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:53,111 [salt.state       ][INFO    ][5408] Host ctl03.baremetal-mcp-ocata-ovs-ha.local (10.167.4.13) already present
2017-09-28 09:05:53,111 [salt.state       ][INFO    ][5408] Completed state [ctl03.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:53.111328 duration_in_ms=0.609
2017-09-28 09:05:53,112 [salt.state       ][INFO    ][5408] Running state [ctl01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:53.111496
2017-09-28 09:05:53,112 [salt.state       ][INFO    ][5408] Executing state host.present for ctl01.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:53,112 [salt.state       ][INFO    ][5408] Host ctl01.baremetal-mcp-ocata-ovs-ha.local (10.167.4.11) already present
2017-09-28 09:05:53,112 [salt.state       ][INFO    ][5408] Completed state [ctl01.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:53.112108 duration_in_ms=0.612
2017-09-28 09:05:53,112 [salt.state       ][INFO    ][5408] Running state [ctl01] at time 09:05:53.112301
2017-09-28 09:05:53,112 [salt.state       ][INFO    ][5408] Executing state host.present for ctl01
2017-09-28 09:05:53,113 [salt.state       ][INFO    ][5408] Host ctl01 (10.167.4.11) already present
2017-09-28 09:05:53,113 [salt.state       ][INFO    ][5408] Completed state [ctl01] at time 09:05:53.112911 duration_in_ms=0.61
2017-09-28 09:05:53,113 [salt.state       ][INFO    ][5408] Running state [ctl] at time 09:05:53.113075
2017-09-28 09:05:53,113 [salt.state       ][INFO    ][5408] Executing state host.present for ctl
2017-09-28 09:05:53,114 [salt.state       ][INFO    ][5408] Host ctl (10.167.4.10) already present
2017-09-28 09:05:53,114 [salt.state       ][INFO    ][5408] Completed state [ctl] at time 09:05:53.113671 duration_in_ms=0.596
2017-09-28 09:05:53,114 [salt.state       ][INFO    ][5408] Running state [ctl.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:53.113826
2017-09-28 09:05:53,114 [salt.state       ][INFO    ][5408] Executing state host.present for ctl.baremetal-mcp-ocata-ovs-ha.local
2017-09-28 09:05:53,114 [salt.state       ][INFO    ][5408] Host ctl.baremetal-mcp-ocata-ovs-ha.local (10.167.4.10) already present
2017-09-28 09:05:53,114 [salt.state       ][INFO    ][5408] Completed state [ctl.baremetal-mcp-ocata-ovs-ha.local] at time 09:05:53.114415 duration_in_ms=0.589
2017-09-28 09:05:53,115 [salt.state       ][INFO    ][5408] Running state [ens2] at time 09:05:53.114569
2017-09-28 09:05:53,115 [salt.state       ][INFO    ][5408] Executing state network.managed for ens2
2017-09-28 09:05:53,577 [salt.state       ][INFO    ][5408] Interface ens2 is up to date.
2017-09-28 09:05:53,579 [salt.state       ][INFO    ][5408] Completed state [ens2] at time 09:05:53.578467 duration_in_ms=463.898
2017-09-28 09:05:53,579 [salt.state       ][INFO    ][5408] Running state [ens3] at time 09:05:53.578845
2017-09-28 09:05:53,579 [salt.state       ][INFO    ][5408] Executing state network.managed for ens3
2017-09-28 09:05:54,034 [salt.state       ][INFO    ][5408] Interface ens3 is up to date.
2017-09-28 09:05:54,035 [salt.state       ][INFO    ][5408] Completed state [ens3] at time 09:05:54.034536 duration_in_ms=455.692
2017-09-28 09:05:54,035 [salt.state       ][INFO    ][5408] Running state [/etc/profile.d/proxy.sh] at time 09:05:54.034718
2017-09-28 09:05:54,035 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/profile.d/proxy.sh
2017-09-28 09:05:54,035 [salt.state       ][INFO    ][5408] File /etc/profile.d/proxy.sh is not present
2017-09-28 09:05:54,035 [salt.state       ][INFO    ][5408] Completed state [/etc/profile.d/proxy.sh] at time 09:05:54.035295 duration_in_ms=0.576
2017-09-28 09:05:54,035 [salt.state       ][INFO    ][5408] Running state [/etc/apt/apt.conf.d/95proxies] at time 09:05:54.035434
2017-09-28 09:05:54,036 [salt.state       ][INFO    ][5408] Executing state file.absent for /etc/apt/apt.conf.d/95proxies
2017-09-28 09:05:54,036 [salt.state       ][INFO    ][5408] File /etc/apt/apt.conf.d/95proxies is not present
2017-09-28 09:05:54,036 [salt.state       ][INFO    ][5408] Completed state [/etc/apt/apt.conf.d/95proxies] at time 09:05:54.035857 duration_in_ms=0.424
2017-09-28 09:05:54,036 [salt.state       ][INFO    ][5408] Running state [ntp] at time 09:05:54.035992
2017-09-28 09:05:54,036 [salt.state       ][INFO    ][5408] Executing state pkg.installed for ntp
2017-09-28 09:05:54,039 [salt.state       ][INFO    ][5408] Package ntp is already installed
2017-09-28 09:05:54,039 [salt.state       ][INFO    ][5408] Completed state [ntp] at time 09:05:54.039199 duration_in_ms=3.206
2017-09-28 09:05:54,040 [salt.state       ][INFO    ][5408] Running state [/etc/ntp.conf] at time 09:05:54.039990
2017-09-28 09:05:54,040 [salt.state       ][INFO    ][5408] Executing state file.managed for /etc/ntp.conf
2017-09-28 09:05:54,061 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/files/ntp.conf'
2017-09-28 09:05:54,087 [salt.fileclient  ][INFO    ][5408] Fetching file from saltenv 'base', ** done ** 'ntp/map.jinja'
2017-09-28 09:05:54,093 [salt.state       ][INFO    ][5408] File /etc/ntp.conf is in the correct state
2017-09-28 09:05:54,094 [salt.state       ][INFO    ][5408] Completed state [/etc/ntp.conf] at time 09:05:54.093581 duration_in_ms=53.591
2017-09-28 09:05:54,095 [salt.state       ][INFO    ][5408] Running state [ntp] at time 09:05:54.094503
2017-09-28 09:05:54,095 [salt.state       ][INFO    ][5408] Executing state service.running for ntp
2017-09-28 09:05:54,095 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['systemctl', 'status', 'ntp.service', '-n', '0'] in directory '/root'
2017-09-28 09:05:54,109 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['systemctl', 'is-active', 'ntp.service'] in directory '/root'
2017-09-28 09:05:54,122 [salt.loaded.int.module.cmdmod][INFO    ][5408] Executing command ['systemctl', 'is-enabled', 'ntp.service'] in directory '/root'
2017-09-28 09:05:54,136 [salt.state       ][INFO    ][5408] The service ntp is already running
2017-09-28 09:05:54,136 [salt.state       ][INFO    ][5408] Completed state [ntp] at time 09:05:54.136164 duration_in_ms=41.66
2017-09-28 09:05:54,139 [salt.minion      ][INFO    ][5408] Returning information for job: 20170928090049285450
2017-09-28 09:16:29,438 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command ssh.set_auth_key with jid 20170928091629433194
2017-09-28 09:16:29,462 [salt.minion      ][INFO    ][9620] Starting a new job with PID 9620
2017-09-28 09:16:29,473 [salt.minion      ][INFO    ][9620] Returning information for job: 20170928091629433194
2017-09-28 09:16:30,477 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command pkg.upgrade with jid 20170928091630471822
2017-09-28 09:16:30,499 [salt.minion      ][INFO    ][9625] Starting a new job with PID 9625
2017-09-28 09:16:30,514 [salt.loaded.int.module.cmdmod][INFO    ][9625] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:16:30,946 [salt.loaded.int.module.cmdmod][INFO    ][9625] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'upgrade'] in directory '/root'
2017-09-28 09:16:40,515 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091640510027
2017-09-28 09:16:40,531 [salt.minion      ][INFO    ][9638] Starting a new job with PID 9638
2017-09-28 09:16:40,547 [salt.minion      ][INFO    ][9638] Returning information for job: 20170928091640510027
2017-09-28 09:16:50,548 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091650543734
2017-09-28 09:16:50,565 [salt.minion      ][INFO    ][9672] Starting a new job with PID 9672
2017-09-28 09:16:50,584 [salt.minion      ][INFO    ][9672] Returning information for job: 20170928091650543734
2017-09-28 09:17:00,755 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091700751835
2017-09-28 09:17:00,773 [salt.minion      ][INFO    ][9776] Starting a new job with PID 9776
2017-09-28 09:17:00,791 [salt.minion      ][INFO    ][9776] Returning information for job: 20170928091700751835
2017-09-28 09:17:10,773 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091710770286
2017-09-28 09:17:10,791 [salt.minion      ][INFO    ][9835] Starting a new job with PID 9835
2017-09-28 09:17:10,803 [salt.minion      ][INFO    ][9835] Returning information for job: 20170928091710770286
2017-09-28 09:17:20,812 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091720808243
2017-09-28 09:17:20,834 [salt.minion      ][INFO    ][9923] Starting a new job with PID 9923
2017-09-28 09:17:20,845 [salt.minion      ][INFO    ][9923] Returning information for job: 20170928091720808243
2017-09-28 09:17:31,041 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091731035773
2017-09-28 09:17:31,062 [salt.minion      ][INFO    ][10001] Starting a new job with PID 10001
2017-09-28 09:17:31,930 [salt.minion      ][INFO    ][10001] Returning information for job: 20170928091731035773
2017-09-28 09:17:41,262 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091741252046
2017-09-28 09:17:41,285 [salt.minion      ][INFO    ][10006] Starting a new job with PID 10006
2017-09-28 09:17:41,296 [salt.minion      ][INFO    ][10006] Returning information for job: 20170928091741252046
2017-09-28 09:17:51,357 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091751345548
2017-09-28 09:17:51,378 [salt.minion      ][INFO    ][10011] Starting a new job with PID 10011
2017-09-28 09:17:51,789 [salt.minion      ][INFO    ][10011] Returning information for job: 20170928091751345548
2017-09-28 09:18:01,538 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091801527285
2017-09-28 09:18:01,557 [salt.minion      ][INFO    ][10021] Starting a new job with PID 10021
2017-09-28 09:18:01,571 [salt.minion      ][INFO    ][10021] Returning information for job: 20170928091801527285
2017-09-28 09:18:11,709 [salt.minion      ][INFO    ][1857] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091811700581
2017-09-28 09:18:11,725 [salt.minion      ][INFO    ][10026] Starting a new job with PID 10026
2017-09-28 09:18:11,741 [salt.minion      ][INFO    ][10026] Returning information for job: 20170928091811700581
2017-09-28 09:18:13,365 [salt.utils.parsers][WARNING ][1857] Minion received a SIGTERM. Exiting.
2017-09-28 09:18:13,365 [salt.cli.daemons ][INFO    ][1857] The salt minion is shutting down..
2017-09-28 09:18:13,367 [salt.cli.daemons ][INFO    ][1857] The Salt Minion is shut down
2017-09-28 09:19:40,587 [salt.cli.daemons ][INFO    ][14972] Setting up the Salt Minion "ctl02.baremetal-mcp-ocata-ovs-ha.local"
2017-09-28 09:19:40,967 [salt.minion      ][INFO    ][14972] Creating minion process manager
2017-09-28 09:19:40,967 [salt.cli.daemons ][WARNING ][14972] IMPORTANT: Do not use md5 hashing algorithm! Please set "hash_type" to sha256 in Salt Minion config!
2017-09-28 09:19:40,968 [salt.cli.daemons ][INFO    ][14972] The Salt Minion is starting up
2017-09-28 09:19:40,968 [salt.minion      ][INFO    ][14972] Minion is starting as user 'root'
2017-09-28 09:19:40,969 [salt.utils.event ][INFO    ][14972] Starting pull socket on /var/run/salt/minion/minion_event_37cabfca03_pull.ipc
2017-09-28 09:19:41,869 [salt.loaded.int.module.cmdmod][INFO    ][14972] Executing command ['date', '+%z'] in directory '/root'
2017-09-28 09:19:41,907 [salt.utils.schedule][INFO    ][14972] Updating job settings for scheduled job: __mine_interval
2017-09-28 09:19:41,910 [salt.minion      ][INFO    ][14972] Added mine.update to scheduler
2017-09-28 09:19:42,089 [salt.minion      ][INFO    ][14972] Minion is ready to receive requests!
2017-09-28 09:19:42,641 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091942636520
2017-09-28 09:19:42,655 [salt.minion      ][INFO    ][15062] Starting a new job with PID 15062
2017-09-28 09:19:42,664 [salt.minion      ][INFO    ][15062] Returning information for job: 20170928091942636520
2017-09-28 09:19:43,090 [salt.utils.schedule][INFO    ][14972] Running scheduled job: __mine_interval
2017-09-28 09:19:52,784 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928091952779360
2017-09-28 09:19:52,799 [salt.minion      ][INFO    ][15076] Starting a new job with PID 15076
2017-09-28 09:19:52,808 [salt.minion      ][INFO    ][15076] Returning information for job: 20170928091952779360
2017-09-28 09:20:02,917 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092002913321
2017-09-28 09:20:02,931 [salt.minion      ][INFO    ][15081] Starting a new job with PID 15081
2017-09-28 09:20:02,940 [salt.minion      ][INFO    ][15081] Returning information for job: 20170928092002913321
2017-09-28 09:20:13,119 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092013115458
2017-09-28 09:20:13,136 [salt.minion      ][INFO    ][15091] Starting a new job with PID 15091
2017-09-28 09:20:13,146 [salt.minion      ][INFO    ][15091] Returning information for job: 20170928092013115458
2017-09-28 09:20:23,277 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092023274763
2017-09-28 09:20:23,291 [salt.minion      ][INFO    ][15096] Starting a new job with PID 15096
2017-09-28 09:20:23,299 [salt.minion      ][INFO    ][15096] Returning information for job: 20170928092023274763
2017-09-28 09:20:33,340 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092033338884
2017-09-28 09:20:33,358 [salt.minion      ][INFO    ][15101] Starting a new job with PID 15101
2017-09-28 09:20:33,366 [salt.minion      ][INFO    ][15101] Returning information for job: 20170928092033338884
2017-09-28 09:20:43,393 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092043392247
2017-09-28 09:20:43,406 [salt.minion      ][INFO    ][15111] Starting a new job with PID 15111
2017-09-28 09:20:43,414 [salt.minion      ][INFO    ][15111] Returning information for job: 20170928092043392247
2017-09-28 09:20:53,481 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092053478106
2017-09-28 09:20:53,501 [salt.minion      ][INFO    ][15116] Starting a new job with PID 15116
2017-09-28 09:20:53,514 [salt.minion      ][INFO    ][15116] Returning information for job: 20170928092053478106
2017-09-28 09:21:03,528 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092103523156
2017-09-28 09:21:03,546 [salt.minion      ][INFO    ][15126] Starting a new job with PID 15126
2017-09-28 09:21:03,555 [salt.minion      ][INFO    ][15126] Returning information for job: 20170928092103523156
2017-09-28 09:21:13,703 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092113693698
2017-09-28 09:21:13,721 [salt.minion      ][INFO    ][15131] Starting a new job with PID 15131
2017-09-28 09:21:13,730 [salt.minion      ][INFO    ][15131] Returning information for job: 20170928092113693698
2017-09-28 09:21:23,930 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092123920774
2017-09-28 09:21:23,949 [salt.minion      ][INFO    ][15136] Starting a new job with PID 15136
2017-09-28 09:21:23,958 [salt.minion      ][INFO    ][15136] Returning information for job: 20170928092123920774
2017-09-28 09:21:34,008 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092133999687
2017-09-28 09:21:34,025 [salt.minion      ][INFO    ][15146] Starting a new job with PID 15146
2017-09-28 09:21:34,034 [salt.minion      ][INFO    ][15146] Returning information for job: 20170928092133999687
2017-09-28 09:21:44,117 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092144108307
2017-09-28 09:21:44,133 [salt.minion      ][INFO    ][15151] Starting a new job with PID 15151
2017-09-28 09:21:44,141 [salt.minion      ][INFO    ][15151] Returning information for job: 20170928092144108307
2017-09-28 09:21:54,326 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928092154317991
2017-09-28 09:21:54,340 [salt.minion      ][INFO    ][15156] Starting a new job with PID 15156
2017-09-28 09:21:54,348 [salt.minion      ][INFO    ][15156] Returning information for job: 20170928092154317991
2017-09-28 09:22:15,221 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command pkg.upgrade with jid 20170928092215210705
2017-09-28 09:22:15,240 [salt.minion      ][INFO    ][15248] Starting a new job with PID 15248
2017-09-28 09:22:15,254 [salt.loaded.int.module.cmdmod][INFO    ][15248] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:22:15,688 [salt.loaded.int.module.cmdmod][INFO    ][15248] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'upgrade'] in directory '/root'
2017-09-28 09:22:16,169 [salt.loaded.int.module.cmdmod][INFO    ][15248] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:22:16,191 [salt.minion      ][INFO    ][15248] Returning information for job: 20170928092215210705
2017-09-28 09:22:46,193 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command pkg.upgrade with jid 20170928092246198969
2017-09-28 09:22:46,213 [salt.minion      ][INFO    ][15338] Starting a new job with PID 15338
2017-09-28 09:22:46,233 [salt.loaded.int.module.cmdmod][INFO    ][15338] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:22:46,690 [salt.loaded.int.module.cmdmod][INFO    ][15338] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'upgrade'] in directory '/root'
2017-09-28 09:22:47,256 [salt.loaded.int.module.cmdmod][INFO    ][15338] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:22:47,275 [salt.minion      ][INFO    ][15338] Returning information for job: 20170928092246198969
2017-09-28 09:22:48,906 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928092248909918
2017-09-28 09:22:48,934 [salt.minion      ][INFO    ][15352] Starting a new job with PID 15352
2017-09-28 09:22:48,957 [salt.minion      ][INFO    ][15352] Returning information for job: 20170928092248909918
2017-09-28 09:40:12,471 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928094012461501
2017-09-28 09:40:12,490 [salt.minion      ][INFO    ][16152] Starting a new job with PID 16152
2017-09-28 09:40:14,395 [salt.state       ][INFO    ][16152] Loading fresh modules for state activity
2017-09-28 09:40:14,422 [salt.fileclient  ][INFO    ][16152] Fetching file from saltenv 'base', ** done ** 'keepalived/init.sls'
2017-09-28 09:40:14,442 [salt.fileclient  ][INFO    ][16152] Fetching file from saltenv 'base', ** done ** 'keepalived/cluster.sls'
2017-09-28 09:40:14,467 [salt.fileclient  ][INFO    ][16152] Fetching file from saltenv 'base', ** done ** 'keepalived/map.jinja'
2017-09-28 09:40:14,730 [salt.state       ][INFO    ][16152] Running state [lsof] at time 09:40:14.730247
2017-09-28 09:40:14,731 [salt.state       ][INFO    ][16152] Executing state pkg.installed for lsof
2017-09-28 09:40:14,731 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:40:15,205 [salt.state       ][INFO    ][16152] Package lsof is already installed
2017-09-28 09:40:15,206 [salt.state       ][INFO    ][16152] Completed state [lsof] at time 09:40:15.205504 duration_in_ms=475.257
2017-09-28 09:40:15,206 [salt.state       ][INFO    ][16152] Running state [keepalived] at time 09:40:15.205716
2017-09-28 09:40:15,206 [salt.state       ][INFO    ][16152] Executing state pkg.installed for keepalived
2017-09-28 09:40:15,220 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 09:40:22,517 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094022502960
2017-09-28 09:40:22,534 [salt.minion      ][INFO    ][16440] Starting a new job with PID 16440
2017-09-28 09:40:22,545 [salt.minion      ][INFO    ][16440] Returning information for job: 20170928094022502960
2017-09-28 09:40:32,668 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094032655093
2017-09-28 09:40:32,686 [salt.minion      ][INFO    ][16445] Starting a new job with PID 16445
2017-09-28 09:40:32,697 [salt.minion      ][INFO    ][16445] Returning information for job: 20170928094032655093
2017-09-28 09:40:42,827 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094042813827
2017-09-28 09:40:42,845 [salt.minion      ][INFO    ][16450] Starting a new job with PID 16450
2017-09-28 09:40:42,856 [salt.minion      ][INFO    ][16450] Returning information for job: 20170928094042813827
2017-09-28 09:40:52,992 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094052979963
2017-09-28 09:40:53,011 [salt.minion      ][INFO    ][16460] Starting a new job with PID 16460
2017-09-28 09:40:53,022 [salt.minion      ][INFO    ][16460] Returning information for job: 20170928094052979963
2017-09-28 09:41:03,170 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094103158299
2017-09-28 09:41:03,189 [salt.minion      ][INFO    ][16465] Starting a new job with PID 16465
2017-09-28 09:41:03,200 [salt.minion      ][INFO    ][16465] Returning information for job: 20170928094103158299
2017-09-28 09:41:13,354 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094113343124
2017-09-28 09:41:13,372 [salt.minion      ][INFO    ][16475] Starting a new job with PID 16475
2017-09-28 09:41:13,383 [salt.minion      ][INFO    ][16475] Returning information for job: 20170928094113343124
2017-09-28 09:41:23,544 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094123532142
2017-09-28 09:41:23,561 [salt.minion      ][INFO    ][16480] Starting a new job with PID 16480
2017-09-28 09:41:23,572 [salt.minion      ][INFO    ][16480] Returning information for job: 20170928094123532142
2017-09-28 09:41:33,736 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094133726340
2017-09-28 09:41:33,754 [salt.minion      ][INFO    ][16485] Starting a new job with PID 16485
2017-09-28 09:41:33,768 [salt.minion      ][INFO    ][16485] Returning information for job: 20170928094133726340
2017-09-28 09:41:43,943 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094143932500
2017-09-28 09:41:43,961 [salt.minion      ][INFO    ][16495] Starting a new job with PID 16495
2017-09-28 09:41:43,972 [salt.minion      ][INFO    ][16495] Returning information for job: 20170928094143932500
2017-09-28 09:41:54,154 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094154144911
2017-09-28 09:41:54,174 [salt.minion      ][INFO    ][16500] Starting a new job with PID 16500
2017-09-28 09:41:54,185 [salt.minion      ][INFO    ][16500] Returning information for job: 20170928094154144911
2017-09-28 09:42:04,382 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094204374238
2017-09-28 09:42:04,401 [salt.minion      ][INFO    ][16510] Starting a new job with PID 16510
2017-09-28 09:42:04,413 [salt.minion      ][INFO    ][16510] Returning information for job: 20170928094204374238
2017-09-28 09:42:14,607 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094214597652
2017-09-28 09:42:14,624 [salt.minion      ][INFO    ][16515] Starting a new job with PID 16515
2017-09-28 09:42:14,636 [salt.minion      ][INFO    ][16515] Returning information for job: 20170928094214597652
2017-09-28 09:42:17,123 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'keepalived'] in directory '/root'
2017-09-28 09:42:24,625 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928094224616951
2017-09-28 09:42:24,642 [salt.minion      ][INFO    ][16772] Starting a new job with PID 16772
2017-09-28 09:42:24,653 [salt.minion      ][INFO    ][16772] Returning information for job: 20170928094224616951
2017-09-28 09:42:27,684 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 09:42:27,704 [salt.state       ][INFO    ][16152] Made the following changes:
'libsnmp30' changed from 'absent' to '5.7.3+dfsg-1ubuntu4'
'libsnmp-base' changed from 'absent' to '5.7.3+dfsg-1ubuntu4'
'keepalived' changed from 'absent' to '1:1.2.19-1ubuntu0.2'
'ipvsadm' changed from 'absent' to '1:1.28-3'
'libsensors4' changed from 'absent' to '1:3.4.0-2'

2017-09-28 09:42:27,716 [salt.state       ][INFO    ][16152] Loading fresh modules for state activity
2017-09-28 09:42:27,729 [salt.state       ][INFO    ][16152] Completed state [keepalived] at time 09:42:27.728867 duration_in_ms=132523.151
2017-09-28 09:42:27,731 [salt.state       ][INFO    ][16152] Running state [/etc/keepalived/keepalived.conf] at time 09:42:27.731229
2017-09-28 09:42:27,732 [salt.state       ][INFO    ][16152] Executing state file.managed for /etc/keepalived/keepalived.conf
2017-09-28 09:42:27,764 [salt.fileclient  ][INFO    ][16152] Fetching file from saltenv 'base', ** done ** 'keepalived/files/keepalived.conf'
2017-09-28 09:42:27,797 [salt.fileclient  ][INFO    ][16152] Fetching file from saltenv 'base', ** done ** 'keepalived/map.jinja'
2017-09-28 09:42:27,804 [salt.state       ][INFO    ][16152] File changed:
New file
2017-09-28 09:42:27,804 [salt.state       ][INFO    ][16152] Completed state [/etc/keepalived/keepalived.conf] at time 09:42:27.803754 duration_in_ms=72.525
2017-09-28 09:42:27,867 [salt.state       ][INFO    ][16152] Running state [keepalived] at time 09:42:27.866683
2017-09-28 09:42:27,867 [salt.state       ][INFO    ][16152] Executing state service.running for keepalived
2017-09-28 09:42:27,868 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'status', 'keepalived.service', '-n', '0'] in directory '/root'
2017-09-28 09:42:27,885 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'is-active', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,894 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,902 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,910 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,958 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'is-active', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,971 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,980 [salt.loaded.int.module.cmdmod][INFO    ][16152] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2017-09-28 09:42:27,988 [salt.state       ][INFO    ][16152] {'keepalived': True}
2017-09-28 09:42:27,988 [salt.state       ][INFO    ][16152] Completed state [keepalived] at time 09:42:27.988253 duration_in_ms=121.569
2017-09-28 09:42:27,989 [salt.minion      ][INFO    ][16152] Returning information for job: 20170928094012461501
2017-09-28 09:43:09,966 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command pillar.get with jid 20170928094309960988
2017-09-28 09:43:09,990 [salt.minion      ][INFO    ][16991] Starting a new job with PID 16991
2017-09-28 09:43:09,995 [salt.minion      ][INFO    ][16991] Returning information for job: 20170928094309960988
2017-09-28 10:19:43,090 [salt.utils.schedule][INFO    ][14972] Running scheduled job: __mine_interval
2017-09-28 10:48:44,758 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928104844753706
2017-09-28 10:48:44,785 [salt.minion      ][INFO    ][20015] Starting a new job with PID 20015
2017-09-28 10:48:47,385 [salt.state       ][INFO    ][20015] Loading fresh modules for state activity
2017-09-28 10:48:47,420 [salt.fileclient  ][INFO    ][20015] Fetching file from saltenv 'base', ** done ** 'memcached/init.sls'
2017-09-28 10:48:47,441 [salt.fileclient  ][INFO    ][20015] Fetching file from saltenv 'base', ** done ** 'memcached/server.sls'
2017-09-28 10:48:47,460 [salt.fileclient  ][INFO    ][20015] Fetching file from saltenv 'base', ** done ** 'memcached/map.jinja'
2017-09-28 10:48:47,761 [salt.state       ][INFO    ][20015] Running state [python-memcache] at time 10:48:47.760689
2017-09-28 10:48:47,761 [salt.state       ][INFO    ][20015] Executing state pkg.installed for python-memcache
2017-09-28 10:48:47,762 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 10:48:48,243 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 10:48:50,736 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-memcache'] in directory '/root'
2017-09-28 10:48:53,283 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 10:48:53,308 [salt.state       ][INFO    ][20015] Made the following changes:
'python-memcache' changed from 'absent' to '1.57-1'

2017-09-28 10:48:53,323 [salt.state       ][INFO    ][20015] Loading fresh modules for state activity
2017-09-28 10:48:53,337 [salt.state       ][INFO    ][20015] Completed state [python-memcache] at time 10:48:53.337391 duration_in_ms=5576.701
2017-09-28 10:48:53,344 [salt.state       ][INFO    ][20015] Running state [memcached] at time 10:48:53.343890
2017-09-28 10:48:53,344 [salt.state       ][INFO    ][20015] Executing state pkg.installed for memcached
2017-09-28 10:48:53,549 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'memcached'] in directory '/root'
2017-09-28 10:48:54,851 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928104854846002
2017-09-28 10:48:54,867 [salt.minion      ][INFO    ][20527] Starting a new job with PID 20527
2017-09-28 10:48:54,883 [salt.minion      ][INFO    ][20527] Returning information for job: 20170928104854846002
2017-09-28 10:48:59,002 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 10:48:59,022 [salt.state       ][INFO    ][20015] Made the following changes:
'memcached' changed from 'absent' to '1.4.25-2ubuntu1.2'

2017-09-28 10:48:59,030 [salt.state       ][INFO    ][20015] Loading fresh modules for state activity
2017-09-28 10:48:59,045 [salt.state       ][INFO    ][20015] Completed state [memcached] at time 10:48:59.044824 duration_in_ms=5700.934
2017-09-28 10:48:59,100 [salt.state       ][INFO    ][20015] Running state [/etc/memcached.conf] at time 10:48:59.099886
2017-09-28 10:48:59,100 [salt.state       ][INFO    ][20015] Executing state file.managed for /etc/memcached.conf
2017-09-28 10:48:59,133 [salt.fileclient  ][INFO    ][20015] Fetching file from saltenv 'base', ** done ** 'memcached/files/memcached.conf'
2017-09-28 10:48:59,154 [salt.fileclient  ][INFO    ][20015] Fetching file from saltenv 'base', ** done ** 'memcached/map.jinja'
2017-09-28 10:48:59,161 [salt.state       ][INFO    ][20015] File changed:
--- 
+++ 
@@ -1,11 +1,10 @@
+
 # memcached default config file
 # 2003 - Jay Bonci <jaybonci@debian.org>
-# This configuration file is read by the start-memcached script provided as
-# part of the Debian GNU/Linux distribution.
+# This configuration file is read by the start-memcached script provided as part of the Debian GNU/Linux distribution. 
 
 # Run memcached as a daemon. This command is implied, and is not needed for the
-# daemon to run. See the README.Debian that comes with this package for more
-# information.
+# daemon to run. See the README.Debian that comes with this package for more information.
 -d
 
 # Log memcached's output to /var/log/memcached
@@ -18,13 +17,13 @@
 # -vv
 
 # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
-# Note that the daemon will grow to this size, but does not start out holding this much
-# memory
+# Note that the daemon will grow to this size, but does not start out holding this much memory
 -m 64
 
 # Default connection port is 11211
 -p 11211
 
+-U 11211
 # Run the daemon as root. The start-memcached will default to running as root if no
 # -u command is present in this config file
 -u memcache
@@ -32,10 +31,12 @@
 # Specify which IP address to listen on. The default is to listen on all IP addresses
 # This parameter is one of the only security measures that memcached has, so make sure
 # it's listening on a firewalled interface.
--l 127.0.0.1
+-l 0.0.0.0
 
 # Limit the number of simultaneous incoming connections. The daemon default is 1024
 # -c 1024
+# Mirantis
+-c 8192
 
 # Lock down all paged memory. Consult with the README and homepage before you do this
 # -k
@@ -45,3 +46,6 @@
 
 # Maximize core file limit
 # -r
+
+# Number of threads to use to process incoming requests.
+-t 1
2017-09-28 10:48:59,165 [salt.state       ][INFO    ][20015] Completed state [/etc/memcached.conf] at time 10:48:59.164509 duration_in_ms=64.624
2017-09-28 10:48:59,228 [salt.state       ][INFO    ][20015] Running state [memcached] at time 10:48:59.228109
2017-09-28 10:48:59,228 [salt.state       ][INFO    ][20015] Executing state service.running for memcached
2017-09-28 10:48:59,230 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemctl', 'status', 'memcached.service', '-n', '0'] in directory '/root'
2017-09-28 10:48:59,241 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemctl', 'is-active', 'memcached.service'] in directory '/root'
2017-09-28 10:48:59,249 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemctl', 'is-enabled', 'memcached.service'] in directory '/root'
2017-09-28 10:48:59,258 [salt.state       ][INFO    ][20015] The service memcached is already running
2017-09-28 10:48:59,258 [salt.state       ][INFO    ][20015] Completed state [memcached] at time 10:48:59.258280 duration_in_ms=30.171
2017-09-28 10:48:59,259 [salt.state       ][INFO    ][20015] Running state [memcached] at time 10:48:59.258622
2017-09-28 10:48:59,259 [salt.state       ][INFO    ][20015] Executing state service.mod_watch for memcached
2017-09-28 10:48:59,260 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemctl', 'is-active', 'memcached.service'] in directory '/root'
2017-09-28 10:48:59,268 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemctl', 'is-enabled', 'memcached.service'] in directory '/root'
2017-09-28 10:48:59,278 [salt.loaded.int.module.cmdmod][INFO    ][20015] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'memcached.service'] in directory '/root'
2017-09-28 10:48:59,316 [salt.state       ][INFO    ][20015] {'memcached': True}
2017-09-28 10:48:59,317 [salt.state       ][INFO    ][20015] Completed state [memcached] at time 10:48:59.316640 duration_in_ms=58.017
2017-09-28 10:48:59,318 [salt.minion      ][INFO    ][20015] Returning information for job: 20170928104844753706
2017-09-28 10:50:59,220 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928105059226123
2017-09-28 10:50:59,244 [salt.minion      ][INFO    ][20742] Starting a new job with PID 20742
2017-09-28 10:51:01,224 [salt.state       ][INFO    ][20742] Loading fresh modules for state activity
2017-09-28 10:51:01,247 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/init.sls'
2017-09-28 10:51:01,264 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/proxy.sls'
2017-09-28 10:51:01,285 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/map.jinja'
2017-09-28 10:51:01,584 [salt.state       ][INFO    ][20742] Running state [haproxy] at time 10:51:01.584341
2017-09-28 10:51:01,585 [salt.state       ][INFO    ][20742] Executing state pkg.installed for haproxy
2017-09-28 10:51:01,586 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 10:51:02,059 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 10:51:09,311 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105109313474
2017-09-28 10:51:09,334 [salt.minion      ][INFO    ][21025] Starting a new job with PID 21025
2017-09-28 10:51:09,348 [salt.minion      ][INFO    ][21025] Returning information for job: 20170928105109313474
2017-09-28 10:51:19,406 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105119406826
2017-09-28 10:51:19,428 [salt.minion      ][INFO    ][21035] Starting a new job with PID 21035
2017-09-28 10:51:19,441 [salt.minion      ][INFO    ][21035] Returning information for job: 20170928105119406826
2017-09-28 10:51:29,536 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105129537835
2017-09-28 10:51:29,555 [salt.minion      ][INFO    ][21040] Starting a new job with PID 21040
2017-09-28 10:51:29,568 [salt.minion      ][INFO    ][21040] Returning information for job: 20170928105129537835
2017-09-28 10:51:39,555 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105139556167
2017-09-28 10:51:39,576 [salt.minion      ][INFO    ][21198] Starting a new job with PID 21198
2017-09-28 10:51:39,589 [salt.minion      ][INFO    ][21198] Returning information for job: 20170928105139556167
2017-09-28 10:51:49,772 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105149773478
2017-09-28 10:51:49,791 [salt.minion      ][INFO    ][21203] Starting a new job with PID 21203
2017-09-28 10:51:49,803 [salt.minion      ][INFO    ][21203] Returning information for job: 20170928105149773478
2017-09-28 10:51:59,837 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105159834173
2017-09-28 10:51:59,856 [salt.minion      ][INFO    ][21208] Starting a new job with PID 21208
2017-09-28 10:51:59,870 [salt.minion      ][INFO    ][21208] Returning information for job: 20170928105159834173
2017-09-28 10:52:10,067 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105210058480
2017-09-28 10:52:10,090 [salt.minion      ][INFO    ][21218] Starting a new job with PID 21218
2017-09-28 10:52:10,104 [salt.minion      ][INFO    ][21218] Returning information for job: 20170928105210058480
2017-09-28 10:52:20,299 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105220286647
2017-09-28 10:52:20,319 [salt.minion      ][INFO    ][21223] Starting a new job with PID 21223
2017-09-28 10:52:20,332 [salt.minion      ][INFO    ][21223] Returning information for job: 20170928105220286647
2017-09-28 10:52:30,527 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105230515986
2017-09-28 10:52:30,546 [salt.minion      ][INFO    ][21233] Starting a new job with PID 21233
2017-09-28 10:52:30,559 [salt.minion      ][INFO    ][21233] Returning information for job: 20170928105230515986
2017-09-28 10:52:40,754 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105240742160
2017-09-28 10:52:40,775 [salt.minion      ][INFO    ][21238] Starting a new job with PID 21238
2017-09-28 10:52:40,795 [salt.minion      ][INFO    ][21238] Returning information for job: 20170928105240742160
2017-09-28 10:52:50,799 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105250789593
2017-09-28 10:52:50,830 [salt.minion      ][INFO    ][21243] Starting a new job with PID 21243
2017-09-28 10:52:50,844 [salt.minion      ][INFO    ][21243] Returning information for job: 20170928105250789593
2017-09-28 10:53:00,844 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105300834311
2017-09-28 10:53:00,864 [salt.minion      ][INFO    ][21253] Starting a new job with PID 21253
2017-09-28 10:53:00,876 [salt.minion      ][INFO    ][21253] Returning information for job: 20170928105300834311
2017-09-28 10:53:03,826 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'haproxy'] in directory '/root'
2017-09-28 10:53:10,872 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928105310862199
2017-09-28 10:53:10,891 [salt.minion      ][INFO    ][21458] Starting a new job with PID 21458
2017-09-28 10:53:10,905 [salt.minion      ][INFO    ][21458] Returning information for job: 20170928105310862199
2017-09-28 10:53:12,482 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 10:53:12,504 [salt.state       ][INFO    ][20742] Made the following changes:
'haproxy' changed from 'absent' to '1.6.3-1ubuntu0.1'
'liblua5.3-0' changed from 'absent' to '5.3.1-1ubuntu2'

2017-09-28 10:53:12,513 [salt.state       ][INFO    ][20742] Loading fresh modules for state activity
2017-09-28 10:53:12,537 [salt.state       ][INFO    ][20742] Completed state [haproxy] at time 10:53:12.536476 duration_in_ms=130952.135
2017-09-28 10:53:12,538 [salt.state       ][INFO    ][20742] Running state [/etc/default/haproxy] at time 10:53:12.538419
2017-09-28 10:53:12,540 [salt.state       ][INFO    ][20742] Executing state file.managed for /etc/default/haproxy
2017-09-28 10:53:12,566 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/files/haproxy.default'
2017-09-28 10:53:12,569 [salt.state       ][INFO    ][20742] File changed:
--- 
+++ 
@@ -1,10 +1,5 @@
-# Defaults file for HAProxy
-#
-# This is sourced by both, the initscript and the systemd unit file, so do not
-# treat it as a shell script fragment.
 
-# Change the config file location if needed
-#CONFIG="/etc/haproxy/haproxy.cfg"
-
-# Add extra flags here, see haproxy(1) for a few options
+# Set ENABLED to 1 if you want the init script to start haproxy.
+ENABLED=1
+# Add extra flags here.
 #EXTRAOPTS="-de -m 16"

2017-09-28 10:53:12,572 [salt.state       ][INFO    ][20742] Completed state [/etc/default/haproxy] at time 10:53:12.571553 duration_in_ms=33.133
2017-09-28 10:53:12,572 [salt.state       ][INFO    ][20742] Running state [/etc/haproxy/haproxy.cfg] at time 10:53:12.572232
2017-09-28 10:53:12,573 [salt.state       ][INFO    ][20742] Executing state file.managed for /etc/haproxy/haproxy.cfg
2017-09-28 10:53:12,593 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/files/haproxy.cfg'
2017-09-28 10:53:12,694 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/map.jinja'
2017-09-28 10:53:12,704 [salt.state       ][INFO    ][20742] File changed:
--- 
+++ 
@@ -1,35 +1,176 @@
 global
-	log /dev/log	local0
-	log /dev/log	local1 notice
-	chroot /var/lib/haproxy
-	stats socket /run/haproxy/admin.sock mode 660 level admin
-	stats timeout 30s
-	user haproxy
-	group haproxy
-	daemon
-
-	# Default SSL material locations
-	ca-base /etc/ssl/certs
-	crt-base /etc/ssl/private
-
-	# Default ciphers to use on SSL-enabled listening sockets.
-	# For more information, see ciphers(1SSL). This list is from:
-	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
-	ssl-default-bind-options no-sslv3
+  log /dev/log  local0
+  log /dev/log  local1 notice
+  chroot /var/lib/haproxy
+  stats  socket /run/haproxy/admin.sock mode 660 level admin
+  stats timeout 30s
+  user  haproxy
+  group haproxy
+  daemon
+  pidfile  /var/run/haproxy.pid
+  spread-checks 4
+  tune.maxrewrite 1024
+  tune.bufsize 32768
+  maxconn  16000
+  # SSL options
+  ca-base /etc/haproxy/ssl
+  crt-base /etc/haproxy/ssl
+  tune.ssl.default-dh-param 2048
+  ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+  ssl-default-bind-options no-sslv3 no-tls-tickets
+  ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+  ssl-default-server-options no-sslv3 no-tls-tickets
 
 defaults
-	log	global
-	mode	http
-	option	httplog
-	option	dontlognull
-        timeout connect 5000
-        timeout client  50000
-        timeout server  50000
-	errorfile 400 /etc/haproxy/errors/400.http
-	errorfile 403 /etc/haproxy/errors/403.http
-	errorfile 408 /etc/haproxy/errors/408.http
-	errorfile 500 /etc/haproxy/errors/500.http
-	errorfile 502 /etc/haproxy/errors/502.http
-	errorfile 503 /etc/haproxy/errors/503.http
-	errorfile 504 /etc/haproxy/errors/504.http
+  log  global
+  mode http
+
+  maxconn 8000
+  option  redispatch
+  retries  3
+  stats  enable
+
+  timeout http-request 10s
+  timeout queue 1m
+  timeout connect 10s
+  timeout client 1m
+  timeout server 1m
+  timeout check 10s
+
+listen keystone_public_api
+  bind 10.167.4.10:5000 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:5000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:5000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:5000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen nova_api
+  bind 10.167.4.10:8774 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:8774 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8774 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8774 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen glare
+  bind 10.167.4.10:9494 
+  mode http
+  balance roundrobin
+  option  httplog
+  server ctl01 10.167.4.11:9494 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:9494 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:9494 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen nova_novnc
+  bind 10.167.4.10:6080 
+  mode http
+  balance roundrobin
+  option  httplog
+  server ctl01 10.167.4.11:6080 check
+  server ctl02 10.167.4.12:6080 check
+  server ctl03 10.167.4.13:6080 check
+
+listen keystone_admin_api
+  bind 10.167.4.10:35357 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:35357 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:35357 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:35357 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen glance_registry_api
+  bind 10.167.4.10:9191 
+  mode http
+  balance roundrobin
+  option  httplog
+  server ctl01 10.167.4.11:9191 check
+  server ctl02 10.167.4.12:9191 check
+  server ctl03 10.167.4.13:9191 check
+
+listen nova_placement_api
+  bind 10.167.4.10:8778 
+  
+  mode http
+  balance roundrobin
+  option httpclose
+  option httplog
+  option httpchk
+  http-check expect status 401
+  server ctl01 10.167.4.11:8778 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8778 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8778 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen heat_cloudwatch_api
+  bind 10.167.4.10:8003 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:8003 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8003 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8003 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen cinder_api
+  bind 10.167.4.10:8776 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:8776 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8776 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8776 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen designate_api
+  bind 10.167.4.10:9001 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:9001 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:9001 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen glance_api
+  bind 10.167.4.10:9292 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:9292 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:9292 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:9292 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen heat_api
+  bind 10.167.4.10:8004 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:8004 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8004 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8004 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen heat_cfn_api
+  bind 10.167.4.10:8000 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:8000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen nova_metadata_api
+  bind 10.167.4.10:8775 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:8775 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:8775 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:8775 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen neutron_api
+  bind 10.167.4.10:9696 
+  option  httpchk
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.11:9696 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.12:9696 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.13:9696 check inter 10s fastinter 2s downinter 3s rise 3 fall 3

2017-09-28 10:53:12,709 [salt.state       ][INFO    ][20742] Completed state [/etc/haproxy/haproxy.cfg] at time 10:53:12.709293 duration_in_ms=137.06
2017-09-28 10:53:12,710 [salt.state       ][INFO    ][20742] Running state [/etc/haproxy/ssl] at time 10:53:12.709851
2017-09-28 10:53:12,710 [salt.state       ][INFO    ][20742] Executing state file.directory for /etc/haproxy/ssl
2017-09-28 10:53:12,713 [salt.state       ][INFO    ][20742] {'/etc/haproxy/ssl': 'New Dir'}
2017-09-28 10:53:12,713 [salt.state       ][INFO    ][20742] Completed state [/etc/haproxy/ssl] at time 10:53:12.712913 duration_in_ms=3.061
2017-09-28 10:53:12,714 [salt.state       ][INFO    ][20742] Running state [haproxy_status_packages] at time 10:53:12.714206
2017-09-28 10:53:12,715 [salt.state       ][INFO    ][20742] Executing state pkg.installed for haproxy_status_packages
2017-09-28 10:53:12,897 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'socat'] in directory '/root'
2017-09-28 10:53:15,709 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 10:53:15,731 [salt.state       ][INFO    ][20742] Made the following changes:
'socat' changed from 'absent' to '1.7.3.1-1'

2017-09-28 10:53:15,739 [salt.state       ][INFO    ][20742] Loading fresh modules for state activity
2017-09-28 10:53:15,751 [salt.state       ][INFO    ][20742] Completed state [haproxy_status_packages] at time 10:53:15.751158 duration_in_ms=3036.952
2017-09-28 10:53:15,753 [salt.state       ][INFO    ][20742] Running state [/usr/bin/haproxy-status.sh] at time 10:53:15.753022
2017-09-28 10:53:15,753 [salt.state       ][INFO    ][20742] Executing state file.managed for /usr/bin/haproxy-status.sh
2017-09-28 10:53:15,773 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/files/haproxy-status.sh'
2017-09-28 10:53:15,790 [salt.fileclient  ][INFO    ][20742] Fetching file from saltenv 'base', ** done ** 'haproxy/map.jinja'
2017-09-28 10:53:15,796 [salt.state       ][INFO    ][20742] File changed:
New file
2017-09-28 10:53:15,796 [salt.state       ][INFO    ][20742] Completed state [/usr/bin/haproxy-status.sh] at time 10:53:15.796297 duration_in_ms=43.274
2017-09-28 10:53:15,798 [salt.state       ][INFO    ][20742] Running state [net.ipv4.ip_nonlocal_bind] at time 10:53:15.797556
2017-09-28 10:53:15,798 [salt.state       ][INFO    ][20742] Executing state sysctl.present for net.ipv4.ip_nonlocal_bind
2017-09-28 10:53:15,800 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command 'sysctl -a' in directory '/root'
2017-09-28 10:53:15,815 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command 'sysctl -w net.ipv4.ip_nonlocal_bind="1"' in directory '/root'
2017-09-28 10:53:15,824 [salt.state       ][INFO    ][20742] {'net.ipv4.ip_nonlocal_bind': 1}
2017-09-28 10:53:15,824 [salt.state       ][INFO    ][20742] Completed state [net.ipv4.ip_nonlocal_bind] at time 10:53:15.824191 duration_in_ms=26.633
2017-09-28 10:53:15,887 [salt.state       ][INFO    ][20742] Running state [haproxy] at time 10:53:15.887016
2017-09-28 10:53:15,887 [salt.state       ][INFO    ][20742] Executing state service.running for haproxy
2017-09-28 10:53:15,888 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemctl', 'status', 'haproxy.service', '-n', '0'] in directory '/root'
2017-09-28 10:53:15,899 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemctl', 'is-active', 'haproxy.service'] in directory '/root'
2017-09-28 10:53:15,912 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemctl', 'is-enabled', 'haproxy.service'] in directory '/root'
2017-09-28 10:53:15,921 [salt.state       ][INFO    ][20742] The service haproxy is already running
2017-09-28 10:53:15,921 [salt.state       ][INFO    ][20742] Completed state [haproxy] at time 10:53:15.920873 duration_in_ms=33.856
2017-09-28 10:53:15,921 [salt.state       ][INFO    ][20742] Running state [haproxy] at time 10:53:15.921039
2017-09-28 10:53:15,921 [salt.state       ][INFO    ][20742] Executing state service.mod_watch for haproxy
2017-09-28 10:53:15,922 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemctl', 'is-active', 'haproxy.service'] in directory '/root'
2017-09-28 10:53:15,931 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemctl', 'is-enabled', 'haproxy.service'] in directory '/root'
2017-09-28 10:53:15,941 [salt.loaded.int.module.cmdmod][INFO    ][20742] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'haproxy.service'] in directory '/root'
2017-09-28 10:53:15,981 [salt.state       ][INFO    ][20742] {'haproxy': True}
2017-09-28 10:53:15,981 [salt.state       ][INFO    ][20742] Completed state [haproxy] at time 10:53:15.980883 duration_in_ms=59.843
2017-09-28 10:53:15,982 [salt.minion      ][INFO    ][20742] Returning information for job: 20170928105059226123
2017-09-28 10:55:16,548 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command service.status with jid 20170928105516545906
2017-09-28 10:55:16,569 [salt.minion      ][INFO    ][21709] Starting a new job with PID 21709
2017-09-28 10:55:16,672 [salt.loaded.int.module.cmdmod][INFO    ][21709] Executing command ['systemctl', 'status', 'haproxy.service', '-n', '0'] in directory '/root'
2017-09-28 10:55:16,681 [salt.loaded.int.module.cmdmod][INFO    ][21709] Executing command ['systemctl', 'is-active', 'haproxy.service'] in directory '/root'
2017-09-28 10:55:16,689 [salt.minion      ][INFO    ][21709] Returning information for job: 20170928105516545906
2017-09-28 10:55:17,635 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command service.restart with jid 20170928105517632602
2017-09-28 10:55:17,657 [salt.minion      ][INFO    ][21717] Starting a new job with PID 21717
2017-09-28 10:55:17,776 [salt.loaded.int.module.cmdmod][INFO    ][21717] Executing command ['systemctl', 'status', 'rsyslog.service', '-n', '0'] in directory '/root'
2017-09-28 10:55:17,787 [salt.loaded.int.module.cmdmod][INFO    ][21717] Executing command ['systemctl', 'is-enabled', 'rsyslog.service'] in directory '/root'
2017-09-28 10:55:17,802 [salt.loaded.int.module.cmdmod][INFO    ][21717] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'rsyslog.service'] in directory '/root'
2017-09-28 10:55:17,833 [salt.minion      ][INFO    ][21717] Returning information for job: 20170928105517632602
2017-09-28 10:55:19,072 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928105519070221
2017-09-28 10:55:19,091 [salt.minion      ][INFO    ][21735] Starting a new job with PID 21735
2017-09-28 10:55:19,123 [salt.minion      ][INFO    ][21735] Returning information for job: 20170928105519070221
2017-09-28 11:09:51,995 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928110951991402
2017-09-28 11:09:52,011 [salt.minion      ][INFO    ][22433] Starting a new job with PID 22433
2017-09-28 11:09:53,695 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:09:53,721 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/server.sls'
2017-09-28 11:09:53,795 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:09:53,852 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/init.sls'
2017-09-28 11:09:53,873 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/init.sls'
2017-09-28 11:09:53,893 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/service/init.sls'
2017-09-28 11:09:53,916 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:09:53,952 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/service/modules.sls'
2017-09-28 11:09:53,973 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:09:54,006 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/service/mpm.sls'
2017-09-28 11:09:54,027 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:09:54,063 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/site.sls'
2017-09-28 11:09:54,114 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:09:54,145 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/users.sls'
2017-09-28 11:09:54,167 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:09:54,195 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/server/robots.sls'
2017-09-28 11:09:54,214 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:09:54,534 [salt.state       ][INFO    ][22433] Running state [apache2] at time 11:09:54.534284
2017-09-28 11:09:54,535 [salt.state       ][INFO    ][22433] Executing state pkg.installed for apache2
2017-09-28 11:09:54,535 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:09:54,994 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 11:09:57,531 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'apache2'] in directory '/root'
2017-09-28 11:10:02,041 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111002031921
2017-09-28 11:10:02,058 [salt.minion      ][INFO    ][22982] Starting a new job with PID 22982
2017-09-28 11:10:02,094 [salt.minion      ][INFO    ][22982] Returning information for job: 20170928111002031921
2017-09-28 11:10:12,216 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111012207429
2017-09-28 11:10:12,234 [salt.minion      ][INFO    ][23074] Starting a new job with PID 23074
2017-09-28 11:10:12,249 [salt.minion      ][INFO    ][23074] Returning information for job: 20170928111012207429
2017-09-28 11:10:22,376 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111022367155
2017-09-28 11:10:22,393 [salt.minion      ][INFO    ][23079] Starting a new job with PID 23079
2017-09-28 11:10:22,433 [salt.minion      ][INFO    ][23079] Returning information for job: 20170928111022367155
2017-09-28 11:10:29,774 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:10:29,796 [salt.state       ][INFO    ][22433] Made the following changes:
'httpd' changed from 'absent' to '1'
'libaprutil1' changed from 'absent' to '1.5.4-1build1'
'apache2-utils' changed from 'absent' to '2.4.18-2ubuntu3.5'
'libaprutil1-ldap' changed from 'absent' to '1.5.4-1build1'
'apache2-api-20120211' changed from 'absent' to '1'
'libapr1' changed from 'absent' to '1.5.2-3'
'apache2-data' changed from 'absent' to '2.4.18-2ubuntu3.5'
'apache2' changed from 'absent' to '2.4.18-2ubuntu3.5'
'liblua5.1-0' changed from 'absent' to '5.1.5-8ubuntu1'
'libaprutil1-dbd-sqlite3' changed from 'absent' to '1.5.4-1build1'
'httpd-cgi' changed from 'absent' to '1'
'ssl-cert' changed from 'absent' to '1.0.37'
'apache2-bin' changed from 'absent' to '2.4.18-2ubuntu3.5'

2017-09-28 11:10:29,806 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:10:29,821 [salt.state       ][INFO    ][22433] Completed state [apache2] at time 11:10:29.820623 duration_in_ms=35286.339
2017-09-28 11:10:29,822 [salt.state       ][INFO    ][22433] Running state [a2enmod ssl] at time 11:10:29.822155
2017-09-28 11:10:29,823 [salt.state       ][INFO    ][22433] Executing state cmd.run for a2enmod ssl
2017-09-28 11:10:29,824 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command 'a2enmod ssl' in directory '/root'
2017-09-28 11:10:29,861 [salt.state       ][INFO    ][22433] {'pid': 23488, 'retcode': 0, 'stderr': '', 'stdout': 'Considering dependency setenvif for ssl:\nModule setenvif already enabled\nConsidering dependency mime for ssl:\nModule mime already enabled\nConsidering dependency socache_shmcb for ssl:\nEnabling module socache_shmcb.\nEnabling module ssl.\nSee /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.\nTo activate the new configuration, you need to run:\n  service apache2 restart'}
2017-09-28 11:10:29,862 [salt.state       ][INFO    ][22433] Completed state [a2enmod ssl] at time 11:10:29.861544 duration_in_ms=39.388
2017-09-28 11:10:29,863 [salt.state       ][INFO    ][22433] Running state [a2enmod rewrite] at time 11:10:29.862632
2017-09-28 11:10:29,863 [salt.state       ][INFO    ][22433] Executing state cmd.run for a2enmod rewrite
2017-09-28 11:10:29,864 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command 'a2enmod rewrite' in directory '/root'
2017-09-28 11:10:29,898 [salt.state       ][INFO    ][22433] {'pid': 23510, 'retcode': 0, 'stderr': '', 'stdout': 'Enabling module rewrite.\nTo activate the new configuration, you need to run:\n  service apache2 restart'}
2017-09-28 11:10:29,898 [salt.state       ][INFO    ][22433] Completed state [a2enmod rewrite] at time 11:10:29.898091 duration_in_ms=35.459
2017-09-28 11:10:29,905 [salt.state       ][INFO    ][22433] Running state [libapache2-mod-wsgi] at time 11:10:29.904527
2017-09-28 11:10:29,905 [salt.state       ][INFO    ][22433] Executing state pkg.installed for libapache2-mod-wsgi
2017-09-28 11:10:30,097 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libapache2-mod-wsgi'] in directory '/root'
2017-09-28 11:10:32,564 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111032556684
2017-09-28 11:10:32,582 [salt.minion      ][INFO    ][23568] Starting a new job with PID 23568
2017-09-28 11:10:32,596 [salt.minion      ][INFO    ][23568] Returning information for job: 20170928111032556684
2017-09-28 11:10:37,752 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:10:37,774 [salt.state       ][INFO    ][22433] Made the following changes:
'libapache2-mod-wsgi' changed from 'absent' to '4.3.0-1.1build1'
'httpd-wsgi' changed from 'absent' to '1'
'libpython2.7' changed from 'absent' to '2.7.12-1ubuntu0~16.04.1'

2017-09-28 11:10:37,782 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:10:37,795 [salt.state       ][INFO    ][22433] Completed state [libapache2-mod-wsgi] at time 11:10:37.795372 duration_in_ms=7890.845
2017-09-28 11:10:37,797 [salt.state       ][INFO    ][22433] Running state [a2enmod wsgi] at time 11:10:37.796887
2017-09-28 11:10:37,797 [salt.state       ][INFO    ][22433] Executing state cmd.run for a2enmod wsgi
2017-09-28 11:10:37,797 [salt.state       ][INFO    ][22433] /etc/apache2/mods-enabled/wsgi.load exists
2017-09-28 11:10:37,798 [salt.state       ][INFO    ][22433] Completed state [a2enmod wsgi] at time 11:10:37.797548 duration_in_ms=0.661
2017-09-28 11:10:37,799 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 11:10:37.798839
2017-09-28 11:10:37,799 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/mods-enabled/mpm_prefork.load
2017-09-28 11:10:37,799 [salt.state       ][INFO    ][22433] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2017-09-28 11:10:37,799 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 11:10:37.799380 duration_in_ms=0.541
2017-09-28 11:10:37,800 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 11:10:37.799542
2017-09-28 11:10:37,800 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/mods-enabled/mpm_prefork.conf
2017-09-28 11:10:37,800 [salt.state       ][INFO    ][22433] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2017-09-28 11:10:37,800 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 11:10:37.800047 duration_in_ms=0.505
2017-09-28 11:10:37,800 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 11:10:37.800198
2017-09-28 11:10:37,800 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/mods-enabled/mpm_worker.load
2017-09-28 11:10:37,801 [salt.state       ][INFO    ][22433] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2017-09-28 11:10:37,801 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 11:10:37.800739 duration_in_ms=0.541
2017-09-28 11:10:37,801 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 11:10:37.800896
2017-09-28 11:10:37,801 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/mods-enabled/mpm_worker.conf
2017-09-28 11:10:37,801 [salt.state       ][INFO    ][22433] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2017-09-28 11:10:37,801 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 11:10:37.801382 duration_in_ms=0.486
2017-09-28 11:10:37,803 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 11:10:37.802814
2017-09-28 11:10:37,803 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/apache2/mods-available/mpm_event.conf
2017-09-28 11:10:37,830 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/mpm/mpm_event.conf'
2017-09-28 11:10:37,852 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:10:37,876 [salt.state       ][INFO    ][22433] File changed:
--- 
+++ 
@@ -5,14 +5,15 @@
 # ThreadsPerChild: constant number of worker threads in each server process
 # MaxRequestWorkers: maximum number of worker threads
 # MaxConnectionsPerChild: maximum number of requests a server process serves
+
 <IfModule mpm_event_module>
-	StartServers			 2
-	MinSpareThreads		 25
-	MaxSpareThreads		 75
-	ThreadLimit			 64
-	ThreadsPerChild		 25
-	MaxRequestWorkers	  150
-	MaxConnectionsPerChild   0
+    StartServers            5
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
 </IfModule>
 
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# vim: syntax=apache ts=4 sw=4 sts=4 sr et

2017-09-28 11:10:37,876 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 11:10:37.875738 duration_in_ms=72.923
2017-09-28 11:10:37,876 [salt.state       ][INFO    ][22433] Running state [a2enmod mpm_event] at time 11:10:37.876467
2017-09-28 11:10:37,877 [salt.state       ][INFO    ][22433] Executing state cmd.run for a2enmod mpm_event
2017-09-28 11:10:37,877 [salt.state       ][INFO    ][22433] /etc/apache2/mods-enabled/mpm_event.load exists
2017-09-28 11:10:37,877 [salt.state       ][INFO    ][22433] Completed state [a2enmod mpm_event] at time 11:10:37.877136 duration_in_ms=0.669
2017-09-28 11:10:37,877 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/ports.conf] at time 11:10:37.877471
2017-09-28 11:10:37,878 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/apache2/ports.conf
2017-09-28 11:10:37,896 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/ports.conf'
2017-09-28 11:10:37,914 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:10:37,934 [salt.state       ][INFO    ][22433] File /etc/apache2/ports.conf is in the correct state
2017-09-28 11:10:37,934 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/ports.conf] at time 11:10:37.933795 duration_in_ms=56.324
2017-09-28 11:10:37,934 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/conf-available/security.conf] at time 11:10:37.934198
2017-09-28 11:10:37,934 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/apache2/conf-available/security.conf
2017-09-28 11:10:37,951 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/security.conf'
2017-09-28 11:10:37,972 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:10:37,987 [salt.state       ][INFO    ][22433] File changed:
--- 
+++ 
@@ -1,73 +1,14 @@
-#
-# Disable access to the entire file system except for the directories that
-# are explicitly allowed later.
-#
-# This currently breaks the configurations that come with some web application
-# Debian packages.
-#
-#<Directory />
-#   AllowOverride None
-#   Require all denied
-#</Directory>
+ServerSignature Off
+TraceEnable Off
+ServerTokens Prod
+<DirectoryMatch "/\.svn">
+    Require all denied
+</DirectoryMatch>
 
+<DirectoryMatch "/\.git">
+    Require all denied
+</DirectoryMatch>
 
-# Changing the following options will not really affect the security of the
-# server, but might make attacks slightly more difficult in some cases.
-
-#
-# ServerTokens
-# This directive configures what you return as the Server HTTP response
-# Header. The default is 'Full' which sends information about the OS-Type
-# and compiled in modules.
-# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
-# where Full conveys the most information, and Prod the least.
-#ServerTokens Minimal
-ServerTokens OS
-#ServerTokens Full
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of:  On | Off | EMail
-#ServerSignature Off
-ServerSignature On
-
-#
-# Allow TRACE method
-#
-# Set to "extended" to also reflect the request body (only for testing and
-# diagnostic purposes).
-#
-# Set to one of:  On | Off | extended
-TraceEnable Off
-#TraceEnable On
-
-#
-# Forbid access to version control directories
-#
-# If you use version control systems in your document root, you should
-# probably deny access to their directories. For example, for subversion:
-#
-#<DirectoryMatch "/\.svn">
-#   Require all denied
-#</DirectoryMatch>
-
-#
-# Setting this header will prevent MSIE from interpreting files as something
-# else than declared by the content type in the HTTP headers.
-# Requires mod_headers to be enabled.
-#
-#Header set X-Content-Type-Options: "nosniff"
-
-#
-# Setting this header will prevent other sites from embedding pages from this
-# site as frames. This defends against clickjacking attacks.
-# Requires mod_headers to be enabled.
-#
-#Header set X-Frame-Options: "sameorigin"
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+<DirectoryMatch "/\.hg">
+    Require all denied
+</DirectoryMatch>

2017-09-28 11:10:37,993 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/conf-available/security.conf] at time 11:10:37.993093 duration_in_ms=58.894
2017-09-28 11:10:38,073 [salt.state       ][INFO    ][22433] Running state [keystone] at time 11:10:38.072629
2017-09-28 11:10:38,073 [salt.state       ][INFO    ][22433] Executing state group.present for keystone
2017-09-28 11:10:38,075 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command 'groupadd -g 301 -r keystone' in directory '/root'
2017-09-28 11:10:38,297 [salt.state       ][INFO    ][22433] {'passwd': 'x', 'gid': 301, 'name': 'keystone', 'members': []}
2017-09-28 11:10:38,298 [salt.state       ][INFO    ][22433] Completed state [keystone] at time 11:10:38.298062 duration_in_ms=225.432
2017-09-28 11:10:38,299 [salt.state       ][INFO    ][22433] Running state [keystone] at time 11:10:38.298745
2017-09-28 11:10:38,299 [salt.state       ][INFO    ][22433] Executing state user.present for keystone
2017-09-28 11:10:38,303 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['useradd', '-s', '/bin/false', '-u', '301', '-g', '301', '-m', '-d', '/var/lib/keystone', '-r', 'keystone'] in directory '/root'
2017-09-28 11:10:38,645 [salt.state       ][INFO    ][22433] {'shell': '/bin/false', 'workphone': '', 'uid': 301, 'passwd': 'x', 'roomnumber': '', 'groups': ['keystone'], 'home': '/var/lib/keystone', 'name': 'keystone', 'gid': 301, 'fullname': '', 'homephone': ''}
2017-09-28 11:10:38,645 [salt.state       ][INFO    ][22433] Completed state [keystone] at time 11:10:38.645227 duration_in_ms=346.479
2017-09-28 11:10:38,646 [salt.state       ][INFO    ][22433] Running state [mysql-client] at time 11:10:38.646114
2017-09-28 11:10:38,647 [salt.state       ][INFO    ][22433] Executing state pkg.installed for mysql-client
2017-09-28 11:10:38,798 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'mysql-client'] in directory '/root'
2017-09-28 11:10:42,738 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111042729883
2017-09-28 11:10:42,755 [salt.minion      ][INFO    ][23840] Starting a new job with PID 23840
2017-09-28 11:10:42,798 [salt.minion      ][INFO    ][23840] Returning information for job: 20170928111042729883
2017-09-28 11:10:49,744 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:10:49,771 [salt.state       ][INFO    ][22433] Made the following changes:
'mysql-client' changed from 'absent' to '5.7.19-0ubuntu0.16.04.1'
'libaio1' changed from 'absent' to '0.3.110-2'
'mysql-common-5.6' changed from 'absent' to '1'
'mysql-client-core-5.7' changed from 'absent' to '5.7.19-0ubuntu0.16.04.1'
'mysql-client-5.7' changed from 'absent' to '5.7.19-0ubuntu0.16.04.1'
'virtual-mysql-client-core' changed from 'absent' to '1'
'mysql-common' changed from 'absent' to '5.7.19-0ubuntu0.16.04.1'
'virtual-mysql-client' changed from 'absent' to '1'
'libnuma1' changed from 'absent' to '2.0.11-1ubuntu1'

2017-09-28 11:10:49,781 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:10:49,797 [salt.state       ][INFO    ][22433] Completed state [mysql-client] at time 11:10:49.796773 duration_in_ms=11150.658
2017-09-28 11:10:49,803 [salt.state       ][INFO    ][22433] Running state [python-keystoneclient] at time 11:10:49.803434
2017-09-28 11:10:49,804 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-keystoneclient
2017-09-28 11:10:50,023 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-keystoneclient'] in directory '/root'
2017-09-28 11:10:52,947 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111052939407
2017-09-28 11:10:52,961 [salt.minion      ][INFO    ][23949] Starting a new job with PID 23949
2017-09-28 11:10:52,974 [salt.minion      ][INFO    ][23949] Returning information for job: 20170928111052939407
2017-09-28 11:11:03,137 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111103129576
2017-09-28 11:11:03,156 [salt.minion      ][INFO    ][24090] Starting a new job with PID 24090
2017-09-28 11:11:03,234 [salt.minion      ][INFO    ][24090] Returning information for job: 20170928111103129576
2017-09-28 11:11:13,181 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111113175144
2017-09-28 11:11:13,201 [salt.minion      ][INFO    ][24255] Starting a new job with PID 24255
2017-09-28 11:11:13,213 [salt.minion      ][INFO    ][24255] Returning information for job: 20170928111113175144
2017-09-28 11:11:23,379 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111123372298
2017-09-28 11:11:23,399 [salt.minion      ][INFO    ][24396] Starting a new job with PID 24396
2017-09-28 11:11:23,411 [salt.minion      ][INFO    ][24396] Returning information for job: 20170928111123372298
2017-09-28 11:11:33,584 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111133579768
2017-09-28 11:11:33,601 [salt.minion      ][INFO    ][24401] Starting a new job with PID 24401
2017-09-28 11:11:33,619 [salt.minion      ][INFO    ][24401] Returning information for job: 20170928111133579768
2017-09-28 11:11:43,601 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:11:43,629 [salt.state       ][INFO    ][22433] Made the following changes:
'python2.7-netifaces' changed from 'absent' to '1'
'python-wrapt' changed from 'absent' to '1.8.0-5build2'
'python-tz' changed from 'absent' to '2014.10~dfsg1-0ubuntu2'
'liblcms2-2' changed from 'absent' to '2.6-3ubuntu2'
'libtiff5' changed from 'absent' to '4.0.6-1ubuntu0.2'
'libjpeg-turbo8' changed from 'absent' to '1.4.2-0ubuntu3'
'python-lxml' changed from 'absent' to '3.5.0-1build1'
'python-oslo.config' changed from 'absent' to '1:3.9.0-3'
'python-secretstorage' changed from 'absent' to '2.1.3-1'
'python-pygments' changed from 'absent' to '2.1+dfsg-1'
'libwebp5' changed from 'absent' to '0.4.4-1'
'libpaper1' changed from 'absent' to '1.1.24+nmu4ubuntu1'
'python2.7-gi' changed from 'absent' to '1'
'python-netifaces' changed from 'absent' to '0.10.4-0.1build2'
'docutils' changed from 'absent' to '1'
'ieee-data' changed from 'absent' to '20150531.1'
'python-debtcollector' changed from 'absent' to '1.3.0-2'
'python-gi' changed from 'absent' to '3.20.0-0ubuntu1'
'python-roman' changed from 'absent' to '2.0.0-2'
'libpaper-utils' changed from 'absent' to '1.1.24+nmu4ubuntu1'
'python-bs4' changed from 'absent' to '4.4.1-1'
'python-pillow' changed from 'absent' to '1'
'python2.7-lxml' changed from 'absent' to '1'
'python-oslo.serialization' changed from 'absent' to '2.4.0-2'
'python-oslo.utils' changed from 'absent' to '3.8.0-2'
'python-keystoneclient' changed from 'absent' to '1:2.3.1-2'
'python-funcsigs' changed from 'absent' to '0.4-2'
'python2.7-dbus' changed from 'absent' to '1'
'python-keystoneauth1' changed from 'absent' to '2.4.1-1ubuntu0.16.04.1'
'libjbig0' changed from 'absent' to '2.1-3.1'
'docutils-doc' changed from 'absent' to '0.12+dfsg-1'
'python-dbus' changed from 'absent' to '1.2.0-3'
'python2.7-iso8601' changed from 'absent' to '1'
'python-keyring' changed from 'absent' to '7.3-1ubuntu1'
'libxslt1.1' changed from 'absent' to '1.1.28-2.1ubuntu0.1'
'python-monotonic' changed from 'absent' to '0.6-2'
'python-docutils' changed from 'absent' to '0.12+dfsg-1'
'python2.7-pil' changed from 'absent' to '1'
'libpaperg' changed from 'absent' to '1'
'python-stevedore' changed from 'absent' to '1.12.0-1'
'python-babel-localedata' changed from 'absent' to '1.3+dfsg.1-6'
'python-positional' changed from 'absent' to '1.0.1-2'
'python-prettytable' changed from 'absent' to '0.7.2-3'
'python-pbr' changed from 'absent' to '1.8.0-4ubuntu1'
'python-netaddr' changed from 'absent' to '0.7.18-1'
'python-oslo.i18n' changed from 'absent' to '3.5.0-2'
'python-oslo-utils' changed from 'absent' to '1'
'python-babel' changed from 'absent' to '1.3+dfsg.1-6'
'python-html5lib' changed from 'absent' to '0.999-4'
'python-pil' changed from 'absent' to '3.1.2-0ubuntu1.1'
'libjpeg8' changed from 'absent' to '8c-2ubuntu8'
'docutils-common' changed from 'absent' to '0.12+dfsg-1'
'python-iso8601' changed from 'absent' to '0.1.11-1'
'libwebpmux1' changed from 'absent' to '0.4.4-1'

2017-09-28 11:11:43,642 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:11:43,655 [salt.state       ][INFO    ][22433] Completed state [python-keystoneclient] at time 11:11:43.654720 duration_in_ms=53851.285
2017-09-28 11:11:43,662 [salt.state       ][INFO    ][22433] Running state [python-mysqldb] at time 11:11:43.662188
2017-09-28 11:11:43,662 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-mysqldb
2017-09-28 11:11:43,975 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111143795953
2017-09-28 11:11:43,993 [salt.minion      ][INFO    ][24766] Starting a new job with PID 24766
2017-09-28 11:11:44,005 [salt.minion      ][INFO    ][24766] Returning information for job: 20170928111143795953
2017-09-28 11:11:44,143 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-mysqldb'] in directory '/root'
2017-09-28 11:11:47,566 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:11:47,594 [salt.state       ][INFO    ][22433] Made the following changes:
'python2.7-mysqldb' changed from 'absent' to '1'
'libmysqlclient20' changed from 'absent' to '5.7.19-0ubuntu0.16.04.1'
'python-mysqldb' changed from 'absent' to '1.3.7-1build2'

2017-09-28 11:11:47,603 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:11:47,621 [salt.state       ][INFO    ][22433] Completed state [python-mysqldb] at time 11:11:47.620534 duration_in_ms=3958.346
2017-09-28 11:11:47,626 [salt.state       ][INFO    ][22433] Running state [python-openstackclient] at time 11:11:47.626307
2017-09-28 11:11:47,627 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-openstackclient
2017-09-28 11:11:47,841 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-openstackclient'] in directory '/root'
2017-09-28 11:11:53,985 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111153981081
2017-09-28 11:11:54,002 [salt.minion      ][INFO    ][24989] Starting a new job with PID 24989
2017-09-28 11:11:54,016 [salt.minion      ][INFO    ][24989] Returning information for job: 20170928111153981081
2017-09-28 11:12:01,330 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:12:01,356 [salt.state       ][INFO    ][22433] Made the following changes:
'python-novaclient' changed from 'absent' to '2:3.3.1-2ubuntu1'
'python-mock' changed from 'absent' to '1.3.0-2.1ubuntu1'
'python-warlock' changed from 'absent' to '1.1.0-1'
'python-unicodecsv' changed from 'absent' to '0.14.1-1'
'python-simplejson' changed from 'absent' to '3.8.1-1ubuntu2'
'python2.7-pyparsing' changed from 'absent' to '1'
'python-jsonpatch' changed from 'absent' to '1.19-3'
'python-openstacksdk' changed from 'absent' to '0.8.1-2'
'python-appdirs' changed from 'absent' to '1.4.0-2'
'python-pyparsing' changed from 'absent' to '2.0.3+dfsg1-1ubuntu0.1'
'python-glanceclient' changed from 'absent' to '1:2.0.0-2ubuntu0.16.04.1'
'python-functools32' changed from 'absent' to '3.2.3.2-2'
'python-cmd2' changed from 'absent' to '0.6.8-1'
'python-cliff' changed from 'absent' to '1.15.0-2ubuntu2'
'python-openstackclient' changed from 'absent' to '2.3.1-0ubuntu1'
'python2.7-simplejson' changed from 'absent' to '1'
'python-os-client-config' changed from 'absent' to '1.16.0-0ubuntu1'
'python-cinderclient' changed from 'absent' to '1:1.6.0-2ubuntu1'
'python-requestsexceptions' changed from 'absent' to '1.1.2-0ubuntu1'
'python-neutronclient' changed from 'absent' to '1:4.1.1-2'
'python2.7-cmd2' changed from 'absent' to '1'
'python-jsonschema' changed from 'absent' to '2.5.1-4'
'python2.7-cinderclient' changed from 'absent' to '1'
'python-json-pointer' changed from 'absent' to '1.9-3'

2017-09-28 11:12:01,366 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:12:01,379 [salt.state       ][INFO    ][22433] Completed state [python-openstackclient] at time 11:12:01.379391 duration_in_ms=13753.084
2017-09-28 11:12:01,385 [salt.state       ][INFO    ][22433] Running state [python-memcache] at time 11:12:01.384992
2017-09-28 11:12:01,385 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-memcache
2017-09-28 11:12:01,727 [salt.state       ][INFO    ][22433] Package python-memcache is already installed
2017-09-28 11:12:01,728 [salt.state       ][INFO    ][22433] Completed state [python-memcache] at time 11:12:01.727820 duration_in_ms=342.827
2017-09-28 11:12:01,729 [salt.state       ][INFO    ][22433] Running state [python-pycadf] at time 11:12:01.728533
2017-09-28 11:12:01,729 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-pycadf
2017-09-28 11:12:01,737 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-pycadf'] in directory '/root'
2017-09-28 11:12:04,208 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111204204936
2017-09-28 11:12:04,227 [salt.minion      ][INFO    ][25294] Starting a new job with PID 25294
2017-09-28 11:12:04,239 [salt.minion      ][INFO    ][25294] Returning information for job: 20170928111204204936
2017-09-28 11:12:04,291 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:12:04,318 [salt.state       ][INFO    ][22433] Made the following changes:
'pycadf-common' changed from 'absent' to '2.2.0-1'
'python-pycadf' changed from 'absent' to '2.2.0-1'

2017-09-28 11:12:04,327 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:12:04,342 [salt.state       ][INFO    ][22433] Completed state [python-pycadf] at time 11:12:04.341905 duration_in_ms=2613.372
2017-09-28 11:12:04,347 [salt.state       ][INFO    ][22433] Running state [python-six] at time 11:12:04.347046
2017-09-28 11:12:04,347 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-six
2017-09-28 11:12:04,559 [salt.state       ][INFO    ][22433] Package python-six is already installed
2017-09-28 11:12:04,560 [salt.state       ][INFO    ][22433] Completed state [python-six] at time 11:12:04.559474 duration_in_ms=212.428
2017-09-28 11:12:04,560 [salt.state       ][INFO    ][22433] Running state [keystone] at time 11:12:04.560142
2017-09-28 11:12:04,560 [salt.state       ][INFO    ][22433] Executing state pkg.installed for keystone
2017-09-28 11:12:04,568 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'keystone'] in directory '/root'
2017-09-28 11:12:14,229 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111214225507
2017-09-28 11:12:14,246 [salt.minion      ][INFO    ][25501] Starting a new job with PID 25501
2017-09-28 11:12:14,261 [salt.minion      ][INFO    ][25501] Returning information for job: 20170928111214225507
2017-09-28 11:12:24,253 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111224250592
2017-09-28 11:12:24,270 [salt.minion      ][INFO    ][25765] Starting a new job with PID 25765
2017-09-28 11:12:24,288 [salt.minion      ][INFO    ][25765] Returning information for job: 20170928111224250592
2017-09-28 11:12:34,287 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111234285169
2017-09-28 11:12:34,302 [salt.minion      ][INFO    ][26004] Starting a new job with PID 26004
2017-09-28 11:12:34,318 [salt.minion      ][INFO    ][26004] Returning information for job: 20170928111234285169
2017-09-28 11:12:44,539 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111244535891
2017-09-28 11:12:44,555 [salt.minion      ][INFO    ][26327] Starting a new job with PID 26327
2017-09-28 11:12:44,569 [salt.minion      ][INFO    ][26327] Returning information for job: 20170928111244535891
2017-09-28 11:12:54,564 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111254562555
2017-09-28 11:12:54,584 [salt.minion      ][INFO    ][26424] Starting a new job with PID 26424
2017-09-28 11:12:54,602 [salt.minion      ][INFO    ][26424] Returning information for job: 20170928111254562555
2017-09-28 11:12:58,034 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:12:58,063 [salt.state       ][INFO    ][22433] Made the following changes:
'python-routes' changed from 'absent' to '2.2-1ubuntu2'
'python-retrying' changed from 'absent' to '1.3.3-1'
'python-kombu' changed from 'absent' to '3.0.33-1ubuntu2'
'python-oslo.concurrency' changed from 'absent' to '3.7.1-0ubuntu1'
'python-oslo.service' changed from 'absent' to '1.8.0-1ubuntu1'
'python-sqlparse' changed from 'absent' to '0.1.18-1'
'xmlsec1' changed from 'absent' to '1.2.20-2ubuntu4'
'python-paste' changed from 'absent' to '1.7.5.1-6ubuntu3'
'python-formencode' changed from 'absent' to '1.3.0-0ubuntu5'
'python-futurist' changed from 'absent' to '0.13.0-2'
'python-fasteners' changed from 'absent' to '0.12.0-2ubuntu1'
'python-cachetools' changed from 'absent' to '1.1.5-1'
'python-linecache2' changed from 'absent' to '1.0.0-2'
'python-pastedeploy-tpl' changed from 'absent' to '1.5.2-1'
'python-oauthlib' changed from 'absent' to '1.0.3-1'
'python-oslo-db' changed from 'absent' to '1'
'python-blinker' changed from 'absent' to '1.3.dfsg2-1build1'
'python-pastescript' changed from 'absent' to '1.7.5-3build1'
'python-setuptools' changed from 'absent' to '20.7.0-1'
'python-pika-pool' changed from 'absent' to '0.1.3-1ubuntu1'
'python-webob' changed from 'absent' to '1.5.1-1'
'python-traceback2' changed from 'absent' to '1.4.0-3'
'python-testtools' changed from 'absent' to '1.8.1-0ubuntu1'
'python-anyjson' changed from 'absent' to '0.3.3-1build1'
'python-openid' changed from 'absent' to '2.2.5-6'
'python-pastedeploy' changed from 'absent' to '1.5.2-1'
'python-keystone' changed from 'absent' to '2:9.3.0-0ubuntu3'
'python-oslo.policy' changed from 'absent' to '1.6.0-2'
'python-contextlib2' changed from 'absent' to '0.5.1-1'
'python2.7-zope.interface' changed from 'absent' to '1'
'python-dnspython' changed from 'absent' to '1.12.0-1'
'libxmlsec1-openssl' changed from 'absent' to '1.2.20-2ubuntu4'
'python-alembic' changed from 'absent' to '0.8.2-3ubuntu1'
'python-dogpile.core' changed from 'absent' to '0.4.1+dfsg1-3'
'python-pysaml2' changed from 'absent' to '3.0.0-3ubuntu1.16.04.1'
'python-oslo.db' changed from 'absent' to '4.7.0-2ubuntu1'
'python2.7-sqlalchemy-ext' changed from 'absent' to '1'
'python-eventlet' changed from 'absent' to '0.18.4-1ubuntu1'
'python-unittest2' changed from 'absent' to '1.1.0-6.1'
'python-oslo.log' changed from 'absent' to '3.2.0-2'
'python-extras' changed from 'absent' to '0.0.3-3'
'python-pyinotify' changed from 'absent' to '0.9.6-0fakesync1'
'python-amqp' changed from 'absent' to '1.4.9-1'
'python-scgi' changed from 'absent' to '1.13-1.1build1'
'python-jwt' changed from 'absent' to '1.3.0-1ubuntu0.1'
'python-zope.interface' changed from 'absent' to '4.1.3-1build1'
'python-repoze.lru' changed from 'absent' to '0.6-6'
'python-posix-ipc' changed from 'absent' to '0.9.8-2build2'
'formencode-i18n' changed from 'absent' to '1.3.0-0ubuntu5'
'python2.7-keystone' changed from 'absent' to '1'
'python2.7-testtools' changed from 'absent' to '1'
'python-decorator' changed from 'absent' to '4.0.6-1'
'python-fixtures' changed from 'absent' to '1.3.1-2'
'python-oslo.messaging' changed from 'absent' to '4.6.1-2ubuntu2'
'keystone' changed from 'absent' to '2:9.3.0-0ubuntu3'
'python-tempita' changed from 'absent' to '0.5.2-1build1'
'python-oslo.middleware' changed from 'absent' to '3.8.0-2'
'python-dogpile.cache' changed from 'absent' to '0.5.7-1ubuntu1'
'python-pika' changed from 'absent' to '0.10.0-1'
'python-passlib' changed from 'absent' to '1.6.5-4'
'python-greenlet' changed from 'absent' to '0.4.9-2fakesync1'
'python-sqlalchemy-ext' changed from 'absent' to '1.0.11+ds1-1ubuntu2'
'python-oslo.context' changed from 'absent' to '2.2.0-2'
'libxmlsec1' changed from 'absent' to '1.2.20-2ubuntu4'
'python-oslo.cache' changed from 'absent' to '1.6.0-2'
'python-zopeinterface' changed from 'absent' to '1'
'python-defusedxml' changed from 'absent' to '0.4.1-2ubuntu0.16.04.1'
'python2.7-pyinotify' changed from 'absent' to '1'
'python-migrate' changed from 'absent' to '0.10.0-3ubuntu2'
'python-sqlalchemy' changed from 'absent' to '1.0.11+ds1-1ubuntu2'
'python-mimeparse' changed from 'absent' to '0.1.4-1build1'
'python-keystonemiddleware' changed from 'absent' to '4.4.1-0ubuntu1'
'python-distribute' changed from 'absent' to '1'
'python-zope' changed from 'absent' to '1'
'python-oslo-log' changed from 'absent' to '1'
'python-oslo-context' changed from 'absent' to '1'
'alembic' changed from 'absent' to '0.8.2-3ubuntu1'

2017-09-28 11:12:58,080 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:12:58,109 [salt.state       ][INFO    ][22433] Completed state [keystone] at time 11:12:58.108717 duration_in_ms=53548.574
2017-09-28 11:12:58,114 [salt.state       ][INFO    ][22433] Running state [gettext-base] at time 11:12:58.114457
2017-09-28 11:12:58,115 [salt.state       ][INFO    ][22433] Executing state pkg.installed for gettext-base
2017-09-28 11:12:58,325 [salt.state       ][INFO    ][22433] Package gettext-base is already installed
2017-09-28 11:12:58,325 [salt.state       ][INFO    ][22433] Completed state [gettext-base] at time 11:12:58.325191 duration_in_ms=210.734
2017-09-28 11:12:58,326 [salt.state       ][INFO    ][22433] Running state [python-psycopg2] at time 11:12:58.325788
2017-09-28 11:12:58,326 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-psycopg2
2017-09-28 11:12:58,334 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-psycopg2'] in directory '/root'
2017-09-28 11:13:02,689 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:13:02,718 [salt.state       ][INFO    ][22433] Made the following changes:
'python-psycopg2' changed from 'absent' to '2.6.1-1build2'
'python-egenix-mxtools' changed from 'absent' to '3.2.9-1'
'python-egenix-mxdatetime' changed from 'absent' to '3.2.9-1'
'libpq5' changed from 'absent' to '9.5.8-0ubuntu0.16.04.1'

2017-09-28 11:13:02,728 [salt.state       ][INFO    ][22433] Loading fresh modules for state activity
2017-09-28 11:13:02,740 [salt.state       ][INFO    ][22433] Completed state [python-psycopg2] at time 11:13:02.740155 duration_in_ms=4414.367
2017-09-28 11:13:02,747 [salt.state       ][INFO    ][22433] Running state [python-keystone] at time 11:13:02.746933
2017-09-28 11:13:02,747 [salt.state       ][INFO    ][22433] Executing state pkg.installed for python-keystone
2017-09-28 11:13:03,060 [salt.state       ][INFO    ][22433] Package python-keystone is already installed
2017-09-28 11:13:03,060 [salt.state       ][INFO    ][22433] Completed state [python-keystone] at time 11:13:03.060103 duration_in_ms=313.168
2017-09-28 11:13:03,061 [salt.state       ][INFO    ][22433] Running state [/etc/keystone/policy.json] at time 11:13:03.061182
2017-09-28 11:13:03,061 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/keystone/policy.json
2017-09-28 11:13:03,062 [salt.loaded.int.states.file][WARNING ][22433] State for file: /etc/keystone/policy.json - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2017-09-28 11:13:03,062 [salt.state       ][INFO    ][22433] {'group': 'keystone', 'user': 'keystone'}
2017-09-28 11:13:03,062 [salt.state       ][INFO    ][22433] Completed state [/etc/keystone/policy.json] at time 11:13:03.062348 duration_in_ms=1.166
2017-09-28 11:13:03,063 [salt.state       ][INFO    ][22433] Running state [/etc/keystone/keystone-paste.ini] at time 11:13:03.062675
2017-09-28 11:13:03,063 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/keystone/keystone-paste.ini
2017-09-28 11:13:03,095 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/files/ocata/keystone-paste.ini.Debian'
2017-09-28 11:13:03,098 [salt.state       ][INFO    ][22433] File changed:
--- 
+++ 
@@ -24,6 +24,12 @@
 use = egg:oslo.middleware#cors
 oslo_config_project = keystone
 
+[filter:http_proxy_to_wsgi]
+use = egg:oslo.middleware#http_proxy_to_wsgi
+
+[filter:healthcheck]
+use = egg:oslo.middleware#healthcheck
+
 [filter:ec2_extension]
 use = egg:keystone#ec2_extension
 
@@ -39,6 +45,9 @@
 [filter:sizelimit]
 use = egg:oslo.middleware#sizelimit
 
+[filter:osprofiler]
+use = egg:osprofiler#osprofiler
+
 [app:public_service]
 use = egg:keystone#public_service
 
@@ -51,17 +60,17 @@
 [pipeline:public_api]
 # The last item in this pipeline must be public_service or an equivalent
 # application. It cannot be a filter.
-pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service
 
 [pipeline:admin_api]
 # The last item in this pipeline must be admin_service or an equivalent
 # application. It cannot be a filter.
-pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service
 
 [pipeline:api_v3]
 # The last item in this pipeline must be service_v3 or an equivalent
 # application. It cannot be a filter.
-pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
 
 [app:public_version_service]
 use = egg:keystone#public_version_service
@@ -70,10 +79,10 @@
 use = egg:keystone#admin_version_service
 
 [pipeline:public_version_api]
-pipeline = cors sizelimit url_normalize public_version_service
+pipeline = healthcheck cors sizelimit osprofiler url_normalize public_version_service
 
 [pipeline:admin_version_api]
-pipeline = cors sizelimit url_normalize admin_version_service
+pipeline = healthcheck cors sizelimit osprofiler url_normalize admin_version_service
 
 [composite:main]
 use = egg:Paste#urlmap

2017-09-28 11:13:03,099 [salt.state       ][INFO    ][22433] Completed state [/etc/keystone/keystone-paste.ini] at time 11:13:03.098579 duration_in_ms=35.903
2017-09-28 11:13:03,099 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 11:13:03.098771
2017-09-28 11:13:03,099 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/sites-enabled/000-default.conf
2017-09-28 11:13:03,099 [salt.state       ][INFO    ][22433] {'removed': '/etc/apache2/sites-enabled/000-default.conf'}
2017-09-28 11:13:03,099 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 11:13:03.099363 duration_in_ms=0.592
2017-09-28 11:13:03,100 [salt.state       ][INFO    ][22433] Running state [/etc/keystone/keystone.conf] at time 11:13:03.099761
2017-09-28 11:13:03,100 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/keystone/keystone.conf
2017-09-28 11:13:03,152 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/files/ocata/keystone.conf.Debian'
2017-09-28 11:13:03,235 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:13:03,265 [salt.state       ][INFO    ][22433] File changed:
--- 
+++ 
@@ -1,76 +1,90 @@
+
 [DEFAULT]
 
 #
 # From keystone
 #
 
-# A "shared secret" that can be used to bootstrap Keystone. This "token" does
-# not represent a user, and carries no explicit authorization. If set to
-# `None`, the value is ignored and the `admin_token` log in mechanism is
-# effectively disabled. To completely disable `admin_token` in production
-# (highly recommended), remove AdminTokenAuthMiddleware from your paste
-# application pipelines (for example, in keystone-paste.ini). (string value)
+# Using this feature is *NOT* recommended. Instead, use the `keystone-manage
+# bootstrap` command. The value of this option is treated as a "shared secret"
+# that can be used to bootstrap Keystone through the API. This "token" does not
+# represent a user (it has no identity), and carries no explicit authorization
+# (it effectively bypasses most authorization checks). If set to `None`, the
+# value is ignored and the `admin_token` middleware is effectively disabled.
+# However, to completely disable `admin_token` in production (highly
+# recommended, as it presents a security risk), remove
+# `AdminTokenAuthMiddleware` (the `admin_token_auth` filter) from your paste
+# application pipelines (for example, in `keystone-paste.ini`). (string value)
 #admin_token = <None>
+admin_token=opnfv_secret
 
 # The base public endpoint URL for Keystone that is advertised to clients
 # (NOTE: this does NOT affect how Keystone listens for connections). Defaults
-# to the base host URL of the request. E.g. a request to
-# http://server:5000/v3/users will default to http://server:5000. You should
-# only need to set this value if the base URL contains a path (e.g. /prefix/v3)
-# or the endpoint should be found on a different server. (string value)
+# to the base host URL of the request. For example, if keystone receives a
+# request to `http://server:5000/v3/users`, then this will option will be
+# automatically treated as `http://server:5000`. You should only need to set
+# option if either the value of the base URL contains a path that keystone does
+# not automatically infer (`/prefix/v3`), or if the endpoint should be found on
+# a different host. (uri value)
 #public_endpoint = <None>
 
 # The base admin endpoint URL for Keystone that is advertised to clients (NOTE:
 # this does NOT affect how Keystone listens for connections). Defaults to the
-# base host URL of the request. E.g. a request to http://server:35357/v3/users
-# will default to http://server:35357. You should only need to set this value
-# if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be
-# found on a different server. (string value)
+# base host URL of the request. For example, if keystone receives a request to
+# `http://server:35357/v3/users`, then this will option will be automatically
+# treated as `http://server:35357`. You should only need to set option if
+# either the value of the base URL contains a path that keystone does not
+# automatically infer (`/prefix/v3`), or if the endpoint should be found on a
+# different host. (uri value)
 #admin_endpoint = <None>
 
 # Maximum depth of the project hierarchy, excluding the project acting as a
-# domain at the top of the hierarchy. WARNING: setting it to a large value may
-# adversely impact  performance. (integer value)
+# domain at the top of the hierarchy. WARNING: Setting it to a large value may
+# adversely impact performance. (integer value)
 #max_project_tree_depth = 5
 
 # Limit the sizes of user & project ID/names. (integer value)
 #max_param_size = 64
 
-# Similar to max_param_size, but provides an exception for token values.
-# (integer value)
-#max_token_size = 8192
-
-# Similar to the member_role_name option, this represents the default role ID
-# used to associate users with their default projects in the v2 API. This will
-# be used as the explicit role where one is not specified by the v2 API.
-# (string value)
+# Similar to `[DEFAULT] max_param_size`, but provides an exception for token
+# values. With Fernet tokens, this can be set as low as 255. With UUID tokens,
+# this should be set to 32). (integer value)
+#max_token_size = 255
+
+# Similar to the `[DEFAULT] member_role_name` option, this represents the
+# default role ID used to associate users with their default projects in the v2
+# API. This will be used as the explicit role where one is not specified by the
+# v2 API. You do not need to set this value unless you want keystone to use an
+# existing role with a different ID, other than the arbitrarily defined
+# `_member_` role (in which case, you should set `[DEFAULT] member_role_name`
+# as well). (string value)
 #member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab
 
-# This is the role name used in combination with the member_role_id option; see
-# that option for more detail. (string value)
+# This is the role name used in combination with the `[DEFAULT] member_role_id`
+# option; see that option for more detail. You do not need to set this option
+# unless you want keystone to use an existing role (in which case, you should
+# set `[DEFAULT] member_role_id` as well). (string value)
 #member_role_name = _member_
 
-# The value passed as the keyword "rounds" to passlib's encrypt method.
-# (integer value)
+# The value passed as the keyword "rounds" to passlib's encrypt method. This
+# option represents a trade off between security and performance. Higher values
+# lead to slower performance, but higher security. Changing this option will
+# only affect newly created passwords as existing password hashes already have
+# a fixed number of rounds applied, so it is safe to tune this option in a
+# running cluster. For more information, see
+# https://pythonhosted.org/passlib/password_hash_api.html#choosing-the-right-
+# rounds-value (integer value)
 # Minimum value: 1000
 # Maximum value: 100000
 #crypt_strength = 10000
 
-# The maximum number of entities that will be returned in a collection, with no
-# limit set by default. This global limit may be then overridden for a specific
-# driver, by specifying a list_limit in the appropriate section (e.g.
-# [assignment]). (integer value)
+# The maximum number of entities that will be returned in a collection. This
+# global limit may be then overridden for a specific driver, by specifying a
+# list_limit in the appropriate section (for example, `[assignment]`). No limit
+# is set by default. In larger deployments, it is recommended that you set this
+# to a reasonable number to prevent operations like listing all users and
+# projects from placing an unnecessary load on the system. (integer value)
 #list_limit = <None>
-
-# Set this to false if you want to enable the ability for user, group and
-# project entities to be moved between domains by updating their domain_id.
-# Allowing such movement is not recommended if the scope of a domain admin is
-# being restricted by use of an appropriate policy file (see
-# policy.v3cloudsample as an example). This ability is deprecated and will be
-# removed in a future release. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#domain_id_immutable = true
 
 # If set to true, strict password length checking is performed for password
 # manipulation. If a password exceeds the maximum length, the operation will
@@ -78,36 +92,48 @@
 # automatically truncated to the maximum length. (boolean value)
 #strict_password_check = false
 
-# The HTTP header used to determine the scheme for the original request, even
-# if it was removed by an SSL terminating proxy. (string value)
+# DEPRECATED: The HTTP header used to determine the scheme for the original
+# request, even if it was removed by an SSL terminating proxy. (string value)
+# This option is deprecated for removal since N.
+# Its value may be silently ignored in the future.
+# Reason: This option has been deprecated in the N release and will be removed
+# in the P release. Use oslo.middleware.http_proxy_to_wsgi configuration
+# instead.
 #secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
-
-# If set to true the server will return information in the response that may
-# allow an unauthenticated or authenticated user to get more information than
-# normal, such as why authentication failed. This may be useful for debugging
-# but is insecure. (boolean value)
+secure_proxy_ssl_header = "HTTP_X_FORWARDED_PROTO"
+
+# If set to true, then the server will return information in HTTP responses
+# that may allow an unauthenticated or authenticated user to get more
+# information than normal, such as additional details about why authentication
+# failed. This may be useful for debugging but is insecure. (boolean value)
 #insecure_debug = false
 
-#
-# From keystone.notifications
-#
-
-# Default publisher_id for outgoing notifications (string value)
+# Default `publisher_id` for outgoing notifications. If left undefined,
+# Keystone will default to using the server's host name. (string value)
 #default_publisher_id = <None>
 
-# Define the notification format for Identity Service events. A "basic"
-# notification has information about the resource being operated on. A "cadf"
-# notification has the same information, as well as information about the
-# initiator of the event. (string value)
+# Define the notification format for identity service events. A `basic`
+# notification only has information about the resource being operated on. A
+# `cadf` notification has the same information, as well as information about
+# the initiator of the event. The `cadf` option is entirely backwards
+# compatible with the `basic` option, but is fully CADF-compliant, and is
+# recommended for auditing use cases. (string value)
 # Allowed values: basic, cadf
-#notification_format = basic
-
-# Define the notification options to opt-out from. The value expected is:
-# identity.<resource_type>.<operation>. This field can be set multiple times in
-# order to add more notifications to opt-out from. For example:
-#  notification_opt_out=identity.user.created
-#  notification_opt_out=identity.authenticate.success (multi valued)
-#notification_opt_out =
+#notification_format = cadf
+notification_format = basic
+
+# You can reduce the number of notifications keystone emits by explicitly
+# opting out. Keystone will not emit notifications that match the patterns
+# expressed in this list. Values are expected to be in the form of
+# `identity.<resource_type>.<operation>`. By default, all notifications related
+# to authentication are automatically suppressed. This field can be set
+# multiple times in order to opt-out of multiple notification topics. For
+# example, the following suppresses notifications describing user creation or
+# successful authentication events: notification_opt_out=identity.user.create
+# notification_opt_out=identity.authenticate.success (multi valued)
+#notification_opt_out = identity.authenticate.success
+#notification_opt_out = identity.authenticate.pending
+#notification_opt_out = identity.authenticate.failed
 
 #
 # From oslo.log
@@ -115,13 +141,16 @@
 
 # If set to true, the logging level will be set to DEBUG instead of the default
 # INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
-
-# If set to false, the logging level will be set to WARNING instead of the
-# default INFO level. (boolean value)
+debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
+verbose = true
 
 # The name of a logging configuration file. This file is appended to any
 # existing logging configuration files. For details about logging configuration
@@ -129,6 +158,7 @@
 # configuration files are used then all logging configuration is set in the
 # configuration file and other logging configuration options are ignored (for
 # example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
@@ -167,7 +197,7 @@
 
 # Log output to standard error. This option is ignored if log_config_append is
 # set. (boolean value)
-#use_stderr = true
+#use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
@@ -202,6 +232,18 @@
 # value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
@@ -213,62 +255,165 @@
 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
 #rpc_conn_pool_size = 30
 
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
 # The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, dummy
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
 #rpc_zmq_matchmaker = redis
 
-# Type of concurrency used. Either "native" or "eventlet" (string value)
-#rpc_zmq_concurrency = eventlet
-
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
 #rpc_zmq_contexts = 1
 
 # Maximum number of ingress messages to locally buffer per topic. Default is
 # unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
 #rpc_zmq_topic_backlog = <None>
 
 # Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
 #rpc_zmq_ipc_dir = /var/run/openstack
 
 # Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
 # "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
 #rpc_zmq_host = localhost
 
-# Seconds to wait before a cast expires (TTL). The default value of -1
-# specifies an infinite linger period. The value of 0 specifies no linger
-# period. Pending messages shall be discarded immediately when the socket is
-# closed. Only supported by impl_zmq. (integer value)
-#rpc_cast_timeout = -1
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
 
 # The default number of seconds that poll should wait. Poll raises timeout
 # exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
 #rpc_poll_timeout = 1
 
 # Expiration timeout in seconds of a name service record about existing target
 # ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 120
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
 
 # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#use_pub_sub = true
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
 
 # Minimal port number for random ports range. (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#rpc_zmq_min_port = 49152
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
 
 # Maximal port number for random ports range. (integer value)
 # Minimum value: 1
 # Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
 #rpc_zmq_max_port = 65536
 
 # Number of retries to find free port number before fail with ZMQBindError.
 # (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
 #rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
 
 # Size of executor thread pool. (integer value)
 # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
@@ -276,46 +421,21 @@
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
-
-# A URL representing the messaging driver to use and its full configuration. If
-# not set, we fall back to the rpc_backend option and driver specific
-# configuration. (string value)
-#transport_url = <None>
-
-# The messaging driver to use, defaults to rabbit. Other drivers include amqp
-# and zmq. (string value)
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
+#transport_url = rabbit://nova:3qVSI7a1m8AdaDQ7BpB0PJu4@192.168.0.4:5673/
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.41:5672,openstack:opnfv_secret@10.167.4.42:5672,openstack:opnfv_secret@10.167.4.43:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rpc_backend = rabbit
-
 # The default exchange under which topics are scoped. May be overridden by an
 # exchange name specified in the transport_url option. (string value)
 #control_exchange = keystone
 
-#
-# From oslo.service.service
-#
-
-# Enable eventlet backdoor.  Acceptable values are 0, <port>, and
-# <start>:<end>, where 0 results in listening on a random tcp port number;
-# <port> results in listening on the specified port number (and not enabling
-# backdoor if that port is in use); and <start>:<end> results in listening on
-# the smallest unused port number within the specified range of port numbers.
-# The chosen port is displayed in the service's log file. (string value)
-#backdoor_port = <None>
-
-# Enable eventlet backdoor, using the provided path as a unix socket that can
-# receive connections. This option is mutually exclusive with 'backdoor_port'
-# in that only one should be provided. If both are provided then the existence
-# of this option overrides the usage of that option. (string value)
-#backdoor_socket = <None>
-
-# Enables or disables logging values of all registered options when starting a
-# service (at DEBUG level). (boolean value)
-#log_options = true
-
-# Specify a timeout after which a gracefully shutdown server will exit. Zero
-# value means endless wait. (integer value)
-#graceful_shutdown_timeout = 60
-
 
 [assignment]
 
@@ -323,17 +443,16 @@
 # From keystone
 #
 
-# Entrypoint for the assignment backend driver in the keystone.assignment
-# namespace. Only an SQL driver is supplied. If an assignment driver is not
-# specified, the identity driver will choose the assignment driver (driver
-# selection based on `[identity]/driver` option is deprecated and will be
-# removed in the "O" release). (string value)
-#driver = <None>
+# Entry point for the assignment backend driver (where role assignments are
+# stored) in the `keystone.assignment` namespace. Only a SQL driver is supplied
+# by keystone itself. Unless you are writing proprietary drivers for keystone,
+# you do not need to set this option. (string value)
+#driver = sql
 
 # A list of role names which are prohibited from being an implied role. (list
 # value)
 #prohibited_implied_role = admin
-
+driver = sql
 
 [auth]
 
@@ -341,25 +460,47 @@
 # From keystone
 #
 
-# Allowed authentication methods. (list value)
-#methods = external,password,token,oauth1
-
-# Entrypoint for the password auth plugin module in the keystone.auth.password
-# namespace. (string value)
+# Allowed authentication methods. Note: You should disable the `external` auth
+# method if you are currently using federation. External auth and federation
+# both use the REMOTE_USER variable. Since both the mapped and external plugin
+# are being invoked to validate attributes in the request environment, it can
+# cause conflicts. (list value)
+#methods = external,password,token,oauth1,mapped
+
+methods = password,token
+
+# Entry point for the password auth plugin module in the
+# `keystone.auth.password` namespace. You do not need to set this unless you
+# are overriding keystone's own password authentication plugin. (string value)
 #password = <None>
 
-# Entrypoint for the token auth plugin module in the keystone.auth.token
-# namespace. (string value)
+# Entry point for the token auth plugin module in the `keystone.auth.token`
+# namespace. You do not need to set this unless you are overriding keystone's
+# own token authentication plugin. (string value)
 #token = <None>
 
-# Entrypoint for the external (REMOTE_USER) auth plugin module in the
-# keystone.auth.external namespace. Supplied drivers are DefaultDomain and
-# Domain. The default driver is DefaultDomain. (string value)
+# Entry point for the external (`REMOTE_USER`) auth plugin module in the
+# `keystone.auth.external` namespace. Supplied drivers are `DefaultDomain` and
+# `Domain`. The default driver is `DefaultDomain`, which assumes that all users
+# identified by the username specified to keystone in the `REMOTE_USER`
+# variable exist within the context of the default domain. The `Domain` option
+# expects an additional environment variable be presented to keystone,
+# `REMOTE_DOMAIN`, containing the domain name of the `REMOTE_USER` (if
+# `REMOTE_DOMAIN` is not set, then the default domain will be used instead).
+# You do not need to set this unless you are taking advantage of "external
+# authentication", where the application server (such as Apache) is handling
+# authentication instead of keystone. (string value)
 #external = <None>
 
-# Entrypoint for the oAuth1.0 auth plugin module in the keystone.auth.oauth1
-# namespace. (string value)
+# Entry point for the OAuth 1.0a auth plugin module in the
+# `keystone.auth.oauth1` namespace. You do not need to set this unless you are
+# overriding keystone's own `oauth1` authentication plugin. (string value)
 #oauth1 = <None>
+
+# Entry point for the mapped auth plugin module in the `keystone.auth.mapped`
+# namespace. You do not need to set this unless you are overriding keystone's
+# own `mapped` authentication plugin. (string value)
+#mapped = <None>
 
 
 [cache]
@@ -378,11 +519,14 @@
 # expiration time defined for it. (integer value)
 #expiration_time = 600
 
-# Dogpile.cache backend module. It is recommended that Memcache with pooling
-# (oslo_cache.memcache_pool) or Redis (dogpile.cache.redis) be used in
-# production deployments.  Small workloads (single process) like devstack can
-# use the dogpile.cache.memory backend. (string value)
+# Dogpile.cache backend module. It is recommended that Memcache or Redis
+# (dogpile.cache.redis) be used in production deployments. For eventlet-based
+# or highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool)
+# is recommended. For low thread servers, dogpile.cache.memcached is
+# recommended. Test environments with a single instance of the server can use
+# the dogpile.cache.memory backend. (string value)
 #backend = dogpile.cache.null
+backend = oslo_cache.memcache_pool
 
 # Arguments supplied to the backend module. Specify this option once per
 # argument to be passed to the dogpile.cache backend. Example format:
@@ -395,7 +539,8 @@
 #proxies =
 
 # Global toggle for caching. (boolean value)
-#enabled = false
+#enabled = true
+enabled = true
 
 # Extra debugging from the cache backend (cache keys, get/set/delete/etc
 # calls). This is only really useful if you need to see the specific cache-
@@ -406,23 +551,28 @@
 # Memcache servers in the format of "host:port". (dogpile.cache.memcache and
 # oslo_cache.memcache_pool backends only). (list value)
 #memcache_servers = localhost:11211
+memcache_servers =10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211
 
 # Number of seconds memcached server is considered dead before it is tried
 # again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
 # (integer value)
 #memcache_dead_retry = 300
+memcache_dead_retry = 300
 
 # Timeout in seconds for every call to a server. (dogpile.cache.memcache and
 # oslo_cache.memcache_pool backends only). (integer value)
 #memcache_socket_timeout = 3
+memcache_socket_timeout = 1
 
 # Max total number of open connections to every memcached server.
 # (oslo_cache.memcache_pool backend only). (integer value)
 #memcache_pool_maxsize = 10
+memcache_pool_maxsize = 100
 
 # Number of seconds a connection to memcached is held unused in the pool before
 # it is closed. (oslo_cache.memcache_pool backend only). (integer value)
 #memcache_pool_unused_timeout = 60
+memcache_pool_unused_timeout = 60
 
 # Number of seconds that an operation will wait to get a memcache client
 # connection. (integer value)
@@ -435,24 +585,33 @@
 # From keystone
 #
 
-# Catalog template file name for use with the template catalog backend. (string
-# value)
+# Absolute path to the file used for the templated catalog backend. This option
+# is only used if the `[catalog] driver` is set to `templated`. (string value)
 #template_file = default_catalog.templates
-
-# Entrypoint for the catalog backend driver in the keystone.catalog namespace.
-# Supplied drivers are kvs, sql, templated, and endpoint_filter.sql (string
-# value)
+template_file = default_catalog.templates
+
+# Entry point for the catalog driver in the `keystone.catalog` namespace.
+# Keystone provides a `sql` option (which supports basic CRUD operations
+# through SQL), a `templated` option (which loads the catalog from a templated
+# catalog file on disk), and a `endpoint_filter.sql` option (which supports
+# arbitrary service catalogs per project). (string value)
 #driver = sql
+driver = sql
 
 # Toggle for catalog caching. This has no effect unless global caching is
-# enabled. (boolean value)
+# enabled. In a typical deployment, there is no reason to disable this.
+# (boolean value)
 #caching = true
 
 # Time to cache catalog data (in seconds). This has no effect unless global and
-# catalog caching are enabled. (integer value)
+# catalog caching are both enabled. Catalog data (services, endpoints, etc.)
+# typically does not change frequently, and so a longer duration than the
+# global default may be desirable. (integer value)
 #cache_time = <None>
 
 # Maximum number of entities that will be returned in a catalog collection.
+# There is typically no reason to set this, as it would be unusual for a
+# deployment to have enough services or endpoints to exceed a reasonable limit.
 # (integer value)
 #list_limit = <None>
 
@@ -464,27 +623,35 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (list value)
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
+
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
 
+
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
+
+
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
 
 
+
 [cors.subdomain]
 
 #
@@ -492,7 +659,8 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (list value)
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -519,10 +687,25 @@
 # From keystone
 #
 
-# Entrypoint for the credential backend driver in the keystone.credential
-# namespace. (string value)
+# Entry point for the credential backend driver in the `keystone.credential`
+# namespace. Keystone only provides a `sql` driver, so there's no reason to
+# change this unless you are providing a custom entry point. (string value)
 #driver = sql
 
+# Entry point for credential encryption and decryption operations in the
+# `keystone.credential.provider` namespace. Keystone only provides a `fernet`
+# driver, so there's no reason to change this unless you are providing a custom
+# entry point to encrypt and decrypt credentials. (string value)
+#provider = fernet
+
+# Directory containing Fernet keys used to encrypt and decrypt credentials
+# stored in the credential backend. Fernet keys used to encrypt credentials
+# have no relationship to Fernet keys used to encrypt Fernet tokens. Both sets
+# of keys should be managed separately and require different rotation policies.
+# Do not share this repository with the repository used to manage keys for
+# Fernet tokens. (string value)
+key_repository = /var/lib/keystone/credential-keys
+
 
 [database]
 
@@ -530,8 +713,12 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect
+# the database.
 #sqlite_db = oslo.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
@@ -548,7 +735,7 @@
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-connection = sqlite:////var/lib/keystone/keystone.db
+connection=mysql+pymysql://keystone:opnfv_secret@10.167.4.50/keystone
 
 # The SQLAlchemy connection string to use to connect to the slave database.
 # (string value)
@@ -565,16 +752,21 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
+idle_timeout = 3600
 
 # Minimum number of SQL connections to keep open in a pool. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
+#max_pool_size = 5
+max_pool_size=10
+max_overflow=30
+max_retries=-1
 
 # Maximum number of database connection retries during startup. Set to -1 to
 # specify an infinite retry count. (integer value)
@@ -594,6 +786,8 @@
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
 # value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -631,16 +825,20 @@
 # From keystone
 #
 
-# Entrypoint for the domain config backend driver in the
-# keystone.resource.domain_config namespace. (string value)
+# Entry point for the domain-specific configuration driver in the
+# `keystone.resource.domain_config` namespace. Only a `sql` option is provided
+# by keystone, so there is no reason to set this unless you are providing a
+# custom entry point. (string value)
 #driver = sql
 
-# Toggle for domain config caching. This has no effect unless global caching is
-# enabled. (boolean value)
+# Toggle for caching of the domain-specific configuration backend. This has no
+# effect unless global caching is enabled. There is normally no reason to
+# disable this. (boolean value)
 #caching = true
 
-# TTL (in seconds) to cache domain config data. This has no effect unless
-# domain config caching is enabled. (integer value)
+# Time-to-live (TTL, in seconds) to cache domain-specific configuration data.
+# This has no effect unless `[domain_config] caching` is enabled. (integer
+# value)
 #cache_time = 300
 
 
@@ -650,11 +848,16 @@
 # From keystone
 #
 
-# Entrypoint for the endpoint filter backend driver in the
-# keystone.endpoint_filter namespace. (string value)
+# Entry point for the endpoint filter driver in the `keystone.endpoint_filter`
+# namespace. Only a `sql` option is provided by keystone, so there is no reason
+# to set this unless you are providing a custom entry point. (string value)
 #driver = sql
 
-# Toggle to return all active endpoints if no filter exists. (boolean value)
+# This controls keystone's behavior if the configured endpoint filters do not
+# result in any endpoints for a user + project pair (and therefore a
+# potentially empty service catalog). If set to true, keystone will return the
+# entire service catalog. If set to false, keystone will return an empty
+# service catalog. (boolean value)
 #return_all_endpoints_if_no_filter = true
 
 
@@ -664,16 +867,9 @@
 # From keystone
 #
 
-# Enable endpoint_policy functionality. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to enable the OS-ENDPOINT-POLICY extension has been
-# deprecated in the M release and will be removed in the O release. The OS-
-# ENDPOINT-POLICY extension will be enabled by default.
-#enabled = true
-
-# Entrypoint for the endpoint policy backend driver in the
-# keystone.endpoint_policy namespace. (string value)
+# Entry point for the endpoint policy driver in the `keystone.endpoint_policy`
+# namespace. Only a `sql` driver is provided by keystone, so there is no reason
+# to set this unless you are providing a custom entry point. (string value)
 #driver = sql
 
 
@@ -683,218 +879,239 @@
 # From keystone
 #
 
-# The number of worker processes to serve the public eventlet application.
-# Defaults to number of CPUs (minimum of 2). (integer value)
-# Deprecated group/name - [DEFAULT]/public_workers
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#public_workers = <None>
-
-# The number of worker processes to serve the admin eventlet application.
-# Defaults to number of CPUs (minimum of 2). (integer value)
-# Deprecated group/name - [DEFAULT]/admin_workers
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#admin_workers = <None>
-
-# The IP address of the network interface for the public service to listen on.
-# (string value)
+# DEPRECATED: The IP address of the network interface for the public service to
+# listen on. (string value)
 # Deprecated group/name - [DEFAULT]/bind_host
 # Deprecated group/name - [DEFAULT]/public_bind_host
-# This option is deprecated for removal.
+# This option is deprecated for removal since K.
 # Its value may be silently ignored in the future.
+# Reason: Support for running keystone under eventlet has been removed in the
+# Newton release. These options remain for backwards compatibility because they
+# are used for URL substitutions.
 #public_bind_host = 0.0.0.0
-
-# The port number which the public service listens on. (port value)
+public_bind_host=10.167.4.12
+
+# DEPRECATED: The port number for the public service to listen on. (port value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/public_port
-# This option is deprecated for removal.
+# This option is deprecated for removal since K.
 # Its value may be silently ignored in the future.
+# Reason: Support for running keystone under eventlet has been removed in the
+# Newton release. These options remain for backwards compatibility because they
+# are used for URL substitutions.
 #public_port = 5000
-
-# The IP address of the network interface for the admin service to listen on.
-# (string value)
+public_port = 5000
+
+# DEPRECATED: The IP address of the network interface for the admin service to
+# listen on. (string value)
 # Deprecated group/name - [DEFAULT]/bind_host
 # Deprecated group/name - [DEFAULT]/admin_bind_host
-# This option is deprecated for removal.
+# This option is deprecated for removal since K.
 # Its value may be silently ignored in the future.
+# Reason: Support for running keystone under eventlet has been removed in the
+# Newton release. These options remain for backwards compatibility because they
+# are used for URL substitutions.
 #admin_bind_host = 0.0.0.0
-
-# The port number which the admin service listens on. (port value)
+admin_bind_host=10.167.4.12
+
+# DEPRECATED: The port number for the admin service to listen on. (port value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/admin_port
+# This option is deprecated for removal since K.
+# Its value may be silently ignored in the future.
+# Reason: Support for running keystone under eventlet has been removed in the
+# Newton release. These options remain for backwards compatibility because they
+# are used for URL substitutions.
+#admin_port = 35357
+admin_port = 35357
+
+
+[extra_headers]
+
+#
+# From keystone
+#
+
+# Specifies the distribution of the keystone server. (string value)
+#Distribution = Ubuntu
+
+[federation]
+
+#
+# From keystone
+#
+
+# Entry point for the federation backend driver in the `keystone.federation`
+# namespace. Keystone only provides a `sql` driver, so there is no reason to
+# set this option unless you are providing a custom entry point. (string value)
+#driver = sql
+
+# Prefix to use when filtering environment variable names for federated
+# assertions. Matched variables are passed into the federated mapping engine.
+# (string value)
+#assertion_prefix =
+
+# Value to be used to obtain the entity ID of the Identity Provider from the
+# environment. For `mod_shib`, this would be `Shib-Identity-Provider`. For For
+# `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`,
+# this could be `MELLON_IDP`. (string value)
+#remote_id_attribute = <None>
+
+# An arbitrary domain name that is reserved to allow federated ephemeral users
+# to have a domain concept. Note that an admin will not be able to create a
+# domain with this name or update an existing domain to this name. You are not
+# advised to change this value unless you really have to. (string value)
+#federated_domain_name = Federated
+
+# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
+# to return a token, the origin host must be a member of this list. This
+# configuration option may be repeated for multiple values. You must set this
+# in order to use web-based SSO flows. For example:
+# trusted_dashboard=https://acme.example.com/auth/websso
+# trusted_dashboard=https://beta.example.com/auth/websso (multi valued)
+#trusted_dashboard =
+
+# Absolute path to an HTML file used as a Single Sign-On callback handler. This
+# page is expected to redirect the user from keystone back to a trusted
+# dashboard host, by form encoding a token in a POST request. Keystone's
+# default value should be sufficient for most deployments. (string value)
+#sso_callback_template = /etc/keystone/sso_callback_template.html
+
+# Toggle for federation caching. This has no effect unless global caching is
+# enabled. There is typically no reason to disable this. (boolean value)
+#caching = true
+
+
+[fernet_tokens]
+
+#
+# From keystone
+#
+
+# Directory containing Fernet token keys. This directory must exist before
+# using `keystone-manage fernet_setup` for the first time, must be writable by
+# the user running `keystone-manage fernet_setup` or `keystone-manage
+# fernet_rotate`, and of course must be readable by keystone's server process.
+# The repository may contain keys in one of three states: a single staged key
+# (always index 0) used for token validation, a single primary key (always the
+# highest index) used for token creation and validation, and any number of
+# secondary keys (all other index values) used for token validation. With
+# multiple keystone nodes, each node must share the same key repository
+# contents, with the exception of the staged key (index 0). It is safe to run
+# `keystone-manage fernet_rotate` once on any one node to promote a staged key
+# (index 0) to be the new primary (incremented from the previous highest
+# index), and produce a new staged key (a new key with index 0); the resulting
+# repository can then be atomically replicated to other nodes without any risk
+# of race conditions (for example, it is safe to run `keystone-manage
+# fernet_rotate` on host A, wait any amount of time, create a tarball of the
+# directory on host A, unpack it on host B to a temporary location, and
+# atomically move (`mv`) the directory into place on host B). Running
+# `keystone-manage fernet_rotate` *twice* on a key repository without syncing
+# other nodes will result in tokens that can not be validated by all nodes.
+# (string value)
+#key_repository = /etc/keystone/fernet-keys/
+key_repository = /var/lib/keystone/fernet-keys
+
+# This controls how many keys are held in rotation by `keystone-manage
+# fernet_rotate` before they are discarded. The default value of 3 means that
+# keystone will maintain one staged key (always index 0), one primary key (the
+# highest numerical index), and one secondary key (every other index).
+# Increasing this value means that additional secondary keys will be kept in
+# the rotation. (integer value)
+# Minimum value: 1
+#max_active_keys = 3
+max_active_keys=3
+
+[healthcheck]
+
+#
+# From oslo.middleware
+#
+
+# DEPRECATED: The path to respond to healtcheck requests on. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-#admin_port = 35357
-
-# If set to false, disables keepalives on the server; all connections will be
-# closed after serving one request. (boolean value)
-#wsgi_keep_alive = true
-
-# Timeout for socket operations on a client connection. If an incoming
-# connection is idle for this number of seconds it will be closed. A value of
-# "0" means wait forever. (integer value)
-#client_socket_timeout = 900
-
-# Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e.
-# sockets used by the Keystone wsgi server for client connections. (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/tcp_keepalive
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#tcp_keepalive = false
-
-# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only
-# applies if tcp_keepalive is true. Ignored if system does not support it.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/tcp_keepidle
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#tcp_keepidle = 600
-
-
-[eventlet_server_ssl]
+#path = /healthcheck
+
+# Show more detailed information as part of the response (boolean value)
+#detailed = false
+
+# Additional backends that can perform health checks and report that
+# information back as part of a request. (list value)
+#backends =
+
+# Check the presence of a file to determine if an application is running on a
+# port. Used by DisableByFileHealthcheck plugin. (string value)
+#disable_by_file_path = <None>
+
+# Check the presence of a file based on a port to determine if an application
+# is running on a port. Expects a "port:path" list of strings. Used by
+# DisableByFilesPortsHealthcheck plugin. (list value)
+#disable_by_file_paths =
+
+
+[identity]
 
 #
 # From keystone
 #
 
-# Toggle for SSL support on the Keystone eventlet servers. (boolean value)
-# Deprecated group/name - [ssl]/enable
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#enable = false
-
-# Path of the certfile for SSL. For non-production environments, you may be
-# interested in using `keystone-manage ssl_setup` to generate self-signed
-# certificates. (string value)
-# Deprecated group/name - [ssl]/certfile
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#certfile = /etc/keystone/ssl/certs/keystone.pem
-
-# Path of the keyfile for SSL. (string value)
-# Deprecated group/name - [ssl]/keyfile
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#keyfile = /etc/keystone/ssl/private/keystonekey.pem
-
-# Path of the CA cert file for SSL. (string value)
-# Deprecated group/name - [ssl]/ca_certs
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#ca_certs = /etc/keystone/ssl/certs/ca.pem
-
-# Require client certificate. (boolean value)
-# Deprecated group/name - [ssl]/cert_required
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#cert_required = false
-
-
-[federation]
-
-#
-# From keystone
-#
-
-# Entrypoint for the federation backend driver in the keystone.federation
-# namespace. (string value)
-#driver = sql
-
-# Value to be used when filtering assertion parameters from the environment.
-# (string value)
-#assertion_prefix =
-
-# Value to be used to obtain the entity ID of the Identity Provider from the
-# environment (e.g. if using the mod_shib plugin this value is `Shib-Identity-
-# Provider`). (string value)
-#remote_id_attribute = <None>
-
-# A domain name that is reserved to allow federated ephemeral users to have a
-# domain concept. Note that an admin will not be able to create a domain with
-# this name or update an existing domain to this name. You are not advised to
-# change this value unless you really have to. (string value)
-#federated_domain_name = Federated
-
-# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
-# to return a token, the origin host must be a member of the trusted_dashboard
-# list. This configuration option may be repeated for multiple values. For
-# example: trusted_dashboard=http://acme.com/auth/websso
-# trusted_dashboard=http://beta.com/auth/websso (multi valued)
-#trusted_dashboard =
-
-# Location of Single Sign-On callback handler, will return a token to a trusted
-# dashboard host. (string value)
-#sso_callback_template = /etc/keystone/sso_callback_template.html
-
-
-[fernet_tokens]
-
-#
-# From keystone
-#
-
-# Directory containing Fernet token keys. (string value)
-#key_repository = /etc/keystone/fernet-keys/
-
-# This controls how many keys are held in rotation by keystone-manage
-# fernet_rotate before they are discarded. The default value of 3 means that
-# keystone will maintain one staged key, one primary key, and one secondary
-# key. Increasing this value means that additional secondary keys will be kept
-# in the rotation. (integer value)
-#max_active_keys = 3
-
-
-[identity]
-
-#
-# From keystone
-#
-
 # This references the domain to use for all Identity API v2 requests (which are
-# not aware of domains). A domain with this ID will be created for you by
-# keystone-manage db_sync in migration 008. The domain referenced by this ID
-# cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API.
-# There is nothing special about this domain, other than the fact that it must
-# exist to order to maintain support for your v2 clients. (string value)
+# not aware of domains). A domain with this ID can optionally be created for
+# you by `keystone-manage bootstrap`. The domain referenced by this ID cannot
+# be deleted on the v3 API, to prevent accidentally breaking the v2 API. There
+# is nothing special about this domain, other than the fact that it must exist
+# to order to maintain support for your v2 clients. There is typically no
+# reason to change this value. (string value)
 #default_domain_id = default
 
 # A subset (or all) of domains can have their own identity driver, each with
 # their own partial configuration options, stored in either the resource
 # backend or in a file in a domain configuration directory (depending on the
-# setting of domain_configurations_from_database). Only values specific to the
-# domain need to be specified in this manner. This feature is disabled by
-# default; set to true to enable. (boolean value)
+# setting of `[identity] domain_configurations_from_database`). Only values
+# specific to the domain need to be specified in this manner. This feature is
+# disabled by default, but may be enabled by default in a future release; set
+# to true to enable. (boolean value)
 #domain_specific_drivers_enabled = false
 
-# Extract the domain specific configuration options from the resource backend
-# where they have been stored with the domain data. This feature is disabled by
-# default (in which case the domain specific options will be loaded from files
-# in the domain configuration directory); set to true to enable. (boolean
-# value)
+# By default, domain-specific configuration data is read from files in the
+# directory identified by `[identity] domain_config_dir`. Enabling this
+# configuration option allows you to instead manage domain-specific
+# configurations through the API, which are then persisted in the backend
+# (typically, a SQL database), rather than using configuration files on disk.
+# (boolean value)
 #domain_configurations_from_database = false
 
-# Path for Keystone to locate the domain specific identity configuration files
-# if domain_specific_drivers_enabled is set to true. (string value)
+# Absolute path where keystone should locate domain-specific `[identity]`
+# configuration files. This option has no effect unless `[identity]
+# domain_specific_drivers_enabled` is set to true. There is typically no reason
+# to change this value. (string value)
 #domain_config_dir = /etc/keystone/domains
 
-# Entrypoint for the identity backend driver in the keystone.identity
-# namespace. Supplied drivers are ldap and sql. (string value)
+# Entry point for the identity backend driver in the `keystone.identity`
+# namespace. Keystone provides a `sql` and `ldap` driver. This option is also
+# used as the default driver selection (along with the other configuration
+# variables in this section) in the event that `[identity]
+# domain_specific_drivers_enabled` is enabled, but no applicable domain-
+# specific configuration is defined for the domain in question. Unless your
+# deployment primarily relies on `ldap` AND is not using domain-specific
+# configuration, you should typically leave this set to `sql`. (string value)
 #driver = sql
+driver = sql
 
 # Toggle for identity caching. This has no effect unless global caching is
-# enabled. (boolean value)
+# enabled. There is typically no reason to disable this. (boolean value)
 #caching = true
 
 # Time to cache identity data (in seconds). This has no effect unless global
 # and identity caching are enabled. (integer value)
 #cache_time = 600
 
-# Maximum supported length for user passwords; decrease to improve performance.
-# (integer value)
+# Maximum allowed length for user passwords. Decrease this value to improve
+# performance. Changing this value does not effect existing passwords. (integer
+# value)
 # Maximum value: 4096
 #max_password_length = 4096
 
@@ -902,35 +1119,41 @@
 # (integer value)
 #list_limit = <None>
 
-
 [identity_mapping]
 
 #
 # From keystone
 #
 
-# Entrypoint for the identity mapping backend driver in the
-# keystone.identity.id_mapping namespace. (string value)
+# Entry point for the identity mapping backend driver in the
+# `keystone.identity.id_mapping` namespace. Keystone only provides a `sql`
+# driver, so there is no reason to change this unless you are providing a
+# custom entry point. (string value)
 #driver = sql
 
-# Entrypoint for the public ID generator for user and group entities in the
-# keystone.identity.id_generator namespace. The Keystone identity mapper only
-# supports generators that produce no more than 64 characters. (string value)
+# Entry point for the public ID generator for user and group entities in the
+# `keystone.identity.id_generator` namespace. The Keystone identity mapper only
+# supports generators that produce 64 bytes or less. Keystone only provides a
+# `sha256` entry point, so there is no reason to change this value unless
+# you're providing a custom entry point. (string value)
 #generator = sha256
 
 # The format of user and group IDs changed in Juno for backends that do not
-# generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the
-# underlying attribute in LDAP. By default this mapping is disabled, which
+# generate UUIDs (for example, LDAP), with keystone providing a hash mapping to
+# the underlying attribute in LDAP. By default this mapping is disabled, which
 # ensures that existing IDs will not change. Even when the mapping is enabled
-# by using domain specific drivers, any users and groups from the default
+# by using domain-specific drivers (`[identity]
+# domain_specific_drivers_enabled`), any users and groups from the default
 # domain being handled by LDAP will still not be mapped to ensure their IDs
-# remain backward compatible. Setting this value to False will enable the
-# mapping for even the default LDAP driver. It is only safe to do this if you
-# do not already have assignments for users and groups from the default LDAP
-# domain, and it is acceptable for Keystone to provide the different IDs to
-# clients than it did previously. Typically this means that the only time you
-# can set this value to False is when configuring a fresh installation.
-# (boolean value)
+# remain backward compatible. Setting this value to false will enable the new
+# mapping for all backends, including the default LDAP driver. It is only
+# guaranteed to be safe to enable this option if you do not already have
+# assignments for users and groups from the default LDAP domain, and you
+# consider it to be acceptable for Keystone to provide the different IDs to
+# clients than it did previously (existing IDs in the API will suddenly
+# change). Typically this means that the only time you can set this value to
+# false is when configuring a fresh installation, although that is the
+# recommended value. (boolean value)
 #backward_compatible_ids = true
 
 
@@ -940,23 +1163,49 @@
 # From keystone
 #
 
-# Extra dogpile.cache backend modules to register with the dogpile.cache
-# library. (list value)
+# DEPRECATED: Extra `dogpile.cache` backend modules to register with the
+# `dogpile.cache` library. It is not necessary to set this value unless you are
+# providing a custom KVS backend beyond what `dogpile.cache` already supports.
+# (list value)
+# This option is deprecated for removal since O.
+# Its value may be silently ignored in the future.
+# Reason: This option has been deprecated in the O release and will be removed
+# in the P release. Use SQL backends instead.
 #backends =
 
-# Prefix for building the configuration dictionary for the KVS region. This
-# should not need to be changed unless there is another dogpile.cache region
-# with the same configuration name. (string value)
+# DEPRECATED: Prefix for building the configuration dictionary for the KVS
+# region. This should not need to be changed unless there is another
+# `dogpile.cache` region with the same configuration name. (string value)
+# This option is deprecated for removal since O.
+# Its value may be silently ignored in the future.
+# Reason: This option has been deprecated in the O release and will be removed
+# in the P release. Use SQL backends instead.
 #config_prefix = keystone.kvs
 
-# Toggle to disable using a key-mangling function to ensure fixed length keys.
-# This is toggle-able for debugging purposes, it is highly recommended to
-# always leave this set to true. (boolean value)
+# DEPRECATED: Set to false to disable using a key-mangling function, which
+# ensures fixed-length keys are used in the KVS store. This is configurable for
+# debugging purposes, and it is therefore highly recommended to always leave
+# this set to true. (boolean value)
+# This option is deprecated for removal since O.
+# Its value may be silently ignored in the future.
+# Reason: This option has been deprecated in the O release and will be removed
+# in the P release. Use SQL backends instead.
 #enable_key_mangler = true
 
-# Default lock timeout (in seconds) for distributed locking. (integer value)
+# DEPRECATED: Number of seconds after acquiring a distributed lock that the
+# backend should consider the lock to be expired. This option should be tuned
+# relative to the longest amount of time that it takes to perform a successful
+# operation. If this value is set too low, then a cluster will end up
+# performing work redundantly. If this value is set too high, then a cluster
+# will not be able to efficiently recover and retry after a failed operation. A
+# non-zero value is recommended if the backend supports lock timeouts, as zero
+# prevents locks from expiring altogether. (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since O.
+# Its value may be silently ignored in the future.
+# Reason: This option has been deprecated in the O release and will be removed
+# in the P release. Use SQL backends instead.
 #default_lock_timeout = 5
-
 
 [ldap]
 
@@ -969,356 +1218,503 @@
 # the connection. (string value)
 #url = ldap://localhost
 
-# User BindDN to query the LDAP server. (string value)
+# The user name of the administrator bind DN to use when querying the LDAP
+# server, if your LDAP server requires it. (string value)
 #user = <None>
 
-# Password for the BindDN to query the LDAP server. (string value)
+# The password of the administrator bind DN to use when querying the LDAP
+# server, if your LDAP server requires it. (string value)
 #password = <None>
 
-# LDAP server suffix (string value)
+# The default LDAP server suffix to use, if a DN is not defined via either
+# `[ldap] user_tree_dn` or `[ldap] group_tree_dn`. (string value)
 #suffix = cn=example,cn=com
 
-# If true, will add a dummy member to groups. This is required if the
-# objectclass for groups requires the "member" attribute. (boolean value)
-#use_dumb_member = false
-
-# DN of the "dummy member" to use when "use_dumb_member" is enabled. (string
-# value)
-#dumb_member = cn=dumb,dc=nonexistent
-
-# Delete subtrees using the subtree delete control. Only enable this option if
-# your LDAP server supports subtree deletion. (boolean value)
-#allow_subtree_delete = false
-
-# The LDAP scope for queries, "one" represents oneLevel/singleLevel and "sub"
-# represents subtree/wholeSubtree options. (string value)
+# The search scope which defines how deep to search within the search base. A
+# value of `one` (representing `oneLevel` or `singleLevel`) indicates a search
+# of objects immediately below to the base object, but does not include the
+# base object itself. A value of `sub` (representing `subtree` or
+# `wholeSubtree`) indicates a search of both the base object itself and the
+# entire subtree below it. (string value)
 # Allowed values: one, sub
 #query_scope = one
 
-# Maximum results per page; a value of zero ("0") disables paging. (integer
-# value)
+# Defines the maximum number of results per page that keystone should request
+# from the LDAP server when listing objects. A value of zero (`0`) disables
+# paging. (integer value)
+# Minimum value: 0
 #page_size = 0
 
-# The LDAP dereferencing option for queries. The "default" option falls back to
-# using default dereferencing configured by your ldap.conf. (string value)
+# The LDAP dereferencing option to use for queries involving aliases. A value
+# of `default` falls back to using default dereferencing behavior configured by
+# your `ldap.conf`. A value of `never` prevents aliases from being dereferenced
+# at all. A value of `searching` dereferences aliases only after name
+# resolution. A value of `finding` dereferences aliases only during name
+# resolution. A value of `always` dereferences aliases in all cases. (string
+# value)
 # Allowed values: never, searching, always, finding, default
 #alias_dereferencing = default
 
 # Sets the LDAP debugging level for LDAP calls. A value of 0 means that
 # debugging is not enabled. This value is a bitmask, consult your LDAP
 # documentation for possible values. (integer value)
+# Minimum value: -1
 #debug_level = <None>
 
-# Override the system's default referral chasing behavior for queries. (boolean
-# value)
+# Sets keystone's referral chasing behavior across directory partitions. If
+# left unset, the system's default behavior will be used. (boolean value)
 #chase_referrals = <None>
 
-# Search base for users. Defaults to the suffix value. (string value)
+# The search base to use for users. Defaults to the `[ldap] suffix` value.
+# (string value)
 #user_tree_dn = <None>
 
-# LDAP search filter for users. (string value)
+# The LDAP search filter to use for users. (string value)
 #user_filter = <None>
 
-# LDAP objectclass for users. (string value)
+# The LDAP object class to use for users. (string value)
 #user_objectclass = inetOrgPerson
 
-# LDAP attribute mapped to user id. WARNING: must not be a multivalued
-# attribute. (string value)
+# The LDAP attribute mapped to user IDs in keystone. This must NOT be a
+# multivalued attribute. User IDs are expected to be globally unique across
+# keystone domains and URL-safe. (string value)
 #user_id_attribute = cn
 
-# LDAP attribute mapped to user name. (string value)
+# The LDAP attribute mapped to user names in keystone. User names are expected
+# to be unique only within a keystone domain and are not expected to be URL-
+# safe. (string value)
 #user_name_attribute = sn
 
-# LDAP attribute mapped to user description. (string value)
+# The LDAP attribute mapped to user descriptions in keystone. (string value)
 #user_description_attribute = description
 
-# LDAP attribute mapped to user email. (string value)
+# The LDAP attribute mapped to user emails in keystone. (string value)
 #user_mail_attribute = mail
 
-# LDAP attribute mapped to password. (string value)
+# The LDAP attribute mapped to user passwords in keystone. (string value)
 #user_pass_attribute = userPassword
 
-# LDAP attribute mapped to user enabled flag. (string value)
+# The LDAP attribute mapped to the user enabled attribute in keystone. If
+# setting this option to `userAccountControl`, then you may be interested in
+# setting `[ldap] user_enabled_mask` and `[ldap] user_enabled_default` as well.
+# (string value)
 #user_enabled_attribute = enabled
 
-# Invert the meaning of the boolean enabled values. Some LDAP servers use a
-# boolean lock attribute where "true" means an account is disabled. Setting
-# "user_enabled_invert = true" will allow these lock attributes to be used.
-# This setting will have no effect if "user_enabled_mask" or
-# "user_enabled_emulation" settings are in use. (boolean value)
+# Logically negate the boolean value of the enabled attribute obtained from the
+# LDAP server. Some LDAP servers use a boolean lock attribute where "true"
+# means an account is disabled. Setting `[ldap] user_enabled_invert = true`
+# will allow these lock attributes to be used. This option will have no effect
+# if either the `[ldap] user_enabled_mask` or `[ldap] user_enabled_emulation`
+# options are in use. (boolean value)
 #user_enabled_invert = false
 
-# Bitmask integer to indicate the bit that the enabled value is stored in if
-# the LDAP server represents "enabled" as a bit on an integer rather than a
-# boolean. A value of "0" indicates the mask is not used. If this is not set to
-# "0" the typical value is "2". This is typically used when
-# "user_enabled_attribute = userAccountControl". (integer value)
+# Bitmask integer to select which bit indicates the enabled value if the LDAP
+# server represents "enabled" as a bit on an integer rather than as a discrete
+# boolean. A value of `0` indicates that the mask is not used. If this is not
+# set to `0` the typical value is `2`. This is typically used when `[ldap]
+# user_enabled_attribute = userAccountControl`. Setting this option causes
+# keystone to ignore the value of `[ldap] user_enabled_invert`. (integer value)
+# Minimum value: 0
 #user_enabled_mask = 0
 
-# Default value to enable users. This should match an appropriate int value if
-# the LDAP server uses non-boolean (bitmask) values to indicate if a user is
-# enabled or disabled. If this is not set to "True" the typical value is "512".
-# This is typically used when "user_enabled_attribute = userAccountControl".
+# The default value to enable users. This should match an appropriate integer
+# value if the LDAP server uses non-boolean (bitmask) values to indicate if a
+# user is enabled or disabled. If this is not set to `True`, then the typical
+# value is `512`. This is typically used when `[ldap] user_enabled_attribute =
+# userAccountControl`. (string value)
+#user_enabled_default = True
+
+# List of user attributes to ignore on create and update, or whether a specific
+# user attribute should be filtered for list or show user. (list value)
+#user_attribute_ignore = default_project_id
+
+# The LDAP attribute mapped to a user's default_project_id in keystone. This is
+# most commonly used when keystone has write access to LDAP. (string value)
+#user_default_project_id_attribute = <None>
+
+# If enabled, keystone uses an alternative method to determine if a user is
+# enabled or not by checking if they are a member of the group defined by the
+# `[ldap] user_enabled_emulation_dn` option. Enabling this option causes
+# keystone to ignore the value of `[ldap] user_enabled_invert`. (boolean value)
+#user_enabled_emulation = false
+
+# DN of the group entry to hold enabled users when using enabled emulation.
+# Setting this option has no effect unless `[ldap] user_enabled_emulation` is
+# also enabled. (string value)
+#user_enabled_emulation_dn = <None>
+
+# Use the `[ldap] group_member_attribute` and `[ldap] group_objectclass`
+# settings to determine membership in the emulated enabled group. Enabling this
+# option has no effect unless `[ldap] user_enabled_emulation` is also enabled.
+# (boolean value)
+#user_enabled_emulation_use_group_config = false
+
+# A list of LDAP attribute to keystone user attribute pairs used for mapping
+# additional attributes to users in keystone. The expected format is
+# `<ldap_attr>:<user_attr>`, where `ldap_attr` is the attribute in the LDAP
+# object and `user_attr` is the attribute which should appear in the identity
+# API. (list value)
+#user_additional_attribute_mapping =
+
+# The search base to use for groups. Defaults to the `[ldap] suffix` value.
 # (string value)
-#user_enabled_default = True
-
-# List of attributes stripped off the user on update. (list value)
-#user_attribute_ignore = default_project_id
-
-# LDAP attribute mapped to default_project_id for users. (string value)
-#user_default_project_id_attribute = <None>
-
-# Allow user creation in LDAP backend. (boolean value)
+#group_tree_dn = <None>
+
+# The LDAP search filter to use for groups. (string value)
+#group_filter = <None>
+
+# The LDAP object class to use for groups. If setting this option to
+# `posixGroup`, you may also be interested in enabling the `[ldap]
+# group_members_are_ids` option. (string value)
+#group_objectclass = groupOfNames
+
+# The LDAP attribute mapped to group IDs in keystone. This must NOT be a
+# multivalued attribute. Group IDs are expected to be globally unique across
+# keystone domains and URL-safe. (string value)
+#group_id_attribute = cn
+
+# The LDAP attribute mapped to group names in keystone. Group names are
+# expected to be unique only within a keystone domain and are not expected to
+# be URL-safe. (string value)
+#group_name_attribute = ou
+
+# The LDAP attribute used to indicate that a user is a member of the group.
+# (string value)
+#group_member_attribute = member
+
+# Enable this option if the members of the group object class are keystone user
+# IDs rather than LDAP DNs. This is the case when using `posixGroup` as the
+# group object class in Open Directory. (boolean value)
+#group_members_are_ids = false
+
+# The LDAP attribute mapped to group descriptions in keystone. (string value)
+#group_desc_attribute = description
+
+# List of group attributes to ignore on create and update. or whether a
+# specific group attribute should be filtered for list or show group. (list
+# value)
+#group_attribute_ignore =
+
+# A list of LDAP attribute to keystone group attribute pairs used for mapping
+# additional attributes to groups in keystone. The expected format is
+# `<ldap_attr>:<group_attr>`, where `ldap_attr` is the attribute in the LDAP
+# object and `group_attr` is the attribute which should appear in the identity
+# API. (list value)
+#group_additional_attribute_mapping =
+
+# If enabled, group queries will use Active Directory specific filters for
+# nested groups. (boolean value)
+#group_ad_nesting = false
+
+# An absolute path to a CA certificate file to use when communicating with LDAP
+# servers. This option will take precedence over `[ldap] tls_cacertdir`, so
+# there is no reason to set both. (string value)
+#tls_cacertfile = <None>
+
+# An absolute path to a CA certificate directory to use when communicating with
+# LDAP servers. There is no reason to set this option if you've also set
+# `[ldap] tls_cacertfile`. (string value)
+#tls_cacertdir = <None>
+
+# Enable TLS when communicating with LDAP servers. You should also set the
+# `[ldap] tls_cacertfile` and `[ldap] tls_cacertdir` options when using this
+# option. Do not set this option if you are using LDAP over SSL (LDAPS) instead
+# of TLS. (boolean value)
+#use_tls = false
+
+# Specifies which checks to perform against client certificates on incoming TLS
+# sessions. If set to `demand`, then a certificate will always be requested and
+# required from the LDAP server. If set to `allow`, then a certificate will
+# always be requested but not required from the LDAP server. If set to `never`,
+# then a certificate will never be requested. (string value)
+# Allowed values: demand, never, allow
+#tls_req_cert = demand
+
+# The connection timeout to use with the LDAP server. A value of `-1` means
+# that connections will never timeout. (integer value)
+# Minimum value: -1
+#connection_timeout = -1
+
+# Enable LDAP connection pooling for queries to the LDAP server. There is
+# typically no reason to disable this. (boolean value)
+#use_pool = true
+
+# The size of the LDAP connection pool. This option has no effect unless
+# `[ldap] use_pool` is also enabled. (integer value)
+# Minimum value: 1
+#pool_size = 10
+
+# The maximum number of times to attempt reconnecting to the LDAP server before
+# aborting. A value of zero prevents retries. This option has no effect unless
+# `[ldap] use_pool` is also enabled. (integer value)
+# Minimum value: 0
+#pool_retry_max = 3
+
+# The number of seconds to wait before attempting to reconnect to the LDAP
+# server. This option has no effect unless `[ldap] use_pool` is also enabled.
+# (floating point value)
+#pool_retry_delay = 0.1
+
+# The connection timeout to use when pooling LDAP connections. A value of `-1`
+# means that connections will never timeout. This option has no effect unless
+# `[ldap] use_pool` is also enabled. (integer value)
+# Minimum value: -1
+#pool_connection_timeout = -1
+
+# The maximum connection lifetime to the LDAP server in seconds. When this
+# lifetime is exceeded, the connection will be unbound and removed from the
+# connection pool. This option has no effect unless `[ldap] use_pool` is also
+# enabled. (integer value)
+# Minimum value: 1
+#pool_connection_lifetime = 600
+
+# Enable LDAP connection pooling for end user authentication. There is
+# typically no reason to disable this. (boolean value)
+#use_auth_pool = true
+
+# The size of the connection pool to use for end user authentication. This
+# option has no effect unless `[ldap] use_auth_pool` is also enabled. (integer
+# value)
+# Minimum value: 1
+#auth_pool_size = 100
+
+# The maximum end user authentication connection lifetime to the LDAP server in
+# seconds. When this lifetime is exceeded, the connection will be unbound and
+# removed from the connection pool. This option has no effect unless `[ldap]
+# use_auth_pool` is also enabled. (integer value)
+# Minimum value: 1
+#auth_pool_connection_lifetime = 60
+
+
+[matchmaker_redis]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Host to locate redis. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Write support for Identity LDAP backends has been deprecated in the M
-# release and will be removed in the O release.
-#user_allow_create = true
-
-# Allow user updates in LDAP backend. (boolean value)
+# Reason: Replaced by [DEFAULT]/transport_url
+#host = 127.0.0.1
+
+# DEPRECATED: Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Write support for Identity LDAP backends has been deprecated in the M
-# release and will be removed in the O release.
-#user_allow_update = true
-
-# Allow user deletion in LDAP backend. (boolean value)
+# Reason: Replaced by [DEFAULT]/transport_url
+#port = 6379
+
+# DEPRECATED: Password for Redis server (optional). (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Write support for Identity LDAP backends has been deprecated in the M
-# release and will be removed in the O release.
-#user_allow_delete = true
-
-# If true, Keystone uses an alternative method to determine if a user is
-# enabled or not by checking if they are a member of the
-# "user_enabled_emulation_dn" group. (boolean value)
-#user_enabled_emulation = false
-
-# DN of the group entry to hold enabled users when using enabled emulation.
-# (string value)
-#user_enabled_emulation_dn = <None>
-
-# Use the "group_member_attribute" and "group_objectclass" settings to
-# determine membership in the emulated enabled group. (boolean value)
-#user_enabled_emulation_use_group_config = false
-
-# List of additional LDAP attributes used for mapping additional attribute
-# mappings for users. Attribute mapping format is <ldap_attr>:<user_attr>,
-# where ldap_attr is the attribute in the LDAP entry and user_attr is the
-# Identity API attribute. (list value)
-#user_additional_attribute_mapping =
-
-# Search base for groups. Defaults to the suffix value. (string value)
-#group_tree_dn = <None>
-
-# LDAP search filter for groups. (string value)
-#group_filter = <None>
-
-# LDAP objectclass for groups. (string value)
-#group_objectclass = groupOfNames
-
-# LDAP attribute mapped to group id. (string value)
-#group_id_attribute = cn
-
-# LDAP attribute mapped to group name. (string value)
-#group_name_attribute = ou
-
-# LDAP attribute mapped to show group membership. (string value)
-#group_member_attribute = member
-
-# LDAP attribute mapped to group description. (string value)
-#group_desc_attribute = description
-
-# List of attributes stripped off the group on update. (list value)
-#group_attribute_ignore =
-
-# Allow group creation in LDAP backend. (boolean value)
+# Reason: Replaced by [DEFAULT]/transport_url
+#password =
+
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
+# [host:port, host1:port ... ] (list value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Write support for Identity LDAP backends has been deprecated in the M
-# release and will be removed in the O release.
-#group_allow_create = true
-
-# Allow group update in LDAP backend. (boolean value)
+# Reason: Replaced by [DEFAULT]/transport_url
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 2000
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout = 10000
+
+
+[memcache]
+
+#
+# From keystone
+#
+
+# DEPRECATED: Comma-separated list of memcached servers in the format of
+# `host:port,host:port` that keystone should use for the `memcache` token
+# persistence provider and other memcache-backed KVS drivers. This
+# configuration value is NOT used for intermediary caching between keystone and
+# other backends, such as SQL and LDAP (for that, see the `[cache]` section).
+# Multiple keystone servers in the same deployment should use the same set of
+# memcached servers to ensure that data (such as UUID tokens) created by one
+# node is available to the others. (list value)
+# This option is deprecated for removal since O.
+# Its value may be silently ignored in the future.
+# Reason: This option has been deprecated in the O release and will be removed
+# in the P release. Use oslo.cache instead.
+#servers = localhost:11211
+servers =10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211
+
+# Number of seconds memcached server is considered dead before it is tried
+# again. This is used by the key value store system. (integer value)
+#dead_retry = 300
+
+# Timeout in seconds for every call to a server. This is used by the key value
+# store system. (integer value)
+#socket_timeout = 3
+
+# Max total number of open connections to every memcached server. This is used
+# by the key value store system. (integer value)
+#pool_maxsize = 10
+
+# Number of seconds a connection to memcached is held unused in the pool before
+# it is closed. This is used by the key value store system. (integer value)
+#pool_unused_timeout = 60
+
+# Number of seconds that an operation will wait to get a memcache client
+# connection. This is used by the key value store system. (integer value)
+#pool_connection_get_timeout = 10
+
+
+[oauth1]
+
+#
+# From keystone
+#
+
+# Entry point for the OAuth backend driver in the `keystone.oauth1` namespace.
+# Typically, there is no reason to set this option unless you are providing a
+# custom entry point. (string value)
+#driver = sql
+
+# Number of seconds for the OAuth Request Token to remain valid after being
+# created. This is the amount of time the user has to authorize the token.
+# Setting this option to zero means that request tokens will last forever.
+# (integer value)
+# Minimum value: 0
+#request_token_duration = 28800
+
+# Number of seconds for the OAuth Access Token to remain valid after being
+# created. This is the amount of time the consumer has to interact with the
+# service provider (which is typically keystone). Setting this option to zero
+# means that access tokens will last forever. (integer value)
+# Minimum value: 0
+#access_token_duration = 86400
+
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file used to verify the server's certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional)
+# (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Write support for Identity LDAP backends has been deprecated in the M
-# release and will be removed in the O release.
-#group_allow_update = true
-
-# Allow group deletion in LDAP backend. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Write support for Identity LDAP backends has been deprecated in the M
-# release and will be removed in the O release.
-#group_allow_delete = true
-
-# Additional attribute mappings for groups. Attribute mapping format is
-# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry
-# and user_attr is the Identity API attribute. (list value)
-#group_additional_attribute_mapping =
-
-# CA certificate file path for communicating with LDAP servers. (string value)
-#tls_cacertfile = <None>
-
-# CA certificate directory path for communicating with LDAP servers. (string
-# value)
-#tls_cacertdir = <None>
-
-# Enable TLS for communicating with LDAP servers. (boolean value)
-#use_tls = false
-
-# Specifies what checks to perform on client certificates in an incoming TLS
-# session. (string value)
-# Allowed values: demand, never, allow
-#tls_req_cert = demand
-
-# Enable LDAP connection pooling. (boolean value)
-#use_pool = true
-
-# Connection pool size. (integer value)
-#pool_size = 10
-
-# Maximum count of reconnect trials. (integer value)
-#pool_retry_max = 3
-
-# Time span in seconds to wait between two reconnect trials. (floating point
-# value)
-#pool_retry_delay = 0.1
-
-# Connector timeout in seconds. Value -1 indicates indefinite wait for
-# response. (integer value)
-#pool_connection_timeout = -1
-
-# Connection lifetime in seconds. (integer value)
-#pool_connection_lifetime = 600
-
-# Enable LDAP connection pooling for end user authentication. If use_pool is
-# disabled, then this setting is meaningless and is not used at all. (boolean
-# value)
-#use_auth_pool = true
-
-# End user auth connection pool size. (integer value)
-#auth_pool_size = 100
-
-# End user auth connection lifetime in seconds. (integer value)
-#auth_pool_connection_lifetime = 60
-
-# If the members of the group objectclass are user IDs rather than DNs, set
-# this to true. This is the case when using posixGroup as the group objectclass
-# and OpenDirectory. (boolean value)
-#group_members_are_ids = false
-
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# Host to locate redis. (string value)
-#host = 127.0.0.1
-
-# Use this port to connect to redis host. (port value)
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
 # Minimum value: 0
-# Maximum value: 65535
-#port = 6379
-
-# Password for Redis server (optional). (string value)
-#password =
-
-# List of Redis Sentinel hosts (fault tolerance mode) e.g.
-# [host:port, host1:port ... ] (list value)
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 500
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations (integer value)
-#socket_timeout = 1000
-
-
-[memcache]
-
-#
-# From keystone
-#
-
-# Memcache servers in the format of "host:port". (list value)
-#servers = localhost:11211
-
-# Number of seconds memcached server is considered dead before it is tried
-# again. This is used by the key value store system (e.g. token pooled
-# memcached persistence backend). (integer value)
-#dead_retry = 300
-
-# Timeout in seconds for every call to a server. This is used by the key value
-# store system (e.g. token pooled memcached persistence backend). (integer
-# value)
-#socket_timeout = 3
-
-# Max total number of open connections to every memcached server. This is used
-# by the key value store system (e.g. token pooled memcached persistence
-# backend). (integer value)
-#pool_maxsize = 10
-
-# Number of seconds a connection to memcached is held unused in the pool before
-# it is closed. This is used by the key value store system (e.g. token pooled
-# memcached persistence backend). (integer value)
-#pool_unused_timeout = 60
-
-# Number of seconds that an operation will wait to get a memcache client
-# connection. This is used by the key value store system (e.g. token pooled
-# memcached persistence backend). (integer value)
-#pool_connection_get_timeout = 10
-
-
-[oauth1]
-
-#
-# From keystone
-#
-
-# Entrypoint for the OAuth backend driver in the keystone.oauth1 namespace.
-# (string value)
-#driver = sql
-
-# Duration (in seconds) for the OAuth Request Token. (integer value)
-#request_token_duration = 28800
-
-# Duration (in seconds) for the OAuth Access Token. (integer value)
-#access_token_duration = 86400
-
-
-[os_inherit]
-
-#
-# From keystone
-#
-
-# role-assignment inheritance to projects from owning domain or from projects
-# higher in the hierarchy can be optionally disabled. In the future, this
-# option will be removed and the hierarchy will be always enabled. (boolean
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to enable the OS-INHERIT extension has been deprecated in
-# the M release and will be removed in the O release. The OS-INHERIT extension
-# will be enabled by default.
-#enabled = true
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry = 0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy'   - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic'  - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
 
 # address prefix used when sending to a specific server (string value)
 # Deprecated group/name - [amqp1]/server_request_prefix
@@ -1332,57 +1728,113 @@
 # Deprecated group/name - [amqp1]/group_request_prefix
 #group_request_prefix = unicast
 
-# Name for the AMQP container (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file to verify server certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Identifying certificate PEM file to present to clients (string value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign cert_file certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-
+# robin fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify'   - Send Notifications pre-settled
+#  (multi valued)
+#pre_settled = rpc-cast
+#pre_settled = rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host = localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port = 9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes = 1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout = 1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size = 10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group = oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating
+# point value)
+#producer_batch_timeout = 0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size = 16384
 
 
 [oslo_messaging_notifications]
@@ -1395,6 +1847,7 @@
 # messaging, messagingv2, routing, log, test, noop (multi valued)
 # Deprecated group/name - [DEFAULT]/notification_driver
 #driver =
+driver=messagingv2
 
 # A URL representing the messaging driver to use for notifications. If not set,
 # we fall back to the same configuration used for RPC. (string value)
@@ -1446,12 +1899,12 @@
 #kombu_reconnect_delay = 1.0
 
 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may notbe available in future versions. (string value)
+# be used. This option may not be available in future versions. (string value)
 #kombu_compression = <None>
 
-# How long to wait a missing client beforce abandoning to send it its replies.
+# How long to wait a missing client before abandoning to send it its replies.
 # This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
 #kombu_missing_consumer_retry_timeout = 60
 
 # Determines how the next RabbitMQ node is chosen in case the one we are
@@ -1460,38 +1913,59 @@
 # Allowed values: round-robin, shuffle
 #kombu_failover_strategy = round-robin
 
-# The RabbitMQ broker address where a single node is used. (string value)
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (port value)
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_port = 5672
 
-# RabbitMQ HA cluster host:port pairs. (list value)
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_hosts = $rabbit_host:$rabbit_port
 
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl = false
 
-# The RabbitMQ userid. (string value)
+# DEPRECATED: The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_userid = guest
 
-# The RabbitMQ password. (string value)
+# DEPRECATED: The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
 # Deprecated group/name - [DEFAULT]/rabbit_login_method
 #rabbit_login_method = AMQPLAIN
 
-# The RabbitMQ virtual host. (string value)
+# DEPRECATED: The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_virtual_host = /
 
 # How frequently to retry connecting with RabbitMQ. (integer value)
@@ -1506,15 +1980,17 @@
 # (integer value)
 #rabbit_interval_max = 30
 
-# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry
-# count). (integer value)
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
 #rabbit_max_retries = 0
 
 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
 # option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
 # is no longer controlled by the x-ha-policy argument when declaring a queue.
-# If you just want to make sure that all queues (except  those with auto-
+# If you just want to make sure that all queues (except those with auto-
 # generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
 # HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
@@ -1534,10 +2010,12 @@
 # heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
 # value)
 #heartbeat_timeout_threshold = 60
+heartbeat_timeout_threshold = 0
 
 # How often times during the heartbeat_timeout_threshold we check the
 # heartbeat. (integer value)
 #heartbeat_rate = 2
+heartbeat_rate = 2
 
 # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
 # Deprecated group/name - [DEFAULT]/fake_rabbit
@@ -1550,7 +2028,7 @@
 #frame_max = <None>
 
 # How often to send heartbeats for consumer's connections (integer value)
-#heartbeat_interval = 1
+#heartbeat_interval = 3
 
 # Enable SSL (boolean value)
 #ssl = <None>
@@ -1569,8 +2047,12 @@
 # point value)
 #host_connection_reconnect_delay = 0.25
 
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
 # Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 10
+#pool_max_size = 30
 
 # Maximum number of connections to create above `pool_max_size`. (integer
 # value)
@@ -1589,10 +2071,15 @@
 # (integer value)
 #pool_stale = 60
 
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type = json
+
 # Persist notification messages. (boolean value)
 #notification_persistence = false
 
-# Exchange name for for sending notifications (string value)
+# Exchange name for sending notifications (string value)
 #default_notification_exchange = ${control_exchange}_notification
 
 # Max number of not acknowledged message which RabbitMQ can send to
@@ -1634,7 +2121,7 @@
 
 # Reconnecting retry count in case of connectivity problem during sending RPC
 # message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
-# request could be processed more then one time (integer value)
+# request could be processed more than one time (integer value)
 #default_rpc_retry_attempts = -1
 
 # Reconnecting retry delay in case of connectivity problem during sending RPC
@@ -1642,6 +2129,167 @@
 #rpc_retry_delay = 0.25
 
 
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
 [oslo_middleware]
 
 #
@@ -1651,15 +2299,19 @@
 # The maximum body size for each  request, in bytes. (integer value)
 # Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
 # Deprecated group/name - [DEFAULT]/max_request_body_size
-#max_request_body_size = 114688
-
-# The HTTP Header that will be used to determine what the original request
-# protocol scheme was, even if it was hidden by an SSL termination proxy.
-# (string value)
+max_request_body_size= 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by a SSL termination
+# proxy. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #secure_proxy_ssl_header = X-Forwarded-Proto
 
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+
 
 [oslo_policy]
 
@@ -1667,7 +2319,7 @@
 # From oslo.policy
 #
 
-# The JSON file that defines policies. (string value)
+# The file that defines policies. (string value)
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
 
@@ -1690,8 +2342,10 @@
 # From keystone
 #
 
-# Name of the paste configuration file that defines the available pipelines.
-# (string value)
+# Name of (or absolute path to) the Paste Deploy configuration file that
+# composes middleware and the keystone application itself into actual WSGI
+# entry points. See http://pythonpaste.org/deploy/ for additional documentation
+# on the file's format. (string value)
 #config_file = keystone-paste.ini
 
 
@@ -1701,33 +2355,134 @@
 # From keystone
 #
 
-# Entrypoint for the policy backend driver in the keystone.policy namespace.
-# Supplied drivers are rules and sql. (string value)
+# Entry point for the policy backend driver in the `keystone.policy` namespace.
+# Supplied drivers are `rules` (which does not support any CRUD operations for
+# the v3 policy API) and `sql`. Typically, there is no reason to set this
+# option unless you are providing a custom entry point. (string value)
 #driver = sql
+driver = keystone.policy.backends.sql.Policy
 
 # Maximum number of entities that will be returned in a policy collection.
 # (integer value)
 #list_limit = <None>
 
 
+[profiler]
+
+#
+# From osprofiler
+#
+
+#
+# Enables the profiling for all services on this node. Default value is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via this
+# project
+# operations. If the profiling is triggered by another project, this project
+# part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
+#enabled = false
+
+#
+# Enables SQL requests profiling in services. Default value is False (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only shown on a
+# higher level of operations. Single SQL queries cannot be analyzed this
+# way.
+#  (boolean value)
+#trace_sqlalchemy = false
+
+#
+# Secret key(s) to use for encrypting context data for performance profiling.
+# This string value should have the following format:
+# <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the profiling via
+# the REST API has to set one of these keys in the headers of the REST API call
+# to include profiling results of this node for this particular project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to enable
+# profiling. Also, to generate correct profiling information across all
+# services
+# at least one key needs to be consistent between OpenStack projects. This
+# ensures it can be used from client side to generate the trace, containing
+# information from all possible resources. (string value)
+#hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+# * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications.
+# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending
+# notifications.
+#  (string value)
+#connection_string = messaging://
+
+#
+# Document type for notification indexing in elasticsearch.
+#  (string value)
+#es_doc_type = notification
+
+#
+# This parameter is a time value parameter (for example: es_scroll_time=2m),
+# indicating for how long the nodes that participate in the search will
+# maintain
+# relevant resources in order to continue and support it.
+#  (string value)
+#es_scroll_time = 2m
+
+#
+# Elasticsearch splits large requests in batches. This parameter defines
+# maximum size of each batch (for example: es_scroll_size=10000).
+#  (integer value)
+#es_scroll_size = 10000
+
+#
+# Redissentinel provides a timeout option on the connections.
+# This parameter defines that timeout (for example: socket_timeout=0.1).
+#  (floating point value)
+#socket_timeout = 0.1
+
+#
+# Redissentinel uses a service name to identify a master redis service.
+# This parameter defines the name (for example:
+# sentinal_service_name=mymaster).
+#  (string value)
+#sentinel_service_name = mymaster
+
+
 [resource]
 
 #
 # From keystone
 #
 
-# Entrypoint for the resource backend driver in the keystone.resource
-# namespace. Only an SQL driver is supplied. If a resource driver is not
-# specified, the assignment driver will choose the resource driver. (string
-# value)
-#driver = <None>
+# Entry point for the resource driver in the `keystone.resource` namespace.
+# Only a `sql` driver is supplied by keystone. Unless you are writing
+# proprietary drivers for keystone, you do not need to set this option. (string
+# value)
+#driver = sql
 
 # Toggle for resource caching. This has no effect unless global caching is
 # enabled. (boolean value)
 # Deprecated group/name - [assignment]/caching
 #caching = true
 
-# TTL (in seconds) to cache resource data. This has no effect unless global
+# Time to cache resource data in seconds. This has no effect unless global
 # caching is enabled. (integer value)
 # Deprecated group/name - [assignment]/cache_time
 #cache_time = <None>
@@ -1737,28 +2492,34 @@
 # Deprecated group/name - [assignment]/list_limit
 #list_limit = <None>
 
-# Name of the domain that owns the `admin_project_name`. Defaults to None.
-# (string value)
+# Name of the domain that owns the `admin_project_name`. If left unset, then
+# there is no admin project. `[resource] admin_project_name` must also be set
+# to use this option. (string value)
 #admin_project_domain_name = <None>
 
-# Special project for performing administrative operations on remote services.
-# Tokens scoped to this project will contain the key/value
-# `is_admin_project=true`. Defaults to None. (string value)
+# This is a special project which represents cloud-level administrator
+# privileges across services. Tokens scoped to this project will contain a true
+# `is_admin_project` attribute to indicate to policy systems that the role
+# assignments on that specific project should apply equally across every
+# project. If left unset, then there is no admin project, and thus no explicit
+# means of cross-project role assignments. `[resource]
+# admin_project_domain_name` must also be set to use this option. (string
+# value)
 #admin_project_name = <None>
 
-# Whether the names of projects are restricted from containing url reserved
-# characters. If set to new, attempts to create or update a project with a url
-# unsafe name will return an error. In addition, if set to strict, attempts to
-# scope a token using an unsafe project name will return an error. (string
-# value)
+# This controls whether the names of projects are restricted from containing
+# URL-reserved characters. If set to `new`, attempts to create or update a
+# project with a URL-unsafe name will fail. If set to `strict`, attempts to
+# scope a token with a URL-unsafe project name will fail, thereby forcing all
+# project names to be updated to be URL-safe. (string value)
 # Allowed values: off, new, strict
 #project_name_url_safe = off
 
-# Whether the names of domains are restricted from containing url reserved
-# characters. If set to new, attempts to create or update a domain with a url
-# unsafe name will return an error. In addition, if set to strict, attempts to
-# scope a token using a domain name which is unsafe will return an error.
-# (string value)
+# This controls whether the names of domains are restricted from containing
+# URL-reserved characters. If set to `new`, attempts to create or update a
+# domain with a URL-unsafe name will fail. If set to `strict`, attempts to
+# scope a token with a URL-unsafe domain name will fail, thereby forcing all
+# domain names to be updated to be URL-safe. (string value)
 # Allowed values: off, new, strict
 #domain_name_url_safe = off
 
@@ -1769,13 +2530,14 @@
 # From keystone
 #
 
-# Entrypoint for an implementation of the backend for persisting revocation
-# events in the keystone.revoke namespace. Supplied drivers are kvs and sql.
-# (string value)
+# Entry point for the token revocation backend driver in the `keystone.revoke`
+# namespace. Keystone only provides a `sql` driver, so there is no reason to
+# set this option unless you are providing a custom entry point. (string value)
 #driver = sql
 
-# This value (calculated in seconds) is added to token expiration before a
-# revocation event may be removed from the backend. (integer value)
+# The number of seconds after a token has expired before a corresponding
+# revocation event may be purged from the backend. (integer value)
+# Minimum value: 0
 #expiration_buffer = 1800
 
 # Toggle for revocation event caching. This has no effect unless global caching
@@ -1783,8 +2545,8 @@
 #caching = true
 
 # Time to cache the revocation list and the revocation events (in seconds).
-# This has no effect unless global and token caching are enabled. (integer
-# value)
+# This has no effect unless global and `[revoke] caching` are both enabled.
+# (integer value)
 # Deprecated group/name - [token]/revocation_cache_time
 #cache_time = 3600
 
@@ -1795,302 +2557,441 @@
 # From keystone
 #
 
-# Entrypoint for the role backend driver in the keystone.role namespace.
-# Supplied drivers are ldap and sql. (string value)
+# Entry point for the role backend driver in the `keystone.role` namespace.
+# Keystone only provides a `sql` driver, so there's no reason to change this
+# unless you are providing a custom entry point. (string value)
 #driver = <None>
 
 # Toggle for role caching. This has no effect unless global caching is enabled.
-# (boolean value)
+# In a typical deployment, there is no reason to disable this. (boolean value)
 #caching = true
 
-# TTL (in seconds) to cache role data. This has no effect unless global caching
-# is enabled. (integer value)
+# Time to cache role data, in seconds. This has no effect unless both global
+# caching and `[role] caching` are enabled. (integer value)
 #cache_time = <None>
 
-# Maximum number of entities that will be returned in a role collection.
+# Maximum number of entities that will be returned in a role collection. This
+# may be useful to tune if you have a large number of discrete roles in your
+# deployment. (integer value)
+#list_limit = <None>
+
+
+[saml]
+
+#
+# From keystone
+#
+
+# Determines the lifetime for any SAML assertions generated by keystone, using
+# `NotOnOrAfter` attributes. (integer value)
+#assertion_expiration_time = 3600
+
+# Name of, or absolute path to, the binary to be used for XML signing. Although
+# only the XML Security Library (`xmlsec1`) is supported, it may have a non-
+# standard name or path on your system. If keystone cannot find the binary
+# itself, you may need to install the appropriate package, use this option to
+# specify an absolute path, or adjust keystone's PATH environment variable.
+# (string value)
+#xmlsec1_binary = xmlsec1
+
+# Absolute path to the public certificate file to use for SAML signing. The
+# value cannot contain a comma (`,`). (string value)
+#certfile = /etc/keystone/ssl/certs/signing_cert.pem
+
+# Absolute path to the private key file to use for SAML signing. The value
+# cannot contain a comma (`,`). (string value)
+#keyfile = /etc/keystone/ssl/private/signing_key.pem
+
+# This is the unique entity identifier of the identity provider (keystone) to
+# use when generating SAML assertions. This value is required to generate
+# identity provider metadata and must be a URI (a URL is recommended). For
+# example: `https://keystone.example.com/v3/OS-FEDERATION/saml2/idp`. (uri
+# value)
+#idp_entity_id = <None>
+
+# This is the single sign-on (SSO) service location of the identity provider
+# which accepts HTTP POST requests. A value is required to generate identity
+# provider metadata. For example: `https://keystone.example.com/v3/OS-
+# FEDERATION/saml2/sso`. (uri value)
+#idp_sso_endpoint = <None>
+
+# This is the language used by the identity provider's organization. (string
+# value)
+#idp_lang = en
+
+# This is the name of the identity provider's organization. (string value)
+#idp_organization_name = SAML Identity Provider
+
+# This is the name of the identity provider's organization to be displayed.
+# (string value)
+#idp_organization_display_name = OpenStack SAML Identity Provider
+
+# This is the URL of the identity provider's organization. The URL referenced
+# here should be useful to humans. (uri value)
+#idp_organization_url = https://example.com/
+
+# This is the company name of the identity provider's contact person. (string
+# value)
+#idp_contact_company = Example, Inc.
+
+# This is the given name of the identity provider's contact person. (string
+# value)
+#idp_contact_name = SAML Identity Provider Support
+
+# This is the surname of the identity provider's contact person. (string value)
+#idp_contact_surname = Support
+
+# This is the email address of the identity provider's contact person. (string
+# value)
+#idp_contact_email = support@example.com
+
+# This is the telephone number of the identity provider's contact person.
+# (string value)
+#idp_contact_telephone = +1 800 555 0100
+
+# This is the type of contact that best describes the identity provider's
+# contact person. (string value)
+# Allowed values: technical, support, administrative, billing, other
+#idp_contact_type = other
+
+# Absolute path to the identity provider metadata file. This file should be
+# generated with the `keystone-manage saml_idp_metadata` command. There is
+# typically no reason to change this value. (string value)
+#idp_metadata_path = /etc/keystone/saml2_idp_metadata.xml
+
+# The prefix of the RelayState SAML attribute to use when generating enhanced
+# client and proxy (ECP) assertions. In a typical deployment, there is no
+# reason to change this value. (string value)
+#relay_state_prefix = ss:mem:
+
+
+[security_compliance]
+
+#
+# From keystone
+#
+
+# The maximum number of days a user can go without authenticating before being
+# considered "inactive" and automatically disabled (locked). This feature is
+# disabled by default; set any value to enable it. This feature depends on the
+# `sql` backend for the `[identity] driver`. When a user exceeds this threshold
+# and is considered "inactive", the user's `enabled` attribute in the HTTP API
+# may not match the value of the user's `enabled` column in the user table.
 # (integer value)
-#list_limit = <None>
-
-
-[saml]
+# Minimum value: 1
+#disable_user_account_days_inactive = <None>
+
+# The maximum number of times that a user can fail to authenticate before the
+# user account is locked for the number of seconds specified by
+# `[security_compliance] lockout_duration`. This feature is disabled by
+# default. If this feature is enabled and `[security_compliance]
+# lockout_duration` is not set, then users may be locked out indefinitely until
+# the user is explicitly enabled via the API. This feature depends on the `sql`
+# backend for the `[identity] driver`. (integer value)
+# Minimum value: 1
+#lockout_failure_attempts = <None>
+
+# The number of seconds a user account will be locked when the maximum number
+# of failed authentication attempts (as specified by `[security_compliance]
+# lockout_failure_attempts`) is exceeded. Setting this option will have no
+# effect unless you also set `[security_compliance] lockout_failure_attempts`
+# to a non-zero value. This feature depends on the `sql` backend for the
+# `[identity] driver`. (integer value)
+# Minimum value: 1
+#lockout_duration = 1800
+
+# The number of days for which a password will be considered valid before
+# requiring it to be changed. This feature is disabled by default. If enabled,
+# new password changes will have an expiration date, however existing passwords
+# would not be impacted. This feature depends on the `sql` backend for the
+# `[identity] driver`. (integer value)
+# Minimum value: 1
+#password_expires_days = <None>
+
+# DEPRECATED: Comma separated list of user IDs to be ignored when checking if a
+# password is expired. Passwords for users in this list will not expire. This
+# feature will only be enabled if `[security_compliance] password_expires_days`
+# is set. (list value)
+# This option is deprecated for removal since O.
+# Its value may be silently ignored in the future.
+# Reason: Functionality added as a per-user option "ignore_password_expiry" in
+# Ocata. Each user that should ignore password expiry should have the value set
+# to "true" in the user's `options` attribute (e.g.
+# `user['options']['ignore_password_expiry'] = True`) with an "update_user"
+# call. This avoids the need to restart keystone to adjust the users that
+# ignore password expiry. This option will be removed in the Pike release.
+#password_expires_ignore_user_ids =
+
+# This controls the number of previous user password iterations to keep in
+# history, in order to enforce that newly created passwords are unique. Setting
+# the value to one (the default) disables this feature. Thus, to enable this
+# feature, values must be greater than 1. This feature depends on the `sql`
+# backend for the `[identity] driver`. (integer value)
+# Minimum value: 1
+#unique_last_password_count = 1
+
+# The number of days that a password must be used before the user can change
+# it. This prevents users from changing their passwords immediately in order to
+# wipe out their password history and reuse an old password. This feature does
+# not prevent administrators from manually resetting passwords. It is disabled
+# by default and allows for immediate password changes. This feature depends on
+# the `sql` backend for the `[identity] driver`. Note: If
+# `[security_compliance] password_expires_days` is set, then the value for this
+# option should be less than the `password_expires_days`. (integer value)
+# Minimum value: 0
+#minimum_password_age = 0
+
+# The regular expression used to validate password strength requirements. By
+# default, the regular expression will match any password. The following is an
+# example of a pattern which requires at least 1 letter, 1 digit, and have a
+# minimum length of 7 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ This feature
+# depends on the `sql` backend for the `[identity] driver`. (string value)
+#password_regex = <None>
+
+# Describe your password regular expression here in language for humans. If a
+# password fails to match the regular expression, the contents of this
+# configuration variable will be returned to users to explain why their
+# requested password was insufficient. (string value)
+#password_regex_description = <None>
+
+# Enabling this option requires users to change their password when the user is
+# created, or upon administrative reset. Before accessing any services,
+# affected users will have to change their password. To ignore this requirement
+# for specific users, such as service users, set the `options` attribute
+# `ignore_change_password_upon_first_use` to `True` for the desired user via
+# the update user API. This feature is disabled by default. This feature is
+# only applicable with the `sql` backend for the `[identity] driver`. (boolean
+# value)
+#change_password_upon_first_use = false
+
+
+[shadow_users]
 
 #
 # From keystone
 #
 
-# Default TTL, in seconds, for any generated SAML assertion created by
-# Keystone. (integer value)
-#assertion_expiration_time = 3600
-
-# Binary to be called for XML signing. Install the appropriate package, specify
-# absolute path or adjust your PATH environment variable if the binary cannot
-# be found. (string value)
-#xmlsec1_binary = xmlsec1
-
-# Path of the certfile for SAML signing. For non-production environments, you
-# may be interested in using `keystone-manage pki_setup` to generate self-
-# signed certificates. Note, the path cannot contain a comma. (string value)
+# Entry point for the shadow users backend driver in the
+# `keystone.identity.shadow_users` namespace. This driver is used for
+# persisting local user references to externally-managed identities (via
+# federation, LDAP, etc). Keystone only provides a `sql` driver, so there is no
+# reason to change this option unless you are providing a custom entry point.
+# (string value)
+#driver = sql
+
+
+[signing]
+
+#
+# From keystone
+#
+
+# Absolute path to the public certificate file to use for signing responses to
+# revocation lists requests. Set this together with `[signing] keyfile`. For
+# non-production environments, you may be interested in using `keystone-manage
+# pki_setup` to generate self-signed certificates. (string value)
 #certfile = /etc/keystone/ssl/certs/signing_cert.pem
 
-# Path of the keyfile for SAML signing. Note, the path cannot contain a comma.
+# Absolute path to the private key file to use for signing responses to
+# revocation lists requests. Set this together with `[signing] certfile`.
 # (string value)
 #keyfile = /etc/keystone/ssl/private/signing_key.pem
 
-# Entity ID value for unique Identity Provider identification. Usually FQDN is
-# set with a suffix. A value is required to generate IDP Metadata. For example:
-# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp (string value)
-#idp_entity_id = <None>
-
-# Identity Provider Single-Sign-On service value, required in the Identity
-# Provider's metadata. A value is required to generate IDP Metadata. For
-# example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso (string
-# value)
-#idp_sso_endpoint = <None>
-
-# Language used by the organization. (string value)
-#idp_lang = en
-
-# Organization name the installation belongs to. (string value)
-#idp_organization_name = <None>
-
-# Organization name to be displayed. (string value)
-#idp_organization_display_name = <None>
-
-# URL of the organization. (string value)
-#idp_organization_url = <None>
-
-# Company of contact person. (string value)
-#idp_contact_company = <None>
-
-# Given name of contact person (string value)
-#idp_contact_name = <None>
-
-# Surname of contact person. (string value)
-#idp_contact_surname = <None>
-
-# Email address of contact person. (string value)
-#idp_contact_email = <None>
-
-# Telephone number of contact person. (string value)
-#idp_contact_telephone = <None>
-
-# The contact type describing the main point of contact for the identity
-# provider. (string value)
-# Allowed values: technical, support, administrative, billing, other
-#idp_contact_type = other
-
-# Path to the Identity Provider Metadata file. This file should be generated
-# with the keystone-manage saml_idp_metadata command. (string value)
-#idp_metadata_path = /etc/keystone/saml2_idp_metadata.xml
-
-# The prefix to use for the RelayState SAML attribute, used when generating ECP
-# wrapped assertions. (string value)
-#relay_state_prefix = ss:mem:
-
-
-[shadow_users]
+# Absolute path to the public certificate authority (CA) file to use when
+# creating self-signed certificates with `keystone-manage pki_setup`. Set this
+# together with `[signing] ca_key`. There is no reason to set this option
+# unless you are requesting revocation lists in a non-production environment.
+# Use a `[signing] certfile` issued from a trusted certificate authority
+# instead. (string value)
+#ca_certs = /etc/keystone/ssl/certs/ca.pem
+
+# Absolute path to the private certificate authority (CA) key file to use when
+# creating self-signed certificates with `keystone-manage pki_setup`. Set this
+# together with `[signing] ca_certs`. There is no reason to set this option
+# unless you are requesting revocation lists in a non-production environment.
+# Use a `[signing] certfile` issued from a trusted certificate authority
+# instead. (string value)
+#ca_key = /etc/keystone/ssl/private/cakey.pem
+
+# Key size (in bits) to use when generating a self-signed token signing
+# certificate. There is no reason to set this option unless you are requesting
+# revocation lists in a non-production environment. Use a `[signing] certfile`
+# issued from a trusted certificate authority instead. (integer value)
+# Minimum value: 1024
+#key_size = 2048
+
+# The validity period (in days) to use when generating a self-signed token
+# signing certificate. There is no reason to set this option unless you are
+# requesting revocation lists in a non-production environment. Use a `[signing]
+# certfile` issued from a trusted certificate authority instead. (integer
+# value)
+#valid_days = 3650
+
+# The certificate subject to use when generating a self-signed token signing
+# certificate. There is no reason to set this option unless you are requesting
+# revocation lists in a non-production environment. Use a `[signing] certfile`
+# issued from a trusted certificate authority instead. (string value)
+#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
+
+
+[token]
 
 #
 # From keystone
 #
 
-# Entrypoint for the shadow users backend driver in the
-# keystone.identity.shadow_users namespace. (string value)
+# This is a list of external authentication mechanisms which should add token
+# binding metadata to tokens, such as `kerberos` or `x509`. Binding metadata is
+# enforced according to the `[token] enforce_token_bind` option. (list value)
+#bind =
+
+# This controls the token binding enforcement policy on tokens presented to
+# keystone with token binding metadata (as specified by the `[token] bind`
+# option). `disabled` completely bypasses token binding validation.
+# `permissive` and `strict` do not require tokens to have binding metadata (but
+# will validate it if present), whereas `required` will always demand tokens to
+# having binding metadata. `permissive` will allow unsupported binding metadata
+# to pass through without validation (usually to be validated at another time
+# by another component), whereas `strict` and `required` will demand that the
+# included binding metadata be supported by keystone. (string value)
+# Allowed values: disabled, permissive, strict, required
+#enforce_token_bind = permissive
+
+# The amount of time that a token should remain valid (in seconds). Drastically
+# reducing this value may break "long-running" operations that involve multiple
+# services to coordinate together, and will force users to authenticate with
+# keystone more frequently. Drastically increasing this value will increase
+# load on the `[token] driver`, as more tokens will be simultaneously valid.
+# Keystone tokens are also bearer tokens, so a shorter duration will also
+# reduce the potential security impact of a compromised token. (integer value)
+# Minimum value: 0
+# Maximum value: 9223372036854775807
+#expiration = 3600
+expiration = 3600
+
+# Entry point for the token provider in the `keystone.token.provider`
+# namespace. The token provider controls the token construction, validation,
+# and revocation operations. Keystone includes `fernet` and `uuid` token
+# providers. `uuid` tokens must be persisted (using the backend specified in
+# the `[token] driver` option), but do not require any extra configuration or
+# setup. `fernet` tokens do not need to be persisted at all, but require that
+# you run `keystone-manage fernet_setup` (also see the `keystone-manage
+# fernet_rotate` command). (string value)
+#provider = fernet
+
+provider = keystone.token.providers.fernet.Provider
+
+
+# Entry point for the token persistence backend driver in the
+# `keystone.token.persistence` namespace. Keystone provides `kvs` and `sql`
+# drivers. The `kvs` backend depends on the configuration in the `[kvs]`
+# section. The `sql` option (default) depends on the options in your
+# `[database]` section. If you're using the `fernet` `[token] provider`, this
+# backend will not be utilized to persist tokens at all. (string value)
 #driver = sql
-
-
-[signing]
+driver = keystone.token.persistence.backends.memcache_pool.Token
+
+# Toggle for caching token creation and validation data. This has no effect
+# unless global caching is enabled. (boolean value)
+#caching = true
+caching = false
+
+# The number of seconds to cache token creation and validation data. This has
+# no effect unless both global and `[token] caching` are enabled. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 9223372036854775807
+#cache_time = <None>
+
+# This toggles support for revoking individual tokens by the token identifier
+# and thus various token enumeration operations (such as listing all tokens
+# issued to a specific user). These operations are used to determine the list
+# of tokens to consider revoked. Do not disable this option if you're using the
+# `kvs` `[revoke] driver`. (boolean value)
+#revoke_by_id = true
+revoke_by_id = False
+
+# This toggles whether scoped tokens may be be re-scoped to a new project or
+# domain, thereby preventing users from exchanging a scoped token (including
+# those with a default project scope) for any other token. This forces users to
+# either authenticate for unscoped tokens (and later exchange that unscoped
+# token for tokens with a more specific scope) or to provide their credentials
+# in every request for a scoped token to avoid re-scoping altogether. (boolean
+# value)
+#allow_rescope_scoped_token = true
+
+# This controls whether roles should be included with tokens that are not
+# directly assigned to the token's scope, but are instead linked implicitly to
+# other role assignments. (boolean value)
+#infer_roles = true
+
+# Enable storing issued token data to token validation cache so that first
+# token validation doesn't actually cause full validation cycle. This option
+# has no effect unless global caching and token caching are enabled. (boolean
+# value)
+#cache_on_issue = true
+
+# This controls the number of seconds that a token can be retrieved for beyond
+# the built-in expiry time. This allows long running operations to succeed.
+# Defaults to two days. (integer value)
+#allow_expired_window = 172800
+
+hash_algorithm = sha256
+
+[tokenless_auth]
 
 #
 # From keystone
 #
 
-# Path of the certfile for token signing. For non-production environments, you
-# may be interested in using `keystone-manage pki_setup` to generate self-
-# signed certificates. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#certfile = /etc/keystone/ssl/certs/signing_cert.pem
-
-# Path of the keyfile for token signing. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#keyfile = /etc/keystone/ssl/private/signing_key.pem
-
-# Path of the CA for token signing. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#ca_certs = /etc/keystone/ssl/certs/ca.pem
-
-# Path of the CA key for token signing. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#ca_key = /etc/keystone/ssl/private/cakey.pem
-
-# Key size (in bits) for token signing cert (auto generated certificate).
-# (integer value)
-# Minimum value: 1024
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#key_size = 2048
-
-# Days the token signing cert is valid for (auto generated certificate).
-# (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#valid_days = 3650
-
-# Certificate subject (auto generated certificate) for token signing. (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
-
-
-[ssl]
+# The list of distinguished names which identify trusted issuers of client
+# certificates allowed to use X.509 tokenless authorization. If the option is
+# absent then no certificates will be allowed. The format for the values of a
+# distinguished name (DN) must be separated by a comma and contain no spaces.
+# Furthermore, because an individual DN may contain commas, this configuration
+# option may be repeated multiple times to represent multiple values. For
+# example, keystone.conf would include two consecutive lines in order to trust
+# two different DNs, such as `trusted_issuer = CN=john,OU=keystone,O=openstack`
+# and `trusted_issuer = CN=mary,OU=eng,O=abc`. (multi valued)
+#trusted_issuer =
+
+# The federated protocol ID used to represent X.509 tokenless authorization.
+# This is used in combination with the value of `[tokenless_auth]
+# issuer_attribute` to find a corresponding federated mapping. In a typical
+# deployment, there is no reason to change this value. (string value)
+#protocol = x509
+
+# The name of the WSGI environment variable used to pass the issuer of the
+# client certificate to keystone. This attribute is used as an identity
+# provider ID for the X.509 tokenless authorization along with the protocol to
+# look up its corresponding mapping. In a typical deployment, there is no
+# reason to change this value. (string value)
+#issuer_attribute = SSL_CLIENT_I_DN
+
+
+[trust]
 
 #
 # From keystone
 #
 
-# Path of the CA key file for SSL. (string value)
-#ca_key = /etc/keystone/ssl/private/cakey.pem
-
-# SSL key length (in bits) (auto generated certificate). (integer value)
-# Minimum value: 1024
-#key_size = 1024
-
-# Days the certificate is valid for once signed (auto generated certificate).
-# (integer value)
-#valid_days = 3650
-
-# SSL certificate subject (auto generated certificate). (string value)
-#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost
-
-
-[token]
-
-#
-# From keystone
-#
-
-# External auth mechanisms that should add bind information to token, e.g.,
-# kerberos,x509. (list value)
-#bind =
-
-# Enforcement policy on tokens presented to Keystone with bind information. One
-# of disabled, permissive, strict, required or a specifically required bind
-# mode, e.g., kerberos or x509 to require binding to that authentication.
-# (string value)
-#enforce_token_bind = permissive
-
-# Amount of time a token should remain valid (in seconds). (integer value)
-#expiration = 3600
-
-# Controls the token construction, validation, and revocation operations.
-# Entrypoint in the keystone.token.provider namespace. Core providers are
-# [fernet|pkiz|pki|uuid]. (string value)
-#provider = uuid
-
-# Entrypoint for the token persistence backend driver in the
-# keystone.token.persistence namespace. Supplied drivers are kvs, memcache,
-# memcache_pool, and sql. (string value)
+# Delegation and impersonation features using trusts can be optionally
+# disabled. (boolean value)
+#enabled = true
+
+# Allows authorization to be redelegated from one user to another, effectively
+# chaining trusts together. When disabled, the `remaining_uses` attribute of a
+# trust is constrained to be zero. (boolean value)
+#allow_redelegation = false
+
+# Maximum number of times that authorization can be redelegated from one user
+# to another in a chain of trusts. This number may be reduced further for a
+# specific trust. (integer value)
+#max_redelegation_count = 3
+
+# Entry point for the trust backend driver in the `keystone.trust` namespace.
+# Keystone only provides a `sql` driver, so there is no reason to change this
+# unless you are providing a custom entry point. (string value)
 #driver = sql
-
-# Toggle for token system caching. This has no effect unless global caching is
-# enabled. (boolean value)
-#caching = true
-
-# Time to cache tokens (in seconds). This has no effect unless global and token
-# caching are enabled. (integer value)
-#cache_time = <None>
-
-# Revoke token by token identifier. Setting revoke_by_id to true enables
-# various forms of enumerating tokens, e.g. `list tokens for user`. These
-# enumerations are processed to determine the list of tokens to revoke. Only
-# disable if you are switching to using the Revoke extension with a backend
-# other than KVS, which stores events in memory. (boolean value)
-#revoke_by_id = true
-
-# Allow rescoping of scoped token. Setting allow_rescoped_scoped_token to false
-# prevents a user from exchanging a scoped token for any other token. (boolean
-# value)
-#allow_rescope_scoped_token = true
-
-# The hash algorithm to use for PKI tokens. This can be set to any algorithm
-# that hashlib supports. WARNING: Before changing this value, the auth_token
-# middleware must be configured with the hash_algorithms, otherwise token
-# revocation will not be processed correctly. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: PKI token support has been deprecated in the M release and will be
-# removed in the O release. Fernet or UUID tokens are recommended.
-#hash_algorithm = md5
-
-# Add roles to token that are not explicitly added, but that are linked
-# implicitly to other roles. (boolean value)
-#infer_roles = true
-
-
-[tokenless_auth]
-
-#
-# From keystone
-#
-
-# The list of trusted issuers to further filter the certificates that are
-# allowed to participate in the X.509 tokenless authorization. If the option is
-# absent then no certificates will be allowed. The naming format for the
-# attributes of a Distinguished Name(DN) must be separated by a comma and
-# contain no spaces. This configuration option may be repeated for multiple
-# values. For example: trusted_issuer=CN=john,OU=keystone,O=openstack
-# trusted_issuer=CN=mary,OU=eng,O=abc (multi valued)
-#trusted_issuer =
-
-# The protocol name for the X.509 tokenless authorization along with the option
-# issuer_attribute below can look up its corresponding mapping. (string value)
-#protocol = x509
-
-# The issuer attribute that is served as an IdP ID for the X.509 tokenless
-# authorization along with the protocol to look up its corresponding mapping.
-# It is the environment variable in the WSGI environment that references to the
-# issuer of the client certificate. (string value)
-#issuer_attribute = SSL_CLIENT_I_DN
-
-
-[trust]
-
-#
-# From keystone
-#
-
-# Delegation and impersonation features can be optionally disabled. (boolean
-# value)
-#enabled = true
-
-# Enable redelegation feature. (boolean value)
-#allow_redelegation = false
-
-# Maximum depth of trust redelegation. (integer value)
-#max_redelegation_count = 3
-
-# Entrypoint for the trust backend driver in the keystone.trust namespace.
-# (string value)
-#driver = sql
-
 [extra_headers]
 Distribution = Ubuntu

2017-09-28 11:13:03,267 [salt.state       ][INFO    ][22433] Completed state [/etc/keystone/keystone.conf] at time 11:13:03.267031 duration_in_ms=167.27
2017-09-28 11:13:03,267 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/sites-enabled/keystone.conf] at time 11:13:03.267212
2017-09-28 11:13:03,267 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/sites-enabled/keystone.conf
2017-09-28 11:13:03,268 [salt.state       ][INFO    ][22433] File /etc/apache2/sites-enabled/keystone.conf is not present
2017-09-28 11:13:03,268 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/sites-enabled/keystone.conf] at time 11:13:03.267746 duration_in_ms=0.534
2017-09-28 11:13:03,268 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/sites-enabled/wsgi-keystone.conf] at time 11:13:03.267890
2017-09-28 11:13:03,268 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/sites-enabled/wsgi-keystone.conf
2017-09-28 11:13:03,268 [salt.state       ][INFO    ][22433] File /etc/apache2/sites-enabled/wsgi-keystone.conf is not present
2017-09-28 11:13:03,268 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/sites-enabled/wsgi-keystone.conf] at time 11:13:03.268358 duration_in_ms=0.467
2017-09-28 11:13:03,269 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 11:13:03.268706
2017-09-28 11:13:03,269 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/apache2/sites-available/keystone_wsgi.conf
2017-09-28 11:13:03,287 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/files/apache.conf'
2017-09-28 11:13:03,303 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:13:03,327 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/files/ocata/wsgi-keystone.conf'
2017-09-28 11:13:03,372 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/_name.conf'
2017-09-28 11:13:03,390 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:13:03,417 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/_ssl.conf'
2017-09-28 11:13:03,435 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/_locations.conf'
2017-09-28 11:13:03,453 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'apache/files/_log.conf'
2017-09-28 11:13:03,460 [salt.state       ][INFO    ][22433] File changed:
New file
2017-09-28 11:13:03,460 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 11:13:03.460112 duration_in_ms=191.406
2017-09-28 11:13:03,461 [salt.state       ][INFO    ][22433] Running state [/etc/keystone/logging.conf] at time 11:13:03.460480
2017-09-28 11:13:03,461 [salt.state       ][INFO    ][22433] Executing state file.managed for /etc/keystone/logging.conf
2017-09-28 11:13:03,461 [salt.loaded.int.states.file][WARNING ][22433] State for file: /etc/keystone/logging.conf - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2017-09-28 11:13:03,461 [salt.state       ][INFO    ][22433] {'group': 'keystone', 'user': 'keystone'}
2017-09-28 11:13:03,461 [salt.state       ][INFO    ][22433] Completed state [/etc/keystone/logging.conf] at time 11:13:03.461452 duration_in_ms=0.972
2017-09-28 11:13:03,462 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 11:13:03.461750
2017-09-28 11:13:03,462 [salt.state       ][INFO    ][22433] Executing state file.symlink for /etc/apache2/sites-enabled/keystone_wsgi.conf
2017-09-28 11:13:03,463 [salt.state       ][INFO    ][22433] {'new': '/etc/apache2/sites-enabled/keystone_wsgi.conf'}
2017-09-28 11:13:03,463 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 11:13:03.462890 duration_in_ms=1.14
2017-09-28 11:13:03,466 [salt.state       ][INFO    ][22433] Running state [apache2] at time 11:13:03.465555
2017-09-28 11:13:03,466 [salt.state       ][INFO    ][22433] Executing state service.running for apache2
2017-09-28 11:13:03,466 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2017-09-28 11:13:03,480 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2017-09-28 11:13:03,492 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 11:13:03,505 [salt.state       ][INFO    ][22433] The service apache2 is already running
2017-09-28 11:13:03,506 [salt.state       ][INFO    ][22433] Completed state [apache2] at time 11:13:03.505572 duration_in_ms=40.014
2017-09-28 11:13:03,506 [salt.state       ][INFO    ][22433] Running state [apache2] at time 11:13:03.505757
2017-09-28 11:13:03,506 [salt.state       ][INFO    ][22433] Executing state service.mod_watch for apache2
2017-09-28 11:13:03,507 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2017-09-28 11:13:03,518 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 11:13:03,532 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'systemctl', 'reload', 'apache2.service'] in directory '/root'
2017-09-28 11:13:03,643 [salt.state       ][INFO    ][22433] {'apache2': True}
2017-09-28 11:13:03,645 [salt.state       ][INFO    ][22433] Completed state [apache2] at time 11:13:03.644510 duration_in_ms=138.75
2017-09-28 11:13:03,646 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/conf-enabled/security.conf] at time 11:13:03.645646
2017-09-28 11:13:03,648 [salt.state       ][INFO    ][22433] Executing state file.symlink for /etc/apache2/conf-enabled/security.conf
2017-09-28 11:13:03,650 [salt.state       ][INFO    ][22433] {'new': '/etc/apache2/conf-enabled/security.conf'}
2017-09-28 11:13:03,650 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/conf-enabled/security.conf] at time 11:13:03.650442 duration_in_ms=4.796
2017-09-28 11:13:03,651 [salt.state       ][INFO    ][22433] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 11:13:03.650848
2017-09-28 11:13:03,651 [salt.state       ][INFO    ][22433] Executing state file.absent for /etc/apache2/sites-enabled/keystone_wsgi
2017-09-28 11:13:03,652 [salt.state       ][INFO    ][22433] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2017-09-28 11:13:03,652 [salt.state       ][INFO    ][22433] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 11:13:03.651992 duration_in_ms=1.144
2017-09-28 11:13:03,653 [salt.state       ][INFO    ][22433] Running state [keystone] at time 11:13:03.652764
2017-09-28 11:13:03,653 [salt.state       ][INFO    ][22433] Executing state service.dead for keystone
2017-09-28 11:13:03,654 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'status', 'keystone.service', '-n', '0'] in directory '/root'
2017-09-28 11:13:03,671 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-active', 'keystone.service'] in directory '/root'
2017-09-28 11:13:03,684 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-enabled', 'keystone.service'] in directory '/root'
2017-09-28 11:13:03,696 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-enabled', 'keystone.service'] in directory '/root'
2017-09-28 11:13:03,710 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemd-run', '--scope', 'systemctl', 'disable', 'keystone.service'] in directory '/root'
2017-09-28 11:13:03,879 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command ['systemctl', 'is-enabled', 'keystone.service'] in directory '/root'
2017-09-28 11:13:03,894 [salt.state       ][INFO    ][22433] {'keystone': True}
2017-09-28 11:13:03,894 [salt.state       ][INFO    ][22433] Completed state [keystone] at time 11:13:03.894166 duration_in_ms=241.402
2017-09-28 11:13:03,895 [salt.state       ][INFO    ][22433] Running state [/root/keystonerc] at time 11:13:03.894757
2017-09-28 11:13:03,895 [salt.state       ][INFO    ][22433] Executing state file.managed for /root/keystonerc
2017-09-28 11:13:03,924 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/files/keystonerc'
2017-09-28 11:13:03,942 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:13:03,954 [salt.state       ][INFO    ][22433] File changed:
New file
2017-09-28 11:13:03,955 [salt.state       ][INFO    ][22433] Completed state [/root/keystonerc] at time 11:13:03.954650 duration_in_ms=59.892
2017-09-28 11:13:03,955 [salt.state       ][INFO    ][22433] Running state [/root/keystonercv3] at time 11:13:03.955051
2017-09-28 11:13:03,955 [salt.state       ][INFO    ][22433] Executing state file.managed for /root/keystonercv3
2017-09-28 11:13:03,972 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/files/keystonercv3'
2017-09-28 11:13:03,989 [salt.fileclient  ][INFO    ][22433] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:13:04,001 [salt.state       ][INFO    ][22433] File changed:
New file
2017-09-28 11:13:04,001 [salt.state       ][INFO    ][22433] Completed state [/root/keystonercv3] at time 11:13:04.000854 duration_in_ms=45.802
2017-09-28 11:13:04,002 [salt.state       ][INFO    ][22433] Running state [keystone-manage db_sync && sleep 1] at time 11:13:04.001642
2017-09-28 11:13:04,002 [salt.state       ][INFO    ][22433] Executing state cmd.run for keystone-manage db_sync && sleep 1
2017-09-28 11:13:04,002 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command 'keystone-manage db_sync && sleep 1' in directory '/root'
2017-09-28 11:13:04,579 [salt.loaded.int.module.cmdmod][ERROR   ][22433] Command 'keystone-manage db_sync && sleep 1' failed with return code: 1
2017-09-28 11:13:04,580 [salt.loaded.int.module.cmdmod][ERROR   ][22433] stderr: Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
2017-09-28 11:13:04.509 26966 CRITICAL keystone [-] KeyError: <VerNum(109)>
2017-09-28 11:13:04.509 26966 ERROR keystone Traceback (most recent call last):
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/bin/keystone-manage", line 10, in <module>
2017-09-28 11:13:04.509 26966 ERROR keystone     sys.exit(main())
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/manage.py", line 47, in main
2017-09-28 11:13:04.509 26966 ERROR keystone     cli.main(argv=sys.argv, config_files=config_files)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 1048, in main
2017-09-28 11:13:04.509 26966 ERROR keystone     CONF.command.cmd_class.main()
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 403, in main
2017-09-28 11:13:04.509 26966 ERROR keystone     migration_helpers.sync_database_to_version(extension, version)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 210, in sync_database_to_version
2017-09-28 11:13:04.509 26966 ERROR keystone     _sync_common_repo(version)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 136, in _sync_common_repo
2017-09-28 11:13:04.509 26966 ERROR keystone     init_version=init_version, sanity_check=False)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/migration.py", line 79, in db_sync
2017-09-28 11:13:04.509 26966 ERROR keystone     migration = versioning_api.upgrade(engine, repository, version)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 186, in upgrade
2017-09-28 11:13:04.509 26966 ERROR keystone     return _migrate(url, repository, version, upgrade=True, err=err, **opts)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "<decorator-gen-15>", line 2, in _migrate
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py", line 160, in with_engine
2017-09-28 11:13:04.509 26966 ERROR keystone     return f(*a, **kw)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 345, in _migrate
2017-09-28 11:13:04.509 26966 ERROR keystone     changeset = schema.changeset(version)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/schema.py", line 82, in changeset
2017-09-28 11:13:04.509 26966 ERROR keystone     changeset = self.repository.changeset(database, start_ver, version)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 225, in changeset
2017-09-28 11:13:04.509 26966 ERROR keystone     changes = [self.version(v).script(database, op) for v in versions]
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 189, in version
2017-09-28 11:13:04.509 26966 ERROR keystone     return self.versions.version(*p, **k)
2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/version.py", line 163, in version
2017-09-28 11:13:04.509 26966 ERROR keystone     return self.versions[VerNum(vernum)]
2017-09-28 11:13:04.509 26966 ERROR keystone KeyError: <VerNum(109)>
2017-09-28 11:13:04.509 26966 ERROR keystone
2017-09-28 11:13:04,580 [salt.loaded.int.module.cmdmod][ERROR   ][22433] retcode: 1
2017-09-28 11:13:04,580 [salt.state       ][ERROR   ][22433] {'pid': 26964, 'retcode': 1, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 11:13:04.509 26966 CRITICAL keystone [-] KeyError: <VerNum(109)>\n2017-09-28 11:13:04.509 26966 ERROR keystone Traceback (most recent call last):\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/bin/keystone-manage", line 10, in <module>\n2017-09-28 11:13:04.509 26966 ERROR keystone     sys.exit(main())\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/manage.py", line 47, in main\n2017-09-28 11:13:04.509 26966 ERROR keystone     cli.main(argv=sys.argv, config_files=config_files)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 1048, in main\n2017-09-28 11:13:04.509 26966 ERROR keystone     CONF.command.cmd_class.main()\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 403, in main\n2017-09-28 11:13:04.509 26966 ERROR keystone     migration_helpers.sync_database_to_version(extension, version)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 210, in sync_database_to_version\n2017-09-28 11:13:04.509 26966 ERROR keystone     _sync_common_repo(version)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 136, in _sync_common_repo\n2017-09-28 11:13:04.509 26966 ERROR keystone     init_version=init_version, sanity_check=False)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/migration.py", line 79, in db_sync\n2017-09-28 11:13:04.509 26966 ERROR keystone     migration = versioning_api.upgrade(engine, repository, version)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 186, in upgrade\n2017-09-28 11:13:04.509 26966 ERROR keystone     return _migrate(url, repository, version, upgrade=True, err=err, **opts)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "<decorator-gen-15>", line 2, in _migrate\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py", line 160, in with_engine\n2017-09-28 11:13:04.509 26966 ERROR keystone     return f(*a, **kw)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 345, in _migrate\n2017-09-28 11:13:04.509 26966 ERROR keystone     changeset = schema.changeset(version)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/schema.py", line 82, in changeset\n2017-09-28 11:13:04.509 26966 ERROR keystone     changeset = self.repository.changeset(database, start_ver, version)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 225, in changeset\n2017-09-28 11:13:04.509 26966 ERROR keystone     changes = [self.version(v).script(database, op) for v in versions]\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 189, in version\n2017-09-28 11:13:04.509 26966 ERROR keystone     return self.versions.version(*p, **k)\n2017-09-28 11:13:04.509 26966 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/version.py", line 163, in version\n2017-09-28 11:13:04.509 26966 ERROR keystone     return self.versions[VerNum(vernum)]\n2017-09-28 11:13:04.509 26966 ERROR keystone KeyError: <VerNum(109)>\n2017-09-28 11:13:04.509 26966 ERROR keystone', 'stdout': ''}
2017-09-28 11:13:04,580 [salt.state       ][INFO    ][22433] Completed state [keystone-manage db_sync && sleep 1] at time 11:13:04.580292 duration_in_ms=578.648
2017-09-28 11:13:04,581 [salt.state       ][INFO    ][22433] Running state [/var/lib/keystone/fernet-keys] at time 11:13:04.580906
2017-09-28 11:13:04,581 [salt.state       ][INFO    ][22433] Executing state file.directory for /var/lib/keystone/fernet-keys
2017-09-28 11:13:04,583 [salt.state       ][INFO    ][22433] {'/var/lib/keystone/fernet-keys': 'New Dir'}
2017-09-28 11:13:04,583 [salt.state       ][INFO    ][22433] Completed state [/var/lib/keystone/fernet-keys] at time 11:13:04.582768 duration_in_ms=1.862
2017-09-28 11:13:04,584 [salt.state       ][INFO    ][22433] Running state [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone] at time 11:13:04.583486
2017-09-28 11:13:04,584 [salt.state       ][INFO    ][22433] Executing state cmd.run for keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2017-09-28 11:13:04,584 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone' in directory '/root'
2017-09-28 11:13:04,603 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928111304603684
2017-09-28 11:13:04,618 [salt.minion      ][INFO    ][26982] Starting a new job with PID 26982
2017-09-28 11:13:04,630 [salt.minion      ][INFO    ][26982] Returning information for job: 20170928111304603684
2017-09-28 11:13:05,202 [salt.state       ][INFO    ][22433] {'pid': 26976, 'retcode': 0, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 11:13:05.146 26977 INFO keystone.token.providers.fernet.utils [-] Created a new key: /var/lib/keystone/fernet-keys/0\n2017-09-28 11:13:05.147 26977 INFO keystone.token.providers.fernet.utils [-] Starting key rotation with 1 key files: [\'/var/lib/keystone/fernet-keys/0\']\n2017-09-28 11:13:05.147 26977 INFO keystone.token.providers.fernet.utils [-] Current primary key is: 0\n2017-09-28 11:13:05.147 26977 INFO keystone.token.providers.fernet.utils [-] Next primary key will be: 1\n2017-09-28 11:13:05.148 26977 INFO keystone.token.providers.fernet.utils [-] Promoted key 0 to be the primary: 1\n2017-09-28 11:13:05.148 26977 INFO keystone.token.providers.fernet.utils [-] Created a new key: /var/lib/keystone/fernet-keys/0', 'stdout': ''}
2017-09-28 11:13:05,203 [salt.state       ][INFO    ][22433] Completed state [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone] at time 11:13:05.202507 duration_in_ms=619.018
2017-09-28 11:13:05,203 [salt.state       ][INFO    ][22433] Running state [/var/lib/keystone/credential-keys] at time 11:13:05.203071
2017-09-28 11:13:05,203 [salt.state       ][INFO    ][22433] Executing state file.directory for /var/lib/keystone/credential-keys
2017-09-28 11:13:05,205 [salt.state       ][INFO    ][22433] {'/var/lib/keystone/credential-keys': 'New Dir'}
2017-09-28 11:13:05,205 [salt.state       ][INFO    ][22433] Completed state [/var/lib/keystone/credential-keys] at time 11:13:05.204670 duration_in_ms=1.599
2017-09-28 11:13:05,205 [salt.state       ][INFO    ][22433] Running state [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone] at time 11:13:05.205347
2017-09-28 11:13:05,206 [salt.state       ][INFO    ][22433] Executing state cmd.run for keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2017-09-28 11:13:05,206 [salt.loaded.int.module.cmdmod][INFO    ][22433] Executing command 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' in directory '/root'
2017-09-28 11:13:05,729 [salt.loaded.int.module.cmdmod][ERROR   ][22433] Command 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' failed with return code: 2
2017-09-28 11:13:05,729 [salt.loaded.int.module.cmdmod][ERROR   ][22433] stderr: Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
usage: keystone-manage [bootstrap|db_sync|db_version|domain_config_upload|fernet_rotate|fernet_setup|mapping_purge|mapping_engine|pki_setup|saml_idp_metadata|ssl_setup|token_flush]
keystone-manage: error: argument command: invalid choice: 'credential_setup' (choose from 'bootstrap', 'db_sync', 'db_version', 'domain_config_upload', 'fernet_rotate', 'fernet_setup', 'mapping_purge', 'mapping_engine', 'pki_setup', 'saml_idp_metadata', 'ssl_setup', 'token_flush')
2017-09-28 11:13:05,729 [salt.loaded.int.module.cmdmod][ERROR   ][22433] retcode: 2
2017-09-28 11:13:05,729 [salt.state       ][ERROR   ][22433] {'pid': 27071, 'retcode': 2, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\nusage: keystone-manage [bootstrap|db_sync|db_version|domain_config_upload|fernet_rotate|fernet_setup|mapping_purge|mapping_engine|pki_setup|saml_idp_metadata|ssl_setup|token_flush]\nkeystone-manage: error: argument command: invalid choice: \'credential_setup\' (choose from \'bootstrap\', \'db_sync\', \'db_version\', \'domain_config_upload\', \'fernet_rotate\', \'fernet_setup\', \'mapping_purge\', \'mapping_engine\', \'pki_setup\', \'saml_idp_metadata\', \'ssl_setup\', \'token_flush\')', 'stdout': ''}
2017-09-28 11:13:05,730 [salt.state       ][INFO    ][22433] Completed state [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone] at time 11:13:05.729603 duration_in_ms=524.255
2017-09-28 11:13:05,732 [salt.minion      ][INFO    ][22433] Returning information for job: 20170928110951991402
2017-09-28 11:13:06,693 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command service.restart with jid 20170928111306694883
2017-09-28 11:13:06,711 [salt.minion      ][INFO    ][27117] Starting a new job with PID 27117
2017-09-28 11:13:07,027 [salt.loaded.int.module.cmdmod][INFO    ][27117] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2017-09-28 11:13:07,037 [salt.loaded.int.module.cmdmod][INFO    ][27117] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 11:13:07,052 [salt.loaded.int.module.cmdmod][INFO    ][27117] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service'] in directory '/root'
2017-09-28 11:13:08,266 [salt.minion      ][INFO    ][27117] Returning information for job: 20170928111306694883
2017-09-28 11:13:20,705 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command cmd.run with jid 20170928111320704981
2017-09-28 11:13:20,726 [salt.minion      ][INFO    ][27483] Starting a new job with PID 27483
2017-09-28 11:13:20,731 [salt.loaded.int.module.cmdmod][INFO    ][27483] Executing command '. /root/keystonercv3; openstack service list' in directory '/root'
2017-09-28 11:13:22,030 [salt.minion      ][INFO    ][27483] Returning information for job: 20170928111320704981
2017-09-28 11:13:23,213 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928111323215169
2017-09-28 11:13:23,232 [salt.minion      ][INFO    ][27496] Starting a new job with PID 27496
2017-09-28 11:13:23,266 [salt.minion      ][INFO    ][27496] Returning information for job: 20170928111323215169
2017-09-28 11:19:43,091 [salt.utils.schedule][INFO    ][14972] Running scheduled job: __mine_interval
2017-09-28 11:20:59,078 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928112059075591
2017-09-28 11:20:59,096 [salt.minion      ][INFO    ][27825] Starting a new job with PID 27825
2017-09-28 11:21:00,859 [salt.state       ][INFO    ][27825] Loading fresh modules for state activity
2017-09-28 11:21:00,886 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/init.sls'
2017-09-28 11:21:00,907 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/server.sls'
2017-09-28 11:21:00,950 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:01,627 [salt.state       ][INFO    ][27825] Running state [glance] at time 11:21:01.626584
2017-09-28 11:21:01,627 [salt.state       ][INFO    ][27825] Executing state group.present for glance
2017-09-28 11:21:01,628 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command 'groupadd -g 302 -r glance' in directory '/root'
2017-09-28 11:21:01,748 [salt.state       ][INFO    ][27825] {'passwd': 'x', 'gid': 302, 'name': 'glance', 'members': []}
2017-09-28 11:21:01,748 [salt.state       ][INFO    ][27825] Completed state [glance] at time 11:21:01.748392 duration_in_ms=121.807
2017-09-28 11:21:01,749 [salt.state       ][INFO    ][27825] Running state [glance] at time 11:21:01.748779
2017-09-28 11:21:01,749 [salt.state       ][INFO    ][27825] Executing state user.present for glance
2017-09-28 11:21:01,750 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['useradd', '-s', '/bin/false', '-u', '302', '-g', '302', '-m', '-d', '/var/lib/glance', '-r', 'glance'] in directory '/root'
2017-09-28 11:21:01,860 [salt.state       ][INFO    ][27825] {'shell': '/bin/false', 'workphone': '', 'uid': 302, 'passwd': 'x', 'roomnumber': '', 'groups': ['glance'], 'home': '/var/lib/glance', 'name': 'glance', 'gid': 302, 'fullname': '', 'homephone': ''}
2017-09-28 11:21:01,860 [salt.state       ][INFO    ][27825] Completed state [glance] at time 11:21:01.860329 duration_in_ms=111.547
2017-09-28 11:21:01,861 [salt.state       ][INFO    ][27825] Running state [glance-api] at time 11:21:01.860817
2017-09-28 11:21:01,861 [salt.state       ][INFO    ][27825] Executing state pkg.installed for glance-api
2017-09-28 11:21:01,862 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:21:02,321 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 11:21:04,806 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'glance-api'] in directory '/root'
2017-09-28 11:21:09,118 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928112109114757
2017-09-28 11:21:09,136 [salt.minion      ][INFO    ][28336] Starting a new job with PID 28336
2017-09-28 11:21:09,148 [salt.minion      ][INFO    ][28336] Returning information for job: 20170928112109114757
2017-09-28 11:21:19,270 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928112119267086
2017-09-28 11:21:19,287 [salt.minion      ][INFO    ][28549] Starting a new job with PID 28549
2017-09-28 11:21:19,303 [salt.minion      ][INFO    ][28549] Returning information for job: 20170928112119267086
2017-09-28 11:21:24,353 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:21:24,379 [salt.state       ][INFO    ][27825] Made the following changes:
'python-numpy-dev' changed from 'absent' to '1'
'python-taskflow' changed from 'absent' to '1.30.0-1ubuntu1'
'libblas.so.3' changed from 'absent' to '1'
'python-numpy-api10' changed from 'absent' to '1'
'liblapack.so.3' changed from 'absent' to '1'
'python-automaton' changed from 'absent' to '1.2.0-1'
'python-numpy' changed from 'absent' to '1:1.11.0-1ubuntu1'
'libblas3' changed from 'absent' to '3.6.0-2ubuntu2'
'python-ipaddr' changed from 'absent' to '2.1.11-2'
'python-simplegeneric' changed from 'absent' to '0.8.1-1'
'python-glance' changed from 'absent' to '2:12.0.0-0ubuntu2'
'python-wsme' changed from 'absent' to '0.8.0-2ubuntu2'
'python2.7-numpy' changed from 'absent' to '1'
'glance-store-common' changed from 'absent' to '0.13.0-3ubuntu0.16.04.1'
'python-castellan' changed from 'absent' to '0.4.0-1'
'liblapack3' changed from 'absent' to '3.6.0-2ubuntu2'
'python-f2py' changed from 'absent' to '1'
'python2.7-glance' changed from 'absent' to '1'
'python-numpy-abi9' changed from 'absent' to '1'
'python-httplib2' changed from 'absent' to '0.9.1+dfsg-1'
'python-kazoo' changed from 'absent' to '2.2.1-1ubuntu1'
'python-osprofiler' changed from 'absent' to '1.2.0-1ubuntu1'
'python-networkx' changed from 'absent' to '1.11-1ubuntu1'
'python-semantic-version' changed from 'absent' to '2.3.1-1'
'libblas-common' changed from 'absent' to '3.6.0-2ubuntu2'
'libquadmath0' changed from 'absent' to '5.4.0-6ubuntu1~16.04.4'
'glance-common' changed from 'absent' to '2:12.0.0-0ubuntu2'
'python-glance-store' changed from 'absent' to '0.13.0-3ubuntu0.16.04.1'
'libgfortran3' changed from 'absent' to '5.4.0-6ubuntu1~16.04.4'
'glance-api' changed from 'absent' to '2:12.0.0-0ubuntu2'

2017-09-28 11:21:24,392 [salt.state       ][INFO    ][27825] Loading fresh modules for state activity
2017-09-28 11:21:24,406 [salt.state       ][INFO    ][27825] Completed state [glance-api] at time 11:21:24.406239 duration_in_ms=22545.42
2017-09-28 11:21:24,412 [salt.state       ][INFO    ][27825] Running state [python-memcache] at time 11:21:24.411883
2017-09-28 11:21:24,412 [salt.state       ][INFO    ][27825] Executing state pkg.installed for python-memcache
2017-09-28 11:21:24,645 [salt.state       ][INFO    ][27825] Package python-memcache is already installed
2017-09-28 11:21:24,645 [salt.state       ][INFO    ][27825] Completed state [python-memcache] at time 11:21:24.645023 duration_in_ms=233.139
2017-09-28 11:21:24,645 [salt.state       ][INFO    ][27825] Running state [python-pycadf] at time 11:21:24.645374
2017-09-28 11:21:24,646 [salt.state       ][INFO    ][27825] Executing state pkg.installed for python-pycadf
2017-09-28 11:21:24,648 [salt.state       ][INFO    ][27825] Package python-pycadf is already installed
2017-09-28 11:21:24,649 [salt.state       ][INFO    ][27825] Completed state [python-pycadf] at time 11:21:24.648500 duration_in_ms=3.125
2017-09-28 11:21:24,649 [salt.state       ][INFO    ][27825] Running state [glance-common] at time 11:21:24.648818
2017-09-28 11:21:24,649 [salt.state       ][INFO    ][27825] Executing state pkg.installed for glance-common
2017-09-28 11:21:24,652 [salt.state       ][INFO    ][27825] Package glance-common is already installed
2017-09-28 11:21:24,652 [salt.state       ][INFO    ][27825] Completed state [glance-common] at time 11:21:24.651771 duration_in_ms=2.952
2017-09-28 11:21:24,652 [salt.state       ][INFO    ][27825] Running state [python-glance-store] at time 11:21:24.652088
2017-09-28 11:21:24,652 [salt.state       ][INFO    ][27825] Executing state pkg.installed for python-glance-store
2017-09-28 11:21:24,655 [salt.state       ][INFO    ][27825] Package python-glance-store is already installed
2017-09-28 11:21:24,655 [salt.state       ][INFO    ][27825] Completed state [python-glance-store] at time 11:21:24.655129 duration_in_ms=3.041
2017-09-28 11:21:24,655 [salt.state       ][INFO    ][27825] Running state [python-glance] at time 11:21:24.655445
2017-09-28 11:21:24,656 [salt.state       ][INFO    ][27825] Executing state pkg.installed for python-glance
2017-09-28 11:21:24,658 [salt.state       ][INFO    ][27825] Package python-glance is already installed
2017-09-28 11:21:24,658 [salt.state       ][INFO    ][27825] Completed state [python-glance] at time 11:21:24.658382 duration_in_ms=2.937
2017-09-28 11:21:24,659 [salt.state       ][INFO    ][27825] Running state [gettext-base] at time 11:21:24.658670
2017-09-28 11:21:24,659 [salt.state       ][INFO    ][27825] Executing state pkg.installed for gettext-base
2017-09-28 11:21:24,661 [salt.state       ][INFO    ][27825] Package gettext-base is already installed
2017-09-28 11:21:24,662 [salt.state       ][INFO    ][27825] Completed state [gettext-base] at time 11:21:24.661557 duration_in_ms=2.887
2017-09-28 11:21:24,662 [salt.state       ][INFO    ][27825] Running state [glance] at time 11:21:24.661831
2017-09-28 11:21:24,662 [salt.state       ][INFO    ][27825] Executing state pkg.installed for glance
2017-09-28 11:21:24,670 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'glance'] in directory '/root'
2017-09-28 11:21:28,263 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:21:28,288 [salt.state       ][INFO    ][27825] Made the following changes:
'glance' changed from 'absent' to '2:12.0.0-0ubuntu2'
'glance-registry' changed from 'absent' to '2:12.0.0-0ubuntu2'

2017-09-28 11:21:28,298 [salt.state       ][INFO    ][27825] Loading fresh modules for state activity
2017-09-28 11:21:28,311 [salt.state       ][INFO    ][27825] Completed state [glance] at time 11:21:28.310580 duration_in_ms=3648.748
2017-09-28 11:21:28,317 [salt.state       ][INFO    ][27825] Running state [glance-registry] at time 11:21:28.317265
2017-09-28 11:21:28,317 [salt.state       ][INFO    ][27825] Executing state pkg.installed for glance-registry
2017-09-28 11:21:28,515 [salt.state       ][INFO    ][27825] Package glance-registry is already installed
2017-09-28 11:21:28,516 [salt.state       ][INFO    ][27825] Completed state [glance-registry] at time 11:21:28.515505 duration_in_ms=198.239
2017-09-28 11:21:28,516 [salt.state       ][INFO    ][27825] Running state [python-glanceclient] at time 11:21:28.515843
2017-09-28 11:21:28,516 [salt.state       ][INFO    ][27825] Executing state pkg.installed for python-glanceclient
2017-09-28 11:21:28,519 [salt.state       ][INFO    ][27825] Package python-glanceclient is already installed
2017-09-28 11:21:28,519 [salt.state       ][INFO    ][27825] Completed state [python-glanceclient] at time 11:21:28.518753 duration_in_ms=2.91
2017-09-28 11:21:28,520 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-cache.conf] at time 11:21:28.519999
2017-09-28 11:21:28,520 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-cache.conf
2017-09-28 11:21:28,550 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-cache.conf.Debian'
2017-09-28 11:21:28,583 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:28,598 [salt.state       ][INFO    ][27825] File changed:
--- 
+++ 
@@ -1,304 +1,2288 @@
+
 [DEFAULT]
 
 #
 # From glance.cache
 #
 
-# Whether to allow users to specify image properties beyond what the
-# image schema provides (boolean value)
+#
+# Allow users to add additional/custom properties to images.
+#
+# Glance defines a standard set of properties (in its schema) that
+# appear on every image. These properties are also known as
+# ``base properties``. In addition to these properties, Glance
+# allows users to add custom properties to images. These are known
+# as ``additional properties``.
+#
+# By default, this configuration option is set to ``True`` and users
+# are allowed to add additional properties. The number of additional
+# properties that can be added to an image can be controlled via
+# ``image_property_quota`` configuration option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * image_property_quota
+#
+#  (boolean value)
 #allow_additional_image_properties = true
 
-# Maximum number of image members per image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of image members per image.
+#
+# This limits the maximum of users an image can be shared with. Any negative
+# value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_member_quota = 128
 
-# Maximum number of properties allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of properties allowed on an image.
+#
+# This enforces an upper limit on the number of additional properties an image
+# can have. Any negative value is interpreted as unlimited.
+#
+# NOTE: This won't have any impact if additional properties are disabled. Please
+# refer to ``allow_additional_image_properties``.
+#
+# Related options:
+#     * ``allow_additional_image_properties``
+#
+#  (integer value)
 #image_property_quota = 128
 
-# Maximum number of tags allowed on an image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of tags allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_tag_quota = 128
 
-# Maximum number of locations allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of locations allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_location_quota = 10
 
-# Python module path of data access API (string value)
+#
+# Python module path of data access API.
+#
+# Specifies the path to the API to use for accessing the data model.
+# This option determines how the image catalog data will be accessed.
+#
+# Possible values:
+#     * glance.db.sqlalchemy.api
+#     * glance.db.registry.api
+#     * glance.db.simple.api
+#
+# If this option is set to ``glance.db.sqlalchemy.api`` then the image
+# catalog data is stored in and read from the database via the
+# SQLAlchemy Core and ORM APIs.
+#
+# Setting this option to ``glance.db.registry.api`` will force all
+# database access requests to be routed through the Registry service.
+# This avoids data access from the Glance API nodes for an added layer
+# of security, scalability and manageability.
+#
+# NOTE: In v2 OpenStack Images API, the registry service is optional.
+# In order to use the Registry API in v2, the option
+# ``enable_v2_registry`` must be set to ``True``.
+#
+# Finally, when this configuration option is set to
+# ``glance.db.simple.api``, image catalog data is stored in and read
+# from an in-memory data structure. This is primarily used for testing.
+#
+# Related options:
+#     * enable_v2_api
+#     * enable_v2_registry
+#
+#  (string value)
 #data_api = glance.db.sqlalchemy.api
 
-# Default value for the number of items returned by a request if not
-# specified explicitly in the request (integer value)
+#
+# The default number of results to return for a request.
+#
+# Responses to certain API requests, like list images, may return
+# multiple items. The number of results returned can be explicitly
+# controlled by specifying the ``limit`` parameter in the API request.
+# However, if a ``limit`` parameter is not specified, this
+# configuration value will be used as the default number of results to
+# be returned for any API request.
+#
+# NOTES:
+#     * The value of this configuration option may not be greater than
+#       the value specified by ``api_limit_max``.
+#     * Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * api_limit_max
+#
+#  (integer value)
+# Minimum value: 1
 #limit_param_default = 25
 
-# Maximum permissible number of items that could be returned by a
-# request (integer value)
+#
+# Maximum number of results that could be returned by a request.
+#
+# As described in the help text of ``limit_param_default``, some
+# requests may return multiple results. The number of results to be
+# returned are governed either by the ``limit`` parameter in the
+# request or the ``limit_param_default`` configuration option.
+# The value in either case, can't be greater than the absolute maximum
+# defined by this configuration option. Anything greater than this
+# value is trimmed down to the maximum value defined here.
+#
+# NOTE: Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * limit_param_default
+#
+#  (integer value)
+# Minimum value: 1
 #api_limit_max = 1000
 
-# Whether to include the backend image storage location in image
-# properties. Revealing storage location can be a security risk, so
-# use this setting with caution! (boolean value)
+#
+# Show direct image location when returning an image.
+#
+# This configuration option indicates whether to show the direct image
+# location when returning image details to the user. The direct image
+# location is where the image data is stored in backend storage. This
+# image location is shown under the image property ``direct_url``.
+#
+# When multiple image locations exist for an image, the best location
+# is displayed based on the location strategy indicated by the
+# configuration option ``location_strategy``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_multiple_locations`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_multiple_locations
+#     * location_strategy
+#
+#  (boolean value)
 #show_image_direct_url = false
 
-# Whether to include the backend image locations in image properties.
-# For example, if using the file system store a URL of
-# "file:///path/to/image" will be returned to the user in the
-# 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution! Setting this to
-# true overrides the show_image_direct_url option. (boolean value)
+# DEPRECATED:
+# Show all image locations when returning an image.
+#
+# This configuration option indicates whether to show all the image
+# locations when returning image details to the user. When multiple
+# image locations exist for an image, the locations are ordered based
+# on the location strategy indicated by the configuration opt
+# ``location_strategy``. The image locations are shown under the
+# image property ``locations``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_image_direct_url`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_image_direct_url
+#     * location_strategy
+#
+#  (boolean value)
+# This option is deprecated for removal since Newton.
+# Its value may be silently ignored in the future.
+# Reason: This option will be removed in the Ocata release because the same
+# functionality can be achieved with greater granularity by using policies.
+# Please see the Newton release notes for more information.
 #show_multiple_locations = false
 
-# Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
-# increased after careful consideration and must be set to a value
-# under 8 EB (9223372036854775808). (integer value)
+#
+# Maximum size of image a user can upload in bytes.
+#
+# An image upload greater than the size mentioned here would result
+# in an image creation failure. This configuration option defaults to
+# 1099511627776 bytes (1 TiB).
+#
+# NOTES:
+#     * This value should only be increased after careful
+#       consideration and must be set less than or equal to
+#       8 EiB (9223372036854775808).
+#     * This value must be set with careful consideration of the
+#       backend storage capacity. Setting this to a very low value
+#       may result in a large number of image failures. And, setting
+#       this to a very large value may result in faster consumption
+#       of storage. Hence, this must be set according to the nature of
+#       images created and storage capacity available.
+#
+# Possible values:
+#     * Any positive number less than or equal to 9223372036854775808
+#
+#  (integer value)
+# Minimum value: 1
 # Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
-# Set a system wide quota for every user. This value is the total
-# capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
-# Accepted units are B, KB, MB, GB and TB representing Bytes,
-# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
-# unit is specified then Bytes is assumed. Note that there should not
-# be any space between value and unit and units are case sensitive.
-# (string value)
+#
+# Maximum amount of image storage per tenant.
+#
+# This enforces an upper limit on the cumulative storage consumed by all images
+# of a tenant across all stores. This is a per-tenant limit.
+#
+# The default unit for this configuration option is Bytes. However, storage
+# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
+# TeraBytes respectively. Note that there should not be any space between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# are invalid and result in errors.
+#
+# Possible values:
+#     * A string that is a valid concatenation of a non-negative integer
+#       representing the storage value and an optional string literal
+#       representing storage units as mentioned above.
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #user_storage_quota = 0
 
-# Deploy the v1 OpenStack Images API. (boolean value)
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
 #enable_v1_api = true
 
-# Deploy the v2 OpenStack Images API. (boolean value)
+#
+# Deploy the v2 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond
+# to requests on registered endpoints conforming to the v2 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is disabled, then the ``enable_v2_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_registry
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v2_api = true
 
-# Deploy the v1 OpenStack Registry API. (boolean value)
+#
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v1_registry = true
 
-# Deploy the v2 OpenStack Registry API. (boolean value)
+#
+# Deploy the v2 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v2 API requests.
+#
+# NOTES:
+#     * Use of Registry is optional in v2 API, so this option
+#       must only be enabled if both ``enable_v2_api`` is set to
+#       ``True`` and the ``data_api`` option is set to
+#       ``glance.db.registry.api``.
+#
+#     * If deploying only the v1 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_api
+#     * data_api
+#
+#  (boolean value)
 #enable_v2_registry = true
 
-# The hostname/IP of the pydev process listening for debug connections
-# (string value)
-#pydev_worker_debug_host = <None>
-
-# The port on which a pydev process is listening for connections.
-# (port value)
+#
+# Host address of the pydev server.
+#
+# Provide a string value representing the hostname or IP of the
+# pydev server to use for debugging. The pydev server listens for
+# debug connections on this address, facilitating remote debugging
+# in Glance.
+#
+# Possible values:
+#     * Valid hostname
+#     * Valid IP address
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#pydev_worker_debug_host = localhost
+
+#
+# Port number that the pydev server will listen on.
+#
+# Provide a port number to bind the pydev server to. The pydev
+# process accepts debug connections on this port and facilitates
+# remote debugging in Glance.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
-# AES key for encrypting store 'location' metadata. This includes, if
-# used, Swift or S3 credentials. Should be set to a random string of
-# length 16, 24 or 32 bytes (string value)
+#
+# AES key for encrypting store location metadata.
+#
+# Provide a string value representing the AES cipher to use for
+# encrypting Glance store metadata.
+#
+# NOTE: The AES key to use must be set to a random string of length
+# 16, 24 or 32 bytes.
+#
+# Possible values:
+#     * String value representing a valid AES key
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature. Use the
-# command "openssl list-message-digest-algorithms" to get the
-# available algorithms supported by the version of OpenSSL on the
-# platform. Examples are "sha1", "sha256", "sha512", etc. (string
-# value)
+#
+# Digest algorithm to use for digital signature.
+#
+# Provide a string value representing the digest algorithm to
+# use for generating digital signatures. By default, ``sha256``
+# is used.
+#
+# To get a list of the available algorithms supported by the version
+# of OpenSSL on your platform, run the command:
+# ``openssl list-message-digest-algorithms``.
+# Examples are 'sha1', 'sha256', and 'sha512'.
+#
+# NOTE: ``digest_algorithm`` is not related to Glance's image signing
+# and verification. It is only used to sign the universally unique
+# identifier (UUID) as a part of the certificate file and key file
+# validation.
+#
+# Possible values:
+#     * An OpenSSL message digest algorithm identifier
+#
+# Relation options:
+#     * None
+#
+#  (string value)
 #digest_algorithm = sha256
 
-# The path to the sqlite file database that will be used for image
-# cache management. (string value)
+#
+# The relative path to sqlite file database that will be used for image cache
+# management.
+#
+# This is a relative path to the sqlite file database that tracks the age and
+# usage statistics of image cache. The path is relative to image cache base
+# directory, specified by the configuration option ``image_cache_dir``.
+#
+# This is a lightweight database with just one table.
+#
+# Possible values:
+#     * A valid relative path to sqlite file database
+#
+# Related options:
+#     * ``image_cache_dir``
+#
+#  (string value)
 #image_cache_sqlite_db = cache.db
 
-# The driver to use for image cache management. (string value)
+#
+# The driver to use for image cache management.
+#
+# This configuration option provides the flexibility to choose between the
+# different image-cache drivers available. An image-cache driver is responsible
+# for providing the essential functions of image-cache like write images to/read
+# images from cache, track age and usage of cached images, provide a list of
+# cached images, fetch size of the cache, queue images for caching and clean up
+# the cache, etc.
+#
+# The essential functions of a driver are defined in the base class
+# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers (existing
+# and prospective) must implement this interface. Currently available drivers
+# are ``sqlite`` and ``xattr``. These drivers primarily differ in the way they
+# store the information about cached images:
+#     * The ``sqlite`` driver uses a sqlite database (which sits on every glance
+#     node locally) to track the usage of cached images.
+#     * The ``xattr`` driver uses the extended attributes of files to store this
+#     information. It also requires a filesystem that sets ``atime`` on the
+# files
+#     when accessed.
+#
+# Possible values:
+#     * sqlite
+#     * xattr
+#
+# Related options:
+#     * None
+#
+#  (string value)
+# Allowed values: sqlite, xattr
 #image_cache_driver = sqlite
 
-# The upper limit (the maximum size of accumulated cache in bytes)
-# beyond which the cache pruner, if running, starts cleaning the image
-# cache. (integer value)
+#
+# The upper limit on cache size, in bytes, after which the cache-pruner cleans
+# up the image cache.
+#
+# NOTE: This is just a threshold for cache-pruner to act upon. It is NOT a
+# hard limit beyond which the image cache would never grow. In fact, depending
+# on how often the cache-pruner runs and how quickly the cache fills, the image
+# cache can far exceed the size specified here very easily. Hence, care must be
+# taken to appropriately schedule the cache-pruner and in setting this limit.
+#
+# Glance caches an image when it is downloaded. Consequently, the size of the
+# image cache grows over time as the number of downloads increases. To keep the
+# cache size from becoming unmanageable, it is recommended to run the
+# cache-pruner as a periodic task. When the cache pruner is kicked off, it
+# compares the current size of image cache and triggers a cleanup if the image
+# cache grew beyond the size specified here. After the cleanup, the size of
+# cache is less than or equal to size specified here.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #image_cache_max_size = 10737418240
-
-# The amount of time to let an incomplete image remain in the cache,
-# before the cache cleaner, if running, will remove the incomplete
-# image. (integer value)
+image_cache_max_size = 189668314316
+
+
+os_region_name = RegionOne
+
+#
+# The amount of time, in seconds, an incomplete image remains in the cache.
+#
+# Incomplete images are images for which download is in progress. Please see the
+# description of configuration option ``image_cache_dir`` for more detail.
+# Sometimes, due to various reasons, it is possible the download may hang and
+# the incompletely downloaded image remains in the ``incomplete`` directory.
+# This configuration option sets a time limit on how long the incomplete images
+# should remain in the ``incomplete`` directory before they are cleaned up.
+# Once an incomplete image spends more time than is specified here, it'll be
+# removed by cache-cleaner on its next run.
+#
+# It is recommended to run cache-cleaner as a periodic task on the Glance API
+# nodes to keep the incomplete images from occupying disk space.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #image_cache_stall_time = 86400
-
-# Base directory that the image cache uses. (string value)
+image_cache_stall_time = 86400
+
+#
+# Base directory for image cache.
+#
+# This is the location where image data is cached and served out of. All cached
+# images are stored directly under this directory. This directory also contains
+# three subdirectories, namely, ``incomplete``, ``invalid`` and ``queue``.
+#
+# The ``incomplete`` subdirectory is the staging area for downloading images. An
+# image is first downloaded to this directory. When the image download is
+# successful it is moved to the base directory. However, if the download fails,
+# the partially downloaded image file is moved to the ``invalid`` subdirectory.
+#
+# The ``queue``subdirectory is used for queuing images for download. This is
+# used primarily by the cache-prefetcher, which can be scheduled as a periodic
+# task like cache-pruner and cache-cleaner, to cache images ahead of their
+# usage.
+# Upon receiving the request to cache an image, Glance touches a file in the
+# ``queue`` directory with the image id as the file name. The cache-prefetcher,
+# when running, polls for the files in ``queue`` directory and starts
+# downloading them in the order they were created. When the download is
+# successful, the zero-sized file is deleted from the ``queue`` directory.
+# If the download fails, the zero-sized file remains and it'll be retried the
+# next time cache-prefetcher runs.
+#
+# Possible values:
+#     * A valid path
+#
+# Related options:
+#     * ``image_cache_sqlite_db``
+#
+#  (string value)
 #image_cache_dir = <None>
-
-# Address to find the registry server. (string value)
+image_cache_dir = /var/lib/glance/image-cache/
+
+#
+# Address the registry server is hosted on.
+#
+# Possible values:
+#     * A valid IP or hostname
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #registry_host = 0.0.0.0
-
-# Port the registry server is listening on. (port value)
+registry_host = 10.167.4.10
+
+#
+# Port the registry server is listening on.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #registry_port = 9191
-
-# Whether to pass through the user token when making requests to the
-# registry. To prevent failures with token expiration during big files
-# upload, it is recommended to set this parameter to False.If
-# "use_user_token" is not in effect, then admin credentials can be
-# specified. (boolean value)
+registry_port = 9191
+
+#
+# Protocol to use for communication with the registry server.
+#
+# Provide a string value representing the protocol to use for
+# communication with the registry server. By default, this option is
+# set to ``http`` and the connection is not secure.
+#
+# This option can be set to ``https`` to establish a secure connection
+# to the registry server. In this case, provide a key to use for the
+# SSL connection using the ``registry_client_key_file`` option. Also
+# include the CA file and cert file using the options
+# ``registry_client_ca_file`` and ``registry_client_cert_file``
+# respectively.
+#
+# Possible values:
+#     * http
+#     * https
+#
+# Related options:
+#     * registry_client_key_file
+#     * registry_client_cert_file
+#     * registry_client_ca_file
+#
+#  (string value)
+# Allowed values: http, https
+#registry_client_protocol = http
+
+#
+# Absolute path to the private key file.
+#
+# Provide a string value representing a valid absolute path to the
+# private key file to use for establishing a secure connection to
+# the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE
+# environment variable may be set to a filepath of the key file.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the key
+#       file.
+#
+# Related options:
+#     * registry_client_protocol
+#
+#  (string value)
+#registry_client_key_file = /etc/ssl/key/key-file.pem
+
+#
+# Absolute path to the certificate file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate file to use for establishing a secure connection to
+# the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE
+# environment variable may be set to a filepath of the certificate
+# file.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the
+#       certificate file.
+#
+# Related options:
+#     * registry_client_protocol
+#
+#  (string value)
+#registry_client_cert_file = /etc/ssl/certs/file.crt
+
+#
+# Absolute path to the Certificate Authority file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate authority file to use for establishing a secure
+# connection to the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE
+# environment variable may be set to a filepath of the CA file.
+# This option is ignored if the ``registry_client_insecure`` option
+# is set to ``True``.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the CA
+#       file.
+#
+# Related options:
+#     * registry_client_protocol
+#     * registry_client_insecure
+#
+#  (string value)
+#registry_client_ca_file = /etc/ssl/cafile/file.ca
+
+#
+# Set verification of the registry server certificate.
+#
+# Provide a boolean value to determine whether or not to validate
+# SSL connections to the registry server. By default, this option
+# is set to ``False`` and the SSL connections are validated.
+#
+# If set to ``True``, the connection to the registry server is not
+# validated via a certifying authority and the
+# ``registry_client_ca_file`` option is ignored. This is the
+# registry's equivalent of specifying --insecure on the command line
+# using glanceclient for the API.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * registry_client_protocol
+#     * registry_client_ca_file
+#
+#  (boolean value)
+#registry_client_insecure = false
+
+#
+# Timeout value for registry requests.
+#
+# Provide an integer value representing the period of time in seconds
+# that the API server will wait for a registry request to complete.
+# The default value is 600 seconds.
+#
+# A value of 0 implies that a request will never timeout.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#registry_client_timeout = 600
+
+# DEPRECATED: Whether to pass through the user token when making requests to the
+# registry. To prevent failures with token expiration during big files upload,
+# it is recommended to set this parameter to False.If "use_user_token" is not in
+# effect, then admin credentials can be specified. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #use_user_token = true
 
-# The administrators user name. If "use_user_token" is not in effect,
+# DEPRECATED: The administrators user name. If "use_user_token" is not in
+# effect, then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_user = <None>
+
+# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_user = <None>
-
-# The administrators password. If "use_user_token" is not in effect,
-# then admin credentials can be specified. (string value)
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_password = <None>
+
+# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
+# not in effect, then admin tenant name can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_password = <None>
-
-# The tenant name of the administrative user. If "use_user_token" is
-# not in effect, then admin tenant name can be specified. (string
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_tenant_name = <None>
+
+# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
+# effect and using keystone auth, then URL of keystone can be specified. (string
 # value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_tenant_name = <None>
-
-# The URL to the keystone service. If "use_user_token" is not in
-# effect and using keystone auth, then URL of keystone can be
-# specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_url = <None>
 
-# The strategy to use for authentication. If "use_user_token" is not
+# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_strategy = noauth
 
-# The region for the authentication service. If "use_user_token" is
-# not in effect and using keystone auth, then region name can be
-# specified. (string value)
+# DEPRECATED: The region for the authentication service. If "use_user_token" is
+# not in effect and using keystone auth, then region name can be specified.
+# (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_region = <None>
 
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of
-# the default INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
 
-# If set to false, the logging level will be set to WARNING instead of
-# the default INFO level. (boolean value)
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
 
-# The name of a logging configuration file. This file is appended to
-# any existing logging configuration files. For details about logging
-# configuration files, see the Python logging module documentation.
-# Note that when logging configuration files are used then all logging
-# configuration is set in the configuration file and other logging
-# configuration options are ignored (for example,
-# logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set.
-# (string value)
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default
-# is set, logging will go to stderr as defined by use_stderr. This
-# option is ignored if log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths.
-# This option is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/image-cache.log
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is
-# moved or removed this handler will open a new log file with
-# specified path instantaneously. It makes sense only if log_file
-# option is specified and Linux platform is used. This option is
-# ignored if log_config_append is set. (boolean value)
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and
-# will be changed later to honor RFC5424. This option is ignored if
-# log_config_append is set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_syslog = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. This option is ignored if
-# log_config_append is set. (boolean value)
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined.
-# (string value)
+# Format string to use for log messages when context is undefined. (string
+# value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the
-# message is DEBUG. (string value)
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
-# Prefix each line of exception output with this format. (string
-# value)
+# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is
-# ignored if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message.
-# (string value)
+# The format for an instance that is passed with the log message. (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message.
-# (string value)
+# The format for an instance UUID that is passed with the log message. (string
+# value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
+
+
+[glance_store]
+
+#
+# From glance.store
+#
+
+#
+# List of enabled Glance stores.
+#
+# Register the storage backends to use for storing disk images
+# as a comma separated list. The default stores enabled for
+# storing disk images with Glance are ``file`` and ``http``.
+#
+# Possible values:
+#     * A comma separated list that could include:
+#         * file
+#         * http
+#         * swift
+#         * rbd
+#         * sheepdog
+#         * cinder
+#         * vmware
+#
+# Related Options:
+#     * default_store
+#
+#  (list value)
+#stores = file,http
+
+#
+# The default scheme to use for storing images.
+#
+# Provide a string value representing the default scheme to use for
+# storing images. If not set, Glance uses ``file`` as the default
+# scheme to store images with the ``file`` store.
+#
+# NOTE: The value given for this configuration option must be a valid
+# scheme for a store registered with the ``stores`` configuration
+# option.
+#
+# Possible values:
+#     * file
+#     * filesystem
+#     * http
+#     * https
+#     * swift
+#     * swift+http
+#     * swift+https
+#     * swift+config
+#     * rbd
+#     * sheepdog
+#     * cinder
+#     * vsphere
+#
+# Related Options:
+#     * stores
+#
+#  (string value)
+# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
+#default_store = file
+
+#
+# Minimum interval in seconds to execute updating dynamic storage
+# capabilities based on current backend status.
+#
+# Provide an integer value representing time in seconds to set the
+# minimum interval before an update of dynamic storage capabilities
+# for a storage backend can be attempted. Setting
+# ``store_capabilities_update_min_interval`` does not mean updates
+# occur periodically based on the set interval. Rather, the update
+# is performed at the elapse of this interval set, if an operation
+# of the store is triggered.
+#
+# By default, this option is set to zero and is disabled. Provide an
+# integer value greater than zero to enable this option.
+#
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
+# /store-capabilities.html
+#
+# For more information on setting up a particular store in your
+# deplyment and help with the usage of this feature, please contact
+# the storage driver maintainers listed here:
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#store_capabilities_update_min_interval = 0
+
+#
+# Information to match when looking for cinder in the service catalog.
+#
+# When the ``cinder_endpoint_template`` is not set and any of
+# ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, ``cinder_store_password`` is not set,
+# cinder store uses this information to lookup cinder endpoint from the service
+# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# into consideration to fetch the appropriate endpoint.
+#
+# The service catalog can be listed by the ``openstack catalog list`` command.
+#
+# Possible values:
+#     * A string of of the following form:
+#       ``<service_type>:<service_name>:<endpoint_type>``
+#       At least ``service_type`` and ``endpoint_type`` should be specified.
+#       ``service_name`` can be omitted.
+#
+# Related options:
+#     * cinder_os_region_name
+#     * cinder_endpoint_template
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#
+#  (string value)
+#cinder_catalog_info = volumev2::publicURL
+
+#
+# Override service catalog lookup with template for cinder endpoint.
+#
+# When this option is set, this value is used to generate cinder endpoint,
+# instead of looking up from the service catalog.
+# This value is ignored if ``cinder_store_auth_address``,
+# ``cinder_store_user_name``, ``cinder_store_project_name``, and
+# ``cinder_store_password`` are specified.
+#
+# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+#       replaced with the current tenant (project) name.
+#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#     * cinder_catalog_info
+#
+#  (string value)
+#cinder_endpoint_template = <None>
+
+#
+# Region name to lookup cinder service from the service catalog.
+#
+# This is used only when ``cinder_catalog_info`` is used for determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
+# the specified region. It is useful when multiple regions are listed in the
+# catalog. If this is not set, the endpoint is looked up from every region.
+#
+# Possible values:
+#     * A string that is a valid region name.
+#
+# Related options:
+#     * cinder_catalog_info
+#
+#  (string value)
+# Deprecated group/name - [glance_store]/os_region_name
+#cinder_os_region_name = <None>
+
+#
+# Location of a CA certificates file used for cinder client requests.
+#
+# The specified CA certificates file, if set, is used to verify cinder
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
+# ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+#
+# Possible values:
+#     * Path to a ca certificates file
+#
+# Related options:
+#     * cinder_api_insecure
+#
+#  (string value)
+#cinder_ca_certificates_file = <None>
+
+#
+# Number of cinderclient retries on failed http calls.
+#
+# When a call failed by any errors, cinderclient will retry the call up to the
+# specified times after sleeping a few seconds.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_http_retries = 3
+
+#
+# Time period, in seconds, to wait for a cinder volume transition to
+# complete.
+#
+# When the cinder volume is created, deleted, or attached to the glance node to
+# read/write the volume data, the volume's state is changed. For example, the
+# newly created volume status changes from ``creating`` to ``available`` after
+# the creation process is completed. This specifies the maximum time to wait for
+# the status change. If a timeout occurs while waiting, or the status is changed
+# to an unexpected value (e.g. `error``), the image creation fails.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_state_transition_timeout = 300
+
+#
+# Allow to perform insecure SSL requests to cinder.
+#
+# If this option is set to True, HTTPS endpoint connection is verified using the
+# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * cinder_ca_certificates_file
+#
+#  (boolean value)
+#cinder_api_insecure = false
+
+#
+# The address where the cinder authentication service is listening.
+#
+# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options are
+# specified, the specified values are always used for the authentication.
+# This is useful to hide the image volumes from users by storing them in a
+# project/tenant specific to the image service. It also enables users to share
+# the image volume among other projects under the control of glance's ACL.
+#
+# If either of these options are not set, the cinder endpoint is looked up
+# from the service catalog, and current context's user and project are used.
+#
+# Possible values:
+#     * A valid authentication service address, for example:
+#       ``http://openstack.example.org/identity/v2.0``
+#
+# Related options:
+#     * cinder_store_user_name
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_auth_address = <None>
+
+#
+# User name to authenticate against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid user name
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_user_name = <None>
+
+#
+# Password for the user authenticating against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid password for the user specified by ``cinder_store_user_name``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_password = <None>
+
+#
+# Project name where the image volume is stored in cinder.
+#
+# If this configuration option is not set, the project in current context is
+# used.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the project of the current context is used.
+#
+# Possible values:
+#     * A valid project name
+#
+# Related options:
+#     * ``cinder_store_auth_address``
+#     * ``cinder_store_user_name``
+#     * ``cinder_store_password``
+#
+#  (string value)
+#cinder_store_project_name = <None>
+
+#
+# Path to the rootwrap configuration file to use for running commands as root.
+#
+# The cinder store requires root privileges to operate the image volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
+# The configuration file should allow the required commands by cinder store and
+# os-brick library.
+#
+# Possible values:
+#     * Path to the rootwrap config file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
+
+#
+# Directory to which the filesystem backend store writes images.
+#
+# Upon start up, Glance creates the directory if it doesn't already
+# exist and verifies write access to the user under which
+# ``glance-api`` runs. If the write access isn't available, a
+# ``BadStoreConfiguration`` exception is raised and the filesystem
+# store may not be available for adding new images.
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * A valid path to a directory
+#
+# Related options:
+#     * ``filesystem_store_datadirs``
+#     * ``filesystem_store_file_perm``
+#
+#  (string value)
+#filesystem_store_datadir = /var/lib/glance/images
+
+#
+# List of directories and their priorities to which the filesystem
+# backend store writes images.
+#
+# The filesystem store can be configured to store images in multiple
+# directories as opposed to using a single directory specified by the
+# ``filesystem_store_datadir`` configuration option. When using
+# multiple directories, each directory can be given an optional
+# priority to specify the preference order in which they should
+# be used. Priority is an integer that is concatenated to the
+# directory path with a colon where a higher value indicates higher
+# priority. When two directories have the same priority, the directory
+# with most free space is used. When no priority is specified, it
+# defaults to zero.
+#
+# More information on configuring filesystem store with multiple store
+# directories can be found at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * List of strings of the following form:
+#         * ``<a valid directory path>:<optional integer priority>``
+#
+# Related options:
+#     * ``filesystem_store_datadir``
+#     * ``filesystem_store_file_perm``
+#
+#  (multi valued)
+#filesystem_store_datadirs =
+
+#
+# Filesystem store metadata file.
+#
+# The path to a file which contains the metadata to be returned with
+# any location associated with the filesystem store. The file must
+# contain a valid JSON object. The object should contain the keys
+# ``id`` and ``mountpoint``. The value for both keys should be a
+# string.
+#
+# Possible values:
+#     * A valid path to the store metadata file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+
+#
+# File access permissions for the image files.
+#
+# Set the intended file access permissions for image data. This provides
+# a way to enable other services, e.g. Nova, to consume images directly
+# from the filesystem store. The users running the services that are
+# intended to be given access to could be made a member of the group
+# that owns the files created. Assigning a value less then or equal to
+# zero for this configuration option signifies that no changes be made
+# to the  default permissions. This value will be decoded as an octal
+# digit.
+#
+# For more information, please refer the documentation at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# Possible values:
+#     * A valid file access permission
+#     * Zero
+#     * Any negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+#filesystem_store_file_perm = 0
+
+#
+# Path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Certificate Authority file to verify the remote server certificate. If
+# this option is set, the ``https_insecure`` option will be ignored and
+# the CA file specified will be used to authenticate the server
+# certificate and establish a secure connection to the server.
+#
+# Possible values:
+#     * A valid path to a CA file
+#
+# Related options:
+#     * https_insecure
+#
+#  (string value)
+#https_ca_certificates_file = <None>
+
+#
+# Set verification of the remote server certificate.
+#
+# This configuration option takes in a boolean value to determine
+# whether or not to verify the remote server certificate. If set to
+# True, the remote server certificate is not verified. If the option is
+# set to False, then the default CA truststore is used for verification.
+#
+# This option is ignored if ``https_ca_certificates_file`` is set.
+# The remote server certificate will then be verified using the file
+# specified using the ``https_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * https_ca_certificates_file
+#
+#  (boolean value)
+#https_insecure = true
+
+#
+# The http/https proxy information to be used to connect to the remote
+# server.
+#
+# This configuration option specifies the http/https proxy information
+# that should be used to connect to the remote server. The proxy
+# information should be a key value pair of the scheme and proxy, for
+# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# schemes by separating the key value pairs with a comma, for example,
+# http:10.0.0.1:3128, https:10.0.0.1:1080.
+#
+# Possible values:
+#     * A comma separated list of scheme:proxy pairs as described above
+#
+# Related options:
+#     * None
+#
+#  (dict value)
+#http_proxy_information =
+
+#
+# Size, in megabytes, to chunk RADOS images into.
+#
+# Provide an integer value representing the size in megabytes to chunk
+# Glance images into. The default chunk size is 8 megabytes. For optimal
+# performance, the value should be a power of two.
+#
+# When Ceph's RBD object storage system is used as the storage backend
+# for storing Glance images, the images are chunked into objects of the
+# size set using this option. These chunked objects are then stored
+# across the distributed block data store to use for Glance.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#rbd_store_chunk_size = 8
+
+#
+# RADOS pool in which images are stored.
+#
+# When RBD is used as the storage backend for storing Glance images, the
+# images are stored by means of logical grouping of the objects (chunks
+# of images) into a ``pool``. Each pool is defined with the number of
+# placement groups it can contain. The default pool that is used is
+# 'images'.
+#
+# More information on the RBD storage backend can be found here:
+# http://ceph.com/planet/how-data-is-stored-in-ceph-cluster/
+#
+# Possible Values:
+#     * A valid pool name
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#rbd_store_pool = images
+
+#
+# RADOS user to authenticate as.
+#
+# This configuration option takes in the RADOS user to authenticate as.
+# This is only needed when RADOS authentication is enabled and is
+# applicable only if the user is using Cephx authentication. If the
+# value for this option is not set by the user or is set to None, a
+# default value will be chosen, which will be based on the client.
+# section in rbd_store_ceph_conf.
+#
+# Possible Values:
+#     * A valid RADOS user
+#
+# Related options:
+#     * rbd_store_ceph_conf
+#
+#  (string value)
+#rbd_store_user = <None>
+
+#
+# Ceph configuration file path.
+#
+# This configuration option takes in the path to the Ceph configuration
+# file to be used. If the value for this option is not set by the user
+# or is set to None, librados will locate the default configuration file
+# which is located at /etc/ceph/ceph.conf. If using Cephx
+# authentication, this file should include a reference to the right
+# keyring in a client.<USER> section
+#
+# Possible Values:
+#     * A valid path to a configuration file
+#
+# Related options:
+#     * rbd_store_user
+#
+#  (string value)
+#rbd_store_ceph_conf = /etc/ceph/ceph.conf
+
+#
+# Timeout value for connecting to Ceph cluster.
+#
+# This configuration option takes in the timeout value in seconds used
+# when connecting to the Ceph cluster i.e. it sets the time to wait for
+# glance-api before closing the connection. This prevents glance-api
+# hangups during the connection to RBD. If the value for this option
+# is set to less than or equal to 0, no timeout is set and the default
+# librados value is used.
+#
+# Possible Values:
+#     * Any integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+#rados_connect_timeout = 0
+
+#
+# Chunk size for images to be stored in Sheepdog data store.
+#
+# Provide an integer value representing the size in mebibyte
+# (1048576 bytes) to chunk Glance images into. The default
+# chunk size is 64 mebibytes.
+#
+# When using Sheepdog distributed storage system, the images are
+# chunked into objects of this size and then stored across the
+# distributed data store to use for Glance.
+#
+# Chunk sizes, if a power of two, help avoid fragmentation and
+# enable improved performance.
+#
+# Possible values:
+#     * Positive integer value representing size in mebibytes.
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#sheepdog_store_chunk_size = 64
+
+#
+# Port number on which the sheep daemon will listen.
+#
+# Provide an integer value representing a valid port number on
+# which you want the Sheepdog daemon to listen on. The default
+# port is 7000.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages it receives on
+# the port number set using ``sheepdog_store_port`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related Options:
+#     * sheepdog_store_address
+#
+#  (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#sheepdog_store_port = 7000
+
+#
+# Address to bind the Sheepdog daemon to.
+#
+# Provide a string value representing the address to bind the
+# Sheepdog daemon to. The default address set for the 'sheep'
+# is 127.0.0.1.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages directed to the
+# address set using ``sheepdog_store_address`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#     * A valid hostname
+#
+# Related Options:
+#     * sheepdog_store_port
+#
+#  (string value)
+#sheepdog_store_address = 127.0.0.1
+
+#
+# Set verification of the server certificate.
+#
+# This boolean determines whether or not to verify the server
+# certificate. If this option is set to True, swiftclient won't check
+# for a valid SSL certificate when authenticating. If the option is set
+# to False, then the default CA truststore is used for verification.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_store_cacert
+#
+#  (boolean value)
+#swift_store_auth_insecure = false
+
+#
+# Path to the CA bundle file.
+#
+# This configuration option enables the operator to specify the path to
+# a custom Certificate Authority file for SSL verification when
+# connecting to Swift.
+#
+# Possible values:
+#     * A valid path to a CA file
+#
+# Related options:
+#     * swift_store_auth_insecure
+#
+#  (string value)
+#swift_store_cacert = /etc/ssl/certs/ca-certificates.crt
+
+#
+# The region of Swift endpoint to use by Glance.
+#
+# Provide a string value representing a Swift region where Glance
+# can connect to for image storage. By default, there is no region
+# set.
+#
+# When Glance uses Swift as the storage backend to store images
+# for a specific tenant that has multiple endpoints, setting of a
+# Swift region with ``swift_store_region`` allows Glance to connect
+# to Swift in the specified region as opposed to a single region
+# connectivity.
+#
+# This option can be configured for both single-tenant and
+# multi-tenant storage.
+#
+# NOTE: Setting the region with ``swift_store_region`` is
+# tenant-specific and is necessary ``only if`` the tenant has
+# multiple endpoints across different regions.
+#
+# Possible values:
+#     * A string value representing a valid Swift region.
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#swift_store_region = RegionTwo
+
+#
+# The URL endpoint to use for Swift backend storage.
+#
+# Provide a string value representing the URL endpoint to use for
+# storing Glance images in Swift store. By default, an endpoint
+# is not set and the storage URL returned by ``auth`` is used.
+# Setting an endpoint with ``swift_store_endpoint`` overrides the
+# storage URL and is used for Glance image storage.
+#
+# NOTE: The URL should include the path up to, but excluding the
+# container. The location of an object is obtained by appending
+# the container and object to the configured URL.
+#
+# Possible values:
+#     * String value representing a valid URL path up to a Swift container
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#swift_store_endpoint = https://swift.openstack.example.org/v1/path_not_including_container_name
+
+#
+# Endpoint Type of Swift service.
+#
+# This string value indicates the endpoint type to use to fetch the
+# Swift endpoint. The endpoint type determines the actions the user will
+# be allowed to perform, for instance, reading and writing to the Store.
+# This setting is only used if swift_store_auth_version is greater than
+# 1.
+#
+# Possible values:
+#     * publicURL
+#     * adminURL
+#     * internalURL
+#
+# Related options:
+#     * swift_store_endpoint
+#
+#  (string value)
+# Allowed values: publicURL, adminURL, internalURL
+#swift_store_endpoint_type = publicURL
+
+#
+# Type of Swift service to use.
+#
+# Provide a string value representing the service type to use for
+# storing images while using Swift backend storage. The default
+# service type is set to ``object-store``.
+#
+# NOTE: If ``swift_store_auth_version`` is set to 2, the value for
+# this configuration option needs to be ``object-store``. If using
+# a higher version of Keystone or a different auth scheme, this
+# option may be modified.
+#
+# Possible values:
+#     * A string representing a valid service type for Swift storage.
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#swift_store_service_type = object-store
+
+#
+# Name of single container to store images/name prefix for multiple containers
+#
+# When a single container is being used to store images, this configuration
+# option indicates the container within the Glance account to be used for
+# storing all images. When multiple containers are used to store images, this
+# will be the name prefix for all containers. Usage of single/multiple
+# containers can be controlled using the configuration option
+# ``swift_store_multiple_containers_seed``.
+#
+# When using multiple containers, the containers will be named after the value
+# set for this configuration option with the first N chars of the image UUID
+# as the suffix delimited by an underscore (where N is specified by
+# ``swift_store_multiple_containers_seed``).
+#
+# Example: if the seed is set to 3 and swift_store_container = ``glance``, then
+# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed in
+# the container ``glance_fda``. All dashes in the UUID are included when
+# creating the container name but do not count toward the character limit, so
+# when N=10 the container name would be ``glance_fdae39a1-ba.``
+#
+# Possible values:
+#     * If using single container, this configuration option can be any string
+#       that is a valid swift container name in Glance's Swift account
+#     * If using multiple containers, this configuration option can be any
+#       string as long as it satisfies the container naming rules enforced by
+#       Swift. The value of ``swift_store_multiple_containers_seed`` should be
+#       taken into account as well.
+#
+# Related options:
+#     * ``swift_store_multiple_containers_seed``
+#     * ``swift_store_multi_tenant``
+#     * ``swift_store_create_container_on_put``
+#
+#  (string value)
+#swift_store_container = glance
+
+#
+# The size threshold, in MB, after which Glance will start segmenting image
+# data.
+#
+# Swift has an upper limit on the size of a single uploaded object. By default,
+# this is 5GB. To upload objects bigger than this limit, objects are segmented
+# into multiple smaller objects that are tied together with a manifest file.
+# For more detail, refer to
+# http://docs.openstack.org/developer/swift/overview_large_objects.html
+#
+# This configuration option specifies the size threshold over which the Swift
+# driver will start segmenting image data into multiple smaller files.
+# Currently, the Swift driver only supports creating Dynamic Large Objects.
+#
+# NOTE: This should be set by taking into account the large object limit
+# enforced by the Swift cluster in consideration.
+#
+# Possible values:
+#     * A positive integer that is less than or equal to the large object limit
+#       enforced by the Swift cluster in consideration.
+#
+# Related options:
+#     * ``swift_store_large_object_chunk_size``
+#
+#  (integer value)
+# Minimum value: 1
+#swift_store_large_object_size = 5120
+
+#
+# The maximum size, in MB, of the segments when image data is segmented.
+#
+# When image data is segmented to upload images that are larger than the limit
+# enforced by the Swift cluster, image data is broken into segments that are no
+# bigger than the size specified by this configuration option.
+# Refer to ``swift_store_large_object_size`` for more detail.
+#
+# For example: if ``swift_store_large_object_size`` is 5GB and
+# ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will be
+# segmented into 7 segments where the first six segments will be 1GB in size and
+# the seventh segment will be 0.2GB.
+#
+# Possible values:
+#     * A positive integer that is less than or equal to the large object limit
+#       enforced by Swift cluster in consideration.
+#
+# Related options:
+#     * ``swift_store_large_object_size``
+#
+#  (integer value)
+# Minimum value: 1
+#swift_store_large_object_chunk_size = 200
+
+#
+# Create container, if it doesn't already exist, when uploading image.
+#
+# At the time of uploading an image, if the corresponding container doesn't
+# exist, it will be created provided this configuration option is set to True.
+# By default, it won't be created. This behavior is applicable for both single
+# and multiple containers mode.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
+#swift_store_create_container_on_put = false
+
+#
+# Store images in tenant's Swift account.
+#
+# This enables multi-tenant storage mode which causes Glance images to be stored
+# in tenant specific Swift accounts. If this is disabled, Glance stores all
+# images in its own account. More details multi-tenant store can be found at
+# https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
+#swift_store_multi_tenant = false
+
+#
+# Seed indicating the number of containers to use for storing images.
+#
+# When using a single-tenant store, images can be stored in one or more than one
+# containers. When set to 0, all images will be stored in one single container.
+# When set to an integer value between 1 and 32, multiple containers will be
+# used to store images. This configuration option will determine how many
+# containers are created. The total number of containers that will be used is
+# equal to 16^N, so if this config option is set to 2, then 16^2=256 containers
+# will be used to store images.
+#
+# Please refer to ``swift_store_container`` for more detail on the naming
+# convention. More detail about using multiple containers can be found at
+# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-
+# multiple-containers.html
+#
+# NOTE: This is used only when swift_store_multi_tenant is disabled.
+#
+# Possible values:
+#     * A non-negative integer less than or equal to 32
+#
+# Related options:
+#     * ``swift_store_container``
+#     * ``swift_store_multi_tenant``
+#     * ``swift_store_create_container_on_put``
+#
+#  (integer value)
+# Minimum value: 0
+# Maximum value: 32
+#swift_store_multiple_containers_seed = 0
+
+#
+# List of tenants that will be granted admin access.
+#
+# This is a list of tenants that will be granted read/write access on
+# all Swift containers created by Glance in multi-tenant mode. The
+# default value is an empty list.
+#
+# Possible values:
+#     * A comma separated list of strings representing UUIDs of Keystone
+#       projects/tenants
+#
+# Related options:
+#     * None
+#
+#  (list value)
+#swift_store_admin_tenants =
+
+#
+# SSL layer compression for HTTPS Swift requests.
+#
+# Provide a boolean value to determine whether or not to compress
+# HTTPS Swift requests for images at the SSL layer. By default,
+# compression is enabled.
+#
+# When using Swift as the backend store for Glance image storage,
+# SSL layer compression of HTTPS Swift requests can be set using
+# this option. If set to False, SSL layer compression of HTTPS
+# Swift requests is disabled. Disabling this option may improve
+# performance for images which are already in a compressed format,
+# for example, qcow2.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related Options:
+#     * None
+#
+#  (boolean value)
+#swift_store_ssl_compression = true
+
+#
+# The number of times a Swift download will be retried before the
+# request fails.
+#
+# Provide an integer value representing the number of times an image
+# download must be retried before erroring out. The default value is
+# zero (no retry on a failed image download). When set to a positive
+# integer value, ``swift_store_retry_get_count`` ensures that the
+# download is attempted this many more times upon a download failure
+# before sending an error message.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer value
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#swift_store_retry_get_count = 0
+
+#
+# Time in seconds defining the size of the window in which a new
+# token may be requested before the current token is due to expire.
+#
+# Typically, the Swift storage driver fetches a new token upon the
+# expiration of the current token to ensure continued access to
+# Swift. However, some Swift transactions (like uploading image
+# segments) may not recover well if the token expires on the fly.
+#
+# Hence, by fetching a new token before the current token expiration,
+# we make sure that the token does not expire or is close to expiry
+# before a transaction is attempted. By default, the Swift storage
+# driver requests for a new token 60 seconds or less before the
+# current token expiration.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer value
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#swift_store_expire_soon_interval = 60
+
+#
+# Use trusts for multi-tenant Swift store.
+#
+# This option instructs the Swift store to create a trust for each
+# add/get request when the multi-tenant store is in use. Using trusts
+# allows the Swift store to avoid problems that can be caused by an
+# authentication token expiring during the upload or download of data.
+#
+# By default, ``swift_store_use_trusts`` is set to ``True``(use of
+# trusts is enabled). If set to ``False``, a user token is used for
+# the Swift connection instead, eliminating the overhead of trust
+# creation.
+#
+# NOTE: This option is considered only when
+# ``swift_store_multi_tenant`` is set to ``True``
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_store_multi_tenant
+#
+#  (boolean value)
+#swift_store_use_trusts = true
+
+#
+# Reference to default Swift account/backing store parameters.
+#
+# Provide a string value representing a reference to the default set
+# of parameters required for using swift account/backing store for
+# image storage. The default reference value for this configuration
+# option is 'ref1'. This configuration option dereferences the
+# parameters and facilitates image storage in Swift storage backend
+# every time a new image is added.
+#
+# Possible values:
+#     * A valid string value
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#default_swift_reference = ref1
+
+# DEPRECATED: Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'auth_version' in the Swift back-end configuration file is
+# used instead.
+#swift_store_auth_version = 2
+
+# DEPRECATED: The address where the Swift authentication service is listening.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'auth_address' in the Swift back-end configuration file is
+# used instead.
+#swift_store_auth_address = <None>
+
+# DEPRECATED: The user to authenticate against the Swift authentication service.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'user' in the Swift back-end configuration file is set instead.
+#swift_store_user = <None>
+
+# DEPRECATED: Auth key for the user authenticating against the Swift
+# authentication service. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'key' in the Swift back-end configuration file is used
+# to set the authentication key instead.
+#swift_store_key = <None>
+
+#
+# Absolute path to the file containing the swift account(s)
+# configurations.
+#
+# Include a string value representing the path to a configuration
+# file that has references for each of the configured Swift
+# account(s)/backing stores. By default, no file path is specified
+# and customized Swift referencing is disabled. Configuring this
+# option is highly recommended while using Swift storage backend for
+# image storage as it avoids storage of credentials in the database.
+#
+# Possible values:
+#     * String value representing an absolute path on the glance-api
+#       node
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#swift_store_config_file = <None>
+
+#
+# Address of the ESX/ESXi or vCenter Server target system.
+#
+# This configuration option sets the address of the ESX/ESXi or vCenter
+# Server target system. This option is required when using the VMware
+# storage backend. The address can contain an IP address (127.0.0.1) or
+# a DNS name (www.my-domain.com).
+#
+# Possible Values:
+#     * A valid IPv4 or IPv6 address
+#     * A valid DNS name
+#
+# Related options:
+#     * vmware_server_username
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_host = 127.0.0.1
+
+#
+# Server username.
+#
+# This configuration option takes the username for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is the username for a user with appropriate
+#       privileges
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_username = root
+
+#
+# Server password.
+#
+# This configuration option takes the password for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is a password corresponding to the username
+#       specified using the "vmware_server_username" option
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_username
+#
+#  (string value)
+#vmware_server_password = vmware
+
+#
+# The number of VMware API retries.
+#
+# This configuration option specifies the number of times the VMware
+# ESX/VC server API must be retried upon connection related issues or
+# server API call overload. It is not possible to specify 'retry
+# forever'.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#vmware_api_retry_count = 10
+
+#
+# Interval in seconds used for polling remote tasks invoked on VMware
+# ESX/VC server.
+#
+# This configuration option takes in the sleep time in seconds for polling an
+# on-going async task as part of the VMWare ESX/VC server API call.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#vmware_task_poll_interval = 5
+
+#
+# The directory where the glance images will be stored in the datastore.
+#
+# This configuration option specifies the path to the directory where the
+# glance images will be stored in the VMware datastore. If this option
+# is not set,  the default directory where the glance images are stored
+# is openstack_glance.
+#
+# Possible Values:
+#     * Any string that is a valid path to a directory
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#vmware_store_image_dir = /openstack_glance
+
+#
+# Set verification of the ESX/vCenter server certificate.
+#
+# This configuration option takes a boolean value to determine
+# whether or not to verify the ESX/vCenter server certificate. If this
+# option is set to True, the ESX/vCenter server certificate is not
+# verified. If this option is set to False, then the default CA
+# truststore is used for verification.
+#
+# This option is ignored if the "vmware_ca_file" option is set. In that
+# case, the ESX/vCenter server certificate will then be verified using
+# the file specified using the "vmware_ca_file" option .
+#
+# Possible Values:
+#     * True
+#     * False
+#
+# Related options:
+#     * vmware_ca_file
+#
+#  (boolean value)
+# Deprecated group/name - [glance_store]/vmware_api_insecure
+#vmware_insecure = false
+
+#
+# Absolute path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Cerificate Authority File to verify the ESX/vCenter certificate.
+#
+# If this option is set, the "vmware_insecure" option will be ignored
+# and the CA file specified will be used to authenticate the ESX/vCenter
+# server certificate and establish a secure connection to the server.
+#
+# Possible Values:
+#     * Any string that is a valid absolute path to a CA file
+#
+# Related options:
+#     * vmware_insecure
+#
+#  (string value)
+#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt
+
+#
+# The datastores where the image can be stored.
+#
+# This configuration option specifies the datastores where the image can
+# be stored in the VMWare store backend. This option may be specified
+# multiple times for specifying multiple datastores. The datastore name
+# should be specified after its datacenter path, separated by ":". An
+# optional weight may be given after the datastore name, separated again
+# by ":" to specify the priority. Thus, the required format becomes
+# <datacenter_path>:<datastore_name>:<optional_weight>.
+#
+# When adding an image, the datastore with highest weight will be
+# selected, unless there is not enough free space available in cases
+# where the image size is already known. If no weight is given, it is
+# assumed to be zero and the directory will be considered for selection
+# last. If multiple datastores have the same weight, then the one with
+# the most free space available is selected.
+#
+# Possible Values:
+#     * Any string of the format:
+#       <datacenter_path>:<datastore_name>:<optional_weight>
+#
+# Related options:
+#    * None
+#
+#  (multi valued)
+#vmware_datastores =
+
+os_region_name = RegionOne
+
 
 
 [oslo_policy]
@@ -311,15 +2295,14 @@
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
 
-# Default rule. Enforced when a requested rule is not found. (string
-# value)
+# Default rule. Enforced when a requested rule is not found. (string value)
 # Deprecated group/name - [DEFAULT]/policy_default_rule
 #policy_default_rule = default
 
-# Directories where policy configuration files are stored. They can be
-# relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by
-# policy_file must exist for these directories to be searched.
-# Missing or empty directories are ignored. (multi valued)
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched.  Missing or empty directories are ignored. (multi
+# valued)
 # Deprecated group/name - [DEFAULT]/policy_dirs
 #policy_dirs = policy.d

2017-09-28 11:21:28,609 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-cache.conf] at time 11:21:28.608979 duration_in_ms=88.98
2017-09-28 11:21:28,609 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-registry.conf] at time 11:21:28.609301
2017-09-28 11:21:28,609 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-registry.conf
2017-09-28 11:21:28,633 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-registry.conf.Debian'
2017-09-28 11:21:28,679 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:28,697 [salt.state       ][INFO    ][27825] File changed:
--- 
+++ 
@@ -1,267 +1,892 @@
+
 [DEFAULT]
 
 #
 # From glance.registry
 #
 
-# When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the  image will be the authenticated user
-# issuing the request. (boolean value)
+#
+# Set the image owner to tenant or the authenticated user.
+#
+# Assign a boolean value to determine the owner of an image. When set to
+# True, the owner of the image is the tenant. When set to False, the
+# owner of the image will be the authenticated user issuing the request.
+# Setting it to False makes the image private to the associated user and
+# sharing with other users within the same tenant (or "project")
+# requires explicit image sharing via image membership.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #owner_is_tenant = true
 
+#
 # Role used to identify an authenticated user as administrator.
-# (string value)
+#
+# Provide a string value representing a Keystone role to identify an
+# administrative user. Users with this role will be granted
+# administrative privileges. The default value for this option is
+# 'admin'.
+#
+# Possible values:
+#     * A string value which is a valid Keystone role
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #admin_role = admin
 
-# Allow unauthenticated users to access the API with read-only
-# privileges. This only applies when using ContextMiddleware. (boolean
-# value)
+#
+# Allow limited access to unauthenticated users.
+#
+# Assign a boolean to determine API access for unathenticated
+# users. When set to False, the API cannot be accessed by
+# unauthenticated users. When set to True, unauthenticated users can
+# access the API with read-only privileges. This however only applies
+# when using ContextMiddleware.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #allow_anonymous_access = false
 
-# Limits request ID length. (integer value)
+#
+# Limit the request ID length.
+#
+# Provide  an integer value to limit the length of the request ID to
+# the specified length. The default value is 64. Users can change this
+# to any ineteger value between 0 and 16384 however keeping in mind that
+# a larger value may flood the logs.
+#
+# Possible values:
+#     * Integer value between 0 and 16384
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #max_request_id_length = 64
 
-# Whether to allow users to specify image properties beyond what the
-# image schema provides (boolean value)
+#
+# Allow users to add additional/custom properties to images.
+#
+# Glance defines a standard set of properties (in its schema) that
+# appear on every image. These properties are also known as
+# ``base properties``. In addition to these properties, Glance
+# allows users to add custom properties to images. These are known
+# as ``additional properties``.
+#
+# By default, this configuration option is set to ``True`` and users
+# are allowed to add additional properties. The number of additional
+# properties that can be added to an image can be controlled via
+# ``image_property_quota`` configuration option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * image_property_quota
+#
+#  (boolean value)
 #allow_additional_image_properties = true
 
-# Maximum number of image members per image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of image members per image.
+#
+# This limits the maximum of users an image can be shared with. Any negative
+# value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_member_quota = 128
 
-# Maximum number of properties allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of properties allowed on an image.
+#
+# This enforces an upper limit on the number of additional properties an image
+# can have. Any negative value is interpreted as unlimited.
+#
+# NOTE: This won't have any impact if additional properties are disabled. Please
+# refer to ``allow_additional_image_properties``.
+#
+# Related options:
+#     * ``allow_additional_image_properties``
+#
+#  (integer value)
 #image_property_quota = 128
 
-# Maximum number of tags allowed on an image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of tags allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_tag_quota = 128
 
-# Maximum number of locations allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of locations allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_location_quota = 10
 
-# Python module path of data access API (string value)
+#
+# Python module path of data access API.
+#
+# Specifies the path to the API to use for accessing the data model.
+# This option determines how the image catalog data will be accessed.
+#
+# Possible values:
+#     * glance.db.sqlalchemy.api
+#     * glance.db.registry.api
+#     * glance.db.simple.api
+#
+# If this option is set to ``glance.db.sqlalchemy.api`` then the image
+# catalog data is stored in and read from the database via the
+# SQLAlchemy Core and ORM APIs.
+#
+# Setting this option to ``glance.db.registry.api`` will force all
+# database access requests to be routed through the Registry service.
+# This avoids data access from the Glance API nodes for an added layer
+# of security, scalability and manageability.
+#
+# NOTE: In v2 OpenStack Images API, the registry service is optional.
+# In order to use the Registry API in v2, the option
+# ``enable_v2_registry`` must be set to ``True``.
+#
+# Finally, when this configuration option is set to
+# ``glance.db.simple.api``, image catalog data is stored in and read
+# from an in-memory data structure. This is primarily used for testing.
+#
+# Related options:
+#     * enable_v2_api
+#     * enable_v2_registry
+#
+#  (string value)
 #data_api = glance.db.sqlalchemy.api
 
-# Default value for the number of items returned by a request if not
-# specified explicitly in the request (integer value)
+#
+# The default number of results to return for a request.
+#
+# Responses to certain API requests, like list images, may return
+# multiple items. The number of results returned can be explicitly
+# controlled by specifying the ``limit`` parameter in the API request.
+# However, if a ``limit`` parameter is not specified, this
+# configuration value will be used as the default number of results to
+# be returned for any API request.
+#
+# NOTES:
+#     * The value of this configuration option may not be greater than
+#       the value specified by ``api_limit_max``.
+#     * Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * api_limit_max
+#
+#  (integer value)
+# Minimum value: 1
 #limit_param_default = 25
-
-# Maximum permissible number of items that could be returned by a
-# request (integer value)
+limit_param_default = 25
+
+#
+# Maximum number of results that could be returned by a request.
+#
+# As described in the help text of ``limit_param_default``, some
+# requests may return multiple results. The number of results to be
+# returned are governed either by the ``limit`` parameter in the
+# request or the ``limit_param_default`` configuration option.
+# The value in either case, can't be greater than the absolute maximum
+# defined by this configuration option. Anything greater than this
+# value is trimmed down to the maximum value defined here.
+#
+# NOTE: Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * limit_param_default
+#
+#  (integer value)
+# Minimum value: 1
 #api_limit_max = 1000
-
-# Whether to include the backend image storage location in image
-# properties. Revealing storage location can be a security risk, so
-# use this setting with caution! (boolean value)
+api_limit_max = 1000
+
+#
+# Show direct image location when returning an image.
+#
+# This configuration option indicates whether to show the direct image
+# location when returning image details to the user. The direct image
+# location is where the image data is stored in backend storage. This
+# image location is shown under the image property ``direct_url``.
+#
+# When multiple image locations exist for an image, the best location
+# is displayed based on the location strategy indicated by the
+# configuration option ``location_strategy``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_multiple_locations`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_multiple_locations
+#     * location_strategy
+#
+#  (boolean value)
 #show_image_direct_url = false
 
-# Whether to include the backend image locations in image properties.
-# For example, if using the file system store a URL of
-# "file:///path/to/image" will be returned to the user in the
-# 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution! Setting this to
-# true overrides the show_image_direct_url option. (boolean value)
+# DEPRECATED:
+# Show all image locations when returning an image.
+#
+# This configuration option indicates whether to show all the image
+# locations when returning image details to the user. When multiple
+# image locations exist for an image, the locations are ordered based
+# on the location strategy indicated by the configuration opt
+# ``location_strategy``. The image locations are shown under the
+# image property ``locations``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_image_direct_url`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_image_direct_url
+#     * location_strategy
+#
+#  (boolean value)
+# This option is deprecated for removal since Newton.
+# Its value may be silently ignored in the future.
+# Reason: This option will be removed in the Ocata release because the same
+# functionality can be achieved with greater granularity by using policies.
+# Please see the Newton release notes for more information.
 #show_multiple_locations = false
 
-# Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
-# increased after careful consideration and must be set to a value
-# under 8 EB (9223372036854775808). (integer value)
+#
+# Maximum size of image a user can upload in bytes.
+#
+# An image upload greater than the size mentioned here would result
+# in an image creation failure. This configuration option defaults to
+# 1099511627776 bytes (1 TiB).
+#
+# NOTES:
+#     * This value should only be increased after careful
+#       consideration and must be set less than or equal to
+#       8 EiB (9223372036854775808).
+#     * This value must be set with careful consideration of the
+#       backend storage capacity. Setting this to a very low value
+#       may result in a large number of image failures. And, setting
+#       this to a very large value may result in faster consumption
+#       of storage. Hence, this must be set according to the nature of
+#       images created and storage capacity available.
+#
+# Possible values:
+#     * Any positive number less than or equal to 9223372036854775808
+#
+#  (integer value)
+# Minimum value: 1
 # Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
-# Set a system wide quota for every user. This value is the total
-# capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
-# Accepted units are B, KB, MB, GB and TB representing Bytes,
-# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
-# unit is specified then Bytes is assumed. Note that there should not
-# be any space between value and unit and units are case sensitive.
-# (string value)
+#
+# Maximum amount of image storage per tenant.
+#
+# This enforces an upper limit on the cumulative storage consumed by all images
+# of a tenant across all stores. This is a per-tenant limit.
+#
+# The default unit for this configuration option is Bytes. However, storage
+# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
+# TeraBytes respectively. Note that there should not be any space between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# are invalid and result in errors.
+#
+# Possible values:
+#     * A string that is a valid concatenation of a non-negative integer
+#       representing the storage value and an optional string literal
+#       representing storage units as mentioned above.
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #user_storage_quota = 0
 
-# Deploy the v1 OpenStack Images API. (boolean value)
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
 #enable_v1_api = true
 
-# Deploy the v2 OpenStack Images API. (boolean value)
+#
+# Deploy the v2 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond
+# to requests on registered endpoints conforming to the v2 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is disabled, then the ``enable_v2_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_registry
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v2_api = true
 
-# Deploy the v1 OpenStack Registry API. (boolean value)
+#
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v1_registry = true
 
-# Deploy the v2 OpenStack Registry API. (boolean value)
+#
+# Deploy the v2 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v2 API requests.
+#
+# NOTES:
+#     * Use of Registry is optional in v2 API, so this option
+#       must only be enabled if both ``enable_v2_api`` is set to
+#       ``True`` and the ``data_api`` option is set to
+#       ``glance.db.registry.api``.
+#
+#     * If deploying only the v1 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_api
+#     * data_api
+#
+#  (boolean value)
 #enable_v2_registry = true
 
-# The hostname/IP of the pydev process listening for debug connections
-# (string value)
-#pydev_worker_debug_host = <None>
-
-# The port on which a pydev process is listening for connections.
-# (port value)
+#
+# Host address of the pydev server.
+#
+# Provide a string value representing the hostname or IP of the
+# pydev server to use for debugging. The pydev server listens for
+# debug connections on this address, facilitating remote debugging
+# in Glance.
+#
+# Possible values:
+#     * Valid hostname
+#     * Valid IP address
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#pydev_worker_debug_host = localhost
+
+#
+# Port number that the pydev server will listen on.
+#
+# Provide a port number to bind the pydev server to. The pydev
+# process accepts debug connections on this port and facilitates
+# remote debugging in Glance.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
-# AES key for encrypting store 'location' metadata. This includes, if
-# used, Swift or S3 credentials. Should be set to a random string of
-# length 16, 24 or 32 bytes (string value)
+#
+# AES key for encrypting store location metadata.
+#
+# Provide a string value representing the AES cipher to use for
+# encrypting Glance store metadata.
+#
+# NOTE: The AES key to use must be set to a random string of length
+# 16, 24 or 32 bytes.
+#
+# Possible values:
+#     * String value representing a valid AES key
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature. Use the
-# command "openssl list-message-digest-algorithms" to get the
-# available algorithms supported by the version of OpenSSL on the
-# platform. Examples are "sha1", "sha256", "sha512", etc. (string
-# value)
+#
+# Digest algorithm to use for digital signature.
+#
+# Provide a string value representing the digest algorithm to
+# use for generating digital signatures. By default, ``sha256``
+# is used.
+#
+# To get a list of the available algorithms supported by the version
+# of OpenSSL on your platform, run the command:
+# ``openssl list-message-digest-algorithms``.
+# Examples are 'sha1', 'sha256', and 'sha512'.
+#
+# NOTE: ``digest_algorithm`` is not related to Glance's image signing
+# and verification. It is only used to sign the universally unique
+# identifier (UUID) as a part of the certificate file and key file
+# validation.
+#
+# Possible values:
+#     * An OpenSSL message digest algorithm identifier
+#
+# Relation options:
+#     * None
+#
+#  (string value)
 #digest_algorithm = sha256
 
-# Address to bind the server.  Useful when selecting a particular
-# network interface. (string value)
+#
+# IP address to bind the glance servers to.
+#
+# Provide an IP address to bind the glance server to. The default
+# value is ``0.0.0.0``.
+#
+# Edit this option to enable the server to listen on one particular
+# IP address on the network card. This facilitates selection of a
+# particular network interface for the server.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #bind_host = 0.0.0.0
-
-# The port on which the server will listen. (port value)
+bind_host = 10.167.4.12
+
+#
+# Port number on which the server will listen.
+#
+# Provide a valid port number to bind the server's socket to. This
+# port is then set to identify processes and forward network messages
+# that arrive at the server. The default bind_port value for the API
+# server is 9292 and for the registry server is 9191.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #bind_port = <None>
-
-# The backlog value that will be used when creating the TCP listener
-# socket. (integer value)
+bind_port = 9191
+
+#
+# Set the number of incoming connection requests.
+#
+# Provide a positive integer value to limit the number of requests in
+# the backlog queue. The default queue size is 4096.
+#
+# An incoming connection to a TCP listener socket is queued before a
+# connection can be established with the server. Setting the backlog
+# for a TCP socket ensures a limited queue size for incoming traffic.
+#
+# Possible values:
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #backlog = 4096
 
-# The value for the socket option TCP_KEEPIDLE.  This is the time in
-# seconds that the connection must be idle before TCP starts sending
-# keepalive probes. (integer value)
+#
+# Set the wait time before a connection recheck.
+#
+# Provide a positive integer value representing time in seconds which
+# is set as the idle wait time before a TCP keep alive packet can be
+# sent to the host. The default value is 600 seconds.
+#
+# Setting ``tcp_keepidle`` helps verify at regular intervals that a
+# connection is intact and prevents frequent TCP connection
+# reestablishment.
+#
+# Possible values:
+#     * Positive integer value representing time in seconds
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #tcp_keepidle = 600
 
-# CA certificate file to use to verify connecting clients. (string
-# value)
-#ca_file = <None>
-
-# Certificate file to use when starting API server securely. (string
-# value)
-#cert_file = <None>
-
-# Private key file to use when starting API server securely. (string
-# value)
-#key_file = <None>
-
-# The number of child process workers that will be created to service
-# requests. The default will be equal to the number of CPUs available.
-# (integer value)
+#
+# Absolute path to the CA file.
+#
+# Provide a string value representing a valid absolute path to
+# the Certificate Authority file to use for client authentication.
+#
+# A CA file typically contains necessary trusted certificates to
+# use for the client authentication. This is essential to ensure
+# that a secure connection is established to the server via the
+# internet.
+#
+# Possible values:
+#     * Valid absolute path to the CA file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#ca_file = /etc/ssl/cafile
+
+#
+# Absolute path to the certificate file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate file which is required to start the API service
+# securely.
+#
+# A certificate file typically is a public key container and includes
+# the server's public key, server name, server information and the
+# signature which was a result of the verification process using the
+# CA certificate. This is required for a secure connection
+# establishment.
+#
+# Possible values:
+#     * Valid absolute path to the certificate file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#cert_file = /etc/ssl/certs
+
+#
+# Absolute path to a private key file.
+#
+# Provide a string value representing a valid absolute path to a
+# private key file which is required to establish the client-server
+# connection.
+#
+# Possible values:
+#     * Absolute path to the private key file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#key_file = /etc/ssl/key/key-file.pem
+
+# DEPRECATED: The HTTP header used to determine the scheme for the original
+# request, even if it was removed by an SSL terminating proxy. Typical value is
+# "HTTP_X_FORWARDED_PROTO". (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Use the http_proxy_to_wsgi middleware instead.
+#secure_proxy_ssl_header = <None>
+
+#
+# Number of Glance worker processes to start.
+#
+# Provide a non-negative integer value to set the number of child
+# process workers to service requests. By default, the number of CPUs
+# available is set as the value for ``workers``.
+#
+# Each worker process is made to listen on the port set in the
+# configuration file and contains a greenthread pool of size 1000.
+#
+# NOTE: Setting the number of workers to zero, triggers the creation
+# of a single API process with a greenthread pool of size 1000.
+#
+# Possible values:
+#     * 0
+#     * Positive integer value (typically equal to the number of CPUs)
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #workers = <None>
-
-# Maximum line size of message headers to be accepted. max_header_line
-# may need to be increased when using large tokens (typically those
-# generated by the Keystone v3 API with big service catalogs (integer
-# value)
+workers = 8
+
+#
+# Maximum line size of message headers.
+#
+# Provide an integer value representing a length to limit the size of
+# message headers. The default value is 16384.
+#
+# NOTE: ``max_header_line`` may need to be increased when using large
+# tokens (typically those generated by the Keystone v3 API with big
+# service catalogs). However, it is to be kept in mind that larger
+# values for ``max_header_line`` would flood the logs.
+#
+# Setting ``max_header_line`` to 0 sets no limit for the line size of
+# message headers.
+#
+# Possible values:
+#     * 0
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #max_header_line = 16384
 
-# If False, server will return the header "Connection: close", If
-# True, server will return "Connection: Keep-Alive" in its responses.
-# In order to close the client socket connection explicitly after the
-# response is sent and read successfully by the client, you simply
-# have to set this option to False when you create a wsgi server.
-# (boolean value)
+#
+# Set keep alive option for HTTP over TCP.
+#
+# Provide a boolean value to determine sending of keep alive packets.
+# If set to ``False``, the server returns the header
+# "Connection: close". If set to ``True``, the server returns a
+# "Connection: Keep-Alive" in its responses. This enables retention of
+# the same TCP connection for HTTP conversations instead of opening a
+# new one with each new request.
+#
+# This option must be set to ``False`` if the client socket connection
+# needs to be closed explicitly after the response is received and
+# read successfully by the client.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #http_keepalive = true
 
-# Timeout for client connections' socket operations. If an incoming
-# connection is idle for this number of seconds it will be closed. A
-# value of '0' means wait forever. (integer value)
+#
+# Timeout for client connections' socket operations.
+#
+# Provide a valid integer value representing time in seconds to set
+# the period of wait before an incoming connection can be closed. The
+# default value is 900 seconds.
+#
+# The value zero implies wait forever.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #client_socket_timeout = 900
 
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of
-# the default INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
-
-# If set to false, the logging level will be set to WARNING instead of
-# the default INFO level. (boolean value)
+debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
-
-# The name of a logging configuration file. This file is appended to
-# any existing logging configuration files. For details about logging
-# configuration files, see the Python logging module documentation.
-# Note that when logging configuration files are used then all logging
-# configuration is set in the configuration file and other logging
-# configuration options are ignored (for example,
-# logging_context_format_string). (string value)
+verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set.
-# (string value)
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default
-# is set, logging will go to stderr as defined by use_stderr. This
-# option is ignored if log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths.
-# This option is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/registry.log
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is
-# moved or removed this handler will open a new log file with
-# specified path instantaneously. It makes sense only if log_file
-# option is specified and Linux platform is used. This option is
-# ignored if log_config_append is set. (boolean value)
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and
-# will be changed later to honor RFC5424. This option is ignored if
-# log_config_append is set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_syslog = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. This option is ignored if
-# log_config_append is set. (boolean value)
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined.
-# (string value)
+# Format string to use for log messages when context is undefined. (string
+# value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the
-# message is DEBUG. (string value)
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
-# Prefix each line of exception output with this format. (string
-# value)
+# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is
-# ignored if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message.
-# (string value)
+# The format for an instance that is passed with the log message. (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message.
-# (string value)
+# The format for an instance UUID that is passed with the log message. (string
+# value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Enables or disables fatal status of deprecations. (boolean value)
@@ -275,64 +900,99 @@
 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
 #rpc_conn_pool_size = 30
 
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet
-# interface, or IP. The "host" option should point or resolve to this
-# address. (string value)
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
 # Allowed values: redis, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
 #rpc_zmq_matchmaker = redis
 
-# Type of concurrency used. Either "native" or "eventlet" (string
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Seconds to wait before a cast expires (TTL). The default value of -1 specifies
+# an infinite linger period. The value of 0 specifies no linger period. Pending
+# messages shall be discarded immediately when the socket is closed. Only
+# supported by impl_zmq. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#rpc_cast_timeout = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#rpc_zmq_concurrency = eventlet
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic.
-# Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address.
-# Must match "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Seconds to wait before a cast expires (TTL). The default value of -1
-# specifies an infinite linger period. The value of 0 specifies no
-# linger period. Pending messages shall be discarded immediately when
-# the socket is closed. Only supported by impl_zmq. (integer value)
-#rpc_cast_timeout = -1
-
-# The default number of seconds that poll should wait. Poll raises
-# timeout exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about
-# existing target ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 120
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
-# (boolean value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
 #use_pub_sub = true
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = true
 
 # Minimal port number for random ports range. (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#rpc_zmq_min_port = 49152
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
 
 # Maximal port number for random ports range. (integer value)
 # Minimum value: 1
 # Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
 #rpc_zmq_max_port = 65536
 
-# Number of retries to find free port number before fail with
-# ZMQBindError. (integer value)
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
 #rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = false
 
 # Size of executor thread pool. (integer value)
 # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
@@ -341,19 +1001,22 @@
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
 
-# A URL representing the messaging driver to use and its full
-# configuration. If not set, we fall back to the rpc_backend option
-# and driver specific configuration. (string value)
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
 #transport_url = <None>
-
-# The messaging driver to use, defaults to rabbit. Other drivers
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.41:5672,openstack:opnfv_secret@10.167.4.42:5672,openstack:opnfv_secret@10.167.4.43:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
 # include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rpc_backend = rabbit
 
-# The default exchange under which topics are scoped. May be
-# overridden by an exchange name specified in the transport_url
-# option. (string value)
+# The default exchange under which topics are scoped. May be overridden by an
+# exchange name specified in the transport_url option. (string value)
 #control_exchange = openstack
+control_exchange = openstack
 
 
 [database]
@@ -362,10 +1025,13 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect the
+# database.
 #sqlite_db = oslo.sqlite
-sqlite_db = /var/lib/glance/glance.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
 # Deprecated group/name - [DEFAULT]/sqlite_synchronous
@@ -373,23 +1039,25 @@
 
 # The back end to use for the database. (string value)
 # Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
 backend = sqlalchemy
 
-# The SQLAlchemy connection string to use to connect to the database.
-# (string value)
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave
-# database. (string value)
+connection = mysql+pymysql://glance:opnfv_secret@10.167.4.50/glance
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
 #slave_connection = <None>
 
-# The SQL mode to be used for MySQL sessions. This option, including
-# the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value.
-# Example: mysql_sql_mode= (string value)
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
 #mysql_sql_mode = TRADITIONAL
 
 # Timeout before idle SQL connections are reaped. (integer value)
@@ -397,39 +1065,42 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool. (integer
-# value)
+idle_timeout = 3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer
-# value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to
-# -1 to specify an infinite retry count. (integer value)
+#max_pool_size = 5
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer
-# value)
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
 
-# If set, use this value for max_overflow with SQLAlchemy. (integer
-# value)
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# (integer value)
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -437,224 +1108,44 @@
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
 #connection_trace = false
 
-# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# value)
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection
-# lost. (boolean value)
+# Enable the experimental use of database reconnect on connection lost. (boolean
+# value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
 
-# If True, increases the interval between retries of a database
-# operation up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
 #db_inc_retry_interval = true
 
-# If db_inc_retry_interval is set, the maximum seconds between retries
-# of a database operation. (integer value)
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
 #db_max_retry_interval = 10
 
-# Maximum retries in case of connection error or deadlock error before
-# error is raised. Set to -1 to specify an infinite retry count.
-# (integer value)
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
 #db_max_retries = 20
 
 #
 # From oslo.db.concurrency
 #
 
-# Enable the experimental use of thread pooling for all DB API calls
-# (boolean value)
+# Enable the experimental use of thread pooling for all DB API calls (boolean
+# value)
 # Deprecated group/name - [DEFAULT]/dbapi_use_tpool
 #use_tpool = false
 
-
 [glance_store]
-
-#
-# From glance.store
-#
-
-# List of stores enabled. Valid stores are: cinder, file, http, rbd,
-# sheepdog, swift, s3, vsphere (list value)
-#stores = file,http
-
-# Default scheme to use to store image data. The scheme must be
-# registered by one of the stores defined by the 'stores' config
-# option. (string value)
-#default_store = file
-
-# Minimum interval seconds to execute updating dynamic storage
-# capabilities based on backend status then. It's not a periodic
-# routine, the update logic will be executed only when interval
-# seconds elapsed and an operation of store has triggered. The feature
-# will be enabled only when the option value greater then zero.
-# (integer value)
-#store_capabilities_update_min_interval = 0
-
-# Specify the path to the CA bundle file to use in verifying the
-# remote server certificate. (string value)
-#https_ca_certificates_file = <None>
-
-# If true, the remote server certificate is not verified. If false,
-# then the default CA truststore is used for verification. This option
-# is ignored if "https_ca_certificates_file" is set. (boolean value)
-#https_insecure = true
-
-# Specify the http/https proxy information that should be used to
-# connect to the remote server. The proxy information should be a key
-# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
-# specify proxies for multiple schemes by seperating the key value
-# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
-# (dict value)
-#http_proxy_information =
-
-# If True, swiftclient won't check for a valid SSL certificate when
-# authenticating. (boolean value)
-#swift_store_auth_insecure = false
-
-# A string giving the CA certificate file to use in SSL connections
-# for verifying certs. (string value)
-#swift_store_cacert = <None>
-
-# The region of the swift endpoint to be used for single tenant. This
-# setting is only necessary if the tenant has multiple swift
-# endpoints. (string value)
-#swift_store_region = <None>
-
-# If set, the configured endpoint will be used. If None, the storage
-# url from the auth response will be used. (string value)
-#swift_store_endpoint = <None>
-
-# A string giving the endpoint type of the swift service to use
-# (publicURL, adminURL or internalURL). This setting is only used if
-# swift_store_auth_version is 2. (string value)
-#swift_store_endpoint_type = publicURL
-
-# A string giving the service type of the swift service to use. This
-# setting is only used if swift_store_auth_version is 2. (string
-# value)
-#swift_store_service_type = object-store
-
-# Container within the account that the account should use for storing
-# images in Swift when using single container mode. In multiple
-# container mode, this will be the prefix for all containers. (string
-# value)
-#swift_store_container = glance
-
-# The size, in MB, that Glance will start chunking image files and do
-# a large object manifest in Swift. (integer value)
-#swift_store_large_object_size = 5120
-
-# The amount of data written to a temporary disk buffer during the
-# process of chunking the image file. (integer value)
-#swift_store_large_object_chunk_size = 200
-
-# A boolean value that determines if we create the container if it
-# does not exist. (boolean value)
-#swift_store_create_container_on_put = false
-
-# If set to True, enables multi-tenant storage mode which causes
-# Glance images to be stored in tenant specific Swift accounts.
-# (boolean value)
-#swift_store_multi_tenant = false
-
-# When set to 0, a single-tenant store will only use one container to
-# store all images. When set to an integer value between 1 and 32, a
-# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
-# only when swift_store_multi_tenant is disabled. The total number of
-# containers that will be used is equal to 16^N, so if this config
-# option is set to 2, then 16^2=256 containers will be used to store
-# images. (integer value)
-#swift_store_multiple_containers_seed = 0
-
-# A list of tenants that will be granted read/write access on all
-# Swift containers created by Glance in multi-tenant mode. (list
-# value)
-#swift_store_admin_tenants =
-
-# If set to False, disables SSL layer compression of https swift
-# requests. Setting to False may improve performance for images which
-# are already in a compressed format, eg qcow2. (boolean value)
-#swift_store_ssl_compression = true
-
-# The number of times a Swift download will be retried before the
-# request fails. (integer value)
-#swift_store_retry_get_count = 0
-
-# The period of time (in seconds) before token expirationwhen
-# glance_store will try to reques new user token. Default value 60 sec
-# means that if token is going to expire in 1 min then glance_store
-# request new user token. (integer value)
-#swift_store_expire_soon_interval = 60
-
-# If set to True create a trust for each add/get request to Multi-
-# tenant store in order to prevent authentication token to be expired
-# during uploading/downloading data. If set to False then user token
-# is used for Swift connection (so no overhead on trust creation).
-# Please note that this option is considered only and only if
-# swift_store_multi_tenant=True (boolean value)
-#swift_store_use_trusts = true
-
-# The reference to the default swift account/backing store parameters
-# to use for adding new images. (string value)
-#default_swift_reference = ref1
-
-# Version of the authentication service to use. Valid versions are 2
-# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
-# (deprecated - use "auth_version" in swift_store_config_file) (string
-# value)
-#swift_store_auth_version = 2
-
-# The address where the Swift authentication service is listening.
-# (deprecated - use "auth_address" in swift_store_config_file) (string
-# value)
-#swift_store_auth_address = <None>
-
-# The user to authenticate against the Swift authentication service
-# (deprecated - use "user" in swift_store_config_file) (string value)
-#swift_store_user = <None>
-
-# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated - use "key" in
-# swift_store_config_file) (string value)
-#swift_store_key = <None>
-
-# The config file that has the swift account(s)configs. (string value)
-#swift_store_config_file = <None>
-
-# RADOS images will be chunked into objects of this size (in
-# megabytes). For best performance, this should be a power of two.
-# (integer value)
-#rbd_store_chunk_size = 8
-
-# RADOS pool in which images are stored. (string value)
-#rbd_store_pool = images
-
-# RADOS user to authenticate as (only applicable if using Cephx. If
-# <None>, a default will be chosen based on the client. section in
-# rbd_store_ceph_conf) (string value)
-#rbd_store_user = <None>
-
-# Ceph configuration file path. If <None>, librados will locate the
-# default config. If using cephx authentication, this file should
-# include a reference to the right keyring in a client.<USER> section
-# (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# Timeout value (in seconds) used when connecting to ceph cluster. If
-# value <= 0, no timeout is set and default librados value is used.
-# (integer value)
-#rados_connect_timeout = 0
-
-# Info to match when looking for cinder in the service catalog. Format
-# is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volumev2::publicURL
+filesystem_store_datadir = /var/lib/glance/images/
+
+swift_store_endpoint_type = internalURL
+
+cinder_catalog_info = volumev2::internalURL
 
 # Override service catalog lookup with template for cinder endpoint
 # e.g. http://localhost:8776/v2/%(tenant)s (string value)
@@ -665,173 +1156,7 @@
 # Deprecated group/name - [DEFAULT]/os_region_name
 #cinder_os_region_name = <None>
 
-# Location of ca certicates file to use for cinder client requests.
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Time period of time in seconds to wait for a cinder volume
-# transition to complete. (integer value)
-#cinder_state_transition_timeout = 300
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = false
-
-# The address where the Cinder authentication service is listening. If
-# <None>, the cinder endpoint in the service catalog is used. (string
-# value)
-#cinder_store_auth_address = <None>
-
-# User name to authenticate against Cinder. If <None>, the user of
-# current context is used. (string value)
-#cinder_store_user_name = <None>
-
-# Password for the user authenticating against Cinder. If <None>, the
-# current context auth token is used. (string value)
-#cinder_store_password = <None>
-
-# Project name where the image is stored in Cinder. If <None>, the
-# project in current context is used. (string value)
-#cinder_store_project_name = <None>
-
-# Path to the rootwrap configuration file to use for running commands
-# as root. (string value)
-#rootwrap_config = /etc/glance/rootwrap.conf
-
-# The host where the S3 server is listening. (string value)
-#s3_store_host = <None>
-
-# The S3 query token access key. (string value)
-#s3_store_access_key = <None>
-
-# The S3 query token secret key. (string value)
-#s3_store_secret_key = <None>
-
-# The S3 bucket to be used to store the Glance data. (string value)
-#s3_store_bucket = <None>
-
-# The local directory where uploads will be staged before they are
-# transferred into S3. (string value)
-#s3_store_object_buffer_dir = <None>
-
-# A boolean to determine if the S3 bucket should be created on upload
-# if it does not exist or if an error should be returned to the user.
-# (boolean value)
-#s3_store_create_bucket_on_put = false
-
-# The S3 calling format used to determine the bucket. Either subdomain
-# or path can be used. (string value)
-#s3_store_bucket_url_format = subdomain
-
-# What size, in MB, should S3 start chunking image files and do a
-# multipart upload in S3. (integer value)
-#s3_store_large_object_size = 100
-
-# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to 5M. (integer value)
-#s3_store_large_object_chunk_size = 10
-
-# The number of thread pools to perform a multipart upload in S3.
-# (integer value)
-#s3_store_thread_pools = 10
-
-# Enable the use of a proxy. (boolean value)
-#s3_store_enable_proxy = false
-
-# Address or hostname for the proxy server. (string value)
-#s3_store_proxy_host = <None>
-
-# The port to use when connecting over a proxy. (integer value)
-#s3_store_proxy_port = 8080
-
-# The username to connect to the proxy. (string value)
-#s3_store_proxy_user = <None>
-
-# The password to use when connecting over a proxy. (string value)
-#s3_store_proxy_password = <None>
-
-# Images will be chunked into objects of this size (in megabytes). For
-# best performance, this should be a power of two. (integer value)
-#sheepdog_store_chunk_size = 64
-
-# Port of sheep daemon. (integer value)
-#sheepdog_store_port = 7000
-
-# IP address of sheep daemon. (string value)
-#sheepdog_store_address = localhost
-
-# Directory to which the Filesystem backend store writes images.
-# (string value)
-#filesystem_store_datadir = /var/lib/glance/images
-
-# List of directories and its priorities to which the Filesystem
-# backend store writes images. (multi valued)
-#filesystem_store_datadirs =
-
-# The path to a file which contains the metadata to be returned with
-# any location associated with this store.  The file must contain a
-# valid JSON object. The object should contain the keys 'id' and
-# 'mountpoint'. The value for both keys should be 'string'. (string
-# value)
-#filesystem_store_metadata_file = <None>
-
-# The required permission for created image file. In this way the user
-# other service used, e.g. Nova, who consumes the image could be the
-# exclusive member of the group that owns the files created. Assigning
-# it less then or equal to zero means don't change the default
-# permission of the file. This value will be decoded as an octal
-# digit. (integer value)
-#filesystem_store_file_perm = 0
-
-# ESX/ESXi or vCenter Server target system. The server value can be an
-# IP address or a DNS name. (string value)
-#vmware_server_host = <None>
-
-# Username for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_username = <None>
-
-# Password for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_password = <None>
-
-# Number of times VMware ESX/VC server API must be retried upon
-# connection related issues. (integer value)
-#vmware_api_retry_count = 10
-
-# The interval used for polling remote tasks invoked on VMware ESX/VC
-# server. (integer value)
-#vmware_task_poll_interval = 5
-
-# The name of the directory where the glance images will be stored in
-# the VMware datastore. (string value)
-#vmware_store_image_dir = /openstack_glance
-
-# If true, the ESX/vCenter server certificate is not verified. If
-# false, then the default CA truststore is used for verification. This
-# option is ignored if "vmware_ca_file" is set. (boolean value)
-# Deprecated group/name - [DEFAULT]/vmware_api_insecure
-#vmware_insecure = false
-
-# Specify a CA bundle file to use in verifying the ESX/vCenter server
-# certificate. (string value)
-#vmware_ca_file = <None>
-
-# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores. The
-# datastore name should be specified after its datacenter path,
-# seperated by ":". An optional weight may be given after the
-# datastore name, seperated again by ":". Thus, the required format
-# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
-# adding an image, the datastore with highest weight will be selected,
-# unless there is not enough free space available in cases where the
-# image size is already known. If no weight is given, it is assumed to
-# be zero and the directory will be considered for selection last. If
-# multiple datastores have the same weight, then the one with the most
-# free space available is selected. (multi valued)
-#vmware_datastores =
+cinder_os_region_name = RegionOne
 
 
 [keystone_authtoken]
@@ -839,39 +1164,54 @@
 #
 # From keystonemiddleware.auth_token
 #
-
-# Complete public Identity API endpoint. (string value)
+revocation_cache_time = 10
+auth_type = password
+user_domain_id = default
+project_domain_id = default
+project_name = service
+username = glance
+password = opnfv_secret
+auth_uri=http://10.167.4.10:5000
+auth_url=http://10.167.4.10:35357
+memcached_servers=10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
+# clients are redirected to this endpoint to authenticate. Although this
+# endpoint should  ideally be unversioned, client support in the wild varies.
+# If you're using a versioned v2 endpoint here, then this  should *not* be the
+# same endpoint the service user utilizes  for validating tokens, because normal
+# end users may not be  able to reach that endpoint. (string value)
 #auth_uri = <None>
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
 
-# Do not handle authorization requests within the middleware, but
-# delegate the authorization decision to downstream WSGI components.
-# (boolean value)
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
 #delay_auth_decision = false
 
-# Request timeout value for communicating with Identity API server.
-# (integer value)
+# Request timeout value for communicating with Identity API server. (integer
+# value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with
-# Identity API Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity API
+# Server. (integer value)
 #http_request_max_retries = 3
 
-# Env key for the swift cache. (string value)
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
 #cache = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #certfile = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #keyfile = <None>
 
-# A PEM encoded Certificate Authority to use when verifying HTTPs
-# connections. Defaults to system CAs. (string value)
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
 #cafile = <None>
 
 # Verify HTTPS connections. (boolean value)
@@ -883,98 +1223,91 @@
 # Directory used to cache files related to PKI tokens. (string value)
 #signing_dir = <None>
 
-# Optionally specify a list of memcached server(s) to use for caching.
-# If left undefined, tokens will instead be cached in-process. (list
-# value)
-# Deprecated group/name - [DEFAULT]/memcache_servers
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating tokens, the
-# middleware caches previously-seen tokens for a configurable duration
-# (in seconds). Set to -1 to disable caching completely. (integer
-# value)
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set to
+# -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of
-# revocation events combined with a low cache duration may
-# significantly reduce performance. (integer value)
+# Determines the frequency at which the list of revoked tokens is retrieved from
+# the Identity service (in seconds). A high number of revocation events combined
+# with a low cache duration may significantly reduce performance. Only valid for
+# PKI tokens. (integer value)
 #revocation_cache_time = 10
 
-# (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. If MAC, token data is
-# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
-# encrypted and authenticated in the cache. If the value is not one of
-# these options or empty, auth_token will raise an exception on
-# initialization. (string value)
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
 # Allowed values: None, MAC, ENCRYPT
 #memcache_security_strategy = None
 
-# (Optional, mandatory if memcache_security_strategy is defined) This
-# string is used for key derivation. (string value)
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
 #memcache_secret_key = <None>
 
-# (Optional) Number of seconds memcached server is considered dead
-# before it is tried again. (integer value)
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every
-# memcached server. (integer value)
+# (Optional) Maximum total number of open connections to every memcached server.
+# (integer value)
 #memcache_pool_maxsize = 10
 
-# (Optional) Socket timeout in seconds for communicating with a
-# memcached server. (integer value)
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
 #memcache_pool_socket_timeout = 3
 
-# (Optional) Number of seconds a connection to memcached is held
-# unused in the pool before it is closed. (integer value)
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
 #memcache_pool_unused_timeout = 60
 
-# (Optional) Number of seconds that an operation will wait to get a
-# memcached client connection from the pool. (integer value)
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcached client pool.
-# The advanced pool will only work under python 2.x. (boolean value)
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
-# (Optional) Indicate whether to set the X-Service-Catalog header. If
-# False, middleware will not ask for service catalog on token
-# validation and will not set the X-Service-Catalog header. (boolean
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it if
+# not. "strict" like "permissive" but if the bind type is unknown the token will
+# be rejected. "required" any form of token binding is needed to be allowed.
+# Finally the name of a binding method that must be present in tokens. (string
 # value)
-#include_service_catalog = true
-
-# Used to control the use and type of token binding. Can be set to:
-# "disabled" to not check token binding. "permissive" (default) to
-# validate binding information if the bind type is of a form known to
-# the server and ignore it if not. "strict" like "permissive" but if
-# the bind type is unknown the token will be rejected. "required" any
-# form of token binding is needed to be allowed. Finally the name of a
-# binding method that must be present in tokens. (string value)
 #enforce_token_bind = permissive
 
-# If true, the revocation list will be checked for cached tokens. This
-# requires that PKI tokens are configured on the identity server.
-# (boolean value)
+# If true, the revocation list will be checked for cached tokens. This requires
+# that PKI tokens are configured on the identity server. (boolean value)
 #check_revocations_for_cached = false
 
-# Hash algorithms to use for hashing PKI tokens. This may be a single
-# algorithm or multiple. The algorithms are those supported by Python
-# standard hashlib.new(). The hashes will be tried in the order given,
-# so put the preferred one first for performance. The result of the
-# first hash will be stored in the cache. This will typically be set
-# to multiple values only while migrating from a less secure algorithm
-# to a more secure one. Once all the old tokens are expired this
-# option should be set to a single value for better performance. (list
-# value)
+# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
+# or multiple. The algorithms are those supported by Python standard
+# hashlib.new(). The hashes will be tried in the order given, so put the
+# preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
 #hash_algorithms = md5
 
-# Authentication type to load (unknown value)
-# Deprecated group/name - [DEFAULT]/auth_plugin
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
 
-# Config Section from which to load plugin specific options (unknown
-# value)
+# Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
 
@@ -984,32 +1317,44 @@
 # From oslo.messaging
 #
 
-# Host to locate redis. (string value)
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (port value)
+# DEPRECATED: Use this port to connect to redis host. (port value)
 # Minimum value: 0
 # Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #port = 6379
 
-# Password for Redis server (optional). (string value)
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #password =
 
-# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g.
 # [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #sentinel_hosts =
 
 # Redis replica set name. (string value)
 #sentinel_group_name = oslo-messaging-zeromq
 
 # Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 500
+#wait_timeout = 2000
 
 # Time in ms to wait before the transaction is killed. (integer value)
 #check_timeout = 20000
 
 # Timeout in ms on blocking socket operations (integer value)
-#socket_timeout = 1000
+#socket_timeout = 10000
 
 
 [oslo_messaging_amqp]
@@ -1017,6 +1362,101 @@
 #
 # From oslo.messaging
 #
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file to verify server certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Identifying certificate PEM file to present to clients (string value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign cert_file certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The deadline for an rpc reply message delivery. Only used when caller does not
+# provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy'   - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic'  - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
 
 # address prefix used when sending to a specific server (string value)
 # Deprecated group/name - [amqp1]/server_request_prefix
@@ -1030,60 +1470,54 @@
 # Deprecated group/name - [amqp1]/group_request_prefix
 #group_request_prefix = unicast
 
-# Name for the AMQP container (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file to verify server certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Identifying certificate PEM file to present to clients (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign cert_file certificate (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string
-# value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-robin
+# fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+default_notification_exchange = glance
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
 
 
 [oslo_messaging_notifications]
@@ -1092,14 +1526,13 @@
 # From oslo.messaging
 #
 
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
+# The Drivers(s) to handle sending notifications. Possible values are messaging,
+# messagingv2, routing, log, test, noop (multi valued)
 # Deprecated group/name - [DEFAULT]/notification_driver
 #driver =
-
-# A URL representing the messaging driver to use for notifications. If
-# not set, we fall back to the same configuration used for RPC.
-# (string value)
+driver = messagingv2
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
 # Deprecated group/name - [DEFAULT]/notification_transport_url
 #transport_url = <None>
 
@@ -1124,9 +1557,9 @@
 # Deprecated group/name - [DEFAULT]/amqp_auto_delete
 #amqp_auto_delete = false
 
-# SSL version to use (valid only if SSL enabled). Valid values are
-# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
-# available on some distributions. (string value)
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
 # Deprecated group/name - [DEFAULT]/kombu_ssl_version
 #kombu_ssl_version =
 
@@ -1138,117 +1571,131 @@
 # Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
 #kombu_ssl_certfile =
 
-# SSL certification authority file (valid only if SSL enabled).
-# (string value)
+# SSL certification authority file (valid only if SSL enabled). (string value)
 # Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
 #kombu_ssl_ca_certs =
 
-# How long to wait before reconnecting in response to an AMQP consumer
-# cancel notification. (floating point value)
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
 # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
 #kombu_reconnect_delay = 1.0
 
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
-# will not be used. This option may notbe available in future
-# versions. (string value)
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
 #kombu_compression = <None>
 
-# How long to wait a missing client beforce abandoning to send it its
-# replies. This value should not be longer than rpc_response_timeout.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
 #kombu_missing_consumer_retry_timeout = 60
 
-# Determines how the next RabbitMQ node is chosen in case the one we
-# are currently connected to becomes unavailable. Takes effect only if
-# more than one RabbitMQ node is provided in config. (string value)
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than one
+# RabbitMQ node is provided in config. (string value)
 # Allowed values: round-robin, shuffle
 #kombu_failover_strategy = round-robin
 
-# The RabbitMQ broker address where a single node is used. (string
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
 # value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (port value)
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_port = 5672
 
-# RabbitMQ HA cluster host:port pairs. (list value)
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_hosts = $rabbit_host:$rabbit_port
 
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl = false
 
-# The RabbitMQ userid. (string value)
+# DEPRECATED: The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_userid = guest
 
-# The RabbitMQ password. (string value)
+# DEPRECATED: The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_login_method
 #rabbit_login_method = AMQPLAIN
 
-# The RabbitMQ virtual host. (string value)
+# DEPRECATED: The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_virtual_host = /
 
 # How frequently to retry connecting with RabbitMQ. (integer value)
 #rabbit_retry_interval = 1
 
-# How long to backoff for between retries when connecting to RabbitMQ.
-# (integer value)
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
 #rabbit_retry_backoff = 2
 
-# Maximum interval of RabbitMQ connection retries. Default is 30
-# seconds. (integer value)
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
 #rabbit_interval_max = 30
 
-# Maximum number of RabbitMQ connection retries. Default is 0
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
 # (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
 #rabbit_max_retries = 0
 
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
-# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
-# queue mirroring is no longer controlled by the x-ha-policy argument
-# when declaring a queue. If you just want to make sure that all
-# queues (except  those with auto-generated names) are mirrored across
-# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
-# mode": "all"}' " (boolean value)
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue. If
+# you just want to make sure that all queues (except  those with auto-generated
+# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
+# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
 #rabbit_ha_queues = false
 
-# Positive integer representing duration in seconds for queue TTL
-# (x-expires). Queues which are unused for the duration of the TTL are
-# automatically deleted. The parameter affects only reply and fanout
-# queues. (integer value)
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically deleted.
+# The parameter affects only reply and fanout queues. (integer value)
 # Minimum value: 1
-#rabbit_transient_queues_ttl = 600
-
-# Specifies the number of messages to prefetch. Setting to zero allows
-# unlimited messages. (integer value)
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows unlimited
+# messages. (integer value)
 #rabbit_qos_prefetch_count = 0
 
-# Number of seconds after which the Rabbit broker is considered down
-# if heartbeat's keep-alive fails (0 disable the heartbeat).
-# EXPERIMENTAL (integer value)
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
 #heartbeat_timeout_threshold = 60
 
-# How often times during the heartbeat_timeout_threshold we check the
-# heartbeat. (integer value)
+# How often times during the heartbeat_timeout_threshold we check the heartbeat.
+# (integer value)
 #heartbeat_rate = 2
 
-# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
-# (boolean value)
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
 # Deprecated group/name - [DEFAULT]/fake_rabbit
 #fake_rabbit = false
 
@@ -1258,9 +1705,8 @@
 # The maximum byte size for an AMQP frame (integer value)
 #frame_max = <None>
 
-# How often to send heartbeats for consumer's connections (integer
-# value)
-#heartbeat_interval = 1
+# How often to send heartbeats for consumer's connections (integer value)
+#heartbeat_interval = 3
 
 # Enable SSL (boolean value)
 #ssl = <None>
@@ -1268,59 +1714,58 @@
 # Arguments passed to ssl.wrap_socket (dict value)
 #ssl_options = <None>
 
-# Set socket timeout in seconds for connection's socket (floating
+# Set socket timeout in seconds for connection's socket (floating point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error (floating
 # point value)
-#socket_timeout = 0.25
-
-# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
-# point value)
-#tcp_user_timeout = 0.25
-
-# Set delay for reconnection to some host which has connection error
-# (floating point value)
 #host_connection_reconnect_delay = 0.25
 
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
 # Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 10
-
-# Maximum number of connections to create above `pool_max_size`.
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`. (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available (integer
+# value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no recycling.
+# Expired connections are closed on acquire. (integer value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are considered stale
+# in seconds or None for no staleness. Stale connections are closed on acquire.
 # (integer value)
-#pool_max_overflow = 0
-
-# Default number of seconds to wait for a connections to available
-# (integer value)
-#pool_timeout = 30
-
-# Lifetime of a connection (since creation) in seconds or None for no
-# recycling. Expired connections are closed on acquire. (integer
-# value)
-#pool_recycle = 600
-
-# Threshold at which inactive (since release) connections are
-# considered stale in seconds or None for no staleness. Stale
-# connections are closed on acquire. (integer value)
 #pool_stale = 60
 
 # Persist notification messages. (boolean value)
 #notification_persistence = false
 
-# Exchange name for for sending notifications (string value)
+# Exchange name for sending notifications (string value)
 #default_notification_exchange = ${control_exchange}_notification
 
-# Max number of not acknowledged message which RabbitMQ can send to
-# notification listener. (integer value)
+# Max number of not acknowledged message which RabbitMQ can send to notification
+# listener. (integer value)
 #notification_listener_prefetch_count = 100
 
-# Reconnecting retry count in case of connectivity problem during
-# sending notification, -1 means infinite retry. (integer value)
+# Reconnecting retry count in case of connectivity problem during sending
+# notification, -1 means infinite retry. (integer value)
 #default_notification_retry_attempts = -1
 
-# Reconnecting retry delay in case of connectivity problem during
-# sending notification message (floating point value)
+# Reconnecting retry delay in case of connectivity problem during sending
+# notification message (floating point value)
 #notification_retry_delay = 0.25
 
-# Time to live for rpc queues without consumers in seconds. (integer
-# value)
+# Time to live for rpc queues without consumers in seconds. (integer value)
 #rpc_queue_expiration = 60
 
 # Exchange name for sending RPC messages (string value)
@@ -1329,32 +1774,125 @@
 # Exchange name for receiving RPC replies (string value)
 #rpc_reply_exchange = ${control_exchange}_rpc_reply
 
-# Max number of not acknowledged message which RabbitMQ can send to
-# rpc listener. (integer value)
+# Max number of not acknowledged message which RabbitMQ can send to rpc
+# listener. (integer value)
 #rpc_listener_prefetch_count = 100
 
-# Max number of not acknowledged message which RabbitMQ can send to
-# rpc reply listener. (integer value)
+# Max number of not acknowledged message which RabbitMQ can send to rpc reply
+# listener. (integer value)
 #rpc_reply_listener_prefetch_count = 100
 
-# Reconnecting retry count in case of connectivity problem during
-# sending reply. -1 means infinite retry during rpc_timeout (integer
+# Reconnecting retry count in case of connectivity problem during sending reply.
+# -1 means infinite retry during rpc_timeout (integer value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending reply.
+# (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during sending RPC
+# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
+# request could be processed more then one time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending RPC
+# message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Seconds to wait before a cast expires (TTL). The default value of -1 specifies
+# an infinite linger period. The value of 0 specifies no linger period. Pending
+# messages shall be discarded immediately when the socket is closed. Only
+# supported by impl_zmq. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#rpc_cast_timeout = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#rpc_reply_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during
-# sending reply. (floating point value)
-#rpc_reply_retry_delay = 0.25
-
-# Reconnecting retry count in case of connectivity problem during
-# sending RPC message, -1 means infinite retry. If actual retry
-# attempts in not 0 the rpc request could be processed more then one
-# time (integer value)
-#default_rpc_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during
-# sending RPC message (floating point value)
-#rpc_retry_delay = 0.25
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = true
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = true
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = false
 
 
 [oslo_policy]
@@ -1366,17 +1904,17 @@
 # The JSON file that defines policies. (string value)
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string
-# value)
+policy_file = /etc/glance/policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string value)
 # Deprecated group/name - [DEFAULT]/policy_default_rule
 #policy_default_rule = default
 
-# Directories where policy configuration files are stored. They can be
-# relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by
-# policy_file must exist for these directories to be searched.
-# Missing or empty directories are ignored. (multi valued)
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched.  Missing or empty directories are ignored. (multi
+# valued)
 # Deprecated group/name - [DEFAULT]/policy_dirs
 #policy_dirs = policy.d
 
@@ -1387,14 +1925,59 @@
 # From glance.registry
 #
 
-# Partial name of a pipeline in your paste configuration file with the
-# service name removed. For example, if your paste section name is
-# [pipeline:glance-api-keystone] use the value "keystone" (string
-# value)
-#flavor = <None>
-
-# Name of the paste configuration file. (string value)
-#config_file = <None>
+#
+# Deployment flavor to use in the server application pipeline.
+#
+# Provide a string value representing the appropriate deployment
+# flavor used in the server application pipleline. This is typically
+# the partial name of a pipeline in the paste configuration file with
+# the service name removed.
+#
+# For example, if your paste section name in the paste configuration
+# file is [pipeline:glance-api-keystone], set ``flavor`` to
+# ``keystone``.
+#
+# Possible values:
+#     * String value representing a partial pipeline name.
+#
+# Related Options:
+#     * config_file
+#
+#  (string value)
+#flavor = keystone
+flavor = keystone
+
+#
+# Name of the paste configuration file.
+#
+# Provide a string value representing the name of the paste
+# configuration file to use for configuring piplelines for
+# server application deployments.
+#
+# NOTES:
+#     * Provide the name or the path relative to the glance directory
+#       for the paste configuration file and not the absolute path.
+#     * The sample paste configuration file shipped with Glance need
+#       not be edited in most cases as it comes with ready-made
+#       pipelines for all common deployment flavors.
+#
+# If no value is specified for this option, the ``paste.ini`` file
+# with the prefix of the corresponding Glance service's configuration
+# file name will be searched for in the known configuration
+# directories. (For example, if this option is missing from or has no
+# value set in ``glance-api.conf``, the service will look for a file
+# named ``glance-api-paste.ini``.) If the paste configuration file is
+# not found, the service will not start.
+#
+# Possible values:
+#     * A string value representing the name of the paste configuration
+#       file.
+#
+# Related Options:
+#     * flavor
+#
+#  (string value)
+#config_file = glance-api-paste.ini
 
 
 [profiler]
@@ -1403,12 +1986,56 @@
 # From glance.registry
 #
 
-# If False fully disable profiling feature. (boolean value)
+#
+# Enables the profiling for all services on this node. Default value is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via this
+# project
+# operations. If the profiling is triggered by another project, this project
+# part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
 #enabled = false
 
-# If False doesn't trace SQL requests. (boolean value)
+#
+# Enables SQL requests profiling in services. Default value is False (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only shown on a
+# higher level of operations. Single SQL queries cannot be analyzed this
+# way.
+#  (boolean value)
 #trace_sqlalchemy = false
 
-# Secret key to use to sign Glance API and Glance Registry services
-# tracing messages. (string value)
+#
+# Secret key(s) to use for encrypting context data for performance profiling.
+# This string value should have the following format: <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the profiling via
+# the REST API has to set one of these keys in the headers of the REST API call
+# to include profiling results of this node for this particular project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to enable
+# profiling. Also, to generate correct profiling information across all services
+# at least one key needs to be consistent between OpenStack projects. This
+# ensures it can be used from client side to generate the trace, containing
+# information from all possible resources. (string value)
 #hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+#  (string value)
+#connection_string = messaging://

2017-09-28 11:21:28,697 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-registry.conf] at time 11:21:28.697297 duration_in_ms=87.995
2017-09-28 11:21:28,698 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-scrubber.conf] at time 11:21:28.697590
2017-09-28 11:21:28,698 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-scrubber.conf
2017-09-28 11:21:28,718 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-scrubber.conf.Debian'
2017-09-28 11:21:28,750 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:28,763 [salt.state       ][INFO    ][27825] File changed:
--- 
+++ 
@@ -1,348 +1,984 @@
+
 [DEFAULT]
 
 #
 # From glance.scrubber
 #
 
-# Whether to allow users to specify image properties beyond what the
-# image schema provides (boolean value)
+#
+# Allow users to add additional/custom properties to images.
+#
+# Glance defines a standard set of properties (in its schema) that
+# appear on every image. These properties are also known as
+# ``base properties``. In addition to these properties, Glance
+# allows users to add custom properties to images. These are known
+# as ``additional properties``.
+#
+# By default, this configuration option is set to ``True`` and users
+# are allowed to add additional properties. The number of additional
+# properties that can be added to an image can be controlled via
+# ``image_property_quota`` configuration option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * image_property_quota
+#
+#  (boolean value)
 #allow_additional_image_properties = true
 
-# Maximum number of image members per image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of image members per image.
+#
+# This limits the maximum of users an image can be shared with. Any negative
+# value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_member_quota = 128
 
-# Maximum number of properties allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of properties allowed on an image.
+#
+# This enforces an upper limit on the number of additional properties an image
+# can have. Any negative value is interpreted as unlimited.
+#
+# NOTE: This won't have any impact if additional properties are disabled. Please
+# refer to ``allow_additional_image_properties``.
+#
+# Related options:
+#     * ``allow_additional_image_properties``
+#
+#  (integer value)
 #image_property_quota = 128
 
-# Maximum number of tags allowed on an image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of tags allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_tag_quota = 128
 
-# Maximum number of locations allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of locations allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_location_quota = 10
 
-# Python module path of data access API (string value)
+#
+# Python module path of data access API.
+#
+# Specifies the path to the API to use for accessing the data model.
+# This option determines how the image catalog data will be accessed.
+#
+# Possible values:
+#     * glance.db.sqlalchemy.api
+#     * glance.db.registry.api
+#     * glance.db.simple.api
+#
+# If this option is set to ``glance.db.sqlalchemy.api`` then the image
+# catalog data is stored in and read from the database via the
+# SQLAlchemy Core and ORM APIs.
+#
+# Setting this option to ``glance.db.registry.api`` will force all
+# database access requests to be routed through the Registry service.
+# This avoids data access from the Glance API nodes for an added layer
+# of security, scalability and manageability.
+#
+# NOTE: In v2 OpenStack Images API, the registry service is optional.
+# In order to use the Registry API in v2, the option
+# ``enable_v2_registry`` must be set to ``True``.
+#
+# Finally, when this configuration option is set to
+# ``glance.db.simple.api``, image catalog data is stored in and read
+# from an in-memory data structure. This is primarily used for testing.
+#
+# Related options:
+#     * enable_v2_api
+#     * enable_v2_registry
+#
+#  (string value)
 #data_api = glance.db.sqlalchemy.api
 
-# Default value for the number of items returned by a request if not
-# specified explicitly in the request (integer value)
+#
+# The default number of results to return for a request.
+#
+# Responses to certain API requests, like list images, may return
+# multiple items. The number of results returned can be explicitly
+# controlled by specifying the ``limit`` parameter in the API request.
+# However, if a ``limit`` parameter is not specified, this
+# configuration value will be used as the default number of results to
+# be returned for any API request.
+#
+# NOTES:
+#     * The value of this configuration option may not be greater than
+#       the value specified by ``api_limit_max``.
+#     * Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * api_limit_max
+#
+#  (integer value)
+# Minimum value: 1
 #limit_param_default = 25
 
-# Maximum permissible number of items that could be returned by a
-# request (integer value)
+#
+# Maximum number of results that could be returned by a request.
+#
+# As described in the help text of ``limit_param_default``, some
+# requests may return multiple results. The number of results to be
+# returned are governed either by the ``limit`` parameter in the
+# request or the ``limit_param_default`` configuration option.
+# The value in either case, can't be greater than the absolute maximum
+# defined by this configuration option. Anything greater than this
+# value is trimmed down to the maximum value defined here.
+#
+# NOTE: Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * limit_param_default
+#
+#  (integer value)
+# Minimum value: 1
 #api_limit_max = 1000
 
-# Whether to include the backend image storage location in image
-# properties. Revealing storage location can be a security risk, so
-# use this setting with caution! (boolean value)
+#
+# Show direct image location when returning an image.
+#
+# This configuration option indicates whether to show the direct image
+# location when returning image details to the user. The direct image
+# location is where the image data is stored in backend storage. This
+# image location is shown under the image property ``direct_url``.
+#
+# When multiple image locations exist for an image, the best location
+# is displayed based on the location strategy indicated by the
+# configuration option ``location_strategy``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_multiple_locations`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_multiple_locations
+#     * location_strategy
+#
+#  (boolean value)
 #show_image_direct_url = false
 
-# Whether to include the backend image locations in image properties.
-# For example, if using the file system store a URL of
-# "file:///path/to/image" will be returned to the user in the
-# 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution! Setting this to
-# true overrides the show_image_direct_url option. (boolean value)
+# DEPRECATED:
+# Show all image locations when returning an image.
+#
+# This configuration option indicates whether to show all the image
+# locations when returning image details to the user. When multiple
+# image locations exist for an image, the locations are ordered based
+# on the location strategy indicated by the configuration opt
+# ``location_strategy``. The image locations are shown under the
+# image property ``locations``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_image_direct_url`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_image_direct_url
+#     * location_strategy
+#
+#  (boolean value)
+# This option is deprecated for removal since Newton.
+# Its value may be silently ignored in the future.
+# Reason: This option will be removed in the Ocata release because the same
+# functionality can be achieved with greater granularity by using policies.
+# Please see the Newton release notes for more information.
 #show_multiple_locations = false
 
-# Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
-# increased after careful consideration and must be set to a value
-# under 8 EB (9223372036854775808). (integer value)
+#
+# Maximum size of image a user can upload in bytes.
+#
+# An image upload greater than the size mentioned here would result
+# in an image creation failure. This configuration option defaults to
+# 1099511627776 bytes (1 TiB).
+#
+# NOTES:
+#     * This value should only be increased after careful
+#       consideration and must be set less than or equal to
+#       8 EiB (9223372036854775808).
+#     * This value must be set with careful consideration of the
+#       backend storage capacity. Setting this to a very low value
+#       may result in a large number of image failures. And, setting
+#       this to a very large value may result in faster consumption
+#       of storage. Hence, this must be set according to the nature of
+#       images created and storage capacity available.
+#
+# Possible values:
+#     * Any positive number less than or equal to 9223372036854775808
+#
+#  (integer value)
+# Minimum value: 1
 # Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
-# Set a system wide quota for every user. This value is the total
-# capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
-# Accepted units are B, KB, MB, GB and TB representing Bytes,
-# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
-# unit is specified then Bytes is assumed. Note that there should not
-# be any space between value and unit and units are case sensitive.
-# (string value)
+#
+# Maximum amount of image storage per tenant.
+#
+# This enforces an upper limit on the cumulative storage consumed by all images
+# of a tenant across all stores. This is a per-tenant limit.
+#
+# The default unit for this configuration option is Bytes. However, storage
+# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
+# TeraBytes respectively. Note that there should not be any space between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# are invalid and result in errors.
+#
+# Possible values:
+#     * A string that is a valid concatenation of a non-negative integer
+#       representing the storage value and an optional string literal
+#       representing storage units as mentioned above.
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #user_storage_quota = 0
 
-# Deploy the v1 OpenStack Images API. (boolean value)
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
 #enable_v1_api = true
 
-# Deploy the v2 OpenStack Images API. (boolean value)
+#
+# Deploy the v2 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond
+# to requests on registered endpoints conforming to the v2 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is disabled, then the ``enable_v2_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_registry
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v2_api = true
 
-# Deploy the v1 OpenStack Registry API. (boolean value)
+#
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v1_registry = true
 
-# Deploy the v2 OpenStack Registry API. (boolean value)
+#
+# Deploy the v2 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v2 API requests.
+#
+# NOTES:
+#     * Use of Registry is optional in v2 API, so this option
+#       must only be enabled if both ``enable_v2_api`` is set to
+#       ``True`` and the ``data_api`` option is set to
+#       ``glance.db.registry.api``.
+#
+#     * If deploying only the v1 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_api
+#     * data_api
+#
+#  (boolean value)
 #enable_v2_registry = true
 
-# The hostname/IP of the pydev process listening for debug connections
-# (string value)
-#pydev_worker_debug_host = <None>
-
-# The port on which a pydev process is listening for connections.
-# (port value)
+#
+# Host address of the pydev server.
+#
+# Provide a string value representing the hostname or IP of the
+# pydev server to use for debugging. The pydev server listens for
+# debug connections on this address, facilitating remote debugging
+# in Glance.
+#
+# Possible values:
+#     * Valid hostname
+#     * Valid IP address
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#pydev_worker_debug_host = localhost
+
+#
+# Port number that the pydev server will listen on.
+#
+# Provide a port number to bind the pydev server to. The pydev
+# process accepts debug connections on this port and facilitates
+# remote debugging in Glance.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
-# AES key for encrypting store 'location' metadata. This includes, if
-# used, Swift or S3 credentials. Should be set to a random string of
-# length 16, 24 or 32 bytes (string value)
+#
+# AES key for encrypting store location metadata.
+#
+# Provide a string value representing the AES cipher to use for
+# encrypting Glance store metadata.
+#
+# NOTE: The AES key to use must be set to a random string of length
+# 16, 24 or 32 bytes.
+#
+# Possible values:
+#     * String value representing a valid AES key
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature. Use the
-# command "openssl list-message-digest-algorithms" to get the
-# available algorithms supported by the version of OpenSSL on the
-# platform. Examples are "sha1", "sha256", "sha512", etc. (string
-# value)
+#
+# Digest algorithm to use for digital signature.
+#
+# Provide a string value representing the digest algorithm to
+# use for generating digital signatures. By default, ``sha256``
+# is used.
+#
+# To get a list of the available algorithms supported by the version
+# of OpenSSL on your platform, run the command:
+# ``openssl list-message-digest-algorithms``.
+# Examples are 'sha1', 'sha256', and 'sha512'.
+#
+# NOTE: ``digest_algorithm`` is not related to Glance's image signing
+# and verification. It is only used to sign the universally unique
+# identifier (UUID) as a part of the certificate file and key file
+# validation.
+#
+# Possible values:
+#     * An OpenSSL message digest algorithm identifier
+#
+# Relation options:
+#     * None
+#
+#  (string value)
 #digest_algorithm = sha256
 
-# The amount of time in seconds to delay before performing a delete.
-# (integer value)
+#
+# The amount of time, in seconds, to delay image scrubbing.
+#
+# When delayed delete is turned on, an image is put into ``pending_delete``
+# state upon deletion until the scrubber deletes its image data. Typically, soon
+# after the image is put into ``pending_delete`` state, it is available for
+# scrubbing. However, scrubbing can be delayed until a later point using this
+# configuration option. This option denotes the time period an image spends in
+# ``pending_delete`` state before it is available for scrubbing.
+#
+# It is important to realize that this has storage implications. The larger the
+# ``scrub_time``, the longer the time to reclaim backend storage from deleted
+# images.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * ``delayed_delete``
+#
+#  (integer value)
+# Minimum value: 0
 #scrub_time = 0
 
-# The size of thread pool to be used for scrubbing images. The default
-# is one, which signifies serial scrubbing. Any value above one
-# indicates the max number of images that may be scrubbed in parallel.
-# (integer value)
+#
+# The size of thread pool to be used for scrubbing images.
+#
+# When there are a large number of images to scrub, it is beneficial to scrub
+# images in parallel so that the scrub queue stays in control and the backend
+# storage is reclaimed in a timely fashion. This configuration option denotes
+# the maximum number of images to be scrubbed in parallel. The default value is
+# one, which signifies serial scrubbing. Any value above one indicates parallel
+# scrubbing.
+#
+# Possible values:
+#     * Any non-zero positive integer
+#
+# Related options:
+#     * ``delayed_delete``
+#
+#  (integer value)
+# Minimum value: 1
 #scrub_pool_size = 1
 
-# Turn on/off delayed delete. (boolean value)
+#
+# Turn on/off delayed delete.
+#
+# Typically when an image is deleted, the ``glance-api`` service puts the image
+# into ``deleted`` state and deletes its data at the same time. Delayed delete
+# is a feature in Glance that delays the actual deletion of image data until a
+# later point in time (as determined by the configuration option
+# ``scrub_time``).
+# When delayed delete is turned on, the ``glance-api`` service puts the image
+# into ``pending_delete`` state upon deletion and leaves the image data in the
+# storage backend for the image scrubber to delete at a later time. The image
+# scrubber will move the image into ``deleted`` state upon successful deletion
+# of image data.
+#
+# NOTE: When delayed delete is turned on, image scrubber MUST be running as a
+# periodic task to prevent the backend storage from filling up with undesired
+# usage.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * ``scrub_time``
+#     * ``wakeup_time``
+#     * ``scrub_pool_size``
+#
+#  (boolean value)
 #delayed_delete = false
 
+#
 # Role used to identify an authenticated user as administrator.
-# (string value)
+#
+# Provide a string value representing a Keystone role to identify an
+# administrative user. Users with this role will be granted
+# administrative privileges. The default value for this option is
+# 'admin'.
+#
+# Possible values:
+#     * A string value which is a valid Keystone role
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #admin_role = admin
 
-# Whether to pass through headers containing user and tenant
-# information when making requests to the registry. This allows the
-# registry to use the context middleware without keystonemiddleware's
-# auth_token middleware, removing calls to the keystone auth service.
-# It is recommended that when using this option, secure communication
-# between glance api and glance registry is ensured by means other
-# than auth_token middleware. (boolean value)
+#
+# Send headers received from identity when making requests to
+# registry.
+#
+# Typically, Glance registry can be deployed in multiple flavors,
+# which may or may not include authentication. For example,
+# ``trusted-auth`` is a flavor that does not require the registry
+# service to authenticate the requests it receives. However, the
+# registry service may still need a user context to be populated to
+# serve the requests. This can be achieved by the caller
+# (the Glance API usually) passing through the headers it received
+# from authenticating with identity for the same request. The typical
+# headers sent are ``X-User-Id``, ``X-Tenant-Id``, ``X-Roles``,
+# ``X-Identity-Status`` and ``X-Service-Catalog``.
+#
+# Provide a boolean value to determine whether to send the identity
+# headers to provide tenant and user information along with the
+# requests to registry service. By default, this option is set to
+# ``False``, which means that user and tenant information is not
+# available readily. It must be obtained by authenticating. Hence, if
+# this is set to ``False``, ``flavor`` must be set to value that
+# either includes authentication or authenticated user context.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * flavor
+#
+#  (boolean value)
 #send_identity_headers = false
 
-# Loop time between checking for new items to schedule for delete.
-# (integer value)
+#
+# Time interval, in seconds, between scrubber runs in daemon mode.
+#
+# Scrubber can be run either as a cron job or daemon. When run as a daemon, this
+# configuration time specifies the time period between two runs. When the
+# scrubber wakes up, it fetches and scrubs all ``pending_delete`` images that
+# are available for scrubbing after taking ``scrub_time`` into consideration.
+#
+# If the wakeup time is set to a large number, there may be a large number of
+# images to be scrubbed for each run. Also, this impacts how quickly the backend
+# storage is reclaimed.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * ``daemon``
+#     * ``delayed_delete``
+#
+#  (integer value)
+# Minimum value: 0
 #wakeup_time = 300
-
-# Run as a long-running process. When not specified (the default) run
-# the scrub operation once and then exits. When specified do not exit
-# and run scrub on wakeup_time interval as specified in the config.
-# (boolean value)
+wakeup_time = 300
+
+#
+# Run scrubber as a daemon.
+#
+# This boolean configuration option indicates whether scrubber should
+# run as a long-running process that wakes up at regular intervals to
+# scrub images. The wake up interval can be specified using the
+# configuration option ``wakeup_time``.
+#
+# If this configuration option is set to ``False``, which is the
+# default value, scrubber runs once to scrub images and exits. In this
+# case, if the operator wishes to implement continuous scrubbing of
+# images, scrubber needs to be scheduled as a cron job.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * ``wakeup_time``
+#
+#  (boolean value)
 #daemon = false
-
-# The protocol to use for communication with the registry server.
-# Either http or https. (string value)
+daemon = false
+
+#
+# Protocol to use for communication with the registry server.
+#
+# Provide a string value representing the protocol to use for
+# communication with the registry server. By default, this option is
+# set to ``http`` and the connection is not secure.
+#
+# This option can be set to ``https`` to establish a secure connection
+# to the registry server. In this case, provide a key to use for the
+# SSL connection using the ``registry_client_key_file`` option. Also
+# include the CA file and cert file using the options
+# ``registry_client_ca_file`` and ``registry_client_cert_file``
+# respectively.
+#
+# Possible values:
+#     * http
+#     * https
+#
+# Related options:
+#     * registry_client_key_file
+#     * registry_client_cert_file
+#     * registry_client_ca_file
+#
+#  (string value)
+# Allowed values: http, https
 #registry_client_protocol = http
 
-# The path to the key file to use in SSL connections to the registry
-# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE
-# environment variable to a filepath of the key file (string value)
-#registry_client_key_file = <None>
-
-# The path to the cert file to use in SSL connections to the registry
-# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE
-# environment variable to a filepath of the CA cert file (string
-# value)
-#registry_client_cert_file = <None>
-
-# The path to the certifying authority cert file to use in SSL
-# connections to the registry server, if any. Alternately, you may set
-# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the
-# CA cert file. (string value)
-#registry_client_ca_file = <None>
-
-# When using SSL in connections to the registry server, do not require
-# validation via a certifying authority. This is the registry's
-# equivalent of specifying --insecure on the command line using
-# glanceclient for the API. (boolean value)
+#
+# Absolute path to the private key file.
+#
+# Provide a string value representing a valid absolute path to the
+# private key file to use for establishing a secure connection to
+# the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE
+# environment variable may be set to a filepath of the key file.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the key
+#       file.
+#
+# Related options:
+#     * registry_client_protocol
+#
+#  (string value)
+#registry_client_key_file = /etc/ssl/key/key-file.pem
+
+#
+# Absolute path to the certificate file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate file to use for establishing a secure connection to
+# the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE
+# environment variable may be set to a filepath of the certificate
+# file.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the
+#       certificate file.
+#
+# Related options:
+#     * registry_client_protocol
+#
+#  (string value)
+#registry_client_cert_file = /etc/ssl/certs/file.crt
+
+#
+# Absolute path to the Certificate Authority file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate authority file to use for establishing a secure
+# connection to the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE
+# environment variable may be set to a filepath of the CA file.
+# This option is ignored if the ``registry_client_insecure`` option
+# is set to ``True``.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the CA
+#       file.
+#
+# Related options:
+#     * registry_client_protocol
+#     * registry_client_insecure
+#
+#  (string value)
+#registry_client_ca_file = /etc/ssl/cafile/file.ca
+
+#
+# Set verification of the registry server certificate.
+#
+# Provide a boolean value to determine whether or not to validate
+# SSL connections to the registry server. By default, this option
+# is set to ``False`` and the SSL connections are validated.
+#
+# If set to ``True``, the connection to the registry server is not
+# validated via a certifying authority and the
+# ``registry_client_ca_file`` option is ignored. This is the
+# registry's equivalent of specifying --insecure on the command line
+# using glanceclient for the API.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * registry_client_protocol
+#     * registry_client_ca_file
+#
+#  (boolean value)
 #registry_client_insecure = false
 
-# The period of time, in seconds, that the API server will wait for a
-# registry request to complete. A value of 0 implies no timeout.
-# (integer value)
+#
+# Timeout value for registry requests.
+#
+# Provide an integer value representing the period of time in seconds
+# that the API server will wait for a registry request to complete.
+# The default value is 600 seconds.
+#
+# A value of 0 implies that a request will never timeout.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #registry_client_timeout = 600
 
-# Whether to pass through the user token when making requests to the
-# registry. To prevent failures with token expiration during big files
-# upload, it is recommended to set this parameter to False.If
-# "use_user_token" is not in effect, then admin credentials can be
-# specified. (boolean value)
+# DEPRECATED: Whether to pass through the user token when making requests to the
+# registry. To prevent failures with token expiration during big files upload,
+# it is recommended to set this parameter to False.If "use_user_token" is not in
+# effect, then admin credentials can be specified. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #use_user_token = true
 
-# The administrators user name. If "use_user_token" is not in effect,
+# DEPRECATED: The administrators user name. If "use_user_token" is not in
+# effect, then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_user = <None>
+
+# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_user = <None>
-
-# The administrators password. If "use_user_token" is not in effect,
-# then admin credentials can be specified. (string value)
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_password = <None>
+
+# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
+# not in effect, then admin tenant name can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_password = <None>
-
-# The tenant name of the administrative user. If "use_user_token" is
-# not in effect, then admin tenant name can be specified. (string
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_tenant_name = <None>
+
+# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
+# effect and using keystone auth, then URL of keystone can be specified. (string
 # value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_tenant_name = <None>
-
-# The URL to the keystone service. If "use_user_token" is not in
-# effect and using keystone auth, then URL of keystone can be
-# specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_url = <None>
 
-# The strategy to use for authentication. If "use_user_token" is not
+# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_strategy = noauth
 
-# The region for the authentication service. If "use_user_token" is
-# not in effect and using keystone auth, then region name can be
-# specified. (string value)
+# DEPRECATED: The region for the authentication service. If "use_user_token" is
+# not in effect and using keystone auth, then region name can be specified.
+# (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_region = <None>
 
-# Address to find the registry server. (string value)
+#
+# Address the registry server is hosted on.
+#
+# Possible values:
+#     * A valid IP or hostname
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #registry_host = 0.0.0.0
-
-# Port the registry server is listening on. (port value)
+registry_host = 10.167.4.10
+
+#
+# Port the registry server is listening on.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #registry_port = 9191
+registry_port = 9191
 
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of
-# the default INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
 
-# If set to false, the logging level will be set to WARNING instead of
-# the default INFO level. (boolean value)
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
 
-# The name of a logging configuration file. This file is appended to
-# any existing logging configuration files. For details about logging
-# configuration files, see the Python logging module documentation.
-# Note that when logging configuration files are used then all logging
-# configuration is set in the configuration file and other logging
-# configuration options are ignored (for example,
-# logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set.
-# (string value)
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default
-# is set, logging will go to stderr as defined by use_stderr. This
-# option is ignored if log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths.
-# This option is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/scrubber.log
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is
-# moved or removed this handler will open a new log file with
-# specified path instantaneously. It makes sense only if log_file
-# option is specified and Linux platform is used. This option is
-# ignored if log_config_append is set. (boolean value)
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and
-# will be changed later to honor RFC5424. This option is ignored if
-# log_config_append is set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_syslog = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. This option is ignored if
-# log_config_append is set. (boolean value)
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined.
-# (string value)
+# Format string to use for log messages when context is undefined. (string
+# value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the
-# message is DEBUG. (string value)
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
-# Prefix each line of exception output with this format. (string
-# value)
+# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is
-# ignored if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message.
-# (string value)
+# The format for an instance that is passed with the log message. (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message.
-# (string value)
+# The format for an instance UUID that is passed with the log message. (string
+# value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Enables or disables fatal status of deprecations. (boolean value)
@@ -355,8 +991,12 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect the
+# database.
 #sqlite_db = oslo.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
@@ -367,21 +1007,21 @@
 # Deprecated group/name - [DEFAULT]/db_backend
 #backend = sqlalchemy
 
-# The SQLAlchemy connection string to use to connect to the database.
-# (string value)
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
 
-# The SQLAlchemy connection string to use to connect to the slave
-# database. (string value)
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
 #slave_connection = <None>
 
-# The SQL mode to be used for MySQL sessions. This option, including
-# the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value.
-# Example: mysql_sql_mode= (string value)
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
 #mysql_sql_mode = TRADITIONAL
 
 # Timeout before idle SQL connections are reaped. (integer value)
@@ -390,38 +1030,37 @@
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
 
-# Minimum number of SQL connections to keep open in a pool. (integer
-# value)
+# Minimum number of SQL connections to keep open in a pool. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer
-# value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to
-# -1 to specify an infinite retry count. (integer value)
+#max_pool_size = 5
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
 
-# Interval between retries of opening a SQL connection. (integer
-# value)
+# Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
 
-# If set, use this value for max_overflow with SQLAlchemy. (integer
-# value)
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
 
-# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# (integer value)
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -429,39 +1068,1362 @@
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
 #connection_trace = false
 
-# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# value)
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection
-# lost. (boolean value)
+# Enable the experimental use of database reconnect on connection lost. (boolean
+# value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
 
-# If True, increases the interval between retries of a database
-# operation up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
 #db_inc_retry_interval = true
 
-# If db_inc_retry_interval is set, the maximum seconds between retries
-# of a database operation. (integer value)
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
 #db_max_retry_interval = 10
 
-# Maximum retries in case of connection error or deadlock error before
-# error is raised. Set to -1 to specify an infinite retry count.
-# (integer value)
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
 #db_max_retries = 20
 
 #
 # From oslo.db.concurrency
 #
 
-# Enable the experimental use of thread pooling for all DB API calls
-# (boolean value)
+# Enable the experimental use of thread pooling for all DB API calls (boolean
+# value)
 # Deprecated group/name - [DEFAULT]/dbapi_use_tpool
 #use_tpool = false
+
+
+[glance_store]
+
+#
+# From glance.store
+#
+
+#
+# List of enabled Glance stores.
+#
+# Register the storage backends to use for storing disk images
+# as a comma separated list. The default stores enabled for
+# storing disk images with Glance are ``file`` and ``http``.
+#
+# Possible values:
+#     * A comma separated list that could include:
+#         * file
+#         * http
+#         * swift
+#         * rbd
+#         * sheepdog
+#         * cinder
+#         * vmware
+#
+# Related Options:
+#     * default_store
+#
+#  (list value)
+#stores = file,http
+
+#
+# The default scheme to use for storing images.
+#
+# Provide a string value representing the default scheme to use for
+# storing images. If not set, Glance uses ``file`` as the default
+# scheme to store images with the ``file`` store.
+#
+# NOTE: The value given for this configuration option must be a valid
+# scheme for a store registered with the ``stores`` configuration
+# option.
+#
+# Possible values:
+#     * file
+#     * filesystem
+#     * http
+#     * https
+#     * swift
+#     * swift+http
+#     * swift+https
+#     * swift+config
+#     * rbd
+#     * sheepdog
+#     * cinder
+#     * vsphere
+#
+# Related Options:
+#     * stores
+#
+#  (string value)
+# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
+#default_store = file
+
+#
+# Minimum interval in seconds to execute updating dynamic storage
+# capabilities based on current backend status.
+#
+# Provide an integer value representing time in seconds to set the
+# minimum interval before an update of dynamic storage capabilities
+# for a storage backend can be attempted. Setting
+# ``store_capabilities_update_min_interval`` does not mean updates
+# occur periodically based on the set interval. Rather, the update
+# is performed at the elapse of this interval set, if an operation
+# of the store is triggered.
+#
+# By default, this option is set to zero and is disabled. Provide an
+# integer value greater than zero to enable this option.
+#
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
+# /store-capabilities.html
+#
+# For more information on setting up a particular store in your
+# deplyment and help with the usage of this feature, please contact
+# the storage driver maintainers listed here:
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#store_capabilities_update_min_interval = 0
+
+#
+# Information to match when looking for cinder in the service catalog.
+#
+# When the ``cinder_endpoint_template`` is not set and any of
+# ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, ``cinder_store_password`` is not set,
+# cinder store uses this information to lookup cinder endpoint from the service
+# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# into consideration to fetch the appropriate endpoint.
+#
+# The service catalog can be listed by the ``openstack catalog list`` command.
+#
+# Possible values:
+#     * A string of of the following form:
+#       ``<service_type>:<service_name>:<endpoint_type>``
+#       At least ``service_type`` and ``endpoint_type`` should be specified.
+#       ``service_name`` can be omitted.
+#
+# Related options:
+#     * cinder_os_region_name
+#     * cinder_endpoint_template
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#
+#  (string value)
+#cinder_catalog_info = volumev2::publicURL
+
+#
+# Override service catalog lookup with template for cinder endpoint.
+#
+# When this option is set, this value is used to generate cinder endpoint,
+# instead of looking up from the service catalog.
+# This value is ignored if ``cinder_store_auth_address``,
+# ``cinder_store_user_name``, ``cinder_store_project_name``, and
+# ``cinder_store_password`` are specified.
+#
+# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+#       replaced with the current tenant (project) name.
+#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#     * cinder_catalog_info
+#
+#  (string value)
+#cinder_endpoint_template = <None>
+
+#
+# Region name to lookup cinder service from the service catalog.
+#
+# This is used only when ``cinder_catalog_info`` is used for determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
+# the specified region. It is useful when multiple regions are listed in the
+# catalog. If this is not set, the endpoint is looked up from every region.
+#
+# Possible values:
+#     * A string that is a valid region name.
+#
+# Related options:
+#     * cinder_catalog_info
+#
+#  (string value)
+# Deprecated group/name - [glance_store]/os_region_name
+#cinder_os_region_name = <None>
+
+#
+# Location of a CA certificates file used for cinder client requests.
+#
+# The specified CA certificates file, if set, is used to verify cinder
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
+# ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+#
+# Possible values:
+#     * Path to a ca certificates file
+#
+# Related options:
+#     * cinder_api_insecure
+#
+#  (string value)
+#cinder_ca_certificates_file = <None>
+
+#
+# Number of cinderclient retries on failed http calls.
+#
+# When a call failed by any errors, cinderclient will retry the call up to the
+# specified times after sleeping a few seconds.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_http_retries = 3
+
+#
+# Time period, in seconds, to wait for a cinder volume transition to
+# complete.
+#
+# When the cinder volume is created, deleted, or attached to the glance node to
+# read/write the volume data, the volume's state is changed. For example, the
+# newly created volume status changes from ``creating`` to ``available`` after
+# the creation process is completed. This specifies the maximum time to wait for
+# the status change. If a timeout occurs while waiting, or the status is changed
+# to an unexpected value (e.g. `error``), the image creation fails.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_state_transition_timeout = 300
+
+#
+# Allow to perform insecure SSL requests to cinder.
+#
+# If this option is set to True, HTTPS endpoint connection is verified using the
+# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * cinder_ca_certificates_file
+#
+#  (boolean value)
+#cinder_api_insecure = false
+
+#
+# The address where the cinder authentication service is listening.
+#
+# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options are
+# specified, the specified values are always used for the authentication.
+# This is useful to hide the image volumes from users by storing them in a
+# project/tenant specific to the image service. It also enables users to share
+# the image volume among other projects under the control of glance's ACL.
+#
+# If either of these options are not set, the cinder endpoint is looked up
+# from the service catalog, and current context's user and project are used.
+#
+# Possible values:
+#     * A valid authentication service address, for example:
+#       ``http://openstack.example.org/identity/v2.0``
+#
+# Related options:
+#     * cinder_store_user_name
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_auth_address = <None>
+
+#
+# User name to authenticate against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid user name
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_user_name = <None>
+
+#
+# Password for the user authenticating against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid password for the user specified by ``cinder_store_user_name``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_password = <None>
+
+#
+# Project name where the image volume is stored in cinder.
+#
+# If this configuration option is not set, the project in current context is
+# used.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the project of the current context is used.
+#
+# Possible values:
+#     * A valid project name
+#
+# Related options:
+#     * ``cinder_store_auth_address``
+#     * ``cinder_store_user_name``
+#     * ``cinder_store_password``
+#
+#  (string value)
+#cinder_store_project_name = <None>
+
+#
+# Path to the rootwrap configuration file to use for running commands as root.
+#
+# The cinder store requires root privileges to operate the image volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
+# The configuration file should allow the required commands by cinder store and
+# os-brick library.
+#
+# Possible values:
+#     * Path to the rootwrap config file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
+
+#
+# Directory to which the filesystem backend store writes images.
+#
+# Upon start up, Glance creates the directory if it doesn't already
+# exist and verifies write access to the user under which
+# ``glance-api`` runs. If the write access isn't available, a
+# ``BadStoreConfiguration`` exception is raised and the filesystem
+# store may not be available for adding new images.
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * A valid path to a directory
+#
+# Related options:
+#     * ``filesystem_store_datadirs``
+#     * ``filesystem_store_file_perm``
+#
+#  (string value)
+#filesystem_store_datadir = /var/lib/glance/images
+
+#
+# List of directories and their priorities to which the filesystem
+# backend store writes images.
+#
+# The filesystem store can be configured to store images in multiple
+# directories as opposed to using a single directory specified by the
+# ``filesystem_store_datadir`` configuration option. When using
+# multiple directories, each directory can be given an optional
+# priority to specify the preference order in which they should
+# be used. Priority is an integer that is concatenated to the
+# directory path with a colon where a higher value indicates higher
+# priority. When two directories have the same priority, the directory
+# with most free space is used. When no priority is specified, it
+# defaults to zero.
+#
+# More information on configuring filesystem store with multiple store
+# directories can be found at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * List of strings of the following form:
+#         * ``<a valid directory path>:<optional integer priority>``
+#
+# Related options:
+#     * ``filesystem_store_datadir``
+#     * ``filesystem_store_file_perm``
+#
+#  (multi valued)
+#filesystem_store_datadirs =
+
+#
+# Filesystem store metadata file.
+#
+# The path to a file which contains the metadata to be returned with
+# any location associated with the filesystem store. The file must
+# contain a valid JSON object. The object should contain the keys
+# ``id`` and ``mountpoint``. The value for both keys should be a
+# string.
+#
+# Possible values:
+#     * A valid path to the store metadata file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+
+#
+# File access permissions for the image files.
+#
+# Set the intended file access permissions for image data. This provides
+# a way to enable other services, e.g. Nova, to consume images directly
+# from the filesystem store. The users running the services that are
+# intended to be given access to could be made a member of the group
+# that owns the files created. Assigning a value less then or equal to
+# zero for this configuration option signifies that no changes be made
+# to the  default permissions. This value will be decoded as an octal
+# digit.
+#
+# For more information, please refer the documentation at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# Possible values:
+#     * A valid file access permission
+#     * Zero
+#     * Any negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+#filesystem_store_file_perm = 0
+
+#
+# Path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Certificate Authority file to verify the remote server certificate. If
+# this option is set, the ``https_insecure`` option will be ignored and
+# the CA file specified will be used to authenticate the server
+# certificate and establish a secure connection to the server.
+#
+# Possible values:
+#     * A valid path to a CA file
+#
+# Related options:
+#     * https_insecure
+#
+#  (string value)
+#https_ca_certificates_file = <None>
+
+#
+# Set verification of the remote server certificate.
+#
+# This configuration option takes in a boolean value to determine
+# whether or not to verify the remote server certificate. If set to
+# True, the remote server certificate is not verified. If the option is
+# set to False, then the default CA truststore is used for verification.
+#
+# This option is ignored if ``https_ca_certificates_file`` is set.
+# The remote server certificate will then be verified using the file
+# specified using the ``https_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * https_ca_certificates_file
+#
+#  (boolean value)
+#https_insecure = true
+
+#
+# The http/https proxy information to be used to connect to the remote
+# server.
+#
+# This configuration option specifies the http/https proxy information
+# that should be used to connect to the remote server. The proxy
+# information should be a key value pair of the scheme and proxy, for
+# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# schemes by separating the key value pairs with a comma, for example,
+# http:10.0.0.1:3128, https:10.0.0.1:1080.
+#
+# Possible values:
+#     * A comma separated list of scheme:proxy pairs as described above
+#
+# Related options:
+#     * None
+#
+#  (dict value)
+#http_proxy_information =
+
+#
+# Size, in megabytes, to chunk RADOS images into.
+#
+# Provide an integer value representing the size in megabytes to chunk
+# Glance images into. The default chunk size is 8 megabytes. For optimal
+# performance, the value should be a power of two.
+#
+# When Ceph's RBD object storage system is used as the storage backend
+# for storing Glance images, the images are chunked into objects of the
+# size set using this option. These chunked objects are then stored
+# across the distributed block data store to use for Glance.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#rbd_store_chunk_size = 8
+
+#
+# RADOS pool in which images are stored.
+#
+# When RBD is used as the storage backend for storing Glance images, the
+# images are stored by means of logical grouping of the objects (chunks
+# of images) into a ``pool``. Each pool is defined with the number of
+# placement groups it can contain. The default pool that is used is
+# 'images'.
+#
+# More information on the RBD storage backend can be found here:
+# http://ceph.com/planet/how-data-is-stored-in-ceph-cluster/
+#
+# Possible Values:
+#     * A valid pool name
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#rbd_store_pool = images
+
+#
+# RADOS user to authenticate as.
+#
+# This configuration option takes in the RADOS user to authenticate as.
+# This is only needed when RADOS authentication is enabled and is
+# applicable only if the user is using Cephx authentication. If the
+# value for this option is not set by the user or is set to None, a
+# default value will be chosen, which will be based on the client.
+# section in rbd_store_ceph_conf.
+#
+# Possible Values:
+#     * A valid RADOS user
+#
+# Related options:
+#     * rbd_store_ceph_conf
+#
+#  (string value)
+#rbd_store_user = <None>
+
+#
+# Ceph configuration file path.
+#
+# This configuration option takes in the path to the Ceph configuration
+# file to be used. If the value for this option is not set by the user
+# or is set to None, librados will locate the default configuration file
+# which is located at /etc/ceph/ceph.conf. If using Cephx
+# authentication, this file should include a reference to the right
+# keyring in a client.<USER> section
+#
+# Possible Values:
+#     * A valid path to a configuration file
+#
+# Related options:
+#     * rbd_store_user
+#
+#  (string value)
+#rbd_store_ceph_conf = /etc/ceph/ceph.conf
+
+#
+# Timeout value for connecting to Ceph cluster.
+#
+# This configuration option takes in the timeout value in seconds used
+# when connecting to the Ceph cluster i.e. it sets the time to wait for
+# glance-api before closing the connection. This prevents glance-api
+# hangups during the connection to RBD. If the value for this option
+# is set to less than or equal to 0, no timeout is set and the default
+# librados value is used.
+#
+# Possible Values:
+#     * Any integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+#rados_connect_timeout = 0
+
+#
+# Chunk size for images to be stored in Sheepdog data store.
+#
+# Provide an integer value representing the size in mebibyte
+# (1048576 bytes) to chunk Glance images into. The default
+# chunk size is 64 mebibytes.
+#
+# When using Sheepdog distributed storage system, the images are
+# chunked into objects of this size and then stored across the
+# distributed data store to use for Glance.
+#
+# Chunk sizes, if a power of two, help avoid fragmentation and
+# enable improved performance.
+#
+# Possible values:
+#     * Positive integer value representing size in mebibytes.
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#sheepdog_store_chunk_size = 64
+
+#
+# Port number on which the sheep daemon will listen.
+#
+# Provide an integer value representing a valid port number on
+# which you want the Sheepdog daemon to listen on. The default
+# port is 7000.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages it receives on
+# the port number set using ``sheepdog_store_port`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related Options:
+#     * sheepdog_store_address
+#
+#  (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#sheepdog_store_port = 7000
+
+#
+# Address to bind the Sheepdog daemon to.
+#
+# Provide a string value representing the address to bind the
+# Sheepdog daemon to. The default address set for the 'sheep'
+# is 127.0.0.1.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages directed to the
+# address set using ``sheepdog_store_address`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#     * A valid hostname
+#
+# Related Options:
+#     * sheepdog_store_port
+#
+#  (string value)
+#sheepdog_store_address = 127.0.0.1
+
+#
+# Set verification of the server certificate.
+#
+# This boolean determines whether or not to verify the server
+# certificate. If this option is set to True, swiftclient won't check
+# for a valid SSL certificate when authenticating. If the option is set
+# to False, then the default CA truststore is used for verification.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_store_cacert
+#
+#  (boolean value)
+#swift_store_auth_insecure = false
+
+#
+# Path to the CA bundle file.
+#
+# This configuration option enables the operator to specify the path to
+# a custom Certificate Authority file for SSL verification when
+# connecting to Swift.
+#
+# Possible values:
+#     * A valid path to a CA file
+#
+# Related options:
+#     * swift_store_auth_insecure
+#
+#  (string value)
+#swift_store_cacert = /etc/ssl/certs/ca-certificates.crt
+
+#
+# The region of Swift endpoint to use by Glance.
+#
+# Provide a string value representing a Swift region where Glance
+# can connect to for image storage. By default, there is no region
+# set.
+#
+# When Glance uses Swift as the storage backend to store images
+# for a specific tenant that has multiple endpoints, setting of a
+# Swift region with ``swift_store_region`` allows Glance to connect
+# to Swift in the specified region as opposed to a single region
+# connectivity.
+#
+# This option can be configured for both single-tenant and
+# multi-tenant storage.
+#
+# NOTE: Setting the region with ``swift_store_region`` is
+# tenant-specific and is necessary ``only if`` the tenant has
+# multiple endpoints across different regions.
+#
+# Possible values:
+#     * A string value representing a valid Swift region.
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#swift_store_region = RegionTwo
+
+#
+# The URL endpoint to use for Swift backend storage.
+#
+# Provide a string value representing the URL endpoint to use for
+# storing Glance images in Swift store. By default, an endpoint
+# is not set and the storage URL returned by ``auth`` is used.
+# Setting an endpoint with ``swift_store_endpoint`` overrides the
+# storage URL and is used for Glance image storage.
+#
+# NOTE: The URL should include the path up to, but excluding the
+# container. The location of an object is obtained by appending
+# the container and object to the configured URL.
+#
+# Possible values:
+#     * String value representing a valid URL path up to a Swift container
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#swift_store_endpoint = https://swift.openstack.example.org/v1/path_not_including_container_name
+
+#
+# Endpoint Type of Swift service.
+#
+# This string value indicates the endpoint type to use to fetch the
+# Swift endpoint. The endpoint type determines the actions the user will
+# be allowed to perform, for instance, reading and writing to the Store.
+# This setting is only used if swift_store_auth_version is greater than
+# 1.
+#
+# Possible values:
+#     * publicURL
+#     * adminURL
+#     * internalURL
+#
+# Related options:
+#     * swift_store_endpoint
+#
+#  (string value)
+# Allowed values: publicURL, adminURL, internalURL
+#swift_store_endpoint_type = publicURL
+
+#
+# Type of Swift service to use.
+#
+# Provide a string value representing the service type to use for
+# storing images while using Swift backend storage. The default
+# service type is set to ``object-store``.
+#
+# NOTE: If ``swift_store_auth_version`` is set to 2, the value for
+# this configuration option needs to be ``object-store``. If using
+# a higher version of Keystone or a different auth scheme, this
+# option may be modified.
+#
+# Possible values:
+#     * A string representing a valid service type for Swift storage.
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#swift_store_service_type = object-store
+
+#
+# Name of single container to store images/name prefix for multiple containers
+#
+# When a single container is being used to store images, this configuration
+# option indicates the container within the Glance account to be used for
+# storing all images. When multiple containers are used to store images, this
+# will be the name prefix for all containers. Usage of single/multiple
+# containers can be controlled using the configuration option
+# ``swift_store_multiple_containers_seed``.
+#
+# When using multiple containers, the containers will be named after the value
+# set for this configuration option with the first N chars of the image UUID
+# as the suffix delimited by an underscore (where N is specified by
+# ``swift_store_multiple_containers_seed``).
+#
+# Example: if the seed is set to 3 and swift_store_container = ``glance``, then
+# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed in
+# the container ``glance_fda``. All dashes in the UUID are included when
+# creating the container name but do not count toward the character limit, so
+# when N=10 the container name would be ``glance_fdae39a1-ba.``
+#
+# Possible values:
+#     * If using single container, this configuration option can be any string
+#       that is a valid swift container name in Glance's Swift account
+#     * If using multiple containers, this configuration option can be any
+#       string as long as it satisfies the container naming rules enforced by
+#       Swift. The value of ``swift_store_multiple_containers_seed`` should be
+#       taken into account as well.
+#
+# Related options:
+#     * ``swift_store_multiple_containers_seed``
+#     * ``swift_store_multi_tenant``
+#     * ``swift_store_create_container_on_put``
+#
+#  (string value)
+#swift_store_container = glance
+
+#
+# The size threshold, in MB, after which Glance will start segmenting image
+# data.
+#
+# Swift has an upper limit on the size of a single uploaded object. By default,
+# this is 5GB. To upload objects bigger than this limit, objects are segmented
+# into multiple smaller objects that are tied together with a manifest file.
+# For more detail, refer to
+# http://docs.openstack.org/developer/swift/overview_large_objects.html
+#
+# This configuration option specifies the size threshold over which the Swift
+# driver will start segmenting image data into multiple smaller files.
+# Currently, the Swift driver only supports creating Dynamic Large Objects.
+#
+# NOTE: This should be set by taking into account the large object limit
+# enforced by the Swift cluster in consideration.
+#
+# Possible values:
+#     * A positive integer that is less than or equal to the large object limit
+#       enforced by the Swift cluster in consideration.
+#
+# Related options:
+#     * ``swift_store_large_object_chunk_size``
+#
+#  (integer value)
+# Minimum value: 1
+#swift_store_large_object_size = 5120
+
+#
+# The maximum size, in MB, of the segments when image data is segmented.
+#
+# When image data is segmented to upload images that are larger than the limit
+# enforced by the Swift cluster, image data is broken into segments that are no
+# bigger than the size specified by this configuration option.
+# Refer to ``swift_store_large_object_size`` for more detail.
+#
+# For example: if ``swift_store_large_object_size`` is 5GB and
+# ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will be
+# segmented into 7 segments where the first six segments will be 1GB in size and
+# the seventh segment will be 0.2GB.
+#
+# Possible values:
+#     * A positive integer that is less than or equal to the large object limit
+#       enforced by Swift cluster in consideration.
+#
+# Related options:
+#     * ``swift_store_large_object_size``
+#
+#  (integer value)
+# Minimum value: 1
+#swift_store_large_object_chunk_size = 200
+
+#
+# Create container, if it doesn't already exist, when uploading image.
+#
+# At the time of uploading an image, if the corresponding container doesn't
+# exist, it will be created provided this configuration option is set to True.
+# By default, it won't be created. This behavior is applicable for both single
+# and multiple containers mode.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
+#swift_store_create_container_on_put = false
+
+#
+# Store images in tenant's Swift account.
+#
+# This enables multi-tenant storage mode which causes Glance images to be stored
+# in tenant specific Swift accounts. If this is disabled, Glance stores all
+# images in its own account. More details multi-tenant store can be found at
+# https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
+#swift_store_multi_tenant = false
+
+#
+# Seed indicating the number of containers to use for storing images.
+#
+# When using a single-tenant store, images can be stored in one or more than one
+# containers. When set to 0, all images will be stored in one single container.
+# When set to an integer value between 1 and 32, multiple containers will be
+# used to store images. This configuration option will determine how many
+# containers are created. The total number of containers that will be used is
+# equal to 16^N, so if this config option is set to 2, then 16^2=256 containers
+# will be used to store images.
+#
+# Please refer to ``swift_store_container`` for more detail on the naming
+# convention. More detail about using multiple containers can be found at
+# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-
+# multiple-containers.html
+#
+# NOTE: This is used only when swift_store_multi_tenant is disabled.
+#
+# Possible values:
+#     * A non-negative integer less than or equal to 32
+#
+# Related options:
+#     * ``swift_store_container``
+#     * ``swift_store_multi_tenant``
+#     * ``swift_store_create_container_on_put``
+#
+#  (integer value)
+# Minimum value: 0
+# Maximum value: 32
+#swift_store_multiple_containers_seed = 0
+
+#
+# List of tenants that will be granted admin access.
+#
+# This is a list of tenants that will be granted read/write access on
+# all Swift containers created by Glance in multi-tenant mode. The
+# default value is an empty list.
+#
+# Possible values:
+#     * A comma separated list of strings representing UUIDs of Keystone
+#       projects/tenants
+#
+# Related options:
+#     * None
+#
+#  (list value)
+#swift_store_admin_tenants =
+
+#
+# SSL layer compression for HTTPS Swift requests.
+#
+# Provide a boolean value to determine whether or not to compress
+# HTTPS Swift requests for images at the SSL layer. By default,
+# compression is enabled.
+#
+# When using Swift as the backend store for Glance image storage,
+# SSL layer compression of HTTPS Swift requests can be set using
+# this option. If set to False, SSL layer compression of HTTPS
+# Swift requests is disabled. Disabling this option may improve
+# performance for images which are already in a compressed format,
+# for example, qcow2.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related Options:
+#     * None
+#
+#  (boolean value)
+#swift_store_ssl_compression = true
+
+#
+# The number of times a Swift download will be retried before the
+# request fails.
+#
+# Provide an integer value representing the number of times an image
+# download must be retried before erroring out. The default value is
+# zero (no retry on a failed image download). When set to a positive
+# integer value, ``swift_store_retry_get_count`` ensures that the
+# download is attempted this many more times upon a download failure
+# before sending an error message.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer value
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#swift_store_retry_get_count = 0
+
+#
+# Time in seconds defining the size of the window in which a new
+# token may be requested before the current token is due to expire.
+#
+# Typically, the Swift storage driver fetches a new token upon the
+# expiration of the current token to ensure continued access to
+# Swift. However, some Swift transactions (like uploading image
+# segments) may not recover well if the token expires on the fly.
+#
+# Hence, by fetching a new token before the current token expiration,
+# we make sure that the token does not expire or is close to expiry
+# before a transaction is attempted. By default, the Swift storage
+# driver requests for a new token 60 seconds or less before the
+# current token expiration.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer value
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#swift_store_expire_soon_interval = 60
+
+#
+# Use trusts for multi-tenant Swift store.
+#
+# This option instructs the Swift store to create a trust for each
+# add/get request when the multi-tenant store is in use. Using trusts
+# allows the Swift store to avoid problems that can be caused by an
+# authentication token expiring during the upload or download of data.
+#
+# By default, ``swift_store_use_trusts`` is set to ``True``(use of
+# trusts is enabled). If set to ``False``, a user token is used for
+# the Swift connection instead, eliminating the overhead of trust
+# creation.
+#
+# NOTE: This option is considered only when
+# ``swift_store_multi_tenant`` is set to ``True``
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_store_multi_tenant
+#
+#  (boolean value)
+#swift_store_use_trusts = true
+
+#
+# Reference to default Swift account/backing store parameters.
+#
+# Provide a string value representing a reference to the default set
+# of parameters required for using swift account/backing store for
+# image storage. The default reference value for this configuration
+# option is 'ref1'. This configuration option dereferences the
+# parameters and facilitates image storage in Swift storage backend
+# every time a new image is added.
+#
+# Possible values:
+#     * A valid string value
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#default_swift_reference = ref1
+
+# DEPRECATED: Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'auth_version' in the Swift back-end configuration file is
+# used instead.
+#swift_store_auth_version = 2
+
+# DEPRECATED: The address where the Swift authentication service is listening.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'auth_address' in the Swift back-end configuration file is
+# used instead.
+#swift_store_auth_address = <None>
+
+# DEPRECATED: The user to authenticate against the Swift authentication service.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'user' in the Swift back-end configuration file is set instead.
+#swift_store_user = <None>
+
+# DEPRECATED: Auth key for the user authenticating against the Swift
+# authentication service. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# The option 'key' in the Swift back-end configuration file is used
+# to set the authentication key instead.
+#swift_store_key = <None>
+
+#
+# Absolute path to the file containing the swift account(s)
+# configurations.
+#
+# Include a string value representing the path to a configuration
+# file that has references for each of the configured Swift
+# account(s)/backing stores. By default, no file path is specified
+# and customized Swift referencing is disabled. Configuring this
+# option is highly recommended while using Swift storage backend for
+# image storage as it avoids storage of credentials in the database.
+#
+# Possible values:
+#     * String value representing an absolute path on the glance-api
+#       node
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#swift_store_config_file = <None>
+
+#
+# Address of the ESX/ESXi or vCenter Server target system.
+#
+# This configuration option sets the address of the ESX/ESXi or vCenter
+# Server target system. This option is required when using the VMware
+# storage backend. The address can contain an IP address (127.0.0.1) or
+# a DNS name (www.my-domain.com).
+#
+# Possible Values:
+#     * A valid IPv4 or IPv6 address
+#     * A valid DNS name
+#
+# Related options:
+#     * vmware_server_username
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_host = 127.0.0.1
+
+#
+# Server username.
+#
+# This configuration option takes the username for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is the username for a user with appropriate
+#       privileges
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_username = root
+
+#
+# Server password.
+#
+# This configuration option takes the password for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is a password corresponding to the username
+#       specified using the "vmware_server_username" option
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_username
+#
+#  (string value)
+#vmware_server_password = vmware
+
+#
+# The number of VMware API retries.
+#
+# This configuration option specifies the number of times the VMware
+# ESX/VC server API must be retried upon connection related issues or
+# server API call overload. It is not possible to specify 'retry
+# forever'.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#vmware_api_retry_count = 10
+
+#
+# Interval in seconds used for polling remote tasks invoked on VMware
+# ESX/VC server.
+#
+# This configuration option takes in the sleep time in seconds for polling an
+# on-going async task as part of the VMWare ESX/VC server API call.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
+#vmware_task_poll_interval = 5
+
+#
+# The directory where the glance images will be stored in the datastore.
+#
+# This configuration option specifies the path to the directory where the
+# glance images will be stored in the VMware datastore. If this option
+# is not set,  the default directory where the glance images are stored
+# is openstack_glance.
+#
+# Possible Values:
+#     * Any string that is a valid path to a directory
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#vmware_store_image_dir = /openstack_glance
+
+#
+# Set verification of the ESX/vCenter server certificate.
+#
+# This configuration option takes a boolean value to determine
+# whether or not to verify the ESX/vCenter server certificate. If this
+# option is set to True, the ESX/vCenter server certificate is not
+# verified. If this option is set to False, then the default CA
+# truststore is used for verification.
+#
+# This option is ignored if the "vmware_ca_file" option is set. In that
+# case, the ESX/vCenter server certificate will then be verified using
+# the file specified using the "vmware_ca_file" option .
+#
+# Possible Values:
+#     * True
+#     * False
+#
+# Related options:
+#     * vmware_ca_file
+#
+#  (boolean value)
+# Deprecated group/name - [glance_store]/vmware_api_insecure
+#vmware_insecure = false
+
+#
+# Absolute path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Cerificate Authority File to verify the ESX/vCenter certificate.
+#
+# If this option is set, the "vmware_insecure" option will be ignored
+# and the CA file specified will be used to authenticate the ESX/vCenter
+# server certificate and establish a secure connection to the server.
+#
+# Possible Values:
+#     * Any string that is a valid absolute path to a CA file
+#
+# Related options:
+#     * vmware_insecure
+#
+#  (string value)
+#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt
+
+#
+# The datastores where the image can be stored.
+#
+# This configuration option specifies the datastores where the image can
+# be stored in the VMWare store backend. This option may be specified
+# multiple times for specifying multiple datastores. The datastore name
+# should be specified after its datacenter path, separated by ":". An
+# optional weight may be given after the datastore name, separated again
+# by ":" to specify the priority. Thus, the required format becomes
+# <datacenter_path>:<datastore_name>:<optional_weight>.
+#
+# When adding an image, the datastore with highest weight will be
+# selected, unless there is not enough free space available in cases
+# where the image size is already known. If no weight is given, it is
+# assumed to be zero and the directory will be considered for selection
+# last. If multiple datastores have the same weight, then the one with
+# the most free space available is selected.
+#
+# Possible Values:
+#     * Any string of the format:
+#       <datacenter_path>:<datastore_name>:<optional_weight>
+#
+# Related options:
+#    * None
+#
+#  (multi valued)
+#vmware_datastores =
 
 
 [oslo_concurrency]
@@ -474,10 +2436,10 @@
 # Deprecated group/name - [DEFAULT]/disable_process_locking
 #disable_process_locking = false
 
-# Directory to use for lock files.  For security, the specified
-# directory should only be writable by the user running the processes
-# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
-# If external locks are used, a lock path must be set. (string value)
+# Directory to use for lock files.  For security, the specified directory should
+# only be writable by the user running the processes that need locking. Defaults
+# to environment variable OSLO_LOCK_PATH. If external locks are used, a lock
+# path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
 #lock_path = <None>
 
@@ -492,15 +2454,14 @@
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
 
-# Default rule. Enforced when a requested rule is not found. (string
-# value)
+# Default rule. Enforced when a requested rule is not found. (string value)
 # Deprecated group/name - [DEFAULT]/policy_default_rule
 #policy_default_rule = default
 
-# Directories where policy configuration files are stored. They can be
-# relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by
-# policy_file must exist for these directories to be searched.
-# Missing or empty directories are ignored. (multi valued)
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched.  Missing or empty directories are ignored. (multi
+# valued)
 # Deprecated group/name - [DEFAULT]/policy_dirs
 #policy_dirs = policy.d

2017-09-28 11:21:28,763 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-scrubber.conf] at time 11:21:28.763308 duration_in_ms=65.718
2017-09-28 11:21:28,764 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-api.conf] at time 11:21:28.763576
2017-09-28 11:21:28,764 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-api.conf
2017-09-28 11:21:28,791 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-api.conf.Debian'
2017-09-28 11:21:28,890 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:28,912 [salt.state       ][INFO    ][27825] File changed:
--- 
+++ 
@@ -1,467 +1,1572 @@
+
+
 [DEFAULT]
 
 #
 # From glance.api
 #
 
-# When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the  image will be the authenticated user
-# issuing the request. (boolean value)
+#
+# Set the image owner to tenant or the authenticated user.
+#
+# Assign a boolean value to determine the owner of an image. When set to
+# True, the owner of the image is the tenant. When set to False, the
+# owner of the image will be the authenticated user issuing the request.
+# Setting it to False makes the image private to the associated user and
+# sharing with other users within the same tenant (or "project")
+# requires explicit image sharing via image membership.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #owner_is_tenant = true
 
+#
 # Role used to identify an authenticated user as administrator.
-# (string value)
+#
+# Provide a string value representing a Keystone role to identify an
+# administrative user. Users with this role will be granted
+# administrative privileges. The default value for this option is
+# 'admin'.
+#
+# Possible values:
+#     * A string value which is a valid Keystone role
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #admin_role = admin
 
-# Allow unauthenticated users to access the API with read-only
-# privileges. This only applies when using ContextMiddleware. (boolean
-# value)
+#
+# Allow limited access to unauthenticated users.
+#
+# Assign a boolean to determine API access for unathenticated
+# users. When set to False, the API cannot be accessed by
+# unauthenticated users. When set to True, unauthenticated users can
+# access the API with read-only privileges. This however only applies
+# when using ContextMiddleware.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #allow_anonymous_access = false
 
-# Limits request ID length. (integer value)
+#
+# Limit the request ID length.
+#
+# Provide  an integer value to limit the length of the request ID to
+# the specified length. The default value is 64. Users can change this
+# to any ineteger value between 0 and 16384 however keeping in mind that
+# a larger value may flood the logs.
+#
+# Possible values:
+#     * Integer value between 0 and 16384
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #max_request_id_length = 64
 
-# Public url to use for versions endpoint. The default is None, which
-# will use the request's host_url attribute to populate the URL base.
-# If Glance is operating behind a proxy, you will want to change this
-# to represent the proxy's URL. (string value)
+#
+# Public url endpoint to use for Glance/Glare versions response.
+#
+# This is the public url endpoint that will appear in the Glance/Glare
+# "versions" response. If no value is specified, the endpoint that is
+# displayed in the version's response is that of the host running the
+# API service. Change the endpoint to represent the proxy URL if the
+# API service is running behind a proxy. If the service is running
+# behind a load balancer, add the load balancer's URL for this value.
+#
+# Possible values:
+#     * None
+#     * Proxy URL
+#     * Load balancer URL
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #public_endpoint = <None>
 
-# Whether to allow users to specify image properties beyond what the
-# image schema provides (boolean value)
+#
+# Allow users to add additional/custom properties to images.
+#
+# Glance defines a standard set of properties (in its schema) that
+# appear on every image. These properties are also known as
+# ``base properties``. In addition to these properties, Glance
+# allows users to add custom properties to images. These are known
+# as ``additional properties``.
+#
+# By default, this configuration option is set to ``True`` and users
+# are allowed to add additional properties. The number of additional
+# properties that can be added to an image can be controlled via
+# ``image_property_quota`` configuration option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * image_property_quota
+#
+#  (boolean value)
 #allow_additional_image_properties = true
 
-# Maximum number of image members per image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of image members per image.
+#
+# This limits the maximum of users an image can be shared with. Any negative
+# value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_member_quota = 128
 
-# Maximum number of properties allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of properties allowed on an image.
+#
+# This enforces an upper limit on the number of additional properties an image
+# can have. Any negative value is interpreted as unlimited.
+#
+# NOTE: This won't have any impact if additional properties are disabled. Please
+# refer to ``allow_additional_image_properties``.
+#
+# Related options:
+#     * ``allow_additional_image_properties``
+#
+#  (integer value)
 #image_property_quota = 128
 
-# Maximum number of tags allowed on an image. Negative values evaluate
-# to unlimited. (integer value)
+#
+# Maximum number of tags allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_tag_quota = 128
 
-# Maximum number of locations allowed on an image. Negative values
-# evaluate to unlimited. (integer value)
+#
+# Maximum number of locations allowed on an image.
+#
+# Any negative value is interpreted as unlimited.
+#
+# Related options:
+#     * None
+#
+#  (integer value)
 #image_location_quota = 10
 
-# Python module path of data access API (string value)
+#
+# Python module path of data access API.
+#
+# Specifies the path to the API to use for accessing the data model.
+# This option determines how the image catalog data will be accessed.
+#
+# Possible values:
+#     * glance.db.sqlalchemy.api
+#     * glance.db.registry.api
+#     * glance.db.simple.api
+#
+# If this option is set to ``glance.db.sqlalchemy.api`` then the image
+# catalog data is stored in and read from the database via the
+# SQLAlchemy Core and ORM APIs.
+#
+# Setting this option to ``glance.db.registry.api`` will force all
+# database access requests to be routed through the Registry service.
+# This avoids data access from the Glance API nodes for an added layer
+# of security, scalability and manageability.
+#
+# NOTE: In v2 OpenStack Images API, the registry service is optional.
+# In order to use the Registry API in v2, the option
+# ``enable_v2_registry`` must be set to ``True``.
+#
+# Finally, when this configuration option is set to
+# ``glance.db.simple.api``, image catalog data is stored in and read
+# from an in-memory data structure. This is primarily used for testing.
+#
+# Related options:
+#     * enable_v2_api
+#     * enable_v2_registry
+#
+#  (string value)
 #data_api = glance.db.sqlalchemy.api
 
-# Default value for the number of items returned by a request if not
-# specified explicitly in the request (integer value)
+#
+# The default number of results to return for a request.
+#
+# Responses to certain API requests, like list images, may return
+# multiple items. The number of results returned can be explicitly
+# controlled by specifying the ``limit`` parameter in the API request.
+# However, if a ``limit`` parameter is not specified, this
+# configuration value will be used as the default number of results to
+# be returned for any API request.
+#
+# NOTES:
+#     * The value of this configuration option may not be greater than
+#       the value specified by ``api_limit_max``.
+#     * Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * api_limit_max
+#
+#  (integer value)
+# Minimum value: 1
 #limit_param_default = 25
-
-# Maximum permissible number of items that could be returned by a
-# request (integer value)
+limit_param_default = 25
+
+#
+# Maximum number of results that could be returned by a request.
+#
+# As described in the help text of ``limit_param_default``, some
+# requests may return multiple results. The number of results to be
+# returned are governed either by the ``limit`` parameter in the
+# request or the ``limit_param_default`` configuration option.
+# The value in either case, can't be greater than the absolute maximum
+# defined by this configuration option. Anything greater than this
+# value is trimmed down to the maximum value defined here.
+#
+# NOTE: Setting this to a very large value may slow down database
+#       queries and increase response times. Setting this to a
+#       very low value may result in poor user experience.
+#
+# Possible values:
+#     * Any positive integer
+#
+# Related options:
+#     * limit_param_default
+#
+#  (integer value)
+# Minimum value: 1
 #api_limit_max = 1000
-
-# Whether to include the backend image storage location in image
-# properties. Revealing storage location can be a security risk, so
-# use this setting with caution! (boolean value)
+api_limit_max = 1000
+
+#
+# Show direct image location when returning an image.
+#
+# This configuration option indicates whether to show the direct image
+# location when returning image details to the user. The direct image
+# location is where the image data is stored in backend storage. This
+# image location is shown under the image property ``direct_url``.
+#
+# When multiple image locations exist for an image, the best location
+# is displayed based on the location strategy indicated by the
+# configuration option ``location_strategy``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_multiple_locations`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_multiple_locations
+#     * location_strategy
+#
+#  (boolean value)
 #show_image_direct_url = false
-
-# Whether to include the backend image locations in image properties.
-# For example, if using the file system store a URL of
-# "file:///path/to/image" will be returned to the user in the
-# 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution! Setting this to
-# true overrides the show_image_direct_url option. (boolean value)
+show_image_direct_url = true
+
+# DEPRECATED:
+# Show all image locations when returning an image.
+#
+# This configuration option indicates whether to show all the image
+# locations when returning image details to the user. When multiple
+# image locations exist for an image, the locations are ordered based
+# on the location strategy indicated by the configuration opt
+# ``location_strategy``. The image locations are shown under the
+# image property ``locations``.
+#
+# NOTES:
+#     * Revealing image locations can present a GRAVE SECURITY RISK as
+#       image locations can sometimes include credentials. Hence, this
+#       is set to ``False`` by default. Set this to ``True`` with
+#       EXTREME CAUTION and ONLY IF you know what you are doing!
+#     * If an operator wishes to avoid showing any image location(s)
+#       to the user, then both this option and
+#       ``show_image_direct_url`` MUST be set to ``False``.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * show_image_direct_url
+#     * location_strategy
+#
+#  (boolean value)
+# This option is deprecated for removal since Newton.
+# Its value may be silently ignored in the future.
+# Reason: This option will be removed in the Ocata release because the same
+# functionality can be achieved with greater granularity by using policies.
+# Please see the Newton release notes for more information.
 #show_multiple_locations = false
-
-# Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
-# increased after careful consideration and must be set to a value
-# under 8 EB (9223372036854775808). (integer value)
+show_multiple_locations = true
+
+#
+# Maximum size of image a user can upload in bytes.
+#
+# An image upload greater than the size mentioned here would result
+# in an image creation failure. This configuration option defaults to
+# 1099511627776 bytes (1 TiB).
+#
+# NOTES:
+#     * This value should only be increased after careful
+#       consideration and must be set less than or equal to
+#       8 EiB (9223372036854775808).
+#     * This value must be set with careful consideration of the
+#       backend storage capacity. Setting this to a very low value
+#       may result in a large number of image failures. And, setting
+#       this to a very large value may result in faster consumption
+#       of storage. Hence, this must be set according to the nature of
+#       images created and storage capacity available.
+#
+# Possible values:
+#     * Any positive number less than or equal to 9223372036854775808
+#
+#  (integer value)
+# Minimum value: 1
 # Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
-# Set a system wide quota for every user. This value is the total
-# capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
-# Accepted units are B, KB, MB, GB and TB representing Bytes,
-# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
-# unit is specified then Bytes is assumed. Note that there should not
-# be any space between value and unit and units are case sensitive.
-# (string value)
+#
+# Maximum amount of image storage per tenant.
+#
+# This enforces an upper limit on the cumulative storage consumed by all images
+# of a tenant across all stores. This is a per-tenant limit.
+#
+# The default unit for this configuration option is Bytes. However, storage
+# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
+# TeraBytes respectively. Note that there should not be any space between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# are invalid and result in errors.
+#
+# Possible values:
+#     * A string that is a valid concatenation of a non-negative integer
+#       representing the storage value and an optional string literal
+#       representing storage units as mentioned above.
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #user_storage_quota = 0
 
-# Deploy the v1 OpenStack Images API. (boolean value)
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
 #enable_v1_api = true
-
-# Deploy the v2 OpenStack Images API. (boolean value)
+enable_v1_api=False
+
+#
+# Deploy the v2 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond
+# to requests on registered endpoints conforming to the v2 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is disabled, then the ``enable_v2_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_registry
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v2_api = true
-
-# Deploy the v1 OpenStack Registry API. (boolean value)
+enable_v2_api=True
+
+#
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
+#  (boolean value)
 #enable_v1_registry = true
 
-# Deploy the v2 OpenStack Registry API. (boolean value)
+#
+# Deploy the v2 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v2 API requests.
+#
+# NOTES:
+#     * Use of Registry is optional in v2 API, so this option
+#       must only be enabled if both ``enable_v2_api`` is set to
+#       ``True`` and the ``data_api`` option is set to
+#       ``glance.db.registry.api``.
+#
+#     * If deploying only the v1 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v2_api
+#     * data_api
+#
+#  (boolean value)
 #enable_v2_registry = true
 
-# The hostname/IP of the pydev process listening for debug connections
-# (string value)
-#pydev_worker_debug_host = <None>
-
-# The port on which a pydev process is listening for connections.
-# (port value)
+#
+# Host address of the pydev server.
+#
+# Provide a string value representing the hostname or IP of the
+# pydev server to use for debugging. The pydev server listens for
+# debug connections on this address, facilitating remote debugging
+# in Glance.
+#
+# Possible values:
+#     * Valid hostname
+#     * Valid IP address
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#pydev_worker_debug_host = localhost
+
+#
+# Port number that the pydev server will listen on.
+#
+# Provide a port number to bind the pydev server to. The pydev
+# process accepts debug connections on this port and facilitates
+# remote debugging in Glance.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
-# AES key for encrypting store 'location' metadata. This includes, if
-# used, Swift or S3 credentials. Should be set to a random string of
-# length 16, 24 or 32 bytes (string value)
+#
+# AES key for encrypting store location metadata.
+#
+# Provide a string value representing the AES cipher to use for
+# encrypting Glance store metadata.
+#
+# NOTE: The AES key to use must be set to a random string of length
+# 16, 24 or 32 bytes.
+#
+# Possible values:
+#     * String value representing a valid AES key
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature. Use the
-# command "openssl list-message-digest-algorithms" to get the
-# available algorithms supported by the version of OpenSSL on the
-# platform. Examples are "sha1", "sha256", "sha512", etc. (string
-# value)
+#
+# Digest algorithm to use for digital signature.
+#
+# Provide a string value representing the digest algorithm to
+# use for generating digital signatures. By default, ``sha256``
+# is used.
+#
+# To get a list of the available algorithms supported by the version
+# of OpenSSL on your platform, run the command:
+# ``openssl list-message-digest-algorithms``.
+# Examples are 'sha1', 'sha256', and 'sha512'.
+#
+# NOTE: ``digest_algorithm`` is not related to Glance's image signing
+# and verification. It is only used to sign the universally unique
+# identifier (UUID) as a part of the certificate file and key file
+# validation.
+#
+# Possible values:
+#     * An OpenSSL message digest algorithm identifier
+#
+# Relation options:
+#     * None
+#
+#  (string value)
 #digest_algorithm = sha256
 
-# This value sets what strategy will be used to determine the image
-# location order. Currently two strategies are packaged with Glance
-# 'location_order' and 'store_type'. (string value)
+#
+# Strategy to determine the preference order of image locations.
+#
+# This configuration option indicates the strategy to determine
+# the order in which an image's locations must be accessed to
+# serve the image's data. Glance then retrieves the image data
+# from the first responsive active location it finds in this list.
+#
+# This option takes one of two possible values ``location_order``
+# and ``store_type``. The default value is ``location_order``,
+# which suggests that image data be served by using locations in
+# the order they are stored in Glance. The ``store_type`` value
+# sets the image location preference based on the order in which
+# the storage backends are listed as a comma separated list for
+# the configuration option ``store_type_preference``.
+#
+# Possible values:
+#     * location_order
+#     * store_type
+#
+# Related options:
+#     * store_type_preference
+#
+#  (string value)
 # Allowed values: location_order, store_type
 #location_strategy = location_order
 
-# The location of the property protection file.This file contains the
-# rules for property protections and the roles/policies associated
-# with it. If this config value is not specified, by default, property
+location_strategy = location_order
+
+
+#
+# The location of the property protection file.
+#
+# Provide a valid path to the property protection file which contains
+# the rules for property protections and the roles/policies associated
+# with them.
+#
+# A property protection file, when set, restricts the Glance image
+# properties to be created, read, updated and/or deleted by a specific
+# set of users that are identified by either roles or policies.
+# If this configuration option is not set, by default, property
 # protections won't be enforced. If a value is specified and the file
-# is not found, then the glance-api service will not start. (string
-# value)
+# is not found, the glance-api service will fail to start.
+# More information on property protections can be found at:
+# http://docs.openstack.org/developer/glance/property-protections.html
+#
+# Possible values:
+#     * Empty string
+#     * Valid path to the property protection configuration file
+#
+# Related options:
+#     * property_protection_rule_format
+#
+#  (string value)
 #property_protection_file = <None>
 
-# This config value indicates whether "roles" or "policies" are used
-# in the property protection file. (string value)
+#
+# Rule format for property protection.
+#
+# Provide the desired way to set property protection on Glance
+# image properties. The two permissible values are ``roles``
+# and ``policies``. The default value is ``roles``.
+#
+# If the value is ``roles``, the property protection file must
+# contain a comma separated list of user roles indicating
+# permissions for each of the CRUD operations on each property
+# being protected. If set to ``policies``, a policy defined in
+# policy.json is used to express property protections for each
+# of the CRUD operations. Examples of how property protections
+# are enforced based on ``roles`` or ``policies`` can be found at:
+# http://docs.openstack.org/developer/glance/property-protections.html#examples
+#
+# Possible values:
+#     * roles
+#     * policies
+#
+# Related options:
+#     * property_protection_file
+#
+#  (string value)
 # Allowed values: roles, policies
 #property_protection_rule_format = roles
 
-# Modules of exceptions that are permitted to be recreated upon
-# receiving exception data from an rpc call. (list value)
+#
+# List of allowed exception modules to handle RPC exceptions.
+#
+# Provide a comma separated list of modules whose exceptions are
+# permitted to be recreated upon receiving exception data via an RPC
+# call made to Glance. The default list includes
+# ``glance.common.exception``, ``builtins``, and ``exceptions``.
+#
+# The RPC protocol permits interaction with Glance via calls across a
+# network or within the same system. Including a list of exception
+# namespaces with this option enables RPC to propagate the exceptions
+# back to the users.
+#
+# Possible values:
+#     * A comma separated list of valid exception modules
+#
+# Related options:
+#     * None
+#  (list value)
 #allowed_rpc_exception_modules = glance.common.exception,builtins,exceptions
 
-# Address to bind the server.  Useful when selecting a particular
-# network interface. (string value)
+#
+# IP address to bind the glance servers to.
+#
+# Provide an IP address to bind the glance server to. The default
+# value is ``0.0.0.0``.
+#
+# Edit this option to enable the server to listen on one particular
+# IP address on the network card. This facilitates selection of a
+# particular network interface for the server.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #bind_host = 0.0.0.0
-
-# The port on which the server will listen. (port value)
+bind_host = 10.167.4.12
+
+#
+# Port number on which the server will listen.
+#
+# Provide a valid port number to bind the server's socket to. This
+# port is then set to identify processes and forward network messages
+# that arrive at the server. The default bind_port value for the API
+# server is 9292 and for the registry server is 9191.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #bind_port = <None>
-
-# The number of child process workers that will be created to service
-# requests. The default will be equal to the number of CPUs available.
-# (integer value)
+bind_port = 9292
+
+#
+# Number of Glance worker processes to start.
+#
+# Provide a non-negative integer value to set the number of child
+# process workers to service requests. By default, the number of CPUs
+# available is set as the value for ``workers``.
+#
+# Each worker process is made to listen on the port set in the
+# configuration file and contains a greenthread pool of size 1000.
+#
+# NOTE: Setting the number of workers to zero, triggers the creation
+# of a single API process with a greenthread pool of size 1000.
+#
+# Possible values:
+#     * 0
+#     * Positive integer value (typically equal to the number of CPUs)
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #workers = <None>
-
-# Maximum line size of message headers to be accepted. max_header_line
-# may need to be increased when using large tokens (typically those
-# generated by the Keystone v3 API with big service catalogs (integer
-# value)
+workers = 8
+
+#
+# Maximum line size of message headers.
+#
+# Provide an integer value representing a length to limit the size of
+# message headers. The default value is 16384.
+#
+# NOTE: ``max_header_line`` may need to be increased when using large
+# tokens (typically those generated by the Keystone v3 API with big
+# service catalogs). However, it is to be kept in mind that larger
+# values for ``max_header_line`` would flood the logs.
+#
+# Setting ``max_header_line`` to 0 sets no limit for the line size of
+# message headers.
+#
+# Possible values:
+#     * 0
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #max_header_line = 16384
 
-# If False, server will return the header "Connection: close", If
-# True, server will return "Connection: Keep-Alive" in its responses.
-# In order to close the client socket connection explicitly after the
-# response is sent and read successfully by the client, you simply
-# have to set this option to False when you create a wsgi server.
-# (boolean value)
+#
+# Set keep alive option for HTTP over TCP.
+#
+# Provide a boolean value to determine sending of keep alive packets.
+# If set to ``False``, the server returns the header
+# "Connection: close". If set to ``True``, the server returns a
+# "Connection: Keep-Alive" in its responses. This enables retention of
+# the same TCP connection for HTTP conversations instead of opening a
+# new one with each new request.
+#
+# This option must be set to ``False`` if the client socket connection
+# needs to be closed explicitly after the response is received and
+# read successfully by the client.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #http_keepalive = true
 
-# Timeout for client connections' socket operations. If an incoming
-# connection is idle for this number of seconds it will be closed. A
-# value of '0' means wait forever. (integer value)
+#
+# Timeout for client connections' socket operations.
+#
+# Provide a valid integer value representing time in seconds to set
+# the period of wait before an incoming connection can be closed. The
+# default value is 900 seconds.
+#
+# The value zero implies wait forever.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #client_socket_timeout = 900
 
-# The backlog value that will be used when creating the TCP listener
-# socket. (integer value)
+#
+# Set the number of incoming connection requests.
+#
+# Provide a positive integer value to limit the number of requests in
+# the backlog queue. The default queue size is 4096.
+#
+# An incoming connection to a TCP listener socket is queued before a
+# connection can be established with the server. Setting the backlog
+# for a TCP socket ensures a limited queue size for incoming traffic.
+#
+# Possible values:
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #backlog = 4096
 
-# The value for the socket option TCP_KEEPIDLE.  This is the time in
-# seconds that the connection must be idle before TCP starts sending
-# keepalive probes. (integer value)
+#
+# Set the wait time before a connection recheck.
+#
+# Provide a positive integer value representing time in seconds which
+# is set as the idle wait time before a TCP keep alive packet can be
+# sent to the host. The default value is 600 seconds.
+#
+# Setting ``tcp_keepidle`` helps verify at regular intervals that a
+# connection is intact and prevents frequent TCP connection
+# reestablishment.
+#
+# Possible values:
+#     * Positive integer value representing time in seconds
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #tcp_keepidle = 600
 
-# CA certificate file to use to verify connecting clients. (string
-# value)
-#ca_file = <None>
-
-# Certificate file to use when starting API server securely. (string
-# value)
-#cert_file = <None>
-
-# Private key file to use when starting API server securely. (string
-# value)
-#key_file = <None>
-
-# The path to the sqlite file database that will be used for image
-# cache management. (string value)
+#
+# Absolute path to the CA file.
+#
+# Provide a string value representing a valid absolute path to
+# the Certificate Authority file to use for client authentication.
+#
+# A CA file typically contains necessary trusted certificates to
+# use for the client authentication. This is essential to ensure
+# that a secure connection is established to the server via the
+# internet.
+#
+# Possible values:
+#     * Valid absolute path to the CA file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#ca_file = /etc/ssl/cafile
+
+#
+# Absolute path to the certificate file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate file which is required to start the API service
+# securely.
+#
+# A certificate file typically is a public key container and includes
+# the server's public key, server name, server information and the
+# signature which was a result of the verification process using the
+# CA certificate. This is required for a secure connection
+# establishment.
+#
+# Possible values:
+#     * Valid absolute path to the certificate file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#cert_file = /etc/ssl/certs
+
+#
+# Absolute path to a private key file.
+#
+# Provide a string value representing a valid absolute path to a
+# private key file which is required to establish the client-server
+# connection.
+#
+# Possible values:
+#     * Absolute path to the private key file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#key_file = /etc/ssl/key/key-file.pem
+
+# DEPRECATED: The HTTP header used to determine the scheme for the original
+# request, even if it was removed by an SSL terminating proxy. Typical value is
+# "HTTP_X_FORWARDED_PROTO". (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Use the http_proxy_to_wsgi middleware instead.
+#secure_proxy_ssl_header = <None>
+
+#
+# The relative path to sqlite file database that will be used for image cache
+# management.
+#
+# This is a relative path to the sqlite file database that tracks the age and
+# usage statistics of image cache. The path is relative to image cache base
+# directory, specified by the configuration option ``image_cache_dir``.
+#
+# This is a lightweight database with just one table.
+#
+# Possible values:
+#     * A valid relative path to sqlite file database
+#
+# Related options:
+#     * ``image_cache_dir``
+#
+#  (string value)
 #image_cache_sqlite_db = cache.db
 
-# The driver to use for image cache management. (string value)
+#
+# The driver to use for image cache management.
+#
+# This configuration option provides the flexibility to choose between the
+# different image-cache drivers available. An image-cache driver is responsible
+# for providing the essential functions of image-cache like write images to/read
+# images from cache, track age and usage of cached images, provide a list of
+# cached images, fetch size of the cache, queue images for caching and clean up
+# the cache, etc.
+#
+# The essential functions of a driver are defined in the base class
+# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers (existing
+# and prospective) must implement this interface. Currently available drivers
+# are ``sqlite`` and ``xattr``. These drivers primarily differ in the way they
+# store the information about cached images:
+#     * The ``sqlite`` driver uses a sqlite database (which sits on every glance
+#     node locally) to track the usage of cached images.
+#     * The ``xattr`` driver uses the extended attributes of files to store this
+#     information. It also requires a filesystem that sets ``atime`` on the
+# files
+#     when accessed.
+#
+# Possible values:
+#     * sqlite
+#     * xattr
+#
+# Related options:
+#     * None
+#
+#  (string value)
+# Allowed values: sqlite, xattr
 #image_cache_driver = sqlite
 
-# The upper limit (the maximum size of accumulated cache in bytes)
-# beyond which the cache pruner, if running, starts cleaning the image
-# cache. (integer value)
+#
+# The upper limit on cache size, in bytes, after which the cache-pruner cleans
+# up the image cache.
+#
+# NOTE: This is just a threshold for cache-pruner to act upon. It is NOT a
+# hard limit beyond which the image cache would never grow. In fact, depending
+# on how often the cache-pruner runs and how quickly the cache fills, the image
+# cache can far exceed the size specified here very easily. Hence, care must be
+# taken to appropriately schedule the cache-pruner and in setting this limit.
+#
+# Glance caches an image when it is downloaded. Consequently, the size of the
+# image cache grows over time as the number of downloads increases. To keep the
+# cache size from becoming unmanageable, it is recommended to run the
+# cache-pruner as a periodic task. When the cache pruner is kicked off, it
+# compares the current size of image cache and triggers a cleanup if the image
+# cache grew beyond the size specified here. After the cleanup, the size of
+# cache is less than or equal to size specified here.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #image_cache_max_size = 10737418240
 
-# The amount of time to let an incomplete image remain in the cache,
-# before the cache cleaner, if running, will remove the incomplete
-# image. (integer value)
+
+#
+# The amount of time, in seconds, an incomplete image remains in the cache.
+#
+# Incomplete images are images for which download is in progress. Please see the
+# description of configuration option ``image_cache_dir`` for more detail.
+# Sometimes, due to various reasons, it is possible the download may hang and
+# the incompletely downloaded image remains in the ``incomplete`` directory.
+# This configuration option sets a time limit on how long the incomplete images
+# should remain in the ``incomplete`` directory before they are cleaned up.
+# Once an incomplete image spends more time than is specified here, it'll be
+# removed by cache-cleaner on its next run.
+#
+# It is recommended to run cache-cleaner as a periodic task on the Glance API
+# nodes to keep the incomplete images from occupying disk space.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #image_cache_stall_time = 86400
 
-# Base directory that the image cache uses. (string value)
+#
+# Base directory for image cache.
+#
+# This is the location where image data is cached and served out of. All cached
+# images are stored directly under this directory. This directory also contains
+# three subdirectories, namely, ``incomplete``, ``invalid`` and ``queue``.
+#
+# The ``incomplete`` subdirectory is the staging area for downloading images. An
+# image is first downloaded to this directory. When the image download is
+# successful it is moved to the base directory. However, if the download fails,
+# the partially downloaded image file is moved to the ``invalid`` subdirectory.
+#
+# The ``queue``subdirectory is used for queuing images for download. This is
+# used primarily by the cache-prefetcher, which can be scheduled as a periodic
+# task like cache-pruner and cache-cleaner, to cache images ahead of their
+# usage.
+# Upon receiving the request to cache an image, Glance touches a file in the
+# ``queue`` directory with the image id as the file name. The cache-prefetcher,
+# when running, polls for the files in ``queue`` directory and starts
+# downloading them in the order they were created. When the download is
+# successful, the zero-sized file is deleted from the ``queue`` directory.
+# If the download fails, the zero-sized file remains and it'll be retried the
+# next time cache-prefetcher runs.
+#
+# Possible values:
+#     * A valid path
+#
+# Related options:
+#     * ``image_cache_sqlite_db``
+#
+#  (string value)
 #image_cache_dir = <None>
 
-# Default publisher_id for outgoing notifications. (string value)
+#
+# Default publisher_id for outgoing Glance notifications.
+#
+# This is the value that the notification driver will use to identify
+# messages for events originating from the Glance service. Typically,
+# this is the hostname of the instance that generated the message.
+#
+# Possible values:
+#     * Any reasonable instance identifier, for example: image.host1
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #default_publisher_id = image.localhost
 
-# List of disabled notifications. A notification can be given either
-# as a notification type to disable a single event, or as a
-# notification group prefix to disable all events within a group.
-# Example: if this config option is set to ["image.create",
-# "metadef_namespace"], then "image.create" notification will not be
-# sent after image is created and none of the notifications for
-# metadefinition namespaces will be sent. (list value)
+#
+# List of notifications to be disabled.
+#
+# Specify a list of notifications that should not be emitted.
+# A notification can be given either as a notification type to
+# disable a single event notification, or as a notification group
+# prefix to disable all event notifications within a group.
+#
+# Possible values:
+#     A comma-separated list of individual notification types or
+#     notification groups to be disabled. Currently supported groups:
+#         * image
+#         * image.member
+#         * task
+#         * metadef_namespace
+#         * metadef_object
+#         * metadef_property
+#         * metadef_resource_type
+#         * metadef_tag
+#     For a complete listing and description of each event refer to:
+#     http://docs.openstack.org/developer/glance/notifications.html
+#
+#     The values must be specified as: <group_name>.<event_name>
+#     For example: image.create,task.success,metadef_tag
+#
+# Related options:
+#     * None
+#
+#  (list value)
 #disabled_notifications =
 
-# Address to find the registry server. (string value)
+#
+# Address the registry server is hosted on.
+#
+# Possible values:
+#     * A valid IP or hostname
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #registry_host = 0.0.0.0
-
-# Port the registry server is listening on. (port value)
+registry_host = 10.167.4.10
+
+#
+# Port the registry server is listening on.
+#
+# Possible values:
+#     * A valid port number
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #registry_port = 9191
-
-# Whether to pass through the user token when making requests to the
-# registry. To prevent failures with token expiration during big files
-# upload, it is recommended to set this parameter to False.If
-# "use_user_token" is not in effect, then admin credentials can be
-# specified. (boolean value)
+registry_port = 9191
+
+# DEPRECATED: Whether to pass through the user token when making requests to the
+# registry. To prevent failures with token expiration during big files upload,
+# it is recommended to set this parameter to False.If "use_user_token" is not in
+# effect, then admin credentials can be specified. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #use_user_token = true
 
-# The administrators user name. If "use_user_token" is not in effect,
+# DEPRECATED: The administrators user name. If "use_user_token" is not in
+# effect, then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_user = <None>
+
+# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_user = <None>
-
-# The administrators password. If "use_user_token" is not in effect,
-# then admin credentials can be specified. (string value)
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_password = <None>
+
+# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
+# not in effect, then admin tenant name can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_password = <None>
-
-# The tenant name of the administrative user. If "use_user_token" is
-# not in effect, then admin tenant name can be specified. (string
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
+#admin_tenant_name = <None>
+
+# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
+# effect and using keystone auth, then URL of keystone can be specified. (string
 # value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
-#admin_tenant_name = <None>
-
-# The URL to the keystone service. If "use_user_token" is not in
-# effect and using keystone auth, then URL of keystone can be
-# specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_url = <None>
 
-# The strategy to use for authentication. If "use_user_token" is not
+# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_strategy = noauth
 
-# The region for the authentication service. If "use_user_token" is
-# not in effect and using keystone auth, then region name can be
-# specified. (string value)
+# DEPRECATED: The region for the authentication service. If "use_user_token" is
+# not in effect and using keystone auth, then region name can be specified.
+# (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated
-# in M release. It will be removed in O release. For more information
-# read OSSN-0060. Related functionality with uploading big images has
-# been implemented with Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated in M
+# release. It will be removed in O release. For more information read OSSN-0060.
+# Related functionality with uploading big images has been implemented with
+# Keystone trusts support.
 #auth_region = <None>
 
-# The protocol to use for communication with the registry server.
-# Either http or https. (string value)
+auth_region = RegionOne
+
+
+#
+# Protocol to use for communication with the registry server.
+#
+# Provide a string value representing the protocol to use for
+# communication with the registry server. By default, this option is
+# set to ``http`` and the connection is not secure.
+#
+# This option can be set to ``https`` to establish a secure connection
+# to the registry server. In this case, provide a key to use for the
+# SSL connection using the ``registry_client_key_file`` option. Also
+# include the CA file and cert file using the options
+# ``registry_client_ca_file`` and ``registry_client_cert_file``
+# respectively.
+#
+# Possible values:
+#     * http
+#     * https
+#
+# Related options:
+#     * registry_client_key_file
+#     * registry_client_cert_file
+#     * registry_client_ca_file
+#
+#  (string value)
+# Allowed values: http, https
 #registry_client_protocol = http
-
-# The path to the key file to use in SSL connections to the registry
-# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE
-# environment variable to a filepath of the key file (string value)
-#registry_client_key_file = <None>
-
-# The path to the cert file to use in SSL connections to the registry
-# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE
-# environment variable to a filepath of the CA cert file (string
-# value)
-#registry_client_cert_file = <None>
-
-# The path to the certifying authority cert file to use in SSL
-# connections to the registry server, if any. Alternately, you may set
-# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the
-# CA cert file. (string value)
-#registry_client_ca_file = <None>
-
-# When using SSL in connections to the registry server, do not require
-# validation via a certifying authority. This is the registry's
-# equivalent of specifying --insecure on the command line using
-# glanceclient for the API. (boolean value)
+registry_client_protocol = http
+
+#
+# Absolute path to the private key file.
+#
+# Provide a string value representing a valid absolute path to the
+# private key file to use for establishing a secure connection to
+# the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE
+# environment variable may be set to a filepath of the key file.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the key
+#       file.
+#
+# Related options:
+#     * registry_client_protocol
+#
+#  (string value)
+#registry_client_key_file = /etc/ssl/key/key-file.pem
+
+#
+# Absolute path to the certificate file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate file to use for establishing a secure connection to
+# the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE
+# environment variable may be set to a filepath of the certificate
+# file.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the
+#       certificate file.
+#
+# Related options:
+#     * registry_client_protocol
+#
+#  (string value)
+#registry_client_cert_file = /etc/ssl/certs/file.crt
+
+#
+# Absolute path to the Certificate Authority file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate authority file to use for establishing a secure
+# connection to the registry server.
+#
+# NOTE: This option must be set if ``registry_client_protocol`` is
+# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE
+# environment variable may be set to a filepath of the CA file.
+# This option is ignored if the ``registry_client_insecure`` option
+# is set to ``True``.
+#
+# Possible values:
+#     * String value representing a valid absolute path to the CA
+#       file.
+#
+# Related options:
+#     * registry_client_protocol
+#     * registry_client_insecure
+#
+#  (string value)
+#registry_client_ca_file = /etc/ssl/cafile/file.ca
+
+#
+# Set verification of the registry server certificate.
+#
+# Provide a boolean value to determine whether or not to validate
+# SSL connections to the registry server. By default, this option
+# is set to ``False`` and the SSL connections are validated.
+#
+# If set to ``True``, the connection to the registry server is not
+# validated via a certifying authority and the
+# ``registry_client_ca_file`` option is ignored. This is the
+# registry's equivalent of specifying --insecure on the command line
+# using glanceclient for the API.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * registry_client_protocol
+#     * registry_client_ca_file
+#
+#  (boolean value)
 #registry_client_insecure = false
 
-# The period of time, in seconds, that the API server will wait for a
-# registry request to complete. A value of 0 implies no timeout.
-# (integer value)
+#
+# Timeout value for registry requests.
+#
+# Provide an integer value representing the period of time in seconds
+# that the API server will wait for a registry request to complete.
+# The default value is 600 seconds.
+#
+# A value of 0 implies that a request will never timeout.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #registry_client_timeout = 600
 
-# Whether to pass through headers containing user and tenant
-# information when making requests to the registry. This allows the
-# registry to use the context middleware without keystonemiddleware's
-# auth_token middleware, removing calls to the keystone auth service.
-# It is recommended that when using this option, secure communication
-# between glance api and glance registry is ensured by means other
-# than auth_token middleware. (boolean value)
+#
+# Send headers received from identity when making requests to
+# registry.
+#
+# Typically, Glance registry can be deployed in multiple flavors,
+# which may or may not include authentication. For example,
+# ``trusted-auth`` is a flavor that does not require the registry
+# service to authenticate the requests it receives. However, the
+# registry service may still need a user context to be populated to
+# serve the requests. This can be achieved by the caller
+# (the Glance API usually) passing through the headers it received
+# from authenticating with identity for the same request. The typical
+# headers sent are ``X-User-Id``, ``X-Tenant-Id``, ``X-Roles``,
+# ``X-Identity-Status`` and ``X-Service-Catalog``.
+#
+# Provide a boolean value to determine whether to send the identity
+# headers to provide tenant and user information along with the
+# requests to registry service. By default, this option is set to
+# ``False``, which means that user and tenant information is not
+# available readily. It must be obtained by authenticating. Hence, if
+# this is set to ``False``, ``flavor`` must be set to value that
+# either includes authentication or authenticated user context.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * flavor
+#
+#  (boolean value)
 #send_identity_headers = false
 
-# The amount of time in seconds to delay before performing a delete.
-# (integer value)
+#
+# The amount of time, in seconds, to delay image scrubbing.
+#
+# When delayed delete is turned on, an image is put into ``pending_delete``
+# state upon deletion until the scrubber deletes its image data. Typically, soon
+# after the image is put into ``pending_delete`` state, it is available for
+# scrubbing. However, scrubbing can be delayed until a later point using this
+# configuration option. This option denotes the time period an image spends in
+# ``pending_delete`` state before it is available for scrubbing.
+#
+# It is important to realize that this has storage implications. The larger the
+# ``scrub_time``, the longer the time to reclaim backend storage from deleted
+# images.
+#
+# Possible values:
+#     * Any non-negative integer
+#
+# Related options:
+#     * ``delayed_delete``
+#
+#  (integer value)
+# Minimum value: 0
 #scrub_time = 0
 
-# The size of thread pool to be used for scrubbing images. The default
-# is one, which signifies serial scrubbing. Any value above one
-# indicates the max number of images that may be scrubbed in parallel.
-# (integer value)
+#
+# The size of thread pool to be used for scrubbing images.
+#
+# When there are a large number of images to scrub, it is beneficial to scrub
+# images in parallel so that the scrub queue stays in control and the backend
+# storage is reclaimed in a timely fashion. This configuration option denotes
+# the maximum number of images to be scrubbed in parallel. The default value is
+# one, which signifies serial scrubbing. Any value above one indicates parallel
+# scrubbing.
+#
+# Possible values:
+#     * Any non-zero positive integer
+#
+# Related options:
+#     * ``delayed_delete``
+#
+#  (integer value)
+# Minimum value: 1
 #scrub_pool_size = 1
 
-# Turn on/off delayed delete. (boolean value)
+#
+# Turn on/off delayed delete.
+#
+# Typically when an image is deleted, the ``glance-api`` service puts the image
+# into ``deleted`` state and deletes its data at the same time. Delayed delete
+# is a feature in Glance that delays the actual deletion of image data until a
+# later point in time (as determined by the configuration option
+# ``scrub_time``).
+# When delayed delete is turned on, the ``glance-api`` service puts the image
+# into ``pending_delete`` state upon deletion and leaves the image data in the
+# storage backend for the image scrubber to delete at a later time. The image
+# scrubber will move the image into ``deleted`` state upon successful deletion
+# of image data.
+#
+# NOTE: When delayed delete is turned on, image scrubber MUST be running as a
+# periodic task to prevent the backend storage from filling up with undesired
+# usage.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * ``scrub_time``
+#     * ``wakeup_time``
+#     * ``scrub_pool_size``
+#
+#  (boolean value)
 #delayed_delete = false
 
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of
-# the default INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
-
-# If set to false, the logging level will be set to WARNING instead of
-# the default INFO level. (boolean value)
+debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
-
-# The name of a logging configuration file. This file is appended to
-# any existing logging configuration files. For details about logging
-# configuration files, see the Python logging module documentation.
-# Note that when logging configuration files are used then all logging
-# configuration is set in the configuration file and other logging
-# configuration options are ignored (for example,
-# logging_context_format_string). (string value)
+verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set.
-# (string value)
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default
-# is set, logging will go to stderr as defined by use_stderr. This
-# option is ignored if log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths.
-# This option is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/api.log
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is
-# moved or removed this handler will open a new log file with
-# specified path instantaneously. It makes sense only if log_file
-# option is specified and Linux platform is used. This option is
-# ignored if log_config_append is set. (boolean value)
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and
-# will be changed later to honor RFC5424. This option is ignored if
-# log_config_append is set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_syslog = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. This option is ignored if
-# log_config_append is set. (boolean value)
-#use_stderr = true
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined.
-# (string value)
+# Format string to use for log messages when context is undefined. (string
+# value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the
-# message is DEBUG. (string value)
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
-# Prefix each line of exception output with this format. (string
-# value)
+# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is
-# ignored if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message.
-# (string value)
+# The format for an instance that is passed with the log message. (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message.
-# (string value)
+# The format for an instance UUID that is passed with the log message. (string
+# value)
 #instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
+# empty string. Logs with level greater or equal to rate_limit_except_level are
+# not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
@@ -474,64 +1579,154 @@
 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
 #rpc_conn_pool_size = 30
 
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet
-# interface, or IP. The "host" option should point or resolve to this
-# address. (string value)
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
 # Allowed values: redis, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
 #rpc_zmq_matchmaker = redis
 
-# Type of concurrency used. Either "native" or "eventlet" (string
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger period.
+# The value of 0 specifies no linger period. Pending messages shall be discarded
+# immediately when the socket is closed. Positive values specify an upper bound
+# for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#rpc_zmq_concurrency = eventlet
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic.
-# Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address.
-# Must match "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Seconds to wait before a cast expires (TTL). The default value of -1
-# specifies an infinite linger period. The value of 0 specifies no
-# linger period. Pending messages shall be discarded immediately when
-# the socket is closed. Only supported by impl_zmq. (integer value)
-#rpc_cast_timeout = -1
-
-# The default number of seconds that poll should wait. Poll raises
-# timeout exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about
-# existing target ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 120
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
-# (boolean value)
-#use_pub_sub = true
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
 
 # Minimal port number for random ports range. (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#rpc_zmq_min_port = 49152
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
 
 # Maximal port number for random ports range. (integer value)
 # Minimum value: 1
 # Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
 #rpc_zmq_max_port = 65536
 
-# Number of retries to find free port number before fail with
-# ZMQBindError. (integer value)
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
 #rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = false
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to skip
+# any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value and
+# 0) means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0) means
+# to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is not
+# tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
 
 # Size of executor thread pool. (integer value)
 # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
@@ -540,19 +1735,23 @@
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
 
-# A URL representing the messaging driver to use and its full
-# configuration. If not set, we fall back to the rpc_backend option
-# and driver specific configuration. (string value)
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
 #transport_url = <None>
-
-# The messaging driver to use, defaults to rabbit. Other drivers
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.41:5672,openstack:opnfv_secret@10.167.4.42:5672,openstack:opnfv_secret@10.167.4.43:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
 # include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rpc_backend = rabbit
 
-# The default exchange under which topics are scoped. May be
-# overridden by an exchange name specified in the transport_url
-# option. (string value)
+# The default exchange under which topics are scoped. May be overridden by an
+# exchange name specified in the transport_url option. (string value)
 #control_exchange = openstack
+control_exchange = openstack
+scrubber_datadir=/var/lib/glance/scrubber
 
 
 [cors]
@@ -561,27 +1760,26 @@
 # From oslo.middleware.cors
 #
 
-# Indicate whether this resource may be shared with the domain
-# received in the requests "origin" header. (list value)
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
-# Indicate that the actual request can include user credentials
-# (boolean value)
+# Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
 
-# Indicate which headers are safe to expose to the API. Defaults to
-# HTTP Simple Headers. (list value)
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
 #expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
-# Indicate which methods can be used during the actual request. (list
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
 # value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual
-# request. (list value)
 #allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
 
 
@@ -591,27 +1789,26 @@
 # From oslo.middleware.cors
 #
 
-# Indicate whether this resource may be shared with the domain
-# received in the requests "origin" header. (list value)
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
-# Indicate that the actual request can include user credentials
-# (boolean value)
+# Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
 
-# Indicate which headers are safe to expose to the API. Defaults to
-# HTTP Simple Headers. (list value)
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
 #expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
-# Indicate which methods can be used during the actual request. (list
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
 # value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual
-# request. (list value)
 #allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
 
 
@@ -621,9 +1818,13 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
-sqlite_db = /var/lib/glance/glance.sqlite
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect the
+# database.
+#sqlite_db = oslo.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
 # Deprecated group/name - [DEFAULT]/sqlite_synchronous
@@ -631,23 +1832,25 @@
 
 # The back end to use for the database. (string value)
 # Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
 backend = sqlalchemy
 
-# The SQLAlchemy connection string to use to connect to the database.
-# (string value)
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave
-# database. (string value)
+connection = mysql+pymysql://glance:opnfv_secret@10.167.4.50/glance
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
 #slave_connection = <None>
 
-# The SQL mode to be used for MySQL sessions. This option, including
-# the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value.
-# Example: mysql_sql_mode= (string value)
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
 #mysql_sql_mode = TRADITIONAL
 
 # Timeout before idle SQL connections are reaped. (integer value)
@@ -655,39 +1858,41 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool. (integer
-# value)
+idle_timeout = 3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer
-# value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to
-# -1 to specify an infinite retry count. (integer value)
+#max_pool_size = 5
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer
-# value)
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
 
-# If set, use this value for max_overflow with SQLAlchemy. (integer
-# value)
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# (integer value)
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -695,37 +1900,35 @@
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
 #connection_trace = false
 
-# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# value)
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection
-# lost. (boolean value)
+# Enable the experimental use of database reconnect on connection lost. (boolean
+# value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
 
-# If True, increases the interval between retries of a database
-# operation up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
 #db_inc_retry_interval = true
 
-# If db_inc_retry_interval is set, the maximum seconds between retries
-# of a database operation. (integer value)
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
 #db_max_retry_interval = 10
 
-# Maximum retries in case of connection error or deadlock error before
-# error is raised. Set to -1 to specify an infinite retry count.
-# (integer value)
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
 #db_max_retries = 20
 
 #
 # From oslo.db.concurrency
 #
 
-# Enable the experimental use of thread pooling for all DB API calls
-# (boolean value)
+# Enable the experimental use of thread pooling for all DB API calls (boolean
+# value)
 # Deprecated group/name - [DEFAULT]/dbapi_use_tpool
 #use_tpool = false
 
@@ -736,359 +1939,772 @@
 # From glance.store
 #
 
-# List of stores enabled. Valid stores are: cinder, file, http, rbd,
-# sheepdog, swift, s3, vsphere (list value)
+#
+# List of enabled Glance stores.
+#
+# Register the storage backends to use for storing disk images
+# as a comma separated list. The default stores enabled for
+# storing disk images with Glance are ``file`` and ``http``.
+#
+# Possible values:
+#     * A comma separated list that could include:
+#         * file
+#         * http
+#         * swift
+#         * rbd
+#         * sheepdog
+#         * cinder
+#         * vmware
+#
+# Related Options:
+#     * default_store
+#
+#  (list value)
 #stores = file,http
-
-# Default scheme to use to store image data. The scheme must be
-# registered by one of the stores defined by the 'stores' config
-# option. (string value)
+default_store = file
+stores = file,http
+#
+# The default scheme to use for storing images.
+#
+# Provide a string value representing the default scheme to use for
+# storing images. If not set, Glance uses ``file`` as the default
+# scheme to store images with the ``file`` store.
+#
+# NOTE: The value given for this configuration option must be a valid
+# scheme for a store registered with the ``stores`` configuration
+# option.
+#
+# Possible values:
+#     * file
+#     * filesystem
+#     * http
+#     * https
+#     * swift
+#     * swift+http
+#     * swift+https
+#     * swift+config
+#     * rbd
+#     * sheepdog
+#     * cinder
+#     * vsphere
+#
+# Related Options:
+#     * stores
+#
+#  (string value)
+# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
 #default_store = file
 
-# Minimum interval seconds to execute updating dynamic storage
-# capabilities based on backend status then. It's not a periodic
-# routine, the update logic will be executed only when interval
-# seconds elapsed and an operation of store has triggered. The feature
-# will be enabled only when the option value greater then zero.
-# (integer value)
+#
+# Minimum interval in seconds to execute updating dynamic storage
+# capabilities based on current backend status.
+#
+# Provide an integer value representing time in seconds to set the
+# minimum interval before an update of dynamic storage capabilities
+# for a storage backend can be attempted. Setting
+# ``store_capabilities_update_min_interval`` does not mean updates
+# occur periodically based on the set interval. Rather, the update
+# is performed at the elapse of this interval set, if an operation
+# of the store is triggered.
+#
+# By default, this option is set to zero and is disabled. Provide an
+# integer value greater than zero to enable this option.
+#
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
+# /store-capabilities.html
+#
+# For more information on setting up a particular store in your
+# deplyment and help with the usage of this feature, please contact
+# the storage driver maintainers listed here:
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #store_capabilities_update_min_interval = 0
 
-# Specify the path to the CA bundle file to use in verifying the
-# remote server certificate. (string value)
+#
+# Information to match when looking for cinder in the service catalog.
+#
+# When the ``cinder_endpoint_template`` is not set and any of
+# ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, ``cinder_store_password`` is not set,
+# cinder store uses this information to lookup cinder endpoint from the service
+# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# into consideration to fetch the appropriate endpoint.
+#
+# The service catalog can be listed by the ``openstack catalog list`` command.
+#
+# Possible values:
+#     * A string of of the following form:
+#       ``<service_type>:<service_name>:<endpoint_type>``
+#       At least ``service_type`` and ``endpoint_type`` should be specified.
+#       ``service_name`` can be omitted.
+#
+# Related options:
+#     * cinder_os_region_name
+#     * cinder_endpoint_template
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#
+#  (string value)
+#cinder_catalog_info = volumev2::publicURL
+cinder_catalog_info = volumev2::internalURL
+
+#
+# Override service catalog lookup with template for cinder endpoint.
+#
+# When this option is set, this value is used to generate cinder endpoint,
+# instead of looking up from the service catalog.
+# This value is ignored if ``cinder_store_auth_address``,
+# ``cinder_store_user_name``, ``cinder_store_project_name``, and
+# ``cinder_store_password`` are specified.
+#
+# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+#       replaced with the current tenant (project) name.
+#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#     * cinder_catalog_info
+#
+#  (string value)
+#cinder_endpoint_template = <None>
+
+#
+# Region name to lookup cinder service from the service catalog.
+#
+# This is used only when ``cinder_catalog_info`` is used for determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
+# the specified region. It is useful when multiple regions are listed in the
+# catalog. If this is not set, the endpoint is looked up from every region.
+#
+# Possible values:
+#     * A string that is a valid region name.
+#
+# Related options:
+#     * cinder_catalog_info
+#
+#  (string value)
+# Deprecated group/name - [glance_store]/os_region_name
+#cinder_os_region_name = <None>
+
+cinder_os_region_name = RegionOne
+
+
+#
+# Location of a CA certificates file used for cinder client requests.
+#
+# The specified CA certificates file, if set, is used to verify cinder
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
+# ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+#
+# Possible values:
+#     * Path to a ca certificates file
+#
+# Related options:
+#     * cinder_api_insecure
+#
+#  (string value)
+#cinder_ca_certificates_file = <None>
+
+#
+# Number of cinderclient retries on failed http calls.
+#
+# When a call failed by any errors, cinderclient will retry the call up to the
+# specified times after sleeping a few seconds.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_http_retries = 3
+
+#
+# Time period, in seconds, to wait for a cinder volume transition to
+# complete.
+#
+# When the cinder volume is created, deleted, or attached to the glance node to
+# read/write the volume data, the volume's state is changed. For example, the
+# newly created volume status changes from ``creating`` to ``available`` after
+# the creation process is completed. This specifies the maximum time to wait for
+# the status change. If a timeout occurs while waiting, or the status is changed
+# to an unexpected value (e.g. `error``), the image creation fails.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_state_transition_timeout = 300
+
+#
+# Allow to perform insecure SSL requests to cinder.
+#
+# If this option is set to True, HTTPS endpoint connection is verified using the
+# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * cinder_ca_certificates_file
+#
+#  (boolean value)
+#cinder_api_insecure = false
+
+#
+# The address where the cinder authentication service is listening.
+#
+# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options are
+# specified, the specified values are always used for the authentication.
+# This is useful to hide the image volumes from users by storing them in a
+# project/tenant specific to the image service. It also enables users to share
+# the image volume among other projects under the control of glance's ACL.
+#
+# If either of these options are not set, the cinder endpoint is looked up
+# from the service catalog, and current context's user and project are used.
+#
+# Possible values:
+#     * A valid authentication service address, for example:
+#       ``http://openstack.example.org/identity/v2.0``
+#
+# Related options:
+#     * cinder_store_user_name
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_auth_address = <None>
+
+#
+# User name to authenticate against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid user name
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_user_name = <None>
+
+#
+# Password for the user authenticating against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid password for the user specified by ``cinder_store_user_name``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_password = <None>
+
+#
+# Project name where the image volume is stored in cinder.
+#
+# If this configuration option is not set, the project in current context is
+# used.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the project of the current context is used.
+#
+# Possible values:
+#     * A valid project name
+#
+# Related options:
+#     * ``cinder_store_auth_address``
+#     * ``cinder_store_user_name``
+#     * ``cinder_store_password``
+#
+#  (string value)
+#cinder_store_project_name = <None>
+
+#
+# Path to the rootwrap configuration file to use for running commands as root.
+#
+# The cinder store requires root privileges to operate the image volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
+# The configuration file should allow the required commands by cinder store and
+# os-brick library.
+#
+# Possible values:
+#     * Path to the rootwrap config file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
+
+#
+# Directory to which the filesystem backend store writes images.
+#
+# Upon start up, Glance creates the directory if it doesn't already
+# exist and verifies write access to the user under which
+# ``glance-api`` runs. If the write access isn't available, a
+# ``BadStoreConfiguration`` exception is raised and the filesystem
+# store may not be available for adding new images.
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * A valid path to a directory
+#
+# Related options:
+#     * ``filesystem_store_datadirs``
+#     * ``filesystem_store_file_perm``
+#
+#  (string value)
+#filesystem_store_datadir = /var/lib/glance/images
+filesystem_store_datadir = /var/lib/glance/images/
+
+#
+# List of directories and their priorities to which the filesystem
+# backend store writes images.
+#
+# The filesystem store can be configured to store images in multiple
+# directories as opposed to using a single directory specified by the
+# ``filesystem_store_datadir`` configuration option. When using
+# multiple directories, each directory can be given an optional
+# priority to specify the preference order in which they should
+# be used. Priority is an integer that is concatenated to the
+# directory path with a colon where a higher value indicates higher
+# priority. When two directories have the same priority, the directory
+# with most free space is used. When no priority is specified, it
+# defaults to zero.
+#
+# More information on configuring filesystem store with multiple store
+# directories can be found at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * List of strings of the following form:
+#         * ``<a valid directory path>:<optional integer priority>``
+#
+# Related options:
+#     * ``filesystem_store_datadir``
+#     * ``filesystem_store_file_perm``
+#
+#  (multi valued)
+#filesystem_store_datadirs =
+
+#
+# Filesystem store metadata file.
+#
+# The path to a file which contains the metadata to be returned with
+# any location associated with the filesystem store. The file must
+# contain a valid JSON object. The object should contain the keys
+# ``id`` and ``mountpoint``. The value for both keys should be a
+# string.
+#
+# Possible values:
+#     * A valid path to the store metadata file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+
+#
+# File access permissions for the image files.
+#
+# Set the intended file access permissions for image data. This provides
+# a way to enable other services, e.g. Nova, to consume images directly
+# from the filesystem store. The users running the services that are
+# intended to be given access to could be made a member of the group
+# that owns the files created. Assigning a value less then or equal to
+# zero for this configuration option signifies that no changes be made
+# to the  default permissions. This value will be decoded as an octal
+# digit.
+#
+# For more information, please refer the documentation at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# Possible values:
+#     * A valid file access permission
+#     * Zero
+#     * Any negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+#filesystem_store_file_perm = 0
+
+#
+# Path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Certificate Authority file to verify the remote server certificate. If
+# this option is set, the ``https_insecure`` option will be ignored and
+# the CA file specified will be used to authenticate the server
+# certificate and establish a secure connection to the server.
+#
+# Possible values:
+#     * A valid path to a CA file
+#
+# Related options:
+#     * https_insecure
+#
+#  (string value)
 #https_ca_certificates_file = <None>
 
-# If true, the remote server certificate is not verified. If false,
-# then the default CA truststore is used for verification. This option
-# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#
+# Set verification of the remote server certificate.
+#
+# This configuration option takes in a boolean value to determine
+# whether or not to verify the remote server certificate. If set to
+# True, the remote server certificate is not verified. If the option is
+# set to False, then the default CA truststore is used for verification.
+#
+# This option is ignored if ``https_ca_certificates_file`` is set.
+# The remote server certificate will then be verified using the file
+# specified using the ``https_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * https_ca_certificates_file
+#
+#  (boolean value)
 #https_insecure = true
 
-# Specify the http/https proxy information that should be used to
-# connect to the remote server. The proxy information should be a key
-# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
-# specify proxies for multiple schemes by seperating the key value
-# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
-# (dict value)
+#
+# The http/https proxy information to be used to connect to the remote
+# server.
+#
+# This configuration option specifies the http/https proxy information
+# that should be used to connect to the remote server. The proxy
+# information should be a key value pair of the scheme and proxy, for
+# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# schemes by separating the key value pairs with a comma, for example,
+# http:10.0.0.1:3128, https:10.0.0.1:1080.
+#
+# Possible values:
+#     * A comma separated list of scheme:proxy pairs as described above
+#
+# Related options:
+#     * None
+#
+#  (dict value)
 #http_proxy_information =
 
-# If True, swiftclient won't check for a valid SSL certificate when
-# authenticating. (boolean value)
-#swift_store_auth_insecure = false
-
-# A string giving the CA certificate file to use in SSL connections
-# for verifying certs. (string value)
-#swift_store_cacert = <None>
-
-# The region of the swift endpoint to be used for single tenant. This
-# setting is only necessary if the tenant has multiple swift
-# endpoints. (string value)
-#swift_store_region = <None>
-
-# If set, the configured endpoint will be used. If None, the storage
-# url from the auth response will be used. (string value)
-#swift_store_endpoint = <None>
-
-# A string giving the endpoint type of the swift service to use
-# (publicURL, adminURL or internalURL). This setting is only used if
-# swift_store_auth_version is 2. (string value)
-#swift_store_endpoint_type = publicURL
-
-# A string giving the service type of the swift service to use. This
-# setting is only used if swift_store_auth_version is 2. (string
-# value)
-#swift_store_service_type = object-store
-
-# Container within the account that the account should use for storing
-# images in Swift when using single container mode. In multiple
-# container mode, this will be the prefix for all containers. (string
-# value)
-#swift_store_container = glance
-
-# The size, in MB, that Glance will start chunking image files and do
-# a large object manifest in Swift. (integer value)
-#swift_store_large_object_size = 5120
-
-# The amount of data written to a temporary disk buffer during the
-# process of chunking the image file. (integer value)
-#swift_store_large_object_chunk_size = 200
-
-# A boolean value that determines if we create the container if it
-# does not exist. (boolean value)
-#swift_store_create_container_on_put = false
-
-# If set to True, enables multi-tenant storage mode which causes
-# Glance images to be stored in tenant specific Swift accounts.
-# (boolean value)
-#swift_store_multi_tenant = false
-
-# When set to 0, a single-tenant store will only use one container to
-# store all images. When set to an integer value between 1 and 32, a
-# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
-# only when swift_store_multi_tenant is disabled. The total number of
-# containers that will be used is equal to 16^N, so if this config
-# option is set to 2, then 16^2=256 containers will be used to store
-# images. (integer value)
-#swift_store_multiple_containers_seed = 0
-
-# A list of tenants that will be granted read/write access on all
-# Swift containers created by Glance in multi-tenant mode. (list
-# value)
-#swift_store_admin_tenants =
-
-# If set to False, disables SSL layer compression of https swift
-# requests. Setting to False may improve performance for images which
-# are already in a compressed format, eg qcow2. (boolean value)
-#swift_store_ssl_compression = true
-
-# The number of times a Swift download will be retried before the
-# request fails. (integer value)
-#swift_store_retry_get_count = 0
-
-# The period of time (in seconds) before token expirationwhen
-# glance_store will try to reques new user token. Default value 60 sec
-# means that if token is going to expire in 1 min then glance_store
-# request new user token. (integer value)
-#swift_store_expire_soon_interval = 60
-
-# If set to True create a trust for each add/get request to Multi-
-# tenant store in order to prevent authentication token to be expired
-# during uploading/downloading data. If set to False then user token
-# is used for Swift connection (so no overhead on trust creation).
-# Please note that this option is considered only and only if
-# swift_store_multi_tenant=True (boolean value)
-#swift_store_use_trusts = true
-
-# The reference to the default swift account/backing store parameters
-# to use for adding new images. (string value)
-#default_swift_reference = ref1
-
-# Version of the authentication service to use. Valid versions are 2
-# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
-# (deprecated - use "auth_version" in swift_store_config_file) (string
-# value)
-#swift_store_auth_version = 2
-
-# The address where the Swift authentication service is listening.
-# (deprecated - use "auth_address" in swift_store_config_file) (string
-# value)
-#swift_store_auth_address = <None>
-
-# The user to authenticate against the Swift authentication service
-# (deprecated - use "user" in swift_store_config_file) (string value)
-#swift_store_user = <None>
-
-# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated - use "key" in
-# swift_store_config_file) (string value)
-#swift_store_key = <None>
-
-# The config file that has the swift account(s)configs. (string value)
-#swift_store_config_file = <None>
-
-# RADOS images will be chunked into objects of this size (in
-# megabytes). For best performance, this should be a power of two.
-# (integer value)
-#rbd_store_chunk_size = 8
-
-# RADOS pool in which images are stored. (string value)
-#rbd_store_pool = images
-
-# RADOS user to authenticate as (only applicable if using Cephx. If
-# <None>, a default will be chosen based on the client. section in
-# rbd_store_ceph_conf) (string value)
-#rbd_store_user = <None>
-
-# Ceph configuration file path. If <None>, librados will locate the
-# default config. If using cephx authentication, this file should
-# include a reference to the right keyring in a client.<USER> section
-# (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# Timeout value (in seconds) used when connecting to ceph cluster. If
-# value <= 0, no timeout is set and default librados value is used.
-# (integer value)
-#rados_connect_timeout = 0
-
-# Info to match when looking for cinder in the service catalog. Format
-# is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volumev2::publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v2/%(tenant)s (string value)
-#cinder_endpoint_template = <None>
-
-# Region name of this node. If specified, it will be used to locate
-# OpenStack services for stores. (string value)
-# Deprecated group/name - [DEFAULT]/os_region_name
-#cinder_os_region_name = <None>
-
-# Location of ca certicates file to use for cinder client requests.
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Time period of time in seconds to wait for a cinder volume
-# transition to complete. (integer value)
-#cinder_state_transition_timeout = 300
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = false
-
-# The address where the Cinder authentication service is listening. If
-# <None>, the cinder endpoint in the service catalog is used. (string
-# value)
-#cinder_store_auth_address = <None>
-
-# User name to authenticate against Cinder. If <None>, the user of
-# current context is used. (string value)
-#cinder_store_user_name = <None>
-
-# Password for the user authenticating against Cinder. If <None>, the
-# current context auth token is used. (string value)
-#cinder_store_password = <None>
-
-# Project name where the image is stored in Cinder. If <None>, the
-# project in current context is used. (string value)
-#cinder_store_project_name = <None>
-
-# Path to the rootwrap configuration file to use for running commands
-# as root. (string value)
-#rootwrap_config = /etc/glance/rootwrap.conf
-
-# The host where the S3 server is listening. (string value)
-#s3_store_host = <None>
-
-# The S3 query token access key. (string value)
-#s3_store_access_key = <None>
-
-# The S3 query token secret key. (string value)
-#s3_store_secret_key = <None>
-
-# The S3 bucket to be used to store the Glance data. (string value)
-#s3_store_bucket = <None>
-
-# The local directory where uploads will be staged before they are
-# transferred into S3. (string value)
-#s3_store_object_buffer_dir = <None>
-
-# A boolean to determine if the S3 bucket should be created on upload
-# if it does not exist or if an error should be returned to the user.
-# (boolean value)
-#s3_store_create_bucket_on_put = false
-
-# The S3 calling format used to determine the bucket. Either subdomain
-# or path can be used. (string value)
-#s3_store_bucket_url_format = subdomain
-
-# What size, in MB, should S3 start chunking image files and do a
-# multipart upload in S3. (integer value)
-#s3_store_large_object_size = 100
-
-# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to 5M. (integer value)
-#s3_store_large_object_chunk_size = 10
-
-# The number of thread pools to perform a multipart upload in S3.
-# (integer value)
-#s3_store_thread_pools = 10
-
-# Enable the use of a proxy. (boolean value)
-#s3_store_enable_proxy = false
-
-# Address or hostname for the proxy server. (string value)
-#s3_store_proxy_host = <None>
-
-# The port to use when connecting over a proxy. (integer value)
-#s3_store_proxy_port = 8080
-
-# The username to connect to the proxy. (string value)
-#s3_store_proxy_user = <None>
-
-# The password to use when connecting over a proxy. (string value)
-#s3_store_proxy_password = <None>
-
-# Images will be chunked into objects of this size (in megabytes). For
-# best performance, this should be a power of two. (integer value)
+#
+# Chunk size for images to be stored in Sheepdog data store.
+#
+# Provide an integer value representing the size in mebibyte
+# (1048576 bytes) to chunk Glance images into. The default
+# chunk size is 64 mebibytes.
+#
+# When using Sheepdog distributed storage system, the images are
+# chunked into objects of this size and then stored across the
+# distributed data store to use for Glance.
+#
+# Chunk sizes, if a power of two, help avoid fragmentation and
+# enable improved performance.
+#
+# Possible values:
+#     * Positive integer value representing size in mebibytes.
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #sheepdog_store_chunk_size = 64
 
-# Port of sheep daemon. (integer value)
+#
+# Port number on which the sheep daemon will listen.
+#
+# Provide an integer value representing a valid port number on
+# which you want the Sheepdog daemon to listen on. The default
+# port is 7000.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages it receives on
+# the port number set using ``sheepdog_store_port`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related Options:
+#     * sheepdog_store_address
+#
+#  (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #sheepdog_store_port = 7000
 
-# IP address of sheep daemon. (string value)
-#sheepdog_store_address = localhost
-
-# Directory to which the Filesystem backend store writes images.
-# (string value)
-#filesystem_store_datadir = /var/lib/glance/images
-
-# List of directories and its priorities to which the Filesystem
-# backend store writes images. (multi valued)
-#filesystem_store_datadirs =
-
-# The path to a file which contains the metadata to be returned with
-# any location associated with this store.  The file must contain a
-# valid JSON object. The object should contain the keys 'id' and
-# 'mountpoint'. The value for both keys should be 'string'. (string
-# value)
-#filesystem_store_metadata_file = <None>
-
-# The required permission for created image file. In this way the user
-# other service used, e.g. Nova, who consumes the image could be the
-# exclusive member of the group that owns the files created. Assigning
-# it less then or equal to zero means don't change the default
-# permission of the file. This value will be decoded as an octal
-# digit. (integer value)
-#filesystem_store_file_perm = 0
-
-# ESX/ESXi or vCenter Server target system. The server value can be an
-# IP address or a DNS name. (string value)
-#vmware_server_host = <None>
-
-# Username for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_username = <None>
-
-# Password for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_password = <None>
-
-# Number of times VMware ESX/VC server API must be retried upon
-# connection related issues. (integer value)
+#
+# Address to bind the Sheepdog daemon to.
+#
+# Provide a string value representing the address to bind the
+# Sheepdog daemon to. The default address set for the 'sheep'
+# is 127.0.0.1.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages directed to the
+# address set using ``sheepdog_store_address`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#     * A valid hostname
+#
+# Related Options:
+#     * sheepdog_store_port
+#
+#  (string value)
+#sheepdog_store_address = 127.0.0.1
+
+#
+# Set verification of the server certificate.
+#
+# This boolean determines whether or not to verify the server
+# certificate. If this option is set to True, swiftclient won't check
+# for a valid SSL certificate when authenticating. If the option is set
+# to False, then the default CA truststore is used for verification.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_store_cacert
+#
+#  (boolean value)
+
+#
+# Address of the ESX/ESXi or vCenter Server target system.
+#
+# This configuration option sets the address of the ESX/ESXi or vCenter
+# Server target system. This option is required when using the VMware
+# storage backend. The address can contain an IP address (127.0.0.1) or
+# a DNS name (www.my-domain.com).
+#
+# Possible Values:
+#     * A valid IPv4 or IPv6 address
+#     * A valid DNS name
+#
+# Related options:
+#     * vmware_server_username
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_host = 127.0.0.1
+
+#
+# Server username.
+#
+# This configuration option takes the username for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is the username for a user with appropriate
+#       privileges
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_username = root
+
+#
+# Server password.
+#
+# This configuration option takes the password for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is a password corresponding to the username
+#       specified using the "vmware_server_username" option
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_username
+#
+#  (string value)
+#vmware_server_password = vmware
+
+#
+# The number of VMware API retries.
+#
+# This configuration option specifies the number of times the VMware
+# ESX/VC server API must be retried upon connection related issues or
+# server API call overload. It is not possible to specify 'retry
+# forever'.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #vmware_api_retry_count = 10
 
-# The interval used for polling remote tasks invoked on VMware ESX/VC
-# server. (integer value)
+#
+# Interval in seconds used for polling remote tasks invoked on VMware
+# ESX/VC server.
+#
+# This configuration option takes in the sleep time in seconds for polling an
+# on-going async task as part of the VMWare ESX/VC server API call.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #vmware_task_poll_interval = 5
 
-# The name of the directory where the glance images will be stored in
-# the VMware datastore. (string value)
+#
+# The directory where the glance images will be stored in the datastore.
+#
+# This configuration option specifies the path to the directory where the
+# glance images will be stored in the VMware datastore. If this option
+# is not set,  the default directory where the glance images are stored
+# is openstack_glance.
+#
+# Possible Values:
+#     * Any string that is a valid path to a directory
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #vmware_store_image_dir = /openstack_glance
 
-# If true, the ESX/vCenter server certificate is not verified. If
-# false, then the default CA truststore is used for verification. This
-# option is ignored if "vmware_ca_file" is set. (boolean value)
-# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#
+# Set verification of the ESX/vCenter server certificate.
+#
+# This configuration option takes a boolean value to determine
+# whether or not to verify the ESX/vCenter server certificate. If this
+# option is set to True, the ESX/vCenter server certificate is not
+# verified. If this option is set to False, then the default CA
+# truststore is used for verification.
+#
+# This option is ignored if the "vmware_ca_file" option is set. In that
+# case, the ESX/vCenter server certificate will then be verified using
+# the file specified using the "vmware_ca_file" option .
+#
+# Possible Values:
+#     * True
+#     * False
+#
+# Related options:
+#     * vmware_ca_file
+#
+#  (boolean value)
+# Deprecated group/name - [glance_store]/vmware_api_insecure
 #vmware_insecure = false
 
-# Specify a CA bundle file to use in verifying the ESX/vCenter server
-# certificate. (string value)
-#vmware_ca_file = <None>
-
-# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores. The
-# datastore name should be specified after its datacenter path,
-# seperated by ":". An optional weight may be given after the
-# datastore name, seperated again by ":". Thus, the required format
-# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
-# adding an image, the datastore with highest weight will be selected,
-# unless there is not enough free space available in cases where the
-# image size is already known. If no weight is given, it is assumed to
-# be zero and the directory will be considered for selection last. If
-# multiple datastores have the same weight, then the one with the most
-# free space available is selected. (multi valued)
+#
+# Absolute path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Cerificate Authority File to verify the ESX/vCenter certificate.
+#
+# If this option is set, the "vmware_insecure" option will be ignored
+# and the CA file specified will be used to authenticate the ESX/vCenter
+# server certificate and establish a secure connection to the server.
+#
+# Possible Values:
+#     * Any string that is a valid absolute path to a CA file
+#
+# Related options:
+#     * vmware_insecure
+#
+#  (string value)
+#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt
+
+#
+# The datastores where the image can be stored.
+#
+# This configuration option specifies the datastores where the image can
+# be stored in the VMWare store backend. This option may be specified
+# multiple times for specifying multiple datastores. The datastore name
+# should be specified after its datacenter path, separated by ":". An
+# optional weight may be given after the datastore name, separated again
+# by ":" to specify the priority. Thus, the required format becomes
+# <datacenter_path>:<datastore_name>:<optional_weight>.
+#
+# When adding an image, the datastore with highest weight will be
+# selected, unless there is not enough free space available in cases
+# where the image size is already known. If no weight is given, it is
+# assumed to be zero and the directory will be considered for selection
+# last. If multiple datastores have the same weight, then the one with
+# the most free space available is selected.
+#
+# Possible Values:
+#     * Any string of the format:
+#       <datacenter_path>:<datastore_name>:<optional_weight>
+#
+# Related options:
+#    * None
+#
+#  (multi valued)
 #vmware_datastores =
 
 
@@ -1098,54 +2714,69 @@
 # From glance.api
 #
 
-# Supported values for the 'container_format' image attribute (list
-# value)
+# Supported values for the 'container_format' image attribute (list value)
 # Deprecated group/name - [DEFAULT]/container_formats
 #container_formats = ami,ari,aki,bare,ovf,ova,docker
 
 # Supported values for the 'disk_format' image attribute (list value)
 # Deprecated group/name - [DEFAULT]/disk_formats
-disk_formats = ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,root-tar
+#disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso
 
 
 [keystone_authtoken]
-
+revocation_cache_time = 10
+auth_type = password
+user_domain_id = default
+project_domain_id = default
+project_name = service
+username = glance
+password = opnfv_secret
+auth_uri=http://10.167.4.10:5000
+auth_url=http://10.167.4.10:35357
+token_cache_time = -1
+memcached_servers=10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211
 #
 # From keystonemiddleware.auth_token
 #
 
-# Complete public Identity API endpoint. (string value)
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
+# clients are redirected to this endpoint to authenticate. Although this
+# endpoint should  ideally be unversioned, client support in the wild varies.
+# If you're using a versioned v2 endpoint here, then this  should *not* be the
+# same endpoint the service user utilizes  for validating tokens, because normal
+# end users may not be  able to reach that endpoint. (string value)
 #auth_uri = <None>
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
 
-# Do not handle authorization requests within the middleware, but
-# delegate the authorization decision to downstream WSGI components.
-# (boolean value)
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
 #delay_auth_decision = false
 
-# Request timeout value for communicating with Identity API server.
-# (integer value)
+# Request timeout value for communicating with Identity API server. (integer
+# value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with
-# Identity API Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity API
+# Server. (integer value)
 #http_request_max_retries = 3
 
-# Env key for the swift cache. (string value)
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
 #cache = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #certfile = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #keyfile = <None>
 
-# A PEM encoded Certificate Authority to use when verifying HTTPs
-# connections. Defaults to system CAs. (string value)
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
 #cafile = <None>
 
 # Verify HTTPS connections. (boolean value)
@@ -1157,98 +2788,91 @@
 # Directory used to cache files related to PKI tokens. (string value)
 #signing_dir = <None>
 
-# Optionally specify a list of memcached server(s) to use for caching.
-# If left undefined, tokens will instead be cached in-process. (list
-# value)
-# Deprecated group/name - [DEFAULT]/memcache_servers
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating tokens, the
-# middleware caches previously-seen tokens for a configurable duration
-# (in seconds). Set to -1 to disable caching completely. (integer
-# value)
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set to
+# -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of
-# revocation events combined with a low cache duration may
-# significantly reduce performance. (integer value)
+# Determines the frequency at which the list of revoked tokens is retrieved from
+# the Identity service (in seconds). A high number of revocation events combined
+# with a low cache duration may significantly reduce performance. Only valid for
+# PKI tokens. (integer value)
 #revocation_cache_time = 10
 
-# (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. If MAC, token data is
-# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
-# encrypted and authenticated in the cache. If the value is not one of
-# these options or empty, auth_token will raise an exception on
-# initialization. (string value)
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
 # Allowed values: None, MAC, ENCRYPT
 #memcache_security_strategy = None
 
-# (Optional, mandatory if memcache_security_strategy is defined) This
-# string is used for key derivation. (string value)
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
 #memcache_secret_key = <None>
 
-# (Optional) Number of seconds memcached server is considered dead
-# before it is tried again. (integer value)
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every
-# memcached server. (integer value)
+# (Optional) Maximum total number of open connections to every memcached server.
+# (integer value)
 #memcache_pool_maxsize = 10
 
-# (Optional) Socket timeout in seconds for communicating with a
-# memcached server. (integer value)
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
 #memcache_pool_socket_timeout = 3
 
-# (Optional) Number of seconds a connection to memcached is held
-# unused in the pool before it is closed. (integer value)
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
 #memcache_pool_unused_timeout = 60
 
-# (Optional) Number of seconds that an operation will wait to get a
-# memcached client connection from the pool. (integer value)
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcached client pool.
-# The advanced pool will only work under python 2.x. (boolean value)
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
-# (Optional) Indicate whether to set the X-Service-Catalog header. If
-# False, middleware will not ask for service catalog on token
-# validation and will not set the X-Service-Catalog header. (boolean
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it if
+# not. "strict" like "permissive" but if the bind type is unknown the token will
+# be rejected. "required" any form of token binding is needed to be allowed.
+# Finally the name of a binding method that must be present in tokens. (string
 # value)
-#include_service_catalog = true
-
-# Used to control the use and type of token binding. Can be set to:
-# "disabled" to not check token binding. "permissive" (default) to
-# validate binding information if the bind type is of a form known to
-# the server and ignore it if not. "strict" like "permissive" but if
-# the bind type is unknown the token will be rejected. "required" any
-# form of token binding is needed to be allowed. Finally the name of a
-# binding method that must be present in tokens. (string value)
 #enforce_token_bind = permissive
 
-# If true, the revocation list will be checked for cached tokens. This
-# requires that PKI tokens are configured on the identity server.
-# (boolean value)
+# If true, the revocation list will be checked for cached tokens. This requires
+# that PKI tokens are configured on the identity server. (boolean value)
 #check_revocations_for_cached = false
 
-# Hash algorithms to use for hashing PKI tokens. This may be a single
-# algorithm or multiple. The algorithms are those supported by Python
-# standard hashlib.new(). The hashes will be tried in the order given,
-# so put the preferred one first for performance. The result of the
-# first hash will be stored in the cache. This will typically be set
-# to multiple values only while migrating from a less secure algorithm
-# to a more secure one. Once all the old tokens are expired this
-# option should be set to a single value for better performance. (list
-# value)
+# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
+# or multiple. The algorithms are those supported by Python standard
+# hashlib.new(). The hashes will be tried in the order given, so put the
+# preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
 #hash_algorithms = md5
 
-# Authentication type to load (unknown value)
-# Deprecated group/name - [DEFAULT]/auth_plugin
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
 
-# Config Section from which to load plugin specific options (unknown
-# value)
+# Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
 
@@ -1258,32 +2882,44 @@
 # From oslo.messaging
 #
 
-# Host to locate redis. (string value)
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (port value)
+# DEPRECATED: Use this port to connect to redis host. (port value)
 # Minimum value: 0
 # Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #port = 6379
 
-# Password for Redis server (optional). (string value)
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #password =
 
-# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g.
 # [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #sentinel_hosts =
 
 # Redis replica set name. (string value)
 #sentinel_group_name = oslo-messaging-zeromq
 
 # Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 500
+#wait_timeout = 2000
 
 # Time in ms to wait before the transaction is killed. (integer value)
 #check_timeout = 20000
 
 # Timeout in ms on blocking socket operations (integer value)
-#socket_timeout = 1000
+#socket_timeout = 10000
 
 
 [oslo_concurrency]
@@ -1296,10 +2932,10 @@
 # Deprecated group/name - [DEFAULT]/disable_process_locking
 #disable_process_locking = false
 
-# Directory to use for lock files.  For security, the specified
-# directory should only be writable by the user running the processes
-# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
-# If external locks are used, a lock path must be set. (string value)
+# Directory to use for lock files.  For security, the specified directory should
+# only be writable by the user running the processes that need locking. Defaults
+# to environment variable OSLO_LOCK_PATH. If external locks are used, a lock
+# path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
 #lock_path = <None>
 
@@ -1309,6 +2945,101 @@
 #
 # From oslo.messaging
 #
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file to verify server certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Identifying certificate PEM file to present to clients (string value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign cert_file certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The deadline for an rpc reply message delivery. Only used when caller does not
+# provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy'   - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic'  - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
 
 # address prefix used when sending to a specific server (string value)
 # Deprecated group/name - [amqp1]/server_request_prefix
@@ -1322,60 +3053,54 @@
 # Deprecated group/name - [amqp1]/group_request_prefix
 #group_request_prefix = unicast
 
-# Name for the AMQP container (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file to verify server certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Identifying certificate PEM file to present to clients (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign cert_file certificate (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string
-# value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-robin
+# fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+default_notification_exchange = glance
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
 
 
 [oslo_messaging_notifications]
@@ -1384,14 +3109,14 @@
 # From oslo.messaging
 #
 
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
+# The Drivers(s) to handle sending notifications. Possible values are messaging,
+# messagingv2, routing, log, test, noop (multi valued)
 # Deprecated group/name - [DEFAULT]/notification_driver
 #driver =
-
-# A URL representing the messaging driver to use for notifications. If
-# not set, we fall back to the same configuration used for RPC.
-# (string value)
+driver = messagingv2
+
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
 # Deprecated group/name - [DEFAULT]/notification_transport_url
 #transport_url = <None>
 
@@ -1416,9 +3141,9 @@
 # Deprecated group/name - [DEFAULT]/amqp_auto_delete
 #amqp_auto_delete = false
 
-# SSL version to use (valid only if SSL enabled). Valid values are
-# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
-# available on some distributions. (string value)
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
 # Deprecated group/name - [DEFAULT]/kombu_ssl_version
 #kombu_ssl_version =
 
@@ -1430,117 +3155,131 @@
 # Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
 #kombu_ssl_certfile =
 
-# SSL certification authority file (valid only if SSL enabled).
-# (string value)
+# SSL certification authority file (valid only if SSL enabled). (string value)
 # Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
 #kombu_ssl_ca_certs =
 
-# How long to wait before reconnecting in response to an AMQP consumer
-# cancel notification. (floating point value)
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
 # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
 #kombu_reconnect_delay = 1.0
 
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
-# will not be used. This option may notbe available in future
-# versions. (string value)
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
 #kombu_compression = <None>
 
-# How long to wait a missing client beforce abandoning to send it its
-# replies. This value should not be longer than rpc_response_timeout.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
 #kombu_missing_consumer_retry_timeout = 60
 
-# Determines how the next RabbitMQ node is chosen in case the one we
-# are currently connected to becomes unavailable. Takes effect only if
-# more than one RabbitMQ node is provided in config. (string value)
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than one
+# RabbitMQ node is provided in config. (string value)
 # Allowed values: round-robin, shuffle
 #kombu_failover_strategy = round-robin
 
-# The RabbitMQ broker address where a single node is used. (string
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
 # value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (port value)
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_port = 5672
 
-# RabbitMQ HA cluster host:port pairs. (list value)
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_hosts = $rabbit_host:$rabbit_port
 
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl = false
 
-# The RabbitMQ userid. (string value)
+# DEPRECATED: The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_userid = guest
 
-# The RabbitMQ password. (string value)
+# DEPRECATED: The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_login_method
 #rabbit_login_method = AMQPLAIN
 
-# The RabbitMQ virtual host. (string value)
+# DEPRECATED: The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_virtual_host = /
 
 # How frequently to retry connecting with RabbitMQ. (integer value)
 #rabbit_retry_interval = 1
 
-# How long to backoff for between retries when connecting to RabbitMQ.
-# (integer value)
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
 #rabbit_retry_backoff = 2
 
-# Maximum interval of RabbitMQ connection retries. Default is 30
-# seconds. (integer value)
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
 #rabbit_interval_max = 30
 
-# Maximum number of RabbitMQ connection retries. Default is 0
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
 # (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
 #rabbit_max_retries = 0
 
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
-# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
-# queue mirroring is no longer controlled by the x-ha-policy argument
-# when declaring a queue. If you just want to make sure that all
-# queues (except  those with auto-generated names) are mirrored across
-# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
-# mode": "all"}' " (boolean value)
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue. If
+# you just want to make sure that all queues (except  those with auto-generated
+# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
+# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
 #rabbit_ha_queues = false
 
-# Positive integer representing duration in seconds for queue TTL
-# (x-expires). Queues which are unused for the duration of the TTL are
-# automatically deleted. The parameter affects only reply and fanout
-# queues. (integer value)
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically deleted.
+# The parameter affects only reply and fanout queues. (integer value)
 # Minimum value: 1
-#rabbit_transient_queues_ttl = 600
-
-# Specifies the number of messages to prefetch. Setting to zero allows
-# unlimited messages. (integer value)
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows unlimited
+# messages. (integer value)
 #rabbit_qos_prefetch_count = 0
 
-# Number of seconds after which the Rabbit broker is considered down
-# if heartbeat's keep-alive fails (0 disable the heartbeat).
-# EXPERIMENTAL (integer value)
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
 #heartbeat_timeout_threshold = 60
 
-# How often times during the heartbeat_timeout_threshold we check the
-# heartbeat. (integer value)
+# How often times during the heartbeat_timeout_threshold we check the heartbeat.
+# (integer value)
 #heartbeat_rate = 2
 
-# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
-# (boolean value)
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
 # Deprecated group/name - [DEFAULT]/fake_rabbit
 #fake_rabbit = false
 
@@ -1550,9 +3289,8 @@
 # The maximum byte size for an AMQP frame (integer value)
 #frame_max = <None>
 
-# How often to send heartbeats for consumer's connections (integer
-# value)
-#heartbeat_interval = 1
+# How often to send heartbeats for consumer's connections (integer value)
+#heartbeat_interval = 3
 
 # Enable SSL (boolean value)
 #ssl = <None>
@@ -1560,59 +3298,58 @@
 # Arguments passed to ssl.wrap_socket (dict value)
 #ssl_options = <None>
 
-# Set socket timeout in seconds for connection's socket (floating
+# Set socket timeout in seconds for connection's socket (floating point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error (floating
 # point value)
-#socket_timeout = 0.25
-
-# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
-# point value)
-#tcp_user_timeout = 0.25
-
-# Set delay for reconnection to some host which has connection error
-# (floating point value)
 #host_connection_reconnect_delay = 0.25
 
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
 # Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 10
-
-# Maximum number of connections to create above `pool_max_size`.
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`. (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available (integer
+# value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no recycling.
+# Expired connections are closed on acquire. (integer value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are considered stale
+# in seconds or None for no staleness. Stale connections are closed on acquire.
 # (integer value)
-#pool_max_overflow = 0
-
-# Default number of seconds to wait for a connections to available
-# (integer value)
-#pool_timeout = 30
-
-# Lifetime of a connection (since creation) in seconds or None for no
-# recycling. Expired connections are closed on acquire. (integer
-# value)
-#pool_recycle = 600
-
-# Threshold at which inactive (since release) connections are
-# considered stale in seconds or None for no staleness. Stale
-# connections are closed on acquire. (integer value)
 #pool_stale = 60
 
 # Persist notification messages. (boolean value)
 #notification_persistence = false
 
-# Exchange name for for sending notifications (string value)
+# Exchange name for sending notifications (string value)
 #default_notification_exchange = ${control_exchange}_notification
 
-# Max number of not acknowledged message which RabbitMQ can send to
-# notification listener. (integer value)
+# Max number of not acknowledged message which RabbitMQ can send to notification
+# listener. (integer value)
 #notification_listener_prefetch_count = 100
 
-# Reconnecting retry count in case of connectivity problem during
-# sending notification, -1 means infinite retry. (integer value)
+# Reconnecting retry count in case of connectivity problem during sending
+# notification, -1 means infinite retry. (integer value)
 #default_notification_retry_attempts = -1
 
-# Reconnecting retry delay in case of connectivity problem during
-# sending notification message (floating point value)
+# Reconnecting retry delay in case of connectivity problem during sending
+# notification message (floating point value)
 #notification_retry_delay = 0.25
 
-# Time to live for rpc queues without consumers in seconds. (integer
-# value)
+# Time to live for rpc queues without consumers in seconds. (integer value)
 #rpc_queue_expiration = 60
 
 # Exchange name for sending RPC messages (string value)
@@ -1621,32 +3358,136 @@
 # Exchange name for receiving RPC replies (string value)
 #rpc_reply_exchange = ${control_exchange}_rpc_reply
 
-# Max number of not acknowledged message which RabbitMQ can send to
-# rpc listener. (integer value)
+# Max number of not acknowledged message which RabbitMQ can send to rpc
+# listener. (integer value)
 #rpc_listener_prefetch_count = 100
 
-# Max number of not acknowledged message which RabbitMQ can send to
-# rpc reply listener. (integer value)
+# Max number of not acknowledged message which RabbitMQ can send to rpc reply
+# listener. (integer value)
 #rpc_reply_listener_prefetch_count = 100
 
-# Reconnecting retry count in case of connectivity problem during
-# sending reply. -1 means infinite retry during rpc_timeout (integer
+# Reconnecting retry count in case of connectivity problem during sending reply.
+# -1 means infinite retry during rpc_timeout (integer value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending reply.
+# (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during sending RPC
+# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
+# request could be processed more then one time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending RPC
+# message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Seconds to wait before a cast expires (TTL). The default value of -1 specifies
+# an infinite linger period. The value of 0 specifies no linger period. Pending
+# messages shall be discarded immediately when the socket is closed. Only
+# supported by impl_zmq. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#rpc_cast_timeout = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target (
+# < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#rpc_reply_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during
-# sending reply. (floating point value)
-#rpc_reply_retry_delay = 0.25
-
-# Reconnecting retry count in case of connectivity problem during
-# sending RPC message, -1 means infinite retry. If actual retry
-# attempts in not 0 the rpc request could be processed more then one
-# time (integer value)
-#default_rpc_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during
-# sending RPC message (floating point value)
-#rpc_retry_delay = 0.25
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = true
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = true
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = false
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware.http_proxy_to_wsgi
+#
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
 
 
 [oslo_policy]
@@ -1658,17 +3499,17 @@
 # The JSON file that defines policies. (string value)
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string
-# value)
+policy_file = /etc/glance/policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string value)
 # Deprecated group/name - [DEFAULT]/policy_default_rule
 #policy_default_rule = default
 
-# Directories where policy configuration files are stored. They can be
-# relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by
-# policy_file must exist for these directories to be searched.
-# Missing or empty directories are ignored. (multi valued)
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched.  Missing or empty directories are ignored. (multi
+# valued)
 # Deprecated group/name - [DEFAULT]/policy_dirs
 #policy_dirs = policy.d
 
@@ -1679,14 +3520,61 @@
 # From glance.api
 #
 
-# Partial name of a pipeline in your paste configuration file with the
-# service name removed. For example, if your paste section name is
-# [pipeline:glance-api-keystone] use the value "keystone" (string
-# value)
-#flavor = <None>
-
-# Name of the paste configuration file. (string value)
-#config_file = <None>
+#
+# Deployment flavor to use in the server application pipeline.
+#
+# Provide a string value representing the appropriate deployment
+# flavor used in the server application pipleline. This is typically
+# the partial name of a pipeline in the paste configuration file with
+# the service name removed.
+#
+# For example, if your paste section name in the paste configuration
+# file is [pipeline:glance-api-keystone], set ``flavor`` to
+# ``keystone``.
+#
+# Possible values:
+#     * String value representing a partial pipeline name.
+#
+# Related Options:
+#     * config_file
+#
+#  (string value)
+#flavor = keystone
+
+flavor=keystone
+
+
+#
+# Name of the paste configuration file.
+#
+# Provide a string value representing the name of the paste
+# configuration file to use for configuring piplelines for
+# server application deployments.
+#
+# NOTES:
+#     * Provide the name or the path relative to the glance directory
+#       for the paste configuration file and not the absolute path.
+#     * The sample paste configuration file shipped with Glance need
+#       not be edited in most cases as it comes with ready-made
+#       pipelines for all common deployment flavors.
+#
+# If no value is specified for this option, the ``paste.ini`` file
+# with the prefix of the corresponding Glance service's configuration
+# file name will be searched for in the known configuration
+# directories. (For example, if this option is missing from or has no
+# value set in ``glance-api.conf``, the service will look for a file
+# named ``glance-api-paste.ini``.) If the paste configuration file is
+# not found, the service will not start.
+#
+# Possible values:
+#     * A string value representing the name of the paste configuration
+#       file.
+#
+# Related Options:
+#     * flavor
+#
+#  (string value)
+#config_file = glance-api-paste.ini
 
 
 [profiler]
@@ -1695,16 +3583,60 @@
 # From glance.api
 #
 
-# If False fully disable profiling feature. (boolean value)
+#
+# Enables the profiling for all services on this node. Default value is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via this
+# project
+# operations. If the profiling is triggered by another project, this project
+# part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
 #enabled = false
 
-# If False doesn't trace SQL requests. (boolean value)
+#
+# Enables SQL requests profiling in services. Default value is False (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only shown on a
+# higher level of operations. Single SQL queries cannot be analyzed this
+# way.
+#  (boolean value)
 #trace_sqlalchemy = false
 
-# Secret key to use to sign Glance API and Glance Registry services
-# tracing messages. (string value)
+#
+# Secret key(s) to use for encrypting context data for performance profiling.
+# This string value should have the following format: <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the profiling via
+# the REST API has to set one of these keys in the headers of the REST API call
+# to include profiling results of this node for this particular project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to enable
+# profiling. Also, to generate correct profiling information across all services
+# at least one key needs to be consistent between OpenStack projects. This
+# ensures it can be used from client side to generate the trace, containing
+# information from all possible resources. (string value)
 #hmac_keys = SECRET_KEY
 
+#
+# Connection string for a notifier backend. Default value is messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+#  (string value)
+#connection_string = messaging://
+
 
 [store_type_location_strategy]
 
@@ -1712,44 +3644,100 @@
 # From glance.api
 #
 
-# The store names to use to get store preference order. The name must
-# be registered by one of the stores defined by the 'stores' config
-# option. This option will be applied when you using 'store_type'
-# option as image location strategy defined by the 'location_strategy'
-# config option. (list value)
+#
+# Preference order of storage backends.
+#
+# Provide a comma separated list of store names in the order in
+# which images should be retrieved from storage backends.
+# These store names must be registered with the ``stores``
+# configuration option.
+#
+# NOTE: The ``store_type_preference`` configuration option is applied
+# only if ``store_type`` is chosen as a value for the
+# ``location_strategy`` configuration option. An empty list will not
+# change the location order.
+#
+# Possible values:
+#     * Empty list
+#     * Comma separated list of registered store names. Legal values are:
+#         * file
+#         * http
+#         * rbd
+#         * swift
+#         * sheepdog
+#         * cinder
+#         * vmware
+#
+# Related options:
+#     * location_strategy
+#     * stores
+#
+#  (list value)
 #store_type_preference =
 
 
+
 [task]
 
 #
 # From glance.api
 #
 
-# Time in hours for which a task lives after, either succeeding or
-# failing (integer value)
+# Time in hours for which a task lives after, either succeeding or failing
+# (integer value)
 # Deprecated group/name - [DEFAULT]/task_time_to_live
 #task_time_to_live = 48
 
-# Specifies which task executor to be used to run the task scripts.
-# (string value)
+#
+# Task executor to be used to run task scripts.
+#
+# Provide a string value representing the executor to use for task
+# executions. By default, ``TaskFlow`` executor is used.
+#
+# ``TaskFlow`` helps make task executions easy, consistent, scalable
+# and reliable. It also enables creation of lightweight task objects
+# and/or functions that are combined together into flows in a
+# declarative manner.
+#
+# Possible values:
+#     * taskflow
+#
+# Related Options:
+#     * None
+#
+#  (string value)
 #task_executor = taskflow
 
-# Work dir for asynchronous task operations. The directory set here
-# will be used to operate over images - normally before they are
-# imported in the destination store. When providing work dir, make
-# sure enough space is provided for concurrent tasks to run
-# efficiently without running out of space. A rough estimation can be
-# done by multiplying the number of `max_workers` - or the N of
-# workers running - by an average image size (e.g 500MB). The image
+#
+# Absolute path to the work directory to use for asynchronous
+# task operations.
+#
+# The directory set here will be used to operate over images -
+# normally before they are imported in the destination store.
+#
+# NOTE: When providing a value for ``work_dir``, please make sure
+# that enough space is provided for concurrent tasks to run
+# efficiently without running out of space.
+#
+# A rough estimation can be done by multiplying the number of
+# ``max_workers`` with an average image size (e.g 500MB). The image
 # size estimation should be done based on the average size in your
-# deployment. Note that depending on the tasks running you may need to
-# multiply this number by some factor depending on what the task does.
-# For example, you may want to double the available size if image
-# conversion is enabled. All this being said, remember these are just
-# estimations and you should do them based on the worst case scenario
-# and be prepared to act in case they were wrong. (string value)
-#work_dir = <None>
+# deployment. Note that depending on the tasks running you may need
+# to multiply this number by some factor depending on what the task
+# does. For example, you may want to double the available size if
+# image conversion is enabled. All this being said, remember these
+# are just estimations and you should do them based on the worst
+# case scenario and be prepared to act in case they were wrong.
+#
+# Possible values:
+#     * String value representing the absolute path to the working
+#       directory
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#work_dir = /work_dir
 
 
 [taskflow_executor]
@@ -1758,13 +3746,77 @@
 # From glance.api
 #
 
-# The mode in which the engine will run. Can be 'serial' or
-# 'parallel'. (string value)
+#
+# Set the taskflow engine mode.
+#
+# Provide a string type value to set the mode in which the taskflow
+# engine would schedule tasks to the workers on the hosts. Based on
+# this mode, the engine executes tasks either in single or multiple
+# threads. The possible values for this configuration option are:
+# ``serial`` and ``parallel``. When set to ``serial``, the engine runs
+# all the tasks in a single thread which results in serial execution
+# of tasks. Setting this to ``parallel`` makes the engine run tasks in
+# multiple threads. This results in parallel execution of tasks.
+#
+# Possible values:
+#     * serial
+#     * parallel
+#
+# Related options:
+#     * max_workers
+#
+#  (string value)
 # Allowed values: serial, parallel
 #engine_mode = parallel
 
-# The number of parallel activities executed at the same time by the
-# engine. The value can be greater than one when the engine mode is
-# 'parallel'. (integer value)
+#
+# Set the number of engine executable tasks.
+#
+# Provide an integer value to limit the number of workers that can be
+# instantiated on the hosts. In other words, this number defines the
+# number of parallel tasks that can be executed at the same time by
+# the taskflow engine. This value can be greater than one when the
+# engine mode is set to parallel.
+#
+# Possible values:
+#     * Integer value greater than or equal to 1
+#
+# Related options:
+#     * engine_mode
+#
+#  (integer value)
+# Minimum value: 1
 # Deprecated group/name - [task]/eventlet_executor_pool_size
 #max_workers = 10
+
+#
+# Set the desired image conversion format.
+#
+# Provide a valid image format to which you want images to be
+# converted before they are stored for consumption by Glance.
+# Appropriate image format conversions are desirable for specific
+# storage backends in order to facilitate efficient handling of
+# bandwidth and usage of the storage infrastructure.
+#
+# By default, ``conversion_format`` is not set and must be set
+# explicitly in the configuration file.
+#
+# The allowed values for this option are ``raw``, ``qcow2`` and
+# ``vmdk``. The  ``raw`` format is the unstructured disk format and
+# should be chosen when RBD or Ceph storage backends are used for
+# image storage. ``qcow2`` is supported by the QEMU emulator that
+# expands dynamically and supports Copy on Write. The ``vmdk`` is
+# another common disk format supported by many common virtual machine
+# monitors like VMWare Workstation.
+#
+# Possible values:
+#     * qcow2
+#     * raw
+#     * vmdk
+#
+# Related options:
+#     * disk_formats
+#
+#  (string value)
+# Allowed values: qcow2, raw, vmdk
+#conversion_format = raw

2017-09-28 11:21:28,914 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-api.conf] at time 11:21:28.914229 duration_in_ms=150.652
2017-09-28 11:21:28,915 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-api-paste.ini] at time 11:21:28.914531
2017-09-28 11:21:28,915 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-api-paste.ini
2017-09-28 11:21:28,929 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-api-paste.ini'
2017-09-28 11:21:28,949 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:28,958 [salt.state       ][INFO    ][27825] File changed:
--- 
+++ 
@@ -1,38 +1,39 @@
+
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
-pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
 
 # Use this pipeline for image caching and no auth
 [pipeline:glance-api-caching]
-pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
 
 # Use this pipeline for caching w/ management interface but no auth
 [pipeline:glance-api-cachemanagement]
-pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
 
 # Use this pipeline for keystone auth
 [pipeline:glance-api-keystone]
-pipeline = cors healthcheck versionnegotiation osprofiler authtoken context  rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
 
 # Use this pipeline for keystone auth with image caching
 [pipeline:glance-api-keystone+caching]
-pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
 
 # Use this pipeline for keystone auth with caching and cache management
 [pipeline:glance-api-keystone+cachemanagement]
-pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user.
 [pipeline:glance-api-trusted-auth]
-pipeline = cors healthcheck versionnegotiation osprofiler context rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user and uses cache management
 [pipeline:glance-api-trusted-auth+cachemanagement]
-pipeline = cors healthcheck versionnegotiation osprofiler context cache cachemanage rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
 
 [composite:rootapp]
 paste.composite_factory = glance.api:root_app_factory
@@ -85,3 +86,6 @@
 paste.filter_factory =  oslo_middleware.cors:filter_factory
 oslo_config_project = glance
 oslo_config_program = glance-api
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory

2017-09-28 11:21:28,958 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-api-paste.ini] at time 11:21:28.958010 duration_in_ms=43.478
2017-09-28 11:21:28,958 [salt.state       ][INFO    ][27825] Running state [glance-glare] at time 11:21:28.958163
2017-09-28 11:21:28,958 [salt.state       ][INFO    ][27825] Executing state pkg.installed for glance-glare
2017-09-28 11:21:28,966 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'glance-glare'] in directory '/root'
2017-09-28 11:21:29,431 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928112129429352
2017-09-28 11:21:29,449 [salt.minion      ][INFO    ][28969] Starting a new job with PID 28969
2017-09-28 11:21:29,461 [salt.minion      ][INFO    ][28969] Returning information for job: 20170928112129429352
2017-09-28 11:21:31,788 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:21:31,881 [salt.state       ][INFO    ][27825] Made the following changes:
'glance-glare' changed from 'absent' to '2:12.0.0-0ubuntu2'

2017-09-28 11:21:31,891 [salt.state       ][INFO    ][27825] Loading fresh modules for state activity
2017-09-28 11:21:31,903 [salt.state       ][INFO    ][27825] Completed state [glance-glare] at time 11:21:31.902955 duration_in_ms=2944.791
2017-09-28 11:21:31,905 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-glare-paste.ini] at time 11:21:31.904846
2017-09-28 11:21:31,905 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-glare-paste.ini
2017-09-28 11:21:31,930 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-glare-paste.ini'
2017-09-28 11:21:31,932 [salt.state       ][INFO    ][27825] File /etc/glance/glance-glare-paste.ini is in the correct state
2017-09-28 11:21:31,933 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-glare-paste.ini] at time 11:21:31.932529 duration_in_ms=27.682
2017-09-28 11:21:31,933 [salt.state       ][INFO    ][27825] Running state [/etc/glance/glance-glare.conf] at time 11:21:31.933152
2017-09-28 11:21:31,933 [salt.state       ][INFO    ][27825] Executing state file.managed for /etc/glance/glance-glare.conf
2017-09-28 11:21:31,961 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/files/ocata/glance-glare.conf.Debian'
2017-09-28 11:21:32,020 [salt.fileclient  ][INFO    ][27825] Fetching file from saltenv 'base', ** done ** 'glance/map.jinja'
2017-09-28 11:21:32,037 [salt.state       ][INFO    ][27825] File changed:
--- 
+++ 
@@ -1,200 +1,480 @@
+
+
 [DEFAULT]
 
 #
 # From glance.glare
 #
 
-# When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the  image will be the authenticated user
-# issuing the request. (boolean value)
+#
+# Set the image owner to tenant or the authenticated user.
+#
+# Assign a boolean value to determine the owner of an image. When set to
+# True, the owner of the image is the tenant. When set to False, the
+# owner of the image will be the authenticated user issuing the request.
+# Setting it to False makes the image private to the associated user and
+# sharing with other users within the same tenant (or "project")
+# requires explicit image sharing via image membership.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #owner_is_tenant = true
 
+#
 # Role used to identify an authenticated user as administrator.
-# (string value)
+#
+# Provide a string value representing a Keystone role to identify an
+# administrative user. Users with this role will be granted
+# administrative privileges. The default value for this option is
+# 'admin'.
+#
+# Possible values:
+#     * A string value which is a valid Keystone role
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #admin_role = admin
 
-# Allow unauthenticated users to access the API with read-only
-# privileges. This only applies when using ContextMiddleware. (boolean
-# value)
+#
+# Allow limited access to unauthenticated users.
+#
+# Assign a boolean to determine API access for unathenticated
+# users. When set to False, the API cannot be accessed by
+# unauthenticated users. When set to True, unauthenticated users can
+# access the API with read-only privileges. This however only applies
+# when using ContextMiddleware.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #allow_anonymous_access = false
 
-# Limits request ID length. (integer value)
+#
+# Limit the request ID length.
+#
+# Provide  an integer value to limit the length of the request ID to
+# the specified length. The default value is 64. Users can change this
+# to any ineteger value between 0 and 16384 however keeping in mind that
+# a larger value may flood the logs.
+#
+# Possible values:
+#     * Integer value between 0 and 16384
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #max_request_id_length = 64
 
-# Public url to use for versions endpoint. The default is None, which
-# will use the request's host_url attribute to populate the URL base.
-# If Glance is operating behind a proxy, you will want to change this
-# to represent the proxy's URL. (string value)
+#
+# Public url endpoint to use for Glance/Glare versions response.
+#
+# This is the public url endpoint that will appear in the Glance/Glare
+# "versions" response. If no value is specified, the endpoint that is
+# displayed in the version's response is that of the host running the
+# API service. Change the endpoint to represent the proxy URL if the
+# API service is running behind a proxy. If the service is running
+# behind a load balancer, add the load balancer's URL for this value.
+#
+# Possible values:
+#     * None
+#     * Proxy URL
+#     * Load balancer URL
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #public_endpoint = <None>
 
-# Address to bind the server.  Useful when selecting a particular
-# network interface. (string value)
+#
+# IP address to bind the glance servers to.
+#
+# Provide an IP address to bind the glance server to. The default
+# value is ``0.0.0.0``.
+#
+# Edit this option to enable the server to listen on one particular
+# IP address on the network card. This facilitates selection of a
+# particular network interface for the server.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #bind_host = 0.0.0.0
-
-# The port on which the server will listen. (port value)
+bind_host = 10.167.4.12
+
+#
+# Port number on which the server will listen.
+#
+# Provide a valid port number to bind the server's socket to. This
+# port is then set to identify processes and forward network messages
+# that arrive at the server. The default bind_port value for the API
+# server is 9292 and for the registry server is 9191.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related options:
+#     * None
+#
+#  (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #bind_port = <None>
-
-# The number of child process workers that will be created to service
-# requests. The default will be equal to the number of CPUs available.
-# (integer value)
+bind_port = 9494
+
+#
+# Number of Glance worker processes to start.
+#
+# Provide a non-negative integer value to set the number of child
+# process workers to service requests. By default, the number of CPUs
+# available is set as the value for ``workers``.
+#
+# Each worker process is made to listen on the port set in the
+# configuration file and contains a greenthread pool of size 1000.
+#
+# NOTE: Setting the number of workers to zero, triggers the creation
+# of a single API process with a greenthread pool of size 1000.
+#
+# Possible values:
+#     * 0
+#     * Positive integer value (typically equal to the number of CPUs)
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #workers = <None>
-
-# Maximum line size of message headers to be accepted. max_header_line
-# may need to be increased when using large tokens (typically those
-# generated by the Keystone v3 API with big service catalogs (integer
-# value)
+workers = 8
+
+#
+# Maximum line size of message headers.
+#
+# Provide an integer value representing a length to limit the size of
+# message headers. The default value is 16384.
+#
+# NOTE: ``max_header_line`` may need to be increased when using large
+# tokens (typically those generated by the Keystone v3 API with big
+# service catalogs). However, it is to be kept in mind that larger
+# values for ``max_header_line`` would flood the logs.
+#
+# Setting ``max_header_line`` to 0 sets no limit for the line size of
+# message headers.
+#
+# Possible values:
+#     * 0
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #max_header_line = 16384
 
-# If False, server will return the header "Connection: close", If
-# True, server will return "Connection: Keep-Alive" in its responses.
-# In order to close the client socket connection explicitly after the
-# response is sent and read successfully by the client, you simply
-# have to set this option to False when you create a wsgi server.
-# (boolean value)
+#
+# Set keep alive option for HTTP over TCP.
+#
+# Provide a boolean value to determine sending of keep alive packets.
+# If set to ``False``, the server returns the header
+# "Connection: close". If set to ``True``, the server returns a
+# "Connection: Keep-Alive" in its responses. This enables retention of
+# the same TCP connection for HTTP conversations instead of opening a
+# new one with each new request.
+#
+# This option must be set to ``False`` if the client socket connection
+# needs to be closed explicitly after the response is received and
+# read successfully by the client.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * None
+#
+#  (boolean value)
 #http_keepalive = true
 
-# Timeout for client connections' socket operations. If an incoming
-# connection is idle for this number of seconds it will be closed. A
-# value of '0' means wait forever. (integer value)
+#
+# Timeout for client connections' socket operations.
+#
+# Provide a valid integer value representing time in seconds to set
+# the period of wait before an incoming connection can be closed. The
+# default value is 900 seconds.
+#
+# The value zero implies wait forever.
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #client_socket_timeout = 900
 
-# The backlog value that will be used when creating the TCP listener
-# socket. (integer value)
+#
+# Set the number of incoming connection requests.
+#
+# Provide a positive integer value to limit the number of requests in
+# the backlog queue. The default queue size is 4096.
+#
+# An incoming connection to a TCP listener socket is queued before a
+# connection can be established with the server. Setting the backlog
+# for a TCP socket ensures a limited queue size for incoming traffic.
+#
+# Possible values:
+#     * Positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #backlog = 4096
 
-# The value for the socket option TCP_KEEPIDLE.  This is the time in
-# seconds that the connection must be idle before TCP starts sending
-# keepalive probes. (integer value)
+#
+# Set the wait time before a connection recheck.
+#
+# Provide a positive integer value representing time in seconds which
+# is set as the idle wait time before a TCP keep alive packet can be
+# sent to the host. The default value is 600 seconds.
+#
+# Setting ``tcp_keepidle`` helps verify at regular intervals that a
+# connection is intact and prevents frequent TCP connection
+# reestablishment.
+#
+# Possible values:
+#     * Positive integer value representing time in seconds
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #tcp_keepidle = 600
 
-# CA certificate file to use to verify connecting clients. (string
-# value)
-#ca_file = <None>
-
-# Certificate file to use when starting API server securely. (string
-# value)
-#cert_file = <None>
-
-# Private key file to use when starting API server securely. (string
-# value)
-#key_file = <None>
-
-# If False fully disable profiling feature. (boolean value)
-#enabled = false
-
-# If False doesn't trace SQL requests. (boolean value)
-#trace_sqlalchemy = false
-
-# Secret key to use to sign Glance API and Glance Registry services
-# tracing messages. (string value)
-#hmac_keys = SECRET_KEY
-
-# Default publisher_id for outgoing notifications. (string value)
+#
+# Absolute path to the CA file.
+#
+# Provide a string value representing a valid absolute path to
+# the Certificate Authority file to use for client authentication.
+#
+# A CA file typically contains necessary trusted certificates to
+# use for the client authentication. This is essential to ensure
+# that a secure connection is established to the server via the
+# internet.
+#
+# Possible values:
+#     * Valid absolute path to the CA file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#ca_file = /etc/ssl/cafile
+
+#
+# Absolute path to the certificate file.
+#
+# Provide a string value representing a valid absolute path to the
+# certificate file which is required to start the API service
+# securely.
+#
+# A certificate file typically is a public key container and includes
+# the server's public key, server name, server information and the
+# signature which was a result of the verification process using the
+# CA certificate. This is required for a secure connection
+# establishment.
+#
+# Possible values:
+#     * Valid absolute path to the certificate file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#cert_file = /etc/ssl/certs
+
+#
+# Absolute path to a private key file.
+#
+# Provide a string value representing a valid absolute path to a
+# private key file which is required to establish the client-server
+# connection.
+#
+# Possible values:
+#     * Absolute path to the private key file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#key_file = /etc/ssl/key/key-file.pem
+
+#
+# Default publisher_id for outgoing Glance notifications.
+#
+# This is the value that the notification driver will use to identify
+# messages for events originating from the Glance service. Typically,
+# this is the hostname of the instance that generated the message.
+#
+# Possible values:
+#     * Any reasonable instance identifier, for example: image.host1
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #default_publisher_id = image.localhost
 
-# List of disabled notifications. A notification can be given either
-# as a notification type to disable a single event, or as a
-# notification group prefix to disable all events within a group.
-# Example: if this config option is set to ["image.create",
-# "metadef_namespace"], then "image.create" notification will not be
-# sent after image is created and none of the notifications for
-# metadefinition namespaces will be sent. (list value)
+#
+# List of notifications to be disabled.
+#
+# Specify a list of notifications that should not be emitted.
+# A notification can be given either as a notification type to
+# disable a single event notification, or as a notification group
+# prefix to disable all event notifications within a group.
+#
+# Possible values:
+#     A comma-separated list of individual notification types or
+#     notification groups to be disabled. Currently supported groups:
+#         * image
+#         * image.member
+#         * task
+#         * metadef_namespace
+#         * metadef_object
+#         * metadef_property
+#         * metadef_resource_type
+#         * metadef_tag
+#     For a complete listing and description of each event refer to:
+#     http://docs.openstack.org/developer/glance/notifications.html
+#
+#     The values must be specified as: <group_name>.<event_name>
+#     For example: image.create,task.success,metadef_tag
+#
+# Related options:
+#     * None
+#
+#  (list value)
 #disabled_notifications =
 
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of
-# the default INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
 
-# If set to false, the logging level will be set to WARNING instead of
-# the default INFO level. (boolean value)
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
 
-# The name of a logging configuration file. This file is appended to
-# any existing logging configuration files. For details about logging
-# configuration files, see the Python logging module documentation.
-# Note that when logging configuration files are used then all logging
-# configuration is set in the configuration file and other logging
-# configuration options are ignored (for example,
-# logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set.
-# (string value)
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default
-# is set, logging will go to stderr as defined by use_stderr. This
-# option is ignored if log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths.
-# This option is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/glare.log
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
-
-# Uses logging handler designed to watch file system. When log file is
-# moved or removed this handler will open a new log file with
-# specified path instantaneously. It makes sense only if log_file
-# option is specified and Linux platform is used. This option is
-# ignored if log_config_append is set. (boolean value)
+log_dir = /var/log/glance
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and Linux
+# platform is used. This option is ignored if log_config_append is set. (boolean
+# value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and
-# will be changed later to honor RFC5424. This option is ignored if
-# log_config_append is set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_syslog = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. This option is ignored if
-# log_config_append is set. (boolean value)
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined.
-# (string value)
+# Format string to use for log messages when context is undefined. (string
+# value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the
-# message is DEBUG. (string value)
+# Additional data to append to log message when logging level for the message is
+# DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
-# Prefix each line of exception output with this format. (string
-# value)
+# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is
-# ignored if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message.
-# (string value)
+# The format for an instance that is passed with the log message. (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message.
-# (string value)
+# The format for an instance UUID that is passed with the log message. (string
+# value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Enables or disables fatal status of deprecations. (boolean value)
@@ -207,28 +487,27 @@
 # From oslo.middleware.cors
 #
 
-# Indicate whether this resource may be shared with the domain
-# received in the requests "origin" header. (list value)
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
-# Indicate that the actual request can include user credentials
-# (boolean value)
+# Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
 
-# Indicate which headers are safe to expose to the API. Defaults to
-# HTTP Simple Headers. (list value)
-#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers =
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
-# Indicate which methods can be used during the actual request. (list
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
 # value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual
-# request. (list value)
-#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+#allow_headers =
 
 
 [cors.subdomain]
@@ -237,28 +516,27 @@
 # From oslo.middleware.cors
 #
 
-# Indicate whether this resource may be shared with the domain
-# received in the requests "origin" header. (list value)
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
-# Indicate that the actual request can include user credentials
-# (boolean value)
+# Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
 
-# Indicate which headers are safe to expose to the API. Defaults to
-# HTTP Simple Headers. (list value)
-#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers =
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
-# Indicate which methods can be used during the actual request. (list
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH
+
+# Indicate which header field names may be used during the actual request. (list
 # value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual
-# request. (list value)
-#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+#allow_headers =
 
 
 [database]
@@ -267,8 +545,12 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect the
+# database.
 #sqlite_db = oslo.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
@@ -279,21 +561,22 @@
 # Deprecated group/name - [DEFAULT]/db_backend
 #backend = sqlalchemy
 
-# The SQLAlchemy connection string to use to connect to the database.
-# (string value)
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave
-# database. (string value)
+connection = mysql+pymysql://glance:opnfv_secret@10.167.4.50/glance?charset=utf8&read_timeout=60
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
 #slave_connection = <None>
 
-# The SQL mode to be used for MySQL sessions. This option, including
-# the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value.
-# Example: mysql_sql_mode= (string value)
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
+# the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
 #mysql_sql_mode = TRADITIONAL
 
 # Timeout before idle SQL connections are reaped. (integer value)
@@ -301,39 +584,42 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool. (integer
-# value)
+idle_timeout = 3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer
-# value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
+# indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to
-# -1 to specify an infinite retry count. (integer value)
+#max_pool_size = 5
+max_pool_size = 30
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer
-# value)
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
 
-# If set, use this value for max_overflow with SQLAlchemy. (integer
-# value)
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# (integer value)
+max_overflow = 60
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -341,37 +627,35 @@
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
 #connection_trace = false
 
-# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# value)
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection
-# lost. (boolean value)
+# Enable the experimental use of database reconnect on connection lost. (boolean
+# value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
 
-# If True, increases the interval between retries of a database
-# operation up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
 #db_inc_retry_interval = true
 
-# If db_inc_retry_interval is set, the maximum seconds between retries
-# of a database operation. (integer value)
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
 #db_max_retry_interval = 10
 
-# Maximum retries in case of connection error or deadlock error before
-# error is raised. Set to -1 to specify an infinite retry count.
-# (integer value)
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
 #db_max_retries = 20
 
 #
 # From oslo.db.concurrency
 #
 
-# Enable the experimental use of thread pooling for all DB API calls
-# (boolean value)
+# Enable the experimental use of thread pooling for all DB API calls (boolean
+# value)
 # Deprecated group/name - [DEFAULT]/dbapi_use_tpool
 #use_tpool = false
 
@@ -382,400 +666,817 @@
 # From glance.store
 #
 
-# List of stores enabled. Valid stores are: cinder, file, http, rbd,
-# sheepdog, swift, s3, vsphere (list value)
+#
+# List of enabled Glance stores.
+#
+# Register the storage backends to use for storing disk images
+# as a comma separated list. The default stores enabled for
+# storing disk images with Glance are ``file`` and ``http``.
+#
+# Possible values:
+#     * A comma separated list that could include:
+#         * file
+#         * http
+#         * swift
+#         * rbd
+#         * sheepdog
+#         * cinder
+#         * vmware
+#
+# Related Options:
+#     * default_store
+#
+#  (list value)
 #stores = file,http
-
-# Default scheme to use to store image data. The scheme must be
-# registered by one of the stores defined by the 'stores' config
-# option. (string value)
+default_store = file
+stores = file,http
+#
+# The default scheme to use for storing images.
+#
+# Provide a string value representing the default scheme to use for
+# storing images. If not set, Glance uses ``file`` as the default
+# scheme to store images with the ``file`` store.
+
+os_region_name=RegionOne
+
+
+#
+# NOTE: The value given for this configuration option must be a valid
+# scheme for a store registered with the ``stores`` configuration
+# option.
+#
+# Possible values:
+#     * file
+#     * filesystem
+#     * http
+#     * https
+#     * swift
+#     * swift+http
+#     * swift+https
+#     * swift+config
+#     * rbd
+#     * sheepdog
+#     * cinder
+#     * vsphere
+#
+# Related Options:
+#     * stores
+#
+#  (string value)
+# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
 #default_store = file
 
-# Minimum interval seconds to execute updating dynamic storage
-# capabilities based on backend status then. It's not a periodic
-# routine, the update logic will be executed only when interval
-# seconds elapsed and an operation of store has triggered. The feature
-# will be enabled only when the option value greater then zero.
-# (integer value)
+#
+# Minimum interval in seconds to execute updating dynamic storage
+# capabilities based on current backend status.
+#
+# Provide an integer value representing time in seconds to set the
+# minimum interval before an update of dynamic storage capabilities
+# for a storage backend can be attempted. Setting
+# ``store_capabilities_update_min_interval`` does not mean updates
+# occur periodically based on the set interval. Rather, the update
+# is performed at the elapse of this interval set, if an operation
+# of the store is triggered.
+#
+# By default, this option is set to zero and is disabled. Provide an
+# integer value greater than zero to enable this option.
+#
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
+# /store-capabilities.html
+#
+# For more information on setting up a particular store in your
+# deplyment and help with the usage of this feature, please contact
+# the storage driver maintainers listed here:
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
+#
+# Possible values:
+#     * Zero
+#     * Positive integer
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
 #store_capabilities_update_min_interval = 0
 
-# Specify the path to the CA bundle file to use in verifying the
-# remote server certificate. (string value)
+#
+# Information to match when looking for cinder in the service catalog.
+#
+# When the ``cinder_endpoint_template`` is not set and any of
+# ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, ``cinder_store_password`` is not set,
+# cinder store uses this information to lookup cinder endpoint from the service
+# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# into consideration to fetch the appropriate endpoint.
+#
+# The service catalog can be listed by the ``openstack catalog list`` command.
+#
+# Possible values:
+#     * A string of of the following form:
+#       ``<service_type>:<service_name>:<endpoint_type>``
+#       At least ``service_type`` and ``endpoint_type`` should be specified.
+#       ``service_name`` can be omitted.
+#
+# Related options:
+#     * cinder_os_region_name
+#     * cinder_endpoint_template
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#
+#  (string value)
+#cinder_catalog_info = volumev2::publicURL
+cinder_catalog_info = volumev2::internalURL
+
+#
+# Override service catalog lookup with template for cinder endpoint.
+#
+# When this option is set, this value is used to generate cinder endpoint,
+# instead of looking up from the service catalog.
+# This value is ignored if ``cinder_store_auth_address``,
+# ``cinder_store_user_name``, ``cinder_store_project_name``, and
+# ``cinder_store_password`` are specified.
+#
+# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+#       replaced with the current tenant (project) name.
+#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#     * cinder_store_password
+#     * cinder_catalog_info
+#
+#  (string value)
+#cinder_endpoint_template = <None>
+
+#
+# Region name to lookup cinder service from the service catalog.
+#
+# This is used only when ``cinder_catalog_info`` is used for determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
+# the specified region. It is useful when multiple regions are listed in the
+# catalog. If this is not set, the endpoint is looked up from every region.
+#
+# Possible values:
+#     * A string that is a valid region name.
+#
+# Related options:
+#     * cinder_catalog_info
+#
+#  (string value)
+# Deprecated group/name - [glance_store]/os_region_name
+#cinder_os_region_name = <None>
+
+cinder_os_region_name = RegionOne
+
+
+#
+# Location of a CA certificates file used for cinder client requests.
+#
+# The specified CA certificates file, if set, is used to verify cinder
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
+# ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+#
+# Possible values:
+#     * Path to a ca certificates file
+#
+# Related options:
+#     * cinder_api_insecure
+#
+#  (string value)
+#cinder_ca_certificates_file = <None>
+
+#
+# Number of cinderclient retries on failed http calls.
+#
+# When a call failed by any errors, cinderclient will retry the call up to the
+# specified times after sleeping a few seconds.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_http_retries = 3
+
+#
+# Time period, in seconds, to wait for a cinder volume transition to
+# complete.
+#
+# When the cinder volume is created, deleted, or attached to the glance node to
+# read/write the volume data, the volume's state is changed. For example, the
+# newly created volume status changes from ``creating`` to ``available`` after
+# the creation process is completed. This specifies the maximum time to wait for
+# the status change. If a timeout occurs while waiting, or the status is changed
+# to an unexpected value (e.g. `error``), the image creation fails.
+#
+# Possible values:
+#     * A positive integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 0
+#cinder_state_transition_timeout = 300
+
+#
+# Allow to perform insecure SSL requests to cinder.
+#
+# If this option is set to True, HTTPS endpoint connection is verified using the
+# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * cinder_ca_certificates_file
+#
+#  (boolean value)
+#cinder_api_insecure = false
+
+#
+# The address where the cinder authentication service is listening.
+#
+# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options are
+# specified, the specified values are always used for the authentication.
+# This is useful to hide the image volumes from users by storing them in a
+# project/tenant specific to the image service. It also enables users to share
+# the image volume among other projects under the control of glance's ACL.
+#
+# If either of these options are not set, the cinder endpoint is looked up
+# from the service catalog, and current context's user and project are used.
+#
+# Possible values:
+#     * A valid authentication service address, for example:
+#       ``http://openstack.example.org/identity/v2.0``
+#
+# Related options:
+#     * cinder_store_user_name
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_auth_address = <None>
+
+#
+# User name to authenticate against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid user name
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_password
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_user_name = <None>
+
+#
+# Password for the user authenticating against cinder.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the user of the current context is used.
+#
+# Possible values:
+#     * A valid password for the user specified by ``cinder_store_user_name``
+#
+# Related options:
+#     * cinder_store_auth_address
+#     * cinder_store_user_name
+#     * cinder_store_project_name
+#
+#  (string value)
+#cinder_store_password = <None>
+
+#
+# Project name where the image volume is stored in cinder.
+#
+# If this configuration option is not set, the project in current context is
+# used.
+#
+# This must be used with all the following related options. If any of these are
+# not specified, the project of the current context is used.
+#
+# Possible values:
+#     * A valid project name
+#
+# Related options:
+#     * ``cinder_store_auth_address``
+#     * ``cinder_store_user_name``
+#     * ``cinder_store_password``
+#
+#  (string value)
+#cinder_store_project_name = <None>
+
+#
+# Path to the rootwrap configuration file to use for running commands as root.
+#
+# The cinder store requires root privileges to operate the image volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
+# The configuration file should allow the required commands by cinder store and
+# os-brick library.
+#
+# Possible values:
+#     * Path to the rootwrap config file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
+
+#
+# Directory to which the filesystem backend store writes images.
+#
+# Upon start up, Glance creates the directory if it doesn't already
+# exist and verifies write access to the user under which
+# ``glance-api`` runs. If the write access isn't available, a
+# ``BadStoreConfiguration`` exception is raised and the filesystem
+# store may not be available for adding new images.
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * A valid path to a directory
+#
+# Related options:
+#     * ``filesystem_store_datadirs``
+#     * ``filesystem_store_file_perm``
+#
+#  (string value)
+#filesystem_store_datadir = /var/lib/glance/images
+filesystem_store_datadir = /var/lib/glance/images/
+
+
+#
+# List of directories and their priorities to which the filesystem
+# backend store writes images.
+#
+# The filesystem store can be configured to store images in multiple
+# directories as opposed to using a single directory specified by the
+# ``filesystem_store_datadir`` configuration option. When using
+# multiple directories, each directory can be given an optional
+# priority to specify the preference order in which they should
+# be used. Priority is an integer that is concatenated to the
+# directory path with a colon where a higher value indicates higher
+# priority. When two directories have the same priority, the directory
+# with most free space is used. When no priority is specified, it
+# defaults to zero.
+#
+# More information on configuring filesystem store with multiple store
+# directories can be found at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# NOTE: This directory is used only when filesystem store is used as a
+# storage backend. Either ``filesystem_store_datadir`` or
+# ``filesystem_store_datadirs`` option must be specified in
+# ``glance-api.conf``. If both options are specified, a
+# ``BadStoreConfiguration`` will be raised and the filesystem store
+# may not be available for adding new images.
+#
+# Possible values:
+#     * List of strings of the following form:
+#         * ``<a valid directory path>:<optional integer priority>``
+#
+# Related options:
+#     * ``filesystem_store_datadir``
+#     * ``filesystem_store_file_perm``
+#
+#  (multi valued)
+#filesystem_store_datadirs =
+
+#
+# Filesystem store metadata file.
+#
+# The path to a file which contains the metadata to be returned with
+# any location associated with the filesystem store. The file must
+# contain a valid JSON object. The object should contain the keys
+# ``id`` and ``mountpoint``. The value for both keys should be a
+# string.
+#
+# Possible values:
+#     * A valid path to the store metadata file
+#
+# Related options:
+#     * None
+#
+#  (string value)
+
+#
+# File access permissions for the image files.
+#
+# Set the intended file access permissions for image data. This provides
+# a way to enable other services, e.g. Nova, to consume images directly
+# from the filesystem store. The users running the services that are
+# intended to be given access to could be made a member of the group
+# that owns the files created. Assigning a value less then or equal to
+# zero for this configuration option signifies that no changes be made
+# to the  default permissions. This value will be decoded as an octal
+# digit.
+#
+# For more information, please refer the documentation at
+# http://docs.openstack.org/developer/glance/configuring.html
+#
+# Possible values:
+#     * A valid file access permission
+#     * Zero
+#     * Any negative integer
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+#filesystem_store_file_perm = 0
+
+#
+# Path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Certificate Authority file to verify the remote server certificate. If
+# this option is set, the ``https_insecure`` option will be ignored and
+# the CA file specified will be used to authenticate the server
+# certificate and establish a secure connection to the server.
+#
+# Possible values:
+#     * A valid path to a CA file
+#
+# Related options:
+#     * https_insecure
+#
+#  (string value)
 #https_ca_certificates_file = <None>
 
-# If true, the remote server certificate is not verified. If false,
-# then the default CA truststore is used for verification. This option
-# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#
+# Set verification of the remote server certificate.
+#
+# This configuration option takes in a boolean value to determine
+# whether or not to verify the remote server certificate. If set to
+# True, the remote server certificate is not verified. If the option is
+# set to False, then the default CA truststore is used for verification.
+#
+# This option is ignored if ``https_ca_certificates_file`` is set.
+# The remote server certificate will then be verified using the file
+# specified using the ``https_ca_certificates_file`` option.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * https_ca_certificates_file
+#
+#  (boolean value)
 #https_insecure = true
 
-# Specify the http/https proxy information that should be used to
-# connect to the remote server. The proxy information should be a key
-# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
-# specify proxies for multiple schemes by seperating the key value
-# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
-# (dict value)
+#
+# The http/https proxy information to be used to connect to the remote
+# server.
+#
+# This configuration option specifies the http/https proxy information
+# that should be used to connect to the remote server. The proxy
+# information should be a key value pair of the scheme and proxy, for
+# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# schemes by separating the key value pairs with a comma, for example,
+# http:10.0.0.1:3128, https:10.0.0.1:1080.
+#
+# Possible values:
+#     * A comma separated list of scheme:proxy pairs as described above
+#
+# Related options:
+#     * None
+#
+#  (dict value)
 #http_proxy_information =
 
-# If True, swiftclient won't check for a valid SSL certificate when
-# authenticating. (boolean value)
-#swift_store_auth_insecure = false
-
-# A string giving the CA certificate file to use in SSL connections
-# for verifying certs. (string value)
-#swift_store_cacert = <None>
-
-# The region of the swift endpoint to be used for single tenant. This
-# setting is only necessary if the tenant has multiple swift
-# endpoints. (string value)
-#swift_store_region = <None>
-
-# If set, the configured endpoint will be used. If None, the storage
-# url from the auth response will be used. (string value)
-#swift_store_endpoint = <None>
-
-# A string giving the endpoint type of the swift service to use
-# (publicURL, adminURL or internalURL). This setting is only used if
-# swift_store_auth_version is 2. (string value)
-#swift_store_endpoint_type = publicURL
-
-# A string giving the service type of the swift service to use. This
-# setting is only used if swift_store_auth_version is 2. (string
-# value)
-#swift_store_service_type = object-store
-
-# Container within the account that the account should use for storing
-# images in Swift when using single container mode. In multiple
-# container mode, this will be the prefix for all containers. (string
-# value)
-#swift_store_container = glance
-
-# The size, in MB, that Glance will start chunking image files and do
-# a large object manifest in Swift. (integer value)
-#swift_store_large_object_size = 5120
-
-# The amount of data written to a temporary disk buffer during the
-# process of chunking the image file. (integer value)
-#swift_store_large_object_chunk_size = 200
-
-# A boolean value that determines if we create the container if it
-# does not exist. (boolean value)
-#swift_store_create_container_on_put = false
-
-# If set to True, enables multi-tenant storage mode which causes
-# Glance images to be stored in tenant specific Swift accounts.
-# (boolean value)
-#swift_store_multi_tenant = false
-
-# When set to 0, a single-tenant store will only use one container to
-# store all images. When set to an integer value between 1 and 32, a
-# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
-# only when swift_store_multi_tenant is disabled. The total number of
-# containers that will be used is equal to 16^N, so if this config
-# option is set to 2, then 16^2=256 containers will be used to store
-# images. (integer value)
-#swift_store_multiple_containers_seed = 0
-
-# A list of tenants that will be granted read/write access on all
-# Swift containers created by Glance in multi-tenant mode. (list
-# value)
-#swift_store_admin_tenants =
-
-# If set to False, disables SSL layer compression of https swift
-# requests. Setting to False may improve performance for images which
-# are already in a compressed format, eg qcow2. (boolean value)
-#swift_store_ssl_compression = true
-
-# The number of times a Swift download will be retried before the
-# request fails. (integer value)
-#swift_store_retry_get_count = 0
-
-# The period of time (in seconds) before token expirationwhen
-# glance_store will try to reques new user token. Default value 60 sec
-# means that if token is going to expire in 1 min then glance_store
-# request new user token. (integer value)
-#swift_store_expire_soon_interval = 60
-
-# If set to True create a trust for each add/get request to Multi-
-# tenant store in order to prevent authentication token to be expired
-# during uploading/downloading data. If set to False then user token
-# is used for Swift connection (so no overhead on trust creation).
-# Please note that this option is considered only and only if
-# swift_store_multi_tenant=True (boolean value)
-#swift_store_use_trusts = true
-
-# The reference to the default swift account/backing store parameters
-# to use for adding new images. (string value)
-#default_swift_reference = ref1
-
-# Version of the authentication service to use. Valid versions are 2
-# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
-# (deprecated - use "auth_version" in swift_store_config_file) (string
-# value)
-#swift_store_auth_version = 2
-
-# The address where the Swift authentication service is listening.
-# (deprecated - use "auth_address" in swift_store_config_file) (string
-# value)
-#swift_store_auth_address = <None>
-
-# The user to authenticate against the Swift authentication service
-# (deprecated - use "user" in swift_store_config_file) (string value)
-#swift_store_user = <None>
-
-# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated - use "key" in
-# swift_store_config_file) (string value)
-#swift_store_key = <None>
-
-# The config file that has the swift account(s)configs. (string value)
-#swift_store_config_file = <None>
-
-# RADOS images will be chunked into objects of this size (in
-# megabytes). For best performance, this should be a power of two.
-# (integer value)
-#rbd_store_chunk_size = 8
-
-# RADOS pool in which images are stored. (string value)
-#rbd_store_pool = images
-
-# RADOS user to authenticate as (only applicable if using Cephx. If
-# <None>, a default will be chosen based on the client. section in
-# rbd_store_ceph_conf) (string value)
-#rbd_store_user = <None>
-
-# Ceph configuration file path. If <None>, librados will locate the
-# default config. If using cephx authentication, this file should
-# include a reference to the right keyring in a client.<USER> section
-# (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# Timeout value (in seconds) used when connecting to ceph cluster. If
-# value <= 0, no timeout is set and default librados value is used.
-# (integer value)
-#rados_connect_timeout = 0
-
-# Info to match when looking for cinder in the service catalog. Format
-# is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volumev2::publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v2/%(tenant)s (string value)
-#cinder_endpoint_template = <None>
-
-# Region name of this node. If specified, it will be used to locate
-# OpenStack services for stores. (string value)
-# Deprecated group/name - [DEFAULT]/os_region_name
-#cinder_os_region_name = <None>
-
-# Location of ca certicates file to use for cinder client requests.
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Time period of time in seconds to wait for a cinder volume
-# transition to complete. (integer value)
-#cinder_state_transition_timeout = 300
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = false
-
-# The address where the Cinder authentication service is listening. If
-# <None>, the cinder endpoint in the service catalog is used. (string
-# value)
-#cinder_store_auth_address = <None>
-
-# User name to authenticate against Cinder. If <None>, the user of
-# current context is used. (string value)
-#cinder_store_user_name = <None>
-
-# Password for the user authenticating against Cinder. If <None>, the
-# current context auth token is used. (string value)
-#cinder_store_password = <None>
-
-# Project name where the image is stored in Cinder. If <None>, the
-# project in current context is used. (string value)
-#cinder_store_project_name = <None>
-
-# Path to the rootwrap configuration file to use for running commands
-# as root. (string value)
-#rootwrap_config = /etc/glance/rootwrap.conf
-
-# The host where the S3 server is listening. (string value)
-#s3_store_host = <None>
-
-# The S3 query token access key. (string value)
-#s3_store_access_key = <None>
-
-# The S3 query token secret key. (string value)
-#s3_store_secret_key = <None>
-
-# The S3 bucket to be used to store the Glance data. (string value)
-#s3_store_bucket = <None>
-
-# The local directory where uploads will be staged before they are
-# transferred into S3. (string value)
-#s3_store_object_buffer_dir = <None>
-
-# A boolean to determine if the S3 bucket should be created on upload
-# if it does not exist or if an error should be returned to the user.
-# (boolean value)
-#s3_store_create_bucket_on_put = false
-
-# The S3 calling format used to determine the bucket. Either subdomain
-# or path can be used. (string value)
-#s3_store_bucket_url_format = subdomain
-
-# What size, in MB, should S3 start chunking image files and do a
-# multipart upload in S3. (integer value)
-#s3_store_large_object_size = 100
-
-# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to 5M. (integer value)
-#s3_store_large_object_chunk_size = 10
-
-# The number of thread pools to perform a multipart upload in S3.
-# (integer value)
-#s3_store_thread_pools = 10
-
-# Enable the use of a proxy. (boolean value)
-#s3_store_enable_proxy = false
-
-# Address or hostname for the proxy server. (string value)
-#s3_store_proxy_host = <None>
-
-# The port to use when connecting over a proxy. (integer value)
-#s3_store_proxy_port = 8080
-
-# The username to connect to the proxy. (string value)
-#s3_store_proxy_user = <None>
-
-# The password to use when connecting over a proxy. (string value)
-#s3_store_proxy_password = <None>
-
-# Images will be chunked into objects of this size (in megabytes). For
-# best performance, this should be a power of two. (integer value)
+#
+# Chunk size for images to be stored in Sheepdog data store.
+#
+# Provide an integer value representing the size in mebibyte
+# (1048576 bytes) to chunk Glance images into. The default
+# chunk size is 64 mebibytes.
+#
+# When using Sheepdog distributed storage system, the images are
+# chunked into objects of this size and then stored across the
+# distributed data store to use for Glance.
+#
+# Chunk sizes, if a power of two, help avoid fragmentation and
+# enable improved performance.
+#
+# Possible values:
+#     * Positive integer value representing size in mebibytes.
+#
+# Related Options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #sheepdog_store_chunk_size = 64
 
-# Port of sheep daemon. (integer value)
+#
+# Port number on which the sheep daemon will listen.
+#
+# Provide an integer value representing a valid port number on
+# which you want the Sheepdog daemon to listen on. The default
+# port is 7000.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages it receives on
+# the port number set using ``sheepdog_store_port`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid port number (0 to 65535)
+#
+# Related Options:
+#     * sheepdog_store_address
+#
+#  (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #sheepdog_store_port = 7000
 
-# IP address of sheep daemon. (string value)
-#sheepdog_store_address = localhost
-
-# Directory to which the Filesystem backend store writes images.
-# (string value)
-#filesystem_store_datadir = /var/lib/glance/images
-
-# List of directories and its priorities to which the Filesystem
-# backend store writes images. (multi valued)
-#filesystem_store_datadirs =
-
-# The path to a file which contains the metadata to be returned with
-# any location associated with this store.  The file must contain a
-# valid JSON object. The object should contain the keys 'id' and
-# 'mountpoint'. The value for both keys should be 'string'. (string
-# value)
-#filesystem_store_metadata_file = <None>
-
-# The required permission for created image file. In this way the user
-# other service used, e.g. Nova, who consumes the image could be the
-# exclusive member of the group that owns the files created. Assigning
-# it less then or equal to zero means don't change the default
-# permission of the file. This value will be decoded as an octal
-# digit. (integer value)
-#filesystem_store_file_perm = 0
-
-# ESX/ESXi or vCenter Server target system. The server value can be an
-# IP address or a DNS name. (string value)
-#vmware_server_host = <None>
-
-# Username for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_username = <None>
-
-# Password for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_password = <None>
-
-# Number of times VMware ESX/VC server API must be retried upon
-# connection related issues. (integer value)
+#
+# Address to bind the Sheepdog daemon to.
+#
+# Provide a string value representing the address to bind the
+# Sheepdog daemon to. The default address set for the 'sheep'
+# is 127.0.0.1.
+#
+# The Sheepdog daemon, also called 'sheep', manages the storage
+# in the distributed cluster by writing objects across the storage
+# network. It identifies and acts on the messages directed to the
+# address set using ``sheepdog_store_address`` option to store
+# chunks of Glance images.
+#
+# Possible values:
+#     * A valid IPv4 address
+#     * A valid IPv6 address
+#     * A valid hostname
+#
+# Related Options:
+#     * sheepdog_store_port
+#
+#  (string value)
+#sheepdog_store_address = 127.0.0.1
+
+#
+# Address of the ESX/ESXi or vCenter Server target system.
+#
+# This configuration option sets the address of the ESX/ESXi or vCenter
+# Server target system. This option is required when using the VMware
+# storage backend. The address can contain an IP address (127.0.0.1) or
+# a DNS name (www.my-domain.com).
+#
+# Possible Values:
+#     * A valid IPv4 or IPv6 address
+#     * A valid DNS name
+#
+# Related options:
+#     * vmware_server_username
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_host = 127.0.0.1
+
+#
+# Server username.
+#
+# This configuration option takes the username for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is the username for a user with appropriate
+#       privileges
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_password
+#
+#  (string value)
+#vmware_server_username = root
+
+#
+# Server password.
+#
+# This configuration option takes the password for authenticating with
+# the VMware ESX/ESXi or vCenter Server. This option is required when
+# using the VMware storage backend.
+#
+# Possible Values:
+#     * Any string that is a password corresponding to the username
+#       specified using the "vmware_server_username" option
+#
+# Related options:
+#     * vmware_server_host
+#     * vmware_server_username
+#
+#  (string value)
+#vmware_server_password = vmware
+
+#
+# The number of VMware API retries.
+#
+# This configuration option specifies the number of times the VMware
+# ESX/VC server API must be retried upon connection related issues or
+# server API call overload. It is not possible to specify 'retry
+# forever'.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #vmware_api_retry_count = 10
 
-# The interval used for polling remote tasks invoked on VMware ESX/VC
-# server. (integer value)
+#
+# Interval in seconds used for polling remote tasks invoked on VMware
+# ESX/VC server.
+#
+# This configuration option takes in the sleep time in seconds for polling an
+# on-going async task as part of the VMWare ESX/VC server API call.
+#
+# Possible Values:
+#     * Any positive integer value
+#
+# Related options:
+#     * None
+#
+#  (integer value)
+# Minimum value: 1
 #vmware_task_poll_interval = 5
 
-# The name of the directory where the glance images will be stored in
-# the VMware datastore. (string value)
+#
+# The directory where the glance images will be stored in the datastore.
+#
+# This configuration option specifies the path to the directory where the
+# glance images will be stored in the VMware datastore. If this option
+# is not set,  the default directory where the glance images are stored
+# is openstack_glance.
+#
+# Possible Values:
+#     * Any string that is a valid path to a directory
+#
+# Related options:
+#     * None
+#
+#  (string value)
 #vmware_store_image_dir = /openstack_glance
 
-# If true, the ESX/vCenter server certificate is not verified. If
-# false, then the default CA truststore is used for verification. This
-# option is ignored if "vmware_ca_file" is set. (boolean value)
-# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#
+# Set verification of the ESX/vCenter server certificate.
+#
+# This configuration option takes a boolean value to determine
+# whether or not to verify the ESX/vCenter server certificate. If this
+# option is set to True, the ESX/vCenter server certificate is not
+# verified. If this option is set to False, then the default CA
+# truststore is used for verification.
+#
+# This option is ignored if the "vmware_ca_file" option is set. In that
+# case, the ESX/vCenter server certificate will then be verified using
+# the file specified using the "vmware_ca_file" option .
+#
+# Possible Values:
+#     * True
+#     * False
+#
+# Related options:
+#     * vmware_ca_file
+#
+#  (boolean value)
+# Deprecated group/name - [glance_store]/vmware_api_insecure
 #vmware_insecure = false
 
-# Specify a CA bundle file to use in verifying the ESX/vCenter server
-# certificate. (string value)
-#vmware_ca_file = <None>
-
-# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores. The
-# datastore name should be specified after its datacenter path,
-# seperated by ":". An optional weight may be given after the
-# datastore name, seperated again by ":". Thus, the required format
-# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
-# adding an image, the datastore with highest weight will be selected,
-# unless there is not enough free space available in cases where the
-# image size is already known. If no weight is given, it is assumed to
-# be zero and the directory will be considered for selection last. If
-# multiple datastores have the same weight, then the one with the most
-# free space available is selected. (multi valued)
+#
+# Absolute path to the CA bundle file.
+#
+# This configuration option enables the operator to use a custom
+# Cerificate Authority File to verify the ESX/vCenter certificate.
+#
+# If this option is set, the "vmware_insecure" option will be ignored
+# and the CA file specified will be used to authenticate the ESX/vCenter
+# server certificate and establish a secure connection to the server.
+#
+# Possible Values:
+#     * Any string that is a valid absolute path to a CA file
+#
+# Related options:
+#     * vmware_insecure
+#
+#  (string value)
+#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt
+
+#
+# The datastores where the image can be stored.
+#
+# This configuration option specifies the datastores where the image can
+# be stored in the VMWare store backend. This option may be specified
+# multiple times for specifying multiple datastores. The datastore name
+# should be specified after its datacenter path, separated by ":". An
+# optional weight may be given after the datastore name, separated again
+# by ":" to specify the priority. Thus, the required format becomes
+# <datacenter_path>:<datastore_name>:<optional_weight>.
+#
+# When adding an image, the datastore with highest weight will be
+# selected, unless there is not enough free space available in cases
+# where the image size is already known. If no weight is given, it is
+# assumed to be zero and the directory will be considered for selection
+# last. If multiple datastores have the same weight, then the one with
+# the most free space available is selected.
+#
+# Possible Values:
+#     * Any string of the format:
+#       <datacenter_path>:<datastore_name>:<optional_weight>
+#
+# Related options:
+#    * None
+#
+#  (multi valued)
 #vmware_datastores =
 
 
 [keystone_authtoken]
-
+revocation_cache_time = 10
+auth_type = password
+user_domain_id = default
+project_domain_id = default
+project_name = service
+username = glance
+password = opnfv_secret
+auth_uri=http://10.167.4.10:5000
+auth_url=http://10.167.4.10:35357
+token_cache_time = -1
+memcached_servers=10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211
 #
 # From keystonemiddleware.auth_token
 #
 
-# Complete public Identity API endpoint. (string value)
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
+# clients are redirected to this endpoint to authenticate. Although this
+# endpoint should  ideally be unversioned, client support in the wild varies.
+# If you're using a versioned v2 endpoint here, then this  should *not* be the
+# same endpoint the service user utilizes  for validating tokens, because normal
+# end users may not be  able to reach that endpoint. (string value)
 #auth_uri = <None>
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
 
-# Do not handle authorization requests within the middleware, but
-# delegate the authorization decision to downstream WSGI components.
-# (boolean value)
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
 #delay_auth_decision = false
 
-# Request timeout value for communicating with Identity API server.
-# (integer value)
+# Request timeout value for communicating with Identity API server. (integer
+# value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with
-# Identity API Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity API
+# Server. (integer value)
 #http_request_max_retries = 3
 
-# Env key for the swift cache. (string value)
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
 #cache = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #certfile = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #keyfile = <None>
 
-# A PEM encoded Certificate Authority to use when verifying HTTPs
-# connections. Defaults to system CAs. (string value)
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
 #cafile = <None>
 
 # Verify HTTPS connections. (boolean value)
@@ -787,98 +1488,91 @@
 # Directory used to cache files related to PKI tokens. (string value)
 #signing_dir = <None>
 
-# Optionally specify a list of memcached server(s) to use for caching.
-# If left undefined, tokens will instead be cached in-process. (list
-# value)
-# Deprecated group/name - [DEFAULT]/memcache_servers
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating tokens, the
-# middleware caches previously-seen tokens for a configurable duration
-# (in seconds). Set to -1 to disable caching completely. (integer
-# value)
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set to
+# -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of
-# revocation events combined with a low cache duration may
-# significantly reduce performance. (integer value)
+# Determines the frequency at which the list of revoked tokens is retrieved from
+# the Identity service (in seconds). A high number of revocation events combined
+# with a low cache duration may significantly reduce performance. Only valid for
+# PKI tokens. (integer value)
 #revocation_cache_time = 10
 
-# (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. If MAC, token data is
-# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
-# encrypted and authenticated in the cache. If the value is not one of
-# these options or empty, auth_token will raise an exception on
-# initialization. (string value)
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
 # Allowed values: None, MAC, ENCRYPT
 #memcache_security_strategy = None
 
-# (Optional, mandatory if memcache_security_strategy is defined) This
-# string is used for key derivation. (string value)
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
 #memcache_secret_key = <None>
 
-# (Optional) Number of seconds memcached server is considered dead
-# before it is tried again. (integer value)
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every
-# memcached server. (integer value)
+# (Optional) Maximum total number of open connections to every memcached server.
+# (integer value)
 #memcache_pool_maxsize = 10
 
-# (Optional) Socket timeout in seconds for communicating with a
-# memcached server. (integer value)
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
 #memcache_pool_socket_timeout = 3
 
-# (Optional) Number of seconds a connection to memcached is held
-# unused in the pool before it is closed. (integer value)
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
 #memcache_pool_unused_timeout = 60
 
-# (Optional) Number of seconds that an operation will wait to get a
-# memcached client connection from the pool. (integer value)
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcached client pool.
-# The advanced pool will only work under python 2.x. (boolean value)
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
-# (Optional) Indicate whether to set the X-Service-Catalog header. If
-# False, middleware will not ask for service catalog on token
-# validation and will not set the X-Service-Catalog header. (boolean
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it if
+# not. "strict" like "permissive" but if the bind type is unknown the token will
+# be rejected. "required" any form of token binding is needed to be allowed.
+# Finally the name of a binding method that must be present in tokens. (string
 # value)
-#include_service_catalog = true
-
-# Used to control the use and type of token binding. Can be set to:
-# "disabled" to not check token binding. "permissive" (default) to
-# validate binding information if the bind type is of a form known to
-# the server and ignore it if not. "strict" like "permissive" but if
-# the bind type is unknown the token will be rejected. "required" any
-# form of token binding is needed to be allowed. Finally the name of a
-# binding method that must be present in tokens. (string value)
 #enforce_token_bind = permissive
 
-# If true, the revocation list will be checked for cached tokens. This
-# requires that PKI tokens are configured on the identity server.
-# (boolean value)
+# If true, the revocation list will be checked for cached tokens. This requires
+# that PKI tokens are configured on the identity server. (boolean value)
 #check_revocations_for_cached = false
 
-# Hash algorithms to use for hashing PKI tokens. This may be a single
-# algorithm or multiple. The algorithms are those supported by Python
-# standard hashlib.new(). The hashes will be tried in the order given,
-# so put the preferred one first for performance. The result of the
-# first hash will be stored in the cache. This will typically be set
-# to multiple values only while migrating from a less secure algorithm
-# to a more secure one. Once all the old tokens are expired this
-# option should be set to a single value for better performance. (list
-# value)
+# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
+# or multiple. The algorithms are those supported by Python standard
+# hashlib.new(). The hashes will be tried in the order given, so put the
+# preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
 #hash_algorithms = md5
 
-# Authentication type to load (unknown value)
-# Deprecated group/name - [DEFAULT]/auth_plugin
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
 
-# Config Section from which to load plugin specific options (unknown
-# value)
+# Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
 
@@ -888,11 +1582,117 @@
 # From glance.glare
 #
 
-# Partial name of a pipeline in your paste configuration file with the
-# service name removed. For example, if your paste section name is
-# [pipeline:glance-api-keystone] use the value "keystone" (string
-# value)
-#flavor = <None>
-
-# Name of the paste configuration file. (string value)
-#config_file = <None>
+#
+# Deployment flavor to use in the server application pipeline.
+#
+# Provide a string value representing the appropriate deployment
+# flavor used in the server application pipleline. This is typically
+# the partial name of a pipeline in the paste configuration file with
+# the service name removed.
+#
+# For example, if your paste section name in the paste configuration
+# file is [pipeline:glance-api-keystone], set ``flavor`` to
+# ``keystone``.
+#
+# Possible values:
+#     * String value representing a partial pipeline name.
+#
+# Related Options:
+#     * config_file
+#
+#  (string value)
+#flavor = keystone
+flavor = keystone
+
+#
+# Name of the paste configuration file.
+#
+# Provide a string value representing the name of the paste
+# configuration file to use for configuring piplelines for
+# server application deployments.
+#
+# NOTES:
+#     * Provide the name or the path relative to the glance directory
+#       for the paste configuration file and not the absolute path.
+#     * The sample paste configuration file shipped with Glance need
+#       not be edited in most cases as it comes with ready-made
+#       pipelines for all common deployment flavors.
+#
+# If no value is specified for this option, the ``paste.ini`` file
+# with the prefix of the corresponding Glance service's configuration
+# file name will be searched for in the known configuration
+# directories. (For example, if this option is missing from or has no
+# value set in ``glance-api.conf``, the service will look for a file
+# named ``glance-api-paste.ini``.) If the paste configuration file is
+# not found, the service will not start.
+#
+# Possible values:
+#     * A string value representing the name of the paste configuration
+#       file.
+#
+# Related Options:
+#     * flavor
+#
+#  (string value)
+#config_file = glance-api-paste.ini
+
+
+[profiler]
+
+#
+# From glance.glare
+#
+
+#
+# Enables the profiling for all services on this node. Default value is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via this
+# project
+# operations. If the profiling is triggered by another project, this project
+# part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
+#enabled = false
+
+#
+# Enables SQL requests profiling in services. Default value is False (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only shown on a
+# higher level of operations. Single SQL queries cannot be analyzed this
+# way.
+#  (boolean value)
+#trace_sqlalchemy = false
+
+#
+# Secret key(s) to use for encrypting context data for performance profiling.
+# This string value should have the following format: <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the profiling via
+# the REST API has to set one of these keys in the headers of the REST API call
+# to include profiling results of this node for this particular project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to enable
+# profiling. Also, to generate correct profiling information across all services
+# at least one key needs to be consistent between OpenStack projects. This
+# ensures it can be used from client side to generate the trace, containing
+# information from all possible resources. (string value)
+#hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+#  (string value)
+#connection_string = messaging://

2017-09-28 11:21:32,041 [salt.state       ][INFO    ][27825] Completed state [/etc/glance/glance-glare.conf] at time 11:21:32.040618 duration_in_ms=107.465
2017-09-28 11:21:32,104 [salt.state       ][INFO    ][27825] Running state [glance-glare] at time 11:21:32.104450
2017-09-28 11:21:32,105 [salt.state       ][INFO    ][27825] Executing state service.running for glance-glare
2017-09-28 11:21:32,106 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'status', 'glance-glare.service', '-n', '0'] in directory '/root'
2017-09-28 11:21:32,115 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-active', 'glance-glare.service'] in directory '/root'
2017-09-28 11:21:32,135 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-enabled', 'glance-glare.service'] in directory '/root'
2017-09-28 11:21:32,144 [salt.state       ][INFO    ][27825] The service glance-glare is already running
2017-09-28 11:21:32,145 [salt.state       ][INFO    ][27825] Completed state [glance-glare] at time 11:21:32.144557 duration_in_ms=40.107
2017-09-28 11:21:32,145 [salt.state       ][INFO    ][27825] Running state [glance-glare] at time 11:21:32.144721
2017-09-28 11:21:32,145 [salt.state       ][INFO    ][27825] Executing state service.mod_watch for glance-glare
2017-09-28 11:21:32,145 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-active', 'glance-glare.service'] in directory '/root'
2017-09-28 11:21:32,155 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-enabled', 'glance-glare.service'] in directory '/root'
2017-09-28 11:21:32,165 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'glance-glare.service'] in directory '/root'
2017-09-28 11:21:32,209 [salt.state       ][INFO    ][27825] {'glance-glare': True}
2017-09-28 11:21:32,210 [salt.state       ][INFO    ][27825] Completed state [glance-glare] at time 11:21:32.209706 duration_in_ms=64.984
2017-09-28 11:21:32,211 [salt.state       ][INFO    ][27825] Running state [glance-api] at time 11:21:32.210787
2017-09-28 11:21:32,211 [salt.state       ][INFO    ][27825] Executing state service.running for glance-api
2017-09-28 11:21:32,211 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'status', 'glance-api.service', '-n', '0'] in directory '/root'
2017-09-28 11:21:32,222 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-active', 'glance-api.service'] in directory '/root'
2017-09-28 11:21:32,233 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-enabled', 'glance-api.service'] in directory '/root'
2017-09-28 11:21:32,242 [salt.state       ][INFO    ][27825] The service glance-api is already running
2017-09-28 11:21:32,242 [salt.state       ][INFO    ][27825] Completed state [glance-api] at time 11:21:32.242229 duration_in_ms=31.44
2017-09-28 11:21:32,242 [salt.state       ][INFO    ][27825] Running state [glance-api] at time 11:21:32.242399
2017-09-28 11:21:32,243 [salt.state       ][INFO    ][27825] Executing state service.mod_watch for glance-api
2017-09-28 11:21:32,243 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-active', 'glance-api.service'] in directory '/root'
2017-09-28 11:21:32,252 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-enabled', 'glance-api.service'] in directory '/root'
2017-09-28 11:21:32,260 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'glance-api.service'] in directory '/root'
2017-09-28 11:21:32,297 [salt.state       ][INFO    ][27825] {'glance-api': True}
2017-09-28 11:21:32,298 [salt.state       ][INFO    ][27825] Completed state [glance-api] at time 11:21:32.297543 duration_in_ms=55.143
2017-09-28 11:21:32,298 [salt.state       ][INFO    ][27825] Running state [glance-registry] at time 11:21:32.298134
2017-09-28 11:21:32,298 [salt.state       ][INFO    ][27825] Executing state service.running for glance-registry
2017-09-28 11:21:32,299 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'status', 'glance-registry.service', '-n', '0'] in directory '/root'
2017-09-28 11:21:32,313 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-active', 'glance-registry.service'] in directory '/root'
2017-09-28 11:21:32,323 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-enabled', 'glance-registry.service'] in directory '/root'
2017-09-28 11:21:32,331 [salt.state       ][INFO    ][27825] The service glance-registry is already running
2017-09-28 11:21:32,332 [salt.state       ][INFO    ][27825] Completed state [glance-registry] at time 11:21:32.331509 duration_in_ms=33.373
2017-09-28 11:21:32,332 [salt.state       ][INFO    ][27825] Running state [glance-registry] at time 11:21:32.331681
2017-09-28 11:21:32,332 [salt.state       ][INFO    ][27825] Executing state service.mod_watch for glance-registry
2017-09-28 11:21:32,332 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-active', 'glance-registry.service'] in directory '/root'
2017-09-28 11:21:32,341 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemctl', 'is-enabled', 'glance-registry.service'] in directory '/root'
2017-09-28 11:21:32,349 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'glance-registry.service'] in directory '/root'
2017-09-28 11:21:32,396 [salt.state       ][INFO    ][27825] {'glance-registry': True}
2017-09-28 11:21:32,397 [salt.state       ][INFO    ][27825] Completed state [glance-registry] at time 11:21:32.396502 duration_in_ms=64.82
2017-09-28 11:21:32,398 [salt.state       ][INFO    ][27825] Running state [glance-manage db_sync] at time 11:21:32.398258
2017-09-28 11:21:32,398 [salt.state       ][INFO    ][27825] Executing state cmd.run for glance-manage db_sync
2017-09-28 11:21:32,399 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command 'glance-manage db_sync' in directory '/root'
2017-09-28 11:21:33,245 [salt.state       ][INFO    ][27825] {'pid': 29211, 'retcode': 0, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade\n  expire_on_commit=expire_on_commit, _conf=conf)', 'stdout': ''}
2017-09-28 11:21:33,245 [salt.state       ][INFO    ][27825] Completed state [glance-manage db_sync] at time 11:21:33.245136 duration_in_ms=846.877
2017-09-28 11:21:33,246 [salt.state       ][INFO    ][27825] Running state [glance-manage db_load_metadefs] at time 11:21:33.245875
2017-09-28 11:21:33,246 [salt.state       ][INFO    ][27825] Executing state cmd.run for glance-manage db_load_metadefs
2017-09-28 11:21:33,247 [salt.loaded.int.module.cmdmod][INFO    ][27825] Executing command 'glance-manage db_load_metadefs' in directory '/root'
2017-09-28 11:21:34,185 [salt.state       ][INFO    ][27825] {'pid': 29249, 'retcode': 0, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade\n  expire_on_commit=expire_on_commit, _conf=conf)\n2017-09-28 11:21:34.034 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::AggregateDiskFilter. It already exists in the database.\n2017-09-28 11:21:34.038 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Software::Runtimes. It already exists in the database.\n2017-09-28 11:21:34.041 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::Libvirt. It already exists in the database.\n2017-09-28 11:21:34.044 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::AggregateIoOpsFilter. It already exists in the database.\n2017-09-28 11:21:34.048 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::GuestShutdownBehavior. It already exists in the database.\n2017-09-28 11:21:34.052 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::GuestMemoryBacking. It already exists in the database.\n2017-09-28 11:21:34.055 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::LibvirtImage. It already exists in the database.\n2017-09-28 11:21:34.058 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::CPUPinning. It already exists in the database.\n2017-09-28 11:21:34.061 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::RandomNumberGenerator. It already exists in the database.\n2017-09-28 11:21:34.064 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::Trust. It already exists in the database.\n2017-09-28 11:21:34.066 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Software::DBMS. It already exists in the database.\n2017-09-28 11:21:34.069 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::XenAPI. It already exists in the database.\n2017-09-28 11:21:34.072 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace CIM::ProcessorAllocationSettingData. It already exists in the database.\n2017-09-28 11:21:34.075 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::HostCapabilities. It already exists in the database.\n2017-09-28 11:21:34.078 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::VMwareQuotaFlavor. It already exists in the database.\n2017-09-28 11:21:34.081 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace CIM::ResourceAllocationSettingData. It already exists in the database.\n2017-09-28 11:21:34.083 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::VirtCPUTopology. It already exists in the database.\n2017-09-28 11:21:34.086 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::Watchdog. It already exists in the database.\n2017-09-28 11:21:34.089 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::AggregateNumInstancesFilter. It already exists in the database.\n2017-09-28 11:21:34.092 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::Quota. It already exists in the database.\n2017-09-28 11:21:34.095 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace CIM::StorageAllocationSettingData. It already exists in the database.\n2017-09-28 11:21:34.099 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::VMwareFlavor. It already exists in the database.\n2017-09-28 11:21:34.102 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Cinder::Volumetype. It already exists in the database.\n2017-09-28 11:21:34.105 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::OperatingSystem. It already exists in the database.\n2017-09-28 11:21:34.109 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::VMware. It already exists in the database.\n2017-09-28 11:21:34.112 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Software::WebServers. It already exists in the database.\n2017-09-28 11:21:34.115 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::Hypervisor. It already exists in the database.\n2017-09-28 11:21:34.118 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Compute::InstanceData. It already exists in the database.\n2017-09-28 11:21:34.121 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace OS::Glance::CommonImageProperties. It already exists in the database.\n2017-09-28 11:21:34.124 29250 INFO glance.db.sqlalchemy.metadata [-] Skipping namespace CIM::VirtualSystemSettingData. It already exists in the database.\n2017-09-28 11:21:34.125 29250 INFO glance.db.sqlalchemy.metadata [-] Metadata loading finished', 'stdout': ''}
2017-09-28 11:21:34,185 [salt.state       ][INFO    ][27825] Completed state [glance-manage db_load_metadefs] at time 11:21:34.185022 duration_in_ms=939.145
2017-09-28 11:21:34,186 [salt.state       ][INFO    ][27825] Running state [/var/lib/glance/images] at time 11:21:34.185486
2017-09-28 11:21:34,186 [salt.state       ][INFO    ][27825] Executing state file.directory for /var/lib/glance/images
2017-09-28 11:21:34,187 [salt.state       ][INFO    ][27825] Directory /var/lib/glance/images is in the correct state
2017-09-28 11:21:34,187 [salt.state       ][INFO    ][27825] Completed state [/var/lib/glance/images] at time 11:21:34.186795 duration_in_ms=1.309
2017-09-28 11:21:34,189 [salt.minion      ][INFO    ][27825] Returning information for job: 20170928112059075591
2017-09-28 11:21:35,305 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928112135305585
2017-09-28 11:21:35,323 [salt.minion      ][INFO    ][29267] Starting a new job with PID 29267
2017-09-28 11:21:37,889 [salt.state       ][INFO    ][29267] Loading fresh modules for state activity
2017-09-28 11:21:37,910 [salt.fileclient  ][INFO    ][29267] Fetching file from saltenv 'base', ** done ** 'glusterfs/client.sls'
2017-09-28 11:21:37,940 [salt.fileclient  ][INFO    ][29267] Fetching file from saltenv 'base', ** done ** 'glusterfs/map.jinja'
2017-09-28 11:21:37,946 [py.warnings      ][WARNING ][29267] /usr/lib/python2.7/dist-packages/salt/utils/templates.py:73: DeprecationWarning: Starting in 2015.5, cmd.run uses python_shell=False by default, which doesn't support shellisms (pipes, env variables, etc). cmd.run is currently aliased to cmd.shell to prevent breakage. Please switch to cmd.shell or set python_shell=True to avoid breakage in the future, when this aliasing is removed.

2017-09-28 11:21:37,947 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command 'systemd-escape -p --suffix=mount /var/lib/glance/images' in directory '/root'
2017-09-28 11:21:37,956 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command 'systemd-escape -p --suffix=mount /var/lib/keystone/fernet-keys' in directory '/root'
2017-09-28 11:21:37,963 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command 'systemd-escape -p --suffix=mount /var/lib/keystone/credential-keys' in directory '/root'
2017-09-28 11:21:38,674 [salt.state       ][INFO    ][29267] Running state [glusterfs-client] at time 11:21:38.673846
2017-09-28 11:21:38,674 [salt.state       ][INFO    ][29267] Executing state pkg.installed for glusterfs-client
2017-09-28 11:21:38,675 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:21:39,162 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 11:21:41,136 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'glusterfs-client'] in directory '/root'
2017-09-28 11:21:45,398 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928112145398238
2017-09-28 11:21:45,413 [salt.minion      ][INFO    ][29740] Starting a new job with PID 29740
2017-09-28 11:21:45,424 [salt.minion      ][INFO    ][29740] Returning information for job: 20170928112145398238
2017-09-28 11:21:55,602 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928112155602261
2017-09-28 11:21:55,618 [salt.minion      ][INFO    ][29907] Starting a new job with PID 29907
2017-09-28 11:21:55,632 [salt.minion      ][INFO    ][29907] Returning information for job: 20170928112155602261
2017-09-28 11:22:04,247 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:22:04,273 [salt.state       ][INFO    ][29267] Made the following changes:
'liblvm2app2.2' changed from 'absent' to '2.02.133-1ubuntu10'
'glusterfs-common' changed from 'absent' to '3.7.6-1ubuntu1'
'libibverbs1' changed from 'absent' to '1.1.8-1.1ubuntu2'
'libdevmapper-event1.02.1' changed from 'absent' to '2:1.02.110-1ubuntu10'
'libattr1-dev' changed from 'absent' to '1:2.4.47-2'
'libc6-dev' changed from 'absent' to '2.23-0ubuntu9'
'fuse' changed from 'absent' to '2.9.4-1ubuntu3.1'
'manpages' changed from 'absent' to '4.04-2'
'linux-libc-dev' changed from 'absent' to '4.4.0-96.119'
'acl-dev' changed from 'absent' to '1'
'libacl1-dev' changed from 'absent' to '2.2.52-3'
'glusterfs-client' changed from 'absent' to '3.7.6-1ubuntu1'
'manpages-dev' changed from 'absent' to '4.04-2'
'psmisc' changed from 'absent' to '22.21-2.1build1'
'liburcu4' changed from 'absent' to '0.9.1-3'
'linux-kernel-headers' changed from 'absent' to '1'
'librdmacm1' changed from 'absent' to '1.0.21-1'
'attr-dev' changed from 'absent' to '1'
'libc-dev' changed from 'absent' to '1'
'libc-dev-bin' changed from 'absent' to '2.23-0ubuntu9'

2017-09-28 11:22:04,286 [salt.state       ][INFO    ][29267] Loading fresh modules for state activity
2017-09-28 11:22:04,300 [salt.state       ][INFO    ][29267] Completed state [glusterfs-client] at time 11:22:04.300120 duration_in_ms=25626.275
2017-09-28 11:22:04,305 [salt.state       ][INFO    ][29267] Running state [attr] at time 11:22:04.305395
2017-09-28 11:22:04,306 [salt.state       ][INFO    ][29267] Executing state pkg.installed for attr
2017-09-28 11:22:04,574 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'attr'] in directory '/root'
2017-09-28 11:22:05,736 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928112205736330
2017-09-28 11:22:05,751 [salt.minion      ][INFO    ][2305] Starting a new job with PID 2305
2017-09-28 11:22:05,775 [salt.minion      ][INFO    ][2305] Returning information for job: 20170928112205736330
2017-09-28 11:22:06,383 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:22:06,410 [salt.state       ][INFO    ][29267] Made the following changes:
'attr' changed from 'absent' to '1:2.4.47-2'

2017-09-28 11:22:06,420 [salt.state       ][INFO    ][29267] Loading fresh modules for state activity
2017-09-28 11:22:06,437 [salt.state       ][INFO    ][29267] Completed state [attr] at time 11:22:06.436563 duration_in_ms=2131.168
2017-09-28 11:22:06,439 [salt.state       ][INFO    ][29267] Running state [/etc/systemd/system/var-lib-glance-images.mount] at time 11:22:06.438588
2017-09-28 11:22:06,439 [salt.state       ][INFO    ][29267] Executing state file.managed for /etc/systemd/system/var-lib-glance-images.mount
2017-09-28 11:22:06,463 [salt.fileclient  ][INFO    ][29267] Fetching file from saltenv 'base', ** done ** 'glusterfs/files/glusterfs-client.mount'
2017-09-28 11:22:06,469 [salt.state       ][INFO    ][29267] File changed:
New file
2017-09-28 11:22:06,469 [salt.state       ][INFO    ][29267] Completed state [/etc/systemd/system/var-lib-glance-images.mount] at time 11:22:06.469233 duration_in_ms=30.645
2017-09-28 11:22:06,545 [salt.state       ][INFO    ][29267] Running state [var-lib-glance-images.mount] at time 11:22:06.545255
2017-09-28 11:22:06,546 [salt.state       ][INFO    ][29267] Executing state service.running for var-lib-glance-images.mount
2017-09-28 11:22:06,548 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'status', 'var-lib-glance-images.mount', '-n', '0'] in directory '/root'
2017-09-28 11:22:06,569 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-active', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,578 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,589 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,599 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,677 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-active', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,687 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,702 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,712 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,721 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'systemctl', 'enable', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,779 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2017-09-28 11:22:06,789 [salt.state       ][INFO    ][29267] {'var-lib-glance-images.mount': True}
2017-09-28 11:22:06,790 [salt.state       ][INFO    ][29267] Completed state [var-lib-glance-images.mount] at time 11:22:06.789485 duration_in_ms=244.23
2017-09-28 11:22:06,790 [salt.state       ][INFO    ][29267] Running state [/var/lib/glance/images] at time 11:22:06.790100
2017-09-28 11:22:06,790 [salt.state       ][INFO    ][29267] Executing state file.directory for /var/lib/glance/images
2017-09-28 11:22:06,791 [salt.state       ][INFO    ][29267] Directory /var/lib/glance/images is in the correct state
2017-09-28 11:22:06,791 [salt.state       ][INFO    ][29267] Completed state [/var/lib/glance/images] at time 11:22:06.791412 duration_in_ms=1.312
2017-09-28 11:22:06,792 [salt.state       ][INFO    ][29267] Running state [/etc/systemd/system/var-lib-keystone-fernet\x2dkeys.mount] at time 11:22:06.791603
2017-09-28 11:22:06,792 [salt.state       ][INFO    ][29267] Executing state file.managed for /etc/systemd/system/var-lib-keystone-fernet\x2dkeys.mount
2017-09-28 11:22:06,811 [salt.fileclient  ][INFO    ][29267] Fetching file from saltenv 'base', ** done ** 'glusterfs/files/glusterfs-client.mount'
2017-09-28 11:22:06,816 [salt.state       ][INFO    ][29267] File changed:
New file
2017-09-28 11:22:06,816 [salt.state       ][INFO    ][29267] Completed state [/etc/systemd/system/var-lib-keystone-fernet\x2dkeys.mount] at time 11:22:06.816008 duration_in_ms=24.405
2017-09-28 11:22:06,817 [salt.state       ][INFO    ][29267] Running state [var-lib-keystone-fernet\x2dkeys.mount] at time 11:22:06.816519
2017-09-28 11:22:06,817 [salt.state       ][INFO    ][29267] Executing state service.running for var-lib-keystone-fernet\x2dkeys.mount
2017-09-28 11:22:06,817 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'status', 'var-lib-keystone-fernet\\x2dkeys.mount', '-n', '0'] in directory '/root'
2017-09-28 11:22:06,829 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-active', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,839 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,850 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,857 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,931 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-active', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,940 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,952 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,963 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:06,972 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'systemctl', 'enable', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,026 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,035 [salt.state       ][INFO    ][29267] {'var-lib-keystone-fernet\\x2dkeys.mount': True}
2017-09-28 11:22:07,035 [salt.state       ][INFO    ][29267] Completed state [var-lib-keystone-fernet\x2dkeys.mount] at time 11:22:07.035114 duration_in_ms=218.594
2017-09-28 11:22:07,036 [salt.state       ][INFO    ][29267] Running state [/var/lib/keystone/fernet-keys] at time 11:22:07.035665
2017-09-28 11:22:07,036 [salt.state       ][INFO    ][29267] Executing state file.directory for /var/lib/keystone/fernet-keys
2017-09-28 11:22:07,037 [salt.state       ][INFO    ][29267] Directory /var/lib/keystone/fernet-keys is in the correct state
2017-09-28 11:22:07,037 [salt.state       ][INFO    ][29267] Completed state [/var/lib/keystone/fernet-keys] at time 11:22:07.036828 duration_in_ms=1.162
2017-09-28 11:22:07,037 [salt.state       ][INFO    ][29267] Running state [/etc/systemd/system/var-lib-keystone-credential\x2dkeys.mount] at time 11:22:07.036996
2017-09-28 11:22:07,037 [salt.state       ][INFO    ][29267] Executing state file.managed for /etc/systemd/system/var-lib-keystone-credential\x2dkeys.mount
2017-09-28 11:22:07,057 [salt.fileclient  ][INFO    ][29267] Fetching file from saltenv 'base', ** done ** 'glusterfs/files/glusterfs-client.mount'
2017-09-28 11:22:07,061 [salt.state       ][INFO    ][29267] File changed:
New file
2017-09-28 11:22:07,061 [salt.state       ][INFO    ][29267] Completed state [/etc/systemd/system/var-lib-keystone-credential\x2dkeys.mount] at time 11:22:07.060759 duration_in_ms=23.762
2017-09-28 11:22:07,061 [salt.state       ][INFO    ][29267] Running state [var-lib-keystone-credential\x2dkeys.mount] at time 11:22:07.061179
2017-09-28 11:22:07,061 [salt.state       ][INFO    ][29267] Executing state service.running for var-lib-keystone-credential\x2dkeys.mount
2017-09-28 11:22:07,062 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'status', 'var-lib-keystone-credential\\x2dkeys.mount', '-n', '0'] in directory '/root'
2017-09-28 11:22:07,071 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-active', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,079 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,088 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,098 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,156 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-active', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,166 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,178 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,188 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,197 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemd-run', '--scope', 'systemctl', 'enable', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,273 [salt.loaded.int.module.cmdmod][INFO    ][29267] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2017-09-28 11:22:07,283 [salt.state       ][INFO    ][29267] {'var-lib-keystone-credential\\x2dkeys.mount': True}
2017-09-28 11:22:07,283 [salt.state       ][INFO    ][29267] Completed state [var-lib-keystone-credential\x2dkeys.mount] at time 11:22:07.282812 duration_in_ms=221.63
2017-09-28 11:22:07,283 [salt.state       ][INFO    ][29267] Running state [/var/lib/keystone/credential-keys] at time 11:22:07.283416
2017-09-28 11:22:07,284 [salt.state       ][INFO    ][29267] Executing state file.directory for /var/lib/keystone/credential-keys
2017-09-28 11:22:07,284 [salt.state       ][INFO    ][29267] Directory /var/lib/keystone/credential-keys is in the correct state
2017-09-28 11:22:07,285 [salt.state       ][INFO    ][29267] Completed state [/var/lib/keystone/credential-keys] at time 11:22:07.284586 duration_in_ms=1.169
2017-09-28 11:22:07,286 [salt.minion      ][INFO    ][29267] Returning information for job: 20170928112135305585
2017-09-28 11:24:00,048 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928112400041286
2017-09-28 11:24:00,068 [salt.minion      ][INFO    ][2837] Starting a new job with PID 2837
2017-09-28 11:24:02,724 [salt.state       ][INFO    ][2837] Loading fresh modules for state activity
2017-09-28 11:24:02,749 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/server.sls'
2017-09-28 11:24:02,821 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:24:02,870 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/init.sls'
2017-09-28 11:24:02,888 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/init.sls'
2017-09-28 11:24:02,905 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/service/init.sls'
2017-09-28 11:24:02,926 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:02,961 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/service/modules.sls'
2017-09-28 11:24:02,984 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:03,016 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/service/mpm.sls'
2017-09-28 11:24:03,039 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:03,075 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/site.sls'
2017-09-28 11:24:03,133 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:03,165 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/users.sls'
2017-09-28 11:24:03,187 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:03,216 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/server/robots.sls'
2017-09-28 11:24:03,234 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:04,007 [salt.state       ][INFO    ][2837] Running state [apache2] at time 11:24:04.007065
2017-09-28 11:24:04,008 [salt.state       ][INFO    ][2837] Executing state pkg.installed for apache2
2017-09-28 11:24:04,008 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:24:04,419 [salt.state       ][INFO    ][2837] Package apache2 is already installed
2017-09-28 11:24:04,419 [salt.state       ][INFO    ][2837] Completed state [apache2] at time 11:24:04.419384 duration_in_ms=412.318
2017-09-28 11:24:04,420 [salt.state       ][INFO    ][2837] Running state [a2enmod ssl] at time 11:24:04.420012
2017-09-28 11:24:04,420 [salt.state       ][INFO    ][2837] Executing state cmd.run for a2enmod ssl
2017-09-28 11:24:04,421 [salt.state       ][INFO    ][2837] /etc/apache2/mods-enabled/ssl.load exists
2017-09-28 11:24:04,421 [salt.state       ][INFO    ][2837] Completed state [a2enmod ssl] at time 11:24:04.421138 duration_in_ms=1.126
2017-09-28 11:24:04,422 [salt.state       ][INFO    ][2837] Running state [a2enmod rewrite] at time 11:24:04.421627
2017-09-28 11:24:04,422 [salt.state       ][INFO    ][2837] Executing state cmd.run for a2enmod rewrite
2017-09-28 11:24:04,422 [salt.state       ][INFO    ][2837] /etc/apache2/mods-enabled/rewrite.load exists
2017-09-28 11:24:04,423 [salt.state       ][INFO    ][2837] Completed state [a2enmod rewrite] at time 11:24:04.422642 duration_in_ms=1.016
2017-09-28 11:24:04,423 [salt.state       ][INFO    ][2837] Running state [libapache2-mod-wsgi] at time 11:24:04.423103
2017-09-28 11:24:04,423 [salt.state       ][INFO    ][2837] Executing state pkg.installed for libapache2-mod-wsgi
2017-09-28 11:24:04,426 [salt.state       ][INFO    ][2837] Package libapache2-mod-wsgi is already installed
2017-09-28 11:24:04,427 [salt.state       ][INFO    ][2837] Completed state [libapache2-mod-wsgi] at time 11:24:04.426505 duration_in_ms=3.402
2017-09-28 11:24:04,427 [salt.state       ][INFO    ][2837] Running state [a2enmod wsgi] at time 11:24:04.426978
2017-09-28 11:24:04,427 [salt.state       ][INFO    ][2837] Executing state cmd.run for a2enmod wsgi
2017-09-28 11:24:04,428 [salt.state       ][INFO    ][2837] /etc/apache2/mods-enabled/wsgi.load exists
2017-09-28 11:24:04,428 [salt.state       ][INFO    ][2837] Completed state [a2enmod wsgi] at time 11:24:04.427985 duration_in_ms=1.007
2017-09-28 11:24:04,430 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 11:24:04.429525
2017-09-28 11:24:04,430 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/mods-enabled/mpm_prefork.load
2017-09-28 11:24:04,430 [salt.state       ][INFO    ][2837] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2017-09-28 11:24:04,431 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 11:24:04.430694 duration_in_ms=1.169
2017-09-28 11:24:04,431 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 11:24:04.431058
2017-09-28 11:24:04,431 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/mods-enabled/mpm_prefork.conf
2017-09-28 11:24:04,432 [salt.state       ][INFO    ][2837] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2017-09-28 11:24:04,432 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 11:24:04.432227 duration_in_ms=1.169
2017-09-28 11:24:04,433 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 11:24:04.432592
2017-09-28 11:24:04,433 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/mods-enabled/mpm_worker.load
2017-09-28 11:24:04,433 [salt.state       ][INFO    ][2837] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2017-09-28 11:24:04,434 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 11:24:04.433764 duration_in_ms=1.172
2017-09-28 11:24:04,434 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 11:24:04.434112
2017-09-28 11:24:04,435 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/mods-enabled/mpm_worker.conf
2017-09-28 11:24:04,435 [salt.state       ][INFO    ][2837] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2017-09-28 11:24:04,435 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 11:24:04.435246 duration_in_ms=1.133
2017-09-28 11:24:04,437 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 11:24:04.436750
2017-09-28 11:24:04,437 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/apache2/mods-available/mpm_event.conf
2017-09-28 11:24:04,461 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/mpm/mpm_event.conf'
2017-09-28 11:24:04,481 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:04,500 [salt.state       ][INFO    ][2837] File /etc/apache2/mods-available/mpm_event.conf is in the correct state
2017-09-28 11:24:04,501 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 11:24:04.500789 duration_in_ms=64.038
2017-09-28 11:24:04,502 [salt.state       ][INFO    ][2837] Running state [a2enmod mpm_event] at time 11:24:04.501634
2017-09-28 11:24:04,502 [salt.state       ][INFO    ][2837] Executing state cmd.run for a2enmod mpm_event
2017-09-28 11:24:04,503 [salt.state       ][INFO    ][2837] /etc/apache2/mods-enabled/mpm_event.load exists
2017-09-28 11:24:04,503 [salt.state       ][INFO    ][2837] Completed state [a2enmod mpm_event] at time 11:24:04.502957 duration_in_ms=1.323
2017-09-28 11:24:04,504 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/ports.conf] at time 11:24:04.503492
2017-09-28 11:24:04,504 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/apache2/ports.conf
2017-09-28 11:24:04,520 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/ports.conf'
2017-09-28 11:24:04,537 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:04,552 [salt.state       ][INFO    ][2837] File /etc/apache2/ports.conf is in the correct state
2017-09-28 11:24:04,553 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/ports.conf] at time 11:24:04.552610 duration_in_ms=49.118
2017-09-28 11:24:04,553 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/conf-available/security.conf] at time 11:24:04.553095
2017-09-28 11:24:04,553 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/apache2/conf-available/security.conf
2017-09-28 11:24:04,572 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/security.conf'
2017-09-28 11:24:04,592 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:04,608 [salt.state       ][INFO    ][2837] File /etc/apache2/conf-available/security.conf is in the correct state
2017-09-28 11:24:04,608 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/conf-available/security.conf] at time 11:24:04.608213 duration_in_ms=55.118
2017-09-28 11:24:04,616 [salt.state       ][INFO    ][2837] Running state [mysql-client] at time 11:24:04.615566
2017-09-28 11:24:04,616 [salt.state       ][INFO    ][2837] Executing state pkg.installed for mysql-client
2017-09-28 11:24:04,619 [salt.state       ][INFO    ][2837] Package mysql-client is already installed
2017-09-28 11:24:04,619 [salt.state       ][INFO    ][2837] Completed state [mysql-client] at time 11:24:04.619059 duration_in_ms=3.493
2017-09-28 11:24:04,619 [salt.state       ][INFO    ][2837] Running state [python-keystoneclient] at time 11:24:04.619380
2017-09-28 11:24:04,620 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-keystoneclient
2017-09-28 11:24:04,622 [salt.state       ][INFO    ][2837] Package python-keystoneclient is already installed
2017-09-28 11:24:04,623 [salt.state       ][INFO    ][2837] Completed state [python-keystoneclient] at time 11:24:04.622758 duration_in_ms=3.377
2017-09-28 11:24:04,623 [salt.state       ][INFO    ][2837] Running state [python-mysqldb] at time 11:24:04.623088
2017-09-28 11:24:04,623 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-mysqldb
2017-09-28 11:24:04,626 [salt.state       ][INFO    ][2837] Package python-mysqldb is already installed
2017-09-28 11:24:04,627 [salt.state       ][INFO    ][2837] Completed state [python-mysqldb] at time 11:24:04.626655 duration_in_ms=3.567
2017-09-28 11:24:04,627 [salt.state       ][INFO    ][2837] Running state [python-openstackclient] at time 11:24:04.626974
2017-09-28 11:24:04,627 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-openstackclient
2017-09-28 11:24:04,630 [salt.state       ][INFO    ][2837] Package python-openstackclient is already installed
2017-09-28 11:24:04,630 [salt.state       ][INFO    ][2837] Completed state [python-openstackclient] at time 11:24:04.630333 duration_in_ms=3.359
2017-09-28 11:24:04,631 [salt.state       ][INFO    ][2837] Running state [python-memcache] at time 11:24:04.630653
2017-09-28 11:24:04,631 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-memcache
2017-09-28 11:24:04,634 [salt.state       ][INFO    ][2837] Package python-memcache is already installed
2017-09-28 11:24:04,634 [salt.state       ][INFO    ][2837] Completed state [python-memcache] at time 11:24:04.634032 duration_in_ms=3.379
2017-09-28 11:24:04,634 [salt.state       ][INFO    ][2837] Running state [python-pycadf] at time 11:24:04.634362
2017-09-28 11:24:04,635 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-pycadf
2017-09-28 11:24:04,637 [salt.state       ][INFO    ][2837] Package python-pycadf is already installed
2017-09-28 11:24:04,638 [salt.state       ][INFO    ][2837] Completed state [python-pycadf] at time 11:24:04.637724 duration_in_ms=3.361
2017-09-28 11:24:04,638 [salt.state       ][INFO    ][2837] Running state [python-six] at time 11:24:04.638041
2017-09-28 11:24:04,638 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-six
2017-09-28 11:24:04,641 [salt.state       ][INFO    ][2837] Package python-six is already installed
2017-09-28 11:24:04,641 [salt.state       ][INFO    ][2837] Completed state [python-six] at time 11:24:04.641435 duration_in_ms=3.394
2017-09-28 11:24:04,642 [salt.state       ][INFO    ][2837] Running state [keystone] at time 11:24:04.641756
2017-09-28 11:24:04,642 [salt.state       ][INFO    ][2837] Executing state pkg.installed for keystone
2017-09-28 11:24:04,645 [salt.state       ][INFO    ][2837] Package keystone is already installed
2017-09-28 11:24:04,645 [salt.state       ][INFO    ][2837] Completed state [keystone] at time 11:24:04.645085 duration_in_ms=3.329
2017-09-28 11:24:04,645 [salt.state       ][INFO    ][2837] Running state [gettext-base] at time 11:24:04.645439
2017-09-28 11:24:04,646 [salt.state       ][INFO    ][2837] Executing state pkg.installed for gettext-base
2017-09-28 11:24:04,649 [salt.state       ][INFO    ][2837] Package gettext-base is already installed
2017-09-28 11:24:04,649 [salt.state       ][INFO    ][2837] Completed state [gettext-base] at time 11:24:04.648810 duration_in_ms=3.371
2017-09-28 11:24:04,649 [salt.state       ][INFO    ][2837] Running state [python-psycopg2] at time 11:24:04.649126
2017-09-28 11:24:04,649 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-psycopg2
2017-09-28 11:24:04,652 [salt.state       ][INFO    ][2837] Package python-psycopg2 is already installed
2017-09-28 11:24:04,652 [salt.state       ][INFO    ][2837] Completed state [python-psycopg2] at time 11:24:04.652423 duration_in_ms=3.297
2017-09-28 11:24:04,653 [salt.state       ][INFO    ][2837] Running state [python-keystone] at time 11:24:04.652721
2017-09-28 11:24:04,653 [salt.state       ][INFO    ][2837] Executing state pkg.installed for python-keystone
2017-09-28 11:24:04,656 [salt.state       ][INFO    ][2837] Package python-keystone is already installed
2017-09-28 11:24:04,656 [salt.state       ][INFO    ][2837] Completed state [python-keystone] at time 11:24:04.655995 duration_in_ms=3.275
2017-09-28 11:24:04,656 [salt.state       ][INFO    ][2837] Running state [/etc/keystone/policy.json] at time 11:24:04.656459
2017-09-28 11:24:04,657 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/keystone/policy.json
2017-09-28 11:24:04,657 [salt.loaded.int.states.file][WARNING ][2837] State for file: /etc/keystone/policy.json - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2017-09-28 11:24:04,658 [salt.state       ][INFO    ][2837] File /etc/keystone/policy.json exists with proper permissions. No changes made.
2017-09-28 11:24:04,658 [salt.state       ][INFO    ][2837] Completed state [/etc/keystone/policy.json] at time 11:24:04.658002 duration_in_ms=1.543
2017-09-28 11:24:04,658 [salt.state       ][INFO    ][2837] Running state [/etc/keystone/keystone-paste.ini] at time 11:24:04.658451
2017-09-28 11:24:04,659 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/keystone/keystone-paste.ini
2017-09-28 11:24:04,676 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/files/ocata/keystone-paste.ini.Debian'
2017-09-28 11:24:04,677 [salt.state       ][INFO    ][2837] File /etc/keystone/keystone-paste.ini is in the correct state
2017-09-28 11:24:04,678 [salt.state       ][INFO    ][2837] Completed state [/etc/keystone/keystone-paste.ini] at time 11:24:04.677681 duration_in_ms=19.229
2017-09-28 11:24:04,678 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 11:24:04.678009
2017-09-28 11:24:04,678 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/sites-enabled/000-default.conf
2017-09-28 11:24:04,679 [salt.state       ][INFO    ][2837] File /etc/apache2/sites-enabled/000-default.conf is not present
2017-09-28 11:24:04,679 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 11:24:04.679013 duration_in_ms=1.003
2017-09-28 11:24:04,680 [salt.state       ][INFO    ][2837] Running state [/etc/keystone/keystone.conf] at time 11:24:04.679491
2017-09-28 11:24:04,680 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/keystone/keystone.conf
2017-09-28 11:24:04,705 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/files/ocata/keystone.conf.Debian'
2017-09-28 11:24:04,782 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:24:04,795 [salt.state       ][INFO    ][2837] File /etc/keystone/keystone.conf is in the correct state
2017-09-28 11:24:04,796 [salt.state       ][INFO    ][2837] Completed state [/etc/keystone/keystone.conf] at time 11:24:04.795746 duration_in_ms=116.255
2017-09-28 11:24:04,796 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/sites-enabled/keystone.conf] at time 11:24:04.796067
2017-09-28 11:24:04,796 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/sites-enabled/keystone.conf
2017-09-28 11:24:04,797 [salt.state       ][INFO    ][2837] File /etc/apache2/sites-enabled/keystone.conf is not present
2017-09-28 11:24:04,797 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/sites-enabled/keystone.conf] at time 11:24:04.797079 duration_in_ms=1.011
2017-09-28 11:24:04,797 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/sites-enabled/wsgi-keystone.conf] at time 11:24:04.797401
2017-09-28 11:24:04,798 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/sites-enabled/wsgi-keystone.conf
2017-09-28 11:24:04,798 [salt.state       ][INFO    ][2837] File /etc/apache2/sites-enabled/wsgi-keystone.conf is not present
2017-09-28 11:24:04,798 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/sites-enabled/wsgi-keystone.conf] at time 11:24:04.798363 duration_in_ms=0.962
2017-09-28 11:24:04,799 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 11:24:04.798829
2017-09-28 11:24:04,799 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/apache2/sites-available/keystone_wsgi.conf
2017-09-28 11:24:04,817 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/files/apache.conf'
2017-09-28 11:24:04,833 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:24:04,858 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/files/ocata/wsgi-keystone.conf'
2017-09-28 11:24:04,906 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/_name.conf'
2017-09-28 11:24:04,924 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/map.jinja'
2017-09-28 11:24:04,951 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/_ssl.conf'
2017-09-28 11:24:04,970 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/_locations.conf'
2017-09-28 11:24:04,989 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'apache/files/_log.conf'
2017-09-28 11:24:04,996 [salt.state       ][INFO    ][2837] File /etc/apache2/sites-available/keystone_wsgi.conf is in the correct state
2017-09-28 11:24:04,996 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 11:24:04.996228 duration_in_ms=197.399
2017-09-28 11:24:04,997 [salt.state       ][INFO    ][2837] Running state [/etc/keystone/logging.conf] at time 11:24:04.996763
2017-09-28 11:24:04,997 [salt.state       ][INFO    ][2837] Executing state file.managed for /etc/keystone/logging.conf
2017-09-28 11:24:04,998 [salt.loaded.int.states.file][WARNING ][2837] State for file: /etc/keystone/logging.conf - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2017-09-28 11:24:04,998 [salt.state       ][INFO    ][2837] File /etc/keystone/logging.conf exists with proper permissions. No changes made.
2017-09-28 11:24:04,998 [salt.state       ][INFO    ][2837] Completed state [/etc/keystone/logging.conf] at time 11:24:04.998453 duration_in_ms=1.689
2017-09-28 11:24:04,999 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 11:24:04.998935
2017-09-28 11:24:04,999 [salt.state       ][INFO    ][2837] Executing state file.symlink for /etc/apache2/sites-enabled/keystone_wsgi.conf
2017-09-28 11:24:05,001 [salt.state       ][INFO    ][2837] Symlink /etc/apache2/sites-enabled/keystone_wsgi.conf is present and owned by root:root
2017-09-28 11:24:05,001 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 11:24:05.000818 duration_in_ms=1.884
2017-09-28 11:24:05,003 [salt.state       ][INFO    ][2837] Running state [apache2] at time 11:24:05.003160
2017-09-28 11:24:05,004 [salt.state       ][INFO    ][2837] Executing state service.running for apache2
2017-09-28 11:24:05,004 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2017-09-28 11:24:05,025 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2017-09-28 11:24:05,032 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 11:24:05,042 [salt.state       ][INFO    ][2837] The service apache2 is already running
2017-09-28 11:24:05,042 [salt.state       ][INFO    ][2837] Completed state [apache2] at time 11:24:05.041949 duration_in_ms=38.788
2017-09-28 11:24:05,043 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/conf-enabled/security.conf] at time 11:24:05.042519
2017-09-28 11:24:05,043 [salt.state       ][INFO    ][2837] Executing state file.symlink for /etc/apache2/conf-enabled/security.conf
2017-09-28 11:24:05,044 [salt.state       ][INFO    ][2837] Symlink /etc/apache2/conf-enabled/security.conf is present and owned by root:root
2017-09-28 11:24:05,044 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/conf-enabled/security.conf] at time 11:24:05.044081 duration_in_ms=1.562
2017-09-28 11:24:05,044 [salt.state       ][INFO    ][2837] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 11:24:05.044319
2017-09-28 11:24:05,045 [salt.state       ][INFO    ][2837] Executing state file.absent for /etc/apache2/sites-enabled/keystone_wsgi
2017-09-28 11:24:05,045 [salt.state       ][INFO    ][2837] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2017-09-28 11:24:05,045 [salt.state       ][INFO    ][2837] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 11:24:05.044890 duration_in_ms=0.571
2017-09-28 11:24:05,045 [salt.state       ][INFO    ][2837] Running state [keystone] at time 11:24:05.045263
2017-09-28 11:24:05,045 [salt.state       ][INFO    ][2837] Executing state service.dead for keystone
2017-09-28 11:24:05,046 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['systemctl', 'status', 'keystone.service', '-n', '0'] in directory '/root'
2017-09-28 11:24:05,056 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['systemctl', 'is-active', 'keystone.service'] in directory '/root'
2017-09-28 11:24:05,065 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command ['systemctl', 'is-enabled', 'keystone.service'] in directory '/root'
2017-09-28 11:24:05,075 [salt.state       ][INFO    ][2837] The service keystone is already dead
2017-09-28 11:24:05,075 [salt.state       ][INFO    ][2837] Completed state [keystone] at time 11:24:05.075308 duration_in_ms=30.044
2017-09-28 11:24:05,076 [salt.state       ][INFO    ][2837] Running state [/root/keystonerc] at time 11:24:05.075750
2017-09-28 11:24:05,076 [salt.state       ][INFO    ][2837] Executing state file.managed for /root/keystonerc
2017-09-28 11:24:05,113 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/files/keystonerc'
2017-09-28 11:24:05,132 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:24:05,145 [salt.state       ][INFO    ][2837] File /root/keystonerc is in the correct state
2017-09-28 11:24:05,145 [salt.state       ][INFO    ][2837] Completed state [/root/keystonerc] at time 11:24:05.145417 duration_in_ms=69.667
2017-09-28 11:24:05,146 [salt.state       ][INFO    ][2837] Running state [/root/keystonercv3] at time 11:24:05.145833
2017-09-28 11:24:05,146 [salt.state       ][INFO    ][2837] Executing state file.managed for /root/keystonercv3
2017-09-28 11:24:05,165 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/files/keystonercv3'
2017-09-28 11:24:05,181 [salt.fileclient  ][INFO    ][2837] Fetching file from saltenv 'base', ** done ** 'keystone/map.jinja'
2017-09-28 11:24:05,192 [salt.state       ][INFO    ][2837] File /root/keystonercv3 is in the correct state
2017-09-28 11:24:05,193 [salt.state       ][INFO    ][2837] Completed state [/root/keystonercv3] at time 11:24:05.192616 duration_in_ms=46.783
2017-09-28 11:24:05,193 [salt.state       ][INFO    ][2837] Running state [keystone-manage db_sync && sleep 1] at time 11:24:05.192943
2017-09-28 11:24:05,193 [salt.state       ][INFO    ][2837] Executing state cmd.run for keystone-manage db_sync && sleep 1
2017-09-28 11:24:05,194 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command 'keystone-manage db_sync && sleep 1' in directory '/root'
2017-09-28 11:24:05,768 [salt.loaded.int.module.cmdmod][ERROR   ][2837] Command 'keystone-manage db_sync && sleep 1' failed with return code: 1
2017-09-28 11:24:05,769 [salt.loaded.int.module.cmdmod][ERROR   ][2837] stderr: Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
2017-09-28 11:24:05.699 2891 CRITICAL keystone [-] KeyError: <VerNum(109)>
2017-09-28 11:24:05.699 2891 ERROR keystone Traceback (most recent call last):
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/bin/keystone-manage", line 10, in <module>
2017-09-28 11:24:05.699 2891 ERROR keystone     sys.exit(main())
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/manage.py", line 47, in main
2017-09-28 11:24:05.699 2891 ERROR keystone     cli.main(argv=sys.argv, config_files=config_files)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 1048, in main
2017-09-28 11:24:05.699 2891 ERROR keystone     CONF.command.cmd_class.main()
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 403, in main
2017-09-28 11:24:05.699 2891 ERROR keystone     migration_helpers.sync_database_to_version(extension, version)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 210, in sync_database_to_version
2017-09-28 11:24:05.699 2891 ERROR keystone     _sync_common_repo(version)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 136, in _sync_common_repo
2017-09-28 11:24:05.699 2891 ERROR keystone     init_version=init_version, sanity_check=False)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/migration.py", line 79, in db_sync
2017-09-28 11:24:05.699 2891 ERROR keystone     migration = versioning_api.upgrade(engine, repository, version)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 186, in upgrade
2017-09-28 11:24:05.699 2891 ERROR keystone     return _migrate(url, repository, version, upgrade=True, err=err, **opts)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "<decorator-gen-15>", line 2, in _migrate
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py", line 160, in with_engine
2017-09-28 11:24:05.699 2891 ERROR keystone     return f(*a, **kw)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 345, in _migrate
2017-09-28 11:24:05.699 2891 ERROR keystone     changeset = schema.changeset(version)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/schema.py", line 82, in changeset
2017-09-28 11:24:05.699 2891 ERROR keystone     changeset = self.repository.changeset(database, start_ver, version)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 225, in changeset
2017-09-28 11:24:05.699 2891 ERROR keystone     changes = [self.version(v).script(database, op) for v in versions]
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 189, in version
2017-09-28 11:24:05.699 2891 ERROR keystone     return self.versions.version(*p, **k)
2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/version.py", line 163, in version
2017-09-28 11:24:05.699 2891 ERROR keystone     return self.versions[VerNum(vernum)]
2017-09-28 11:24:05.699 2891 ERROR keystone KeyError: <VerNum(109)>
2017-09-28 11:24:05.699 2891 ERROR keystone
2017-09-28 11:24:05,769 [salt.loaded.int.module.cmdmod][ERROR   ][2837] retcode: 1
2017-09-28 11:24:05,769 [salt.state       ][ERROR   ][2837] {'pid': 2889, 'retcode': 1, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 11:24:05.699 2891 CRITICAL keystone [-] KeyError: <VerNum(109)>\n2017-09-28 11:24:05.699 2891 ERROR keystone Traceback (most recent call last):\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/bin/keystone-manage", line 10, in <module>\n2017-09-28 11:24:05.699 2891 ERROR keystone     sys.exit(main())\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/manage.py", line 47, in main\n2017-09-28 11:24:05.699 2891 ERROR keystone     cli.main(argv=sys.argv, config_files=config_files)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 1048, in main\n2017-09-28 11:24:05.699 2891 ERROR keystone     CONF.command.cmd_class.main()\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 403, in main\n2017-09-28 11:24:05.699 2891 ERROR keystone     migration_helpers.sync_database_to_version(extension, version)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 210, in sync_database_to_version\n2017-09-28 11:24:05.699 2891 ERROR keystone     _sync_common_repo(version)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/keystone/common/sql/migration_helpers.py", line 136, in _sync_common_repo\n2017-09-28 11:24:05.699 2891 ERROR keystone     init_version=init_version, sanity_check=False)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/migration.py", line 79, in db_sync\n2017-09-28 11:24:05.699 2891 ERROR keystone     migration = versioning_api.upgrade(engine, repository, version)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 186, in upgrade\n2017-09-28 11:24:05.699 2891 ERROR keystone     return _migrate(url, repository, version, upgrade=True, err=err, **opts)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "<decorator-gen-15>", line 2, in _migrate\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py", line 160, in with_engine\n2017-09-28 11:24:05.699 2891 ERROR keystone     return f(*a, **kw)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 345, in _migrate\n2017-09-28 11:24:05.699 2891 ERROR keystone     changeset = schema.changeset(version)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/schema.py", line 82, in changeset\n2017-09-28 11:24:05.699 2891 ERROR keystone     changeset = self.repository.changeset(database, start_ver, version)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 225, in changeset\n2017-09-28 11:24:05.699 2891 ERROR keystone     changes = [self.version(v).script(database, op) for v in versions]\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 189, in version\n2017-09-28 11:24:05.699 2891 ERROR keystone     return self.versions.version(*p, **k)\n2017-09-28 11:24:05.699 2891 ERROR keystone   File "/usr/lib/python2.7/dist-packages/migrate/versioning/version.py", line 163, in version\n2017-09-28 11:24:05.699 2891 ERROR keystone     return self.versions[VerNum(vernum)]\n2017-09-28 11:24:05.699 2891 ERROR keystone KeyError: <VerNum(109)>\n2017-09-28 11:24:05.699 2891 ERROR keystone', 'stdout': ''}
2017-09-28 11:24:05,770 [salt.state       ][INFO    ][2837] Completed state [keystone-manage db_sync && sleep 1] at time 11:24:05.769576 duration_in_ms=576.631
2017-09-28 11:24:05,770 [salt.state       ][INFO    ][2837] Running state [/var/lib/keystone/fernet-keys] at time 11:24:05.770182
2017-09-28 11:24:05,770 [salt.state       ][INFO    ][2837] Executing state file.directory for /var/lib/keystone/fernet-keys
2017-09-28 11:24:05,772 [salt.state       ][INFO    ][2837] Directory /var/lib/keystone/fernet-keys is in the correct state
2017-09-28 11:24:05,772 [salt.state       ][INFO    ][2837] Completed state [/var/lib/keystone/fernet-keys] at time 11:24:05.772339 duration_in_ms=2.158
2017-09-28 11:24:05,773 [salt.state       ][INFO    ][2837] Running state [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone] at time 11:24:05.773055
2017-09-28 11:24:05,773 [salt.state       ][INFO    ][2837] Executing state cmd.run for keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2017-09-28 11:24:05,774 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone' in directory '/root'
2017-09-28 11:24:06,309 [salt.state       ][INFO    ][2837] {'pid': 2896, 'retcode': 0, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 11:24:06.250 2897 INFO keystone.token.providers.fernet.utils [-] Key repository is already initialized; aborting.', 'stdout': ''}
2017-09-28 11:24:06,309 [salt.state       ][INFO    ][2837] Completed state [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone] at time 11:24:06.308934 duration_in_ms=535.876
2017-09-28 11:24:06,310 [salt.state       ][INFO    ][2837] Running state [/var/lib/keystone/credential-keys] at time 11:24:06.309506
2017-09-28 11:24:06,310 [salt.state       ][INFO    ][2837] Executing state file.directory for /var/lib/keystone/credential-keys
2017-09-28 11:24:06,312 [salt.state       ][INFO    ][2837] Directory /var/lib/keystone/credential-keys is in the correct state
2017-09-28 11:24:06,312 [salt.state       ][INFO    ][2837] Completed state [/var/lib/keystone/credential-keys] at time 11:24:06.311991 duration_in_ms=2.485
2017-09-28 11:24:06,313 [salt.state       ][INFO    ][2837] Running state [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone] at time 11:24:06.312835
2017-09-28 11:24:06,313 [salt.state       ][INFO    ][2837] Executing state cmd.run for keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2017-09-28 11:24:06,314 [salt.loaded.int.module.cmdmod][INFO    ][2837] Executing command 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' in directory '/root'
2017-09-28 11:24:06,784 [salt.loaded.int.module.cmdmod][ERROR   ][2837] Command 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' failed with return code: 2
2017-09-28 11:24:06,785 [salt.loaded.int.module.cmdmod][ERROR   ][2837] stderr: Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
usage: keystone-manage [bootstrap|db_sync|db_version|domain_config_upload|fernet_rotate|fernet_setup|mapping_purge|mapping_engine|pki_setup|saml_idp_metadata|ssl_setup|token_flush]
keystone-manage: error: argument command: invalid choice: 'credential_setup' (choose from 'bootstrap', 'db_sync', 'db_version', 'domain_config_upload', 'fernet_rotate', 'fernet_setup', 'mapping_purge', 'mapping_engine', 'pki_setup', 'saml_idp_metadata', 'ssl_setup', 'token_flush')
2017-09-28 11:24:06,785 [salt.loaded.int.module.cmdmod][ERROR   ][2837] retcode: 2
2017-09-28 11:24:06,785 [salt.state       ][ERROR   ][2837] {'pid': 2902, 'retcode': 2, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\nusage: keystone-manage [bootstrap|db_sync|db_version|domain_config_upload|fernet_rotate|fernet_setup|mapping_purge|mapping_engine|pki_setup|saml_idp_metadata|ssl_setup|token_flush]\nkeystone-manage: error: argument command: invalid choice: \'credential_setup\' (choose from \'bootstrap\', \'db_sync\', \'db_version\', \'domain_config_upload\', \'fernet_rotate\', \'fernet_setup\', \'mapping_purge\', \'mapping_engine\', \'pki_setup\', \'saml_idp_metadata\', \'ssl_setup\', \'token_flush\')', 'stdout': ''}
2017-09-28 11:24:06,786 [salt.state       ][INFO    ][2837] Completed state [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone] at time 11:24:06.786115 duration_in_ms=473.279
2017-09-28 11:24:06,788 [salt.minion      ][INFO    ][2837] Returning information for job: 20170928112400041286
2017-09-28 11:24:09,180 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928112409173528
2017-09-28 11:24:09,198 [salt.minion      ][INFO    ][2912] Starting a new job with PID 2912
2017-09-28 11:24:09,230 [salt.minion      ][INFO    ][2912] Returning information for job: 20170928112409173528
2017-09-28 11:46:03,386 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928114603376748
2017-09-28 11:46:03,409 [salt.minion      ][INFO    ][3916] Starting a new job with PID 3916
2017-09-28 11:46:05,127 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:46:05,157 [salt.fileclient  ][INFO    ][3916] Fetching file from saltenv 'base', ** done ** 'nova/init.sls'
2017-09-28 11:46:05,182 [salt.fileclient  ][INFO    ][3916] Fetching file from saltenv 'base', ** done ** 'nova/controller.sls'
2017-09-28 11:46:05,231 [salt.fileclient  ][INFO    ][3916] Fetching file from saltenv 'base', ** done ** 'nova/map.jinja'
2017-09-28 11:46:06,027 [salt.state       ][INFO    ][3916] Running state [debconf-utils] at time 11:46:06.027059
2017-09-28 11:46:06,028 [salt.state       ][INFO    ][3916] Executing state pkg.installed for debconf-utils
2017-09-28 11:46:06,028 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:46:06,487 [salt.state       ][INFO    ][3916] Package debconf-utils is already installed
2017-09-28 11:46:06,488 [salt.state       ][INFO    ][3916] Completed state [debconf-utils] at time 11:46:06.487549 duration_in_ms=460.489
2017-09-28 11:46:06,489 [salt.state       ][INFO    ][3916] Running state [nova-consoleproxy] at time 11:46:06.488654
2017-09-28 11:46:06,489 [salt.state       ][INFO    ][3916] Executing state debconf.set for nova-consoleproxy
2017-09-28 11:46:06,490 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command 'debconf-get-selections' in directory '/root'
2017-09-28 11:46:06,615 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command 'debconf-set-selections /tmp/salt-OFiJHL' in directory '/root'
2017-09-28 11:46:06,800 [salt.state       ][INFO    ][3916] {'nova-consoleproxy/daemon_type': 'novnc'}
2017-09-28 11:46:06,800 [salt.state       ][INFO    ][3916] Completed state [nova-consoleproxy] at time 11:46:06.800366 duration_in_ms=311.71
2017-09-28 11:46:06,804 [salt.state       ][INFO    ][3916] Running state [nova] at time 11:46:06.803549
2017-09-28 11:46:06,804 [salt.state       ][INFO    ][3916] Executing state group.present for nova
2017-09-28 11:46:06,805 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command 'groupadd -g 303 -r nova' in directory '/root'
2017-09-28 11:46:06,887 [salt.state       ][INFO    ][3916] {'passwd': 'x', 'gid': 303, 'name': 'nova', 'members': []}
2017-09-28 11:46:06,888 [salt.state       ][INFO    ][3916] Completed state [nova] at time 11:46:06.887538 duration_in_ms=83.987
2017-09-28 11:46:06,888 [salt.state       ][INFO    ][3916] Running state [nova] at time 11:46:06.887984
2017-09-28 11:46:06,888 [salt.state       ][INFO    ][3916] Executing state user.present for nova
2017-09-28 11:46:06,889 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['useradd', '-s', '/bin/false', '-u', '303', '-g', '303', '-m', '-d', '/var/lib/nova', '-r', 'nova'] in directory '/root'
2017-09-28 11:46:07,044 [salt.state       ][INFO    ][3916] {'shell': '/bin/false', 'workphone': '', 'uid': 303, 'passwd': 'x', 'roomnumber': '', 'groups': ['nova'], 'home': '/var/lib/nova', 'name': 'nova', 'gid': 303, 'fullname': '', 'homephone': ''}
2017-09-28 11:46:07,044 [salt.state       ][INFO    ][3916] Completed state [nova] at time 11:46:07.043915 duration_in_ms=155.929
2017-09-28 11:46:07,044 [salt.state       ][INFO    ][3916] Running state [python-novaclient] at time 11:46:07.044439
2017-09-28 11:46:07,045 [salt.state       ][INFO    ][3916] Executing state pkg.installed for python-novaclient
2017-09-28 11:46:07,048 [salt.state       ][INFO    ][3916] Package python-novaclient is already installed
2017-09-28 11:46:07,048 [salt.state       ][INFO    ][3916] Completed state [python-novaclient] at time 11:46:07.047865 duration_in_ms=3.425
2017-09-28 11:46:07,048 [salt.state       ][INFO    ][3916] Running state [nova-doc] at time 11:46:07.048306
2017-09-28 11:46:07,048 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-doc
2017-09-28 11:46:07,064 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 11:46:13,426 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114613420247
2017-09-28 11:46:13,448 [salt.minion      ][INFO    ][4221] Starting a new job with PID 4221
2017-09-28 11:46:13,463 [salt.minion      ][INFO    ][4221] Returning information for job: 20170928114613420247
2017-09-28 11:46:23,588 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114623582914
2017-09-28 11:46:23,605 [salt.minion      ][INFO    ][4226] Starting a new job with PID 4226
2017-09-28 11:46:23,619 [salt.minion      ][INFO    ][4226] Returning information for job: 20170928114623582914
2017-09-28 11:46:33,755 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114633749387
2017-09-28 11:46:33,773 [salt.minion      ][INFO    ][4236] Starting a new job with PID 4236
2017-09-28 11:46:33,787 [salt.minion      ][INFO    ][4236] Returning information for job: 20170928114633749387
2017-09-28 11:46:43,931 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114643926282
2017-09-28 11:46:43,953 [salt.minion      ][INFO    ][4241] Starting a new job with PID 4241
2017-09-28 11:46:43,966 [salt.minion      ][INFO    ][4241] Returning information for job: 20170928114643926282
2017-09-28 11:46:54,120 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114654116049
2017-09-28 11:46:54,141 [salt.minion      ][INFO    ][4251] Starting a new job with PID 4251
2017-09-28 11:46:54,153 [salt.minion      ][INFO    ][4251] Returning information for job: 20170928114654116049
2017-09-28 11:47:04,324 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114704319828
2017-09-28 11:47:04,345 [salt.minion      ][INFO    ][4256] Starting a new job with PID 4256
2017-09-28 11:47:04,357 [salt.minion      ][INFO    ][4256] Returning information for job: 20170928114704319828
2017-09-28 11:47:14,529 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114714526215
2017-09-28 11:47:14,547 [salt.minion      ][INFO    ][4266] Starting a new job with PID 4266
2017-09-28 11:47:14,560 [salt.minion      ][INFO    ][4266] Returning information for job: 20170928114714526215
2017-09-28 11:47:24,741 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114724737916
2017-09-28 11:47:24,760 [salt.minion      ][INFO    ][4271] Starting a new job with PID 4271
2017-09-28 11:47:24,774 [salt.minion      ][INFO    ][4271] Returning information for job: 20170928114724737916
2017-09-28 11:47:34,962 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114734959569
2017-09-28 11:47:34,978 [salt.minion      ][INFO    ][4276] Starting a new job with PID 4276
2017-09-28 11:47:34,992 [salt.minion      ][INFO    ][4276] Returning information for job: 20170928114734959569
2017-09-28 11:47:45,191 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114745188859
2017-09-28 11:47:45,209 [salt.minion      ][INFO    ][4286] Starting a new job with PID 4286
2017-09-28 11:47:45,223 [salt.minion      ][INFO    ][4286] Returning information for job: 20170928114745188859
2017-09-28 11:47:55,219 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114755218324
2017-09-28 11:47:55,239 [salt.minion      ][INFO    ][4291] Starting a new job with PID 4291
2017-09-28 11:47:55,251 [salt.minion      ][INFO    ][4291] Returning information for job: 20170928114755218324
2017-09-28 11:48:05,259 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114805257320
2017-09-28 11:48:05,278 [salt.minion      ][INFO    ][4301] Starting a new job with PID 4301
2017-09-28 11:48:05,290 [salt.minion      ][INFO    ][4301] Returning information for job: 20170928114805257320
2017-09-28 11:48:09,216 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-doc'] in directory '/root'
2017-09-28 11:48:12,717 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:48:12,746 [salt.state       ][INFO    ][3916] Made the following changes:
'nova-doc' changed from 'absent' to '2:13.1.4-0ubuntu3'

2017-09-28 11:48:12,757 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:48:12,771 [salt.state       ][INFO    ][3916] Completed state [nova-doc] at time 11:48:12.770868 duration_in_ms=125722.561
2017-09-28 11:48:12,776 [salt.state       ][INFO    ][3916] Running state [nova-cert] at time 11:48:12.776338
2017-09-28 11:48:12,777 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-cert
2017-09-28 11:48:12,984 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-cert'] in directory '/root'
2017-09-28 11:48:15,303 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114815303676
2017-09-28 11:48:15,317 [salt.minion      ][INFO    ][4525] Starting a new job with PID 4525
2017-09-28 11:48:15,335 [salt.minion      ][INFO    ][4525] Returning information for job: 20170928114815303676
2017-09-28 11:48:25,359 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114825357610
2017-09-28 11:48:25,377 [salt.minion      ][INFO    ][4702] Starting a new job with PID 4702
2017-09-28 11:48:25,400 [salt.minion      ][INFO    ][4702] Returning information for job: 20170928114825357610
2017-09-28 11:48:35,412 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114835413446
2017-09-28 11:48:35,429 [salt.minion      ][INFO    ][4769] Starting a new job with PID 4769
2017-09-28 11:48:35,445 [salt.minion      ][INFO    ][4769] Returning information for job: 20170928114835413446
2017-09-28 11:48:45,468 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114845468983
2017-09-28 11:48:45,488 [salt.minion      ][INFO    ][4774] Starting a new job with PID 4774
2017-09-28 11:48:45,501 [salt.minion      ][INFO    ][4774] Returning information for job: 20170928114845468983
2017-09-28 11:48:55,552 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114855553917
2017-09-28 11:48:55,566 [salt.minion      ][INFO    ][4784] Starting a new job with PID 4784
2017-09-28 11:48:55,580 [salt.minion      ][INFO    ][4784] Returning information for job: 20170928114855553917
2017-09-28 11:49:04,405 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:04,434 [salt.state       ][INFO    ][3916] Made the following changes:
'python-oslo.versionedobjects' changed from 'absent' to '1.8.0-1'
'python-os-brick' changed from 'absent' to '1.2.0-2ubuntu0.3'
'python-os-win' changed from 'absent' to '0.4.1-2'
'nova-common' changed from 'absent' to '2:13.1.4-0ubuntu3'
'python-oslo.rootwrap' changed from 'absent' to '4.1.0-2'
'python2.7-paramiko' changed from 'absent' to '1'
'python-rfc3986' changed from 'absent' to '0.2.2-0ubuntu0.16.04.1'
'python-nova' changed from 'absent' to '2:13.1.4-0ubuntu3'
'python2.7-nova' changed from 'absent' to '1'
'python-boto' changed from 'absent' to '2.38.0-1ubuntu1'
'python-paramiko' changed from 'absent' to '1.16.0-1'
'python-ecdsa' changed from 'absent' to '0.13-2'
'os-brick-common' changed from 'absent' to '1.2.0-2ubuntu0.3'
'nova-cert' changed from 'absent' to '2:13.1.4-0ubuntu3'
'python-oslo.reports' changed from 'absent' to '1.7.0-2'
'python-oslo-rootwrap' changed from 'absent' to '1'
'python2.7-boto' changed from 'absent' to '1'

2017-09-28 11:49:04,447 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:49:04,473 [salt.state       ][INFO    ][3916] Completed state [nova-cert] at time 11:49:04.472478 duration_in_ms=51696.14
2017-09-28 11:49:04,478 [salt.state       ][INFO    ][3916] Running state [nova-conductor] at time 11:49:04.478310
2017-09-28 11:49:04,479 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-conductor
2017-09-28 11:49:04,794 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-conductor'] in directory '/root'
2017-09-28 11:49:05,643 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114905645804
2017-09-28 11:49:05,660 [salt.minion      ][INFO    ][4951] Starting a new job with PID 4951
2017-09-28 11:49:05,672 [salt.minion      ][INFO    ][4951] Returning information for job: 20170928114905645804
2017-09-28 11:49:07,606 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:07,636 [salt.state       ][INFO    ][3916] Made the following changes:
'nova-conductor' changed from 'absent' to '2:13.1.4-0ubuntu3'

2017-09-28 11:49:07,647 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:49:07,665 [salt.state       ][INFO    ][3916] Completed state [nova-conductor] at time 11:49:07.664692 duration_in_ms=3186.381
2017-09-28 11:49:07,671 [salt.state       ][INFO    ][3916] Running state [novnc] at time 11:49:07.670507
2017-09-28 11:49:07,671 [salt.state       ][INFO    ][3916] Executing state pkg.installed for novnc
2017-09-28 11:49:07,886 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'novnc'] in directory '/root'
2017-09-28 11:49:11,378 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:11,407 [salt.state       ][INFO    ][3916] Made the following changes:
'novnc' changed from 'absent' to '1:0.4+dfsg+1+20131010+gitf68af8af3d-4'
'websockify' changed from 'absent' to '0.6.1+dfsg1-1'
'libjs-swfobject' changed from 'absent' to '2.2+dfsg-1'
'python-novnc' changed from 'absent' to '1:0.4+dfsg+1+20131010+gitf68af8af3d-4'

2017-09-28 11:49:11,419 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:49:11,431 [salt.state       ][INFO    ][3916] Completed state [novnc] at time 11:49:11.431399 duration_in_ms=3760.891
2017-09-28 11:49:11,437 [salt.state       ][INFO    ][3916] Running state [nova-common] at time 11:49:11.436475
2017-09-28 11:49:11,437 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-common
2017-09-28 11:49:11,722 [salt.state       ][INFO    ][3916] Package nova-common is already installed
2017-09-28 11:49:11,722 [salt.state       ][INFO    ][3916] Completed state [nova-common] at time 11:49:11.721823 duration_in_ms=285.348
2017-09-28 11:49:11,722 [salt.state       ][INFO    ][3916] Running state [nova-consoleauth] at time 11:49:11.722221
2017-09-28 11:49:11,722 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-consoleauth
2017-09-28 11:49:11,730 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-consoleauth'] in directory '/root'
2017-09-28 11:49:14,433 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:14,463 [salt.state       ][INFO    ][3916] Made the following changes:
'nova-consoleauth' changed from 'absent' to '2:13.1.4-0ubuntu3'

2017-09-28 11:49:14,475 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:49:14,488 [salt.state       ][INFO    ][3916] Completed state [nova-consoleauth] at time 11:49:14.487590 duration_in_ms=2765.368
2017-09-28 11:49:14,493 [salt.state       ][INFO    ][3916] Running state [python-pycadf] at time 11:49:14.493020
2017-09-28 11:49:14,493 [salt.state       ][INFO    ][3916] Executing state pkg.installed for python-pycadf
2017-09-28 11:49:14,716 [salt.state       ][INFO    ][3916] Package python-pycadf is already installed
2017-09-28 11:49:14,716 [salt.state       ][INFO    ][3916] Completed state [python-pycadf] at time 11:49:14.716369 duration_in_ms=223.347
2017-09-28 11:49:14,717 [salt.state       ][INFO    ][3916] Running state [python-memcache] at time 11:49:14.716942
2017-09-28 11:49:14,717 [salt.state       ][INFO    ][3916] Executing state pkg.installed for python-memcache
2017-09-28 11:49:14,720 [salt.state       ][INFO    ][3916] Package python-memcache is already installed
2017-09-28 11:49:14,720 [salt.state       ][INFO    ][3916] Completed state [python-memcache] at time 11:49:14.720374 duration_in_ms=3.432
2017-09-28 11:49:14,721 [salt.state       ][INFO    ][3916] Running state [nova-scheduler] at time 11:49:14.720894
2017-09-28 11:49:14,721 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-scheduler
2017-09-28 11:49:14,729 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-scheduler'] in directory '/root'
2017-09-28 11:49:15,744 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114915748277
2017-09-28 11:49:15,757 [salt.minion      ][INFO    ][5523] Starting a new job with PID 5523
2017-09-28 11:49:15,769 [salt.minion      ][INFO    ][5523] Returning information for job: 20170928114915748277
2017-09-28 11:49:17,391 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:17,421 [salt.state       ][INFO    ][3916] Made the following changes:
'nova-scheduler' changed from 'absent' to '2:13.1.4-0ubuntu3'

2017-09-28 11:49:17,432 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:49:17,445 [salt.state       ][INFO    ][3916] Completed state [nova-scheduler] at time 11:49:17.444940 duration_in_ms=2724.044
2017-09-28 11:49:17,450 [salt.state       ][INFO    ][3916] Running state [nova-api] at time 11:49:17.450188
2017-09-28 11:49:17,450 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-api
2017-09-28 11:49:17,670 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-api'] in directory '/root'
2017-09-28 11:49:22,186 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:22,217 [salt.state       ][INFO    ][3916] Made the following changes:
'iptables' changed from 'absent' to '1.6.0-2ubuntu3'
'nova-api' changed from 'absent' to '2:13.1.4-0ubuntu3'
'libnfnetlink0' changed from 'absent' to '1.0.1-3'

2017-09-28 11:49:22,229 [salt.state       ][INFO    ][3916] Loading fresh modules for state activity
2017-09-28 11:49:22,243 [salt.state       ][INFO    ][3916] Completed state [nova-api] at time 11:49:22.243070 duration_in_ms=4792.88
2017-09-28 11:49:22,252 [salt.state       ][INFO    ][3916] Running state [gettext-base] at time 11:49:22.252133
2017-09-28 11:49:22,253 [salt.state       ][INFO    ][3916] Executing state pkg.installed for gettext-base
2017-09-28 11:49:22,517 [salt.state       ][INFO    ][3916] Package gettext-base is already installed
2017-09-28 11:49:22,517 [salt.state       ][INFO    ][3916] Completed state [gettext-base] at time 11:49:22.516933 duration_in_ms=264.8
2017-09-28 11:49:22,517 [salt.state       ][INFO    ][3916] Running state [nova-consoleproxy] at time 11:49:22.517356
2017-09-28 11:49:22,518 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-consoleproxy
2017-09-28 11:49:22,526 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-consoleproxy'] in directory '/root'
2017-09-28 11:49:22,834 [salt.loaded.int.module.cmdmod][ERROR   ][3916] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-consoleproxy']' failed with return code: 100
2017-09-28 11:49:22,835 [salt.loaded.int.module.cmdmod][ERROR   ][3916] stdout: Reading package lists...
Building dependency tree...
Reading state information...
2017-09-28 11:49:22,835 [salt.loaded.int.module.cmdmod][ERROR   ][3916] stderr: Running scope as unit run-r4eae6fed1f1d4847ac09eef45b456b24.scope.
E: Unable to locate package nova-consoleproxy
2017-09-28 11:49:22,835 [salt.loaded.int.module.cmdmod][ERROR   ][3916] retcode: 100
2017-09-28 11:49:22,835 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:22,868 [salt.state       ][ERROR   ][3916] Problem encountered installing package(s). Additional info follows:

errors:
    - Running scope as unit run-r4eae6fed1f1d4847ac09eef45b456b24.scope.
      E: Unable to locate package nova-consoleproxy
2017-09-28 11:49:22,869 [salt.state       ][INFO    ][3916] Completed state [nova-consoleproxy] at time 11:49:22.868463 duration_in_ms=351.107
2017-09-28 11:49:22,873 [salt.state       ][INFO    ][3916] Running state [nova-manage cell_v2 map_cell0] at time 11:49:22.872578
2017-09-28 11:49:22,873 [salt.state       ][INFO    ][3916] Executing state cmd.run for nova-manage cell_v2 map_cell0
2017-09-28 11:49:22,873 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command 'nova-manage cell_v2 map_cell0' in directory '/root'
2017-09-28 11:49:24,562 [salt.loaded.int.module.cmdmod][ERROR   ][3916] Command 'nova-manage cell_v2 map_cell0' failed with return code: 2
2017-09-28 11:49:24,563 [salt.loaded.int.module.cmdmod][ERROR   ][3916] stderr: Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".
Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
usage: nova-manage cell_v2 [-h] {map_cell_and_hosts,map_instances} ...
nova-manage cell_v2: error: argument action: invalid choice: 'map_cell0' (choose from 'map_cell_and_hosts', 'map_instances')
2017-09-28 11:49:24,563 [salt.loaded.int.module.cmdmod][ERROR   ][3916] retcode: 2
2017-09-28 11:49:24,563 [salt.state       ][ERROR   ][3916] {'pid': 5900, 'retcode': 2, 'stderr': 'Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".\nOption "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\nusage: nova-manage cell_v2 [-h] {map_cell_and_hosts,map_instances} ...\nnova-manage cell_v2: error: argument action: invalid choice: \'map_cell0\' (choose from \'map_cell_and_hosts\', \'map_instances\')', 'stdout': ''}
2017-09-28 11:49:24,563 [salt.state       ][INFO    ][3916] Completed state [nova-manage cell_v2 map_cell0] at time 11:49:24.563312 duration_in_ms=1690.732
2017-09-28 11:49:24,564 [salt.state       ][INFO    ][3916] Running state [nova-manage cell_v2 create_cell --name=cell1] at time 11:49:24.563555
2017-09-28 11:49:24,564 [salt.state       ][INFO    ][3916] Executing state cmd.run for nova-manage cell_v2 create_cell --name=cell1
2017-09-28 11:49:24,564 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command 'nova-manage cell_v2 list_cells | grep cell1' in directory '/root'
2017-09-28 11:49:25,860 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928114925851872
2017-09-28 11:49:25,875 [salt.minion      ][INFO    ][6006] Starting a new job with PID 6006
2017-09-28 11:49:25,888 [salt.minion      ][INFO    ][6006] Returning information for job: 20170928114925851872
2017-09-28 11:49:26,207 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command 'nova-manage cell_v2 create_cell --name=cell1' in directory '/root'
2017-09-28 11:49:27,920 [salt.loaded.int.module.cmdmod][ERROR   ][3916] Command 'nova-manage cell_v2 create_cell --name=cell1' failed with return code: 2
2017-09-28 11:49:27,921 [salt.loaded.int.module.cmdmod][ERROR   ][3916] stderr: Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".
Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
usage: nova-manage cell_v2 [-h] {map_cell_and_hosts,map_instances} ...
nova-manage cell_v2: error: argument action: invalid choice: 'create_cell' (choose from 'map_cell_and_hosts', 'map_instances')
2017-09-28 11:49:27,921 [salt.loaded.int.module.cmdmod][ERROR   ][3916] retcode: 2
2017-09-28 11:49:27,921 [salt.state       ][ERROR   ][3916] {'pid': 6009, 'retcode': 2, 'stderr': 'Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".\nOption "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\nusage: nova-manage cell_v2 [-h] {map_cell_and_hosts,map_instances} ...\nnova-manage cell_v2: error: argument action: invalid choice: \'create_cell\' (choose from \'map_cell_and_hosts\', \'map_instances\')', 'stdout': ''}
2017-09-28 11:49:27,921 [salt.state       ][INFO    ][3916] Completed state [nova-manage cell_v2 create_cell --name=cell1] at time 11:49:27.921074 duration_in_ms=3357.517
2017-09-28 11:49:27,921 [salt.state       ][INFO    ][3916] Running state [/etc/systemd/system/nova-placement-api.service] at time 11:49:27.921309
2017-09-28 11:49:27,922 [salt.state       ][INFO    ][3916] Executing state file.symlink for /etc/systemd/system/nova-placement-api.service
2017-09-28 11:49:27,923 [salt.state       ][INFO    ][3916] {'new': '/etc/systemd/system/nova-placement-api.service'}
2017-09-28 11:49:27,923 [salt.state       ][INFO    ][3916] Completed state [/etc/systemd/system/nova-placement-api.service] at time 11:49:27.922791 duration_in_ms=1.482
2017-09-28 11:49:27,923 [salt.state       ][INFO    ][3916] Running state [nova-placement-api] at time 11:49:27.923349
2017-09-28 11:49:27,924 [salt.state       ][INFO    ][3916] Executing state pkg.installed for nova-placement-api
2017-09-28 11:49:27,932 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-placement-api'] in directory '/root'
2017-09-28 11:49:28,229 [salt.loaded.int.module.cmdmod][ERROR   ][3916] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-placement-api']' failed with return code: 100
2017-09-28 11:49:28,230 [salt.loaded.int.module.cmdmod][ERROR   ][3916] stdout: Reading package lists...
Building dependency tree...
Reading state information...
2017-09-28 11:49:28,230 [salt.loaded.int.module.cmdmod][ERROR   ][3916] stderr: Running scope as unit run-rebfebcefad7c4201a1d1446dfad21a4d.scope.
E: Unable to locate package nova-placement-api
2017-09-28 11:49:28,230 [salt.loaded.int.module.cmdmod][ERROR   ][3916] retcode: 100
2017-09-28 11:49:28,231 [salt.loaded.int.module.cmdmod][INFO    ][3916] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:49:28,262 [salt.state       ][ERROR   ][3916] Problem encountered installing package(s). Additional info follows:

errors:
    - Running scope as unit run-rebfebcefad7c4201a1d1446dfad21a4d.scope.
      E: Unable to locate package nova-placement-api
2017-09-28 11:49:28,262 [salt.state       ][INFO    ][3916] Completed state [nova-placement-api] at time 11:49:28.261839 duration_in_ms=338.489
2017-09-28 11:49:28,263 [salt.state       ][INFO    ][3916] Running state [/etc/apache2/sites-enabled/nova-placement-api.conf] at time 11:49:28.262605
2017-09-28 11:49:28,263 [salt.state       ][INFO    ][3916] Executing state file.symlink for /etc/apache2/sites-enabled/nova-placement-api.conf
2017-09-28 11:49:28,264 [salt.state       ][INFO    ][3916] {'new': '/etc/apache2/sites-enabled/nova-placement-api.conf'}
2017-09-28 11:49:28,264 [salt.state       ][INFO    ][3916] Completed state [/etc/apache2/sites-enabled/nova-placement-api.conf] at time 11:49:28.264004 duration_in_ms=1.399
2017-09-28 11:49:28,270 [salt.minion      ][INFO    ][3916] Returning information for job: 20170928114603376748
2017-09-28 11:49:29,364 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928114929365531
2017-09-28 11:49:29,377 [salt.minion      ][INFO    ][6058] Starting a new job with PID 6058
2017-09-28 11:49:29,409 [salt.minion      ][INFO    ][6058] Returning information for job: 20170928114929365531
2017-09-28 11:59:09,635 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928115909631205
2017-09-28 11:59:09,654 [salt.minion      ][INFO    ][10512] Starting a new job with PID 10512
2017-09-28 11:59:11,312 [salt.state       ][INFO    ][10512] Loading fresh modules for state activity
2017-09-28 11:59:11,339 [salt.fileclient  ][INFO    ][10512] Fetching file from saltenv 'base', ** done ** 'heat/init.sls'
2017-09-28 11:59:11,361 [salt.fileclient  ][INFO    ][10512] Fetching file from saltenv 'base', ** done ** 'heat/server.sls'
2017-09-28 11:59:11,391 [salt.fileclient  ][INFO    ][10512] Fetching file from saltenv 'base', ** done ** 'heat/map.jinja'
2017-09-28 11:59:12,179 [salt.state       ][INFO    ][10512] Running state [heat-api-cloudwatch] at time 11:59:12.178704
2017-09-28 11:59:12,179 [salt.state       ][INFO    ][10512] Executing state pkg.installed for heat-api-cloudwatch
2017-09-28 11:59:12,179 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 11:59:12,639 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 11:59:19,679 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928115919671462
2017-09-28 11:59:19,694 [salt.minion      ][INFO    ][10870] Starting a new job with PID 10870
2017-09-28 11:59:19,705 [salt.minion      ][INFO    ][10870] Returning information for job: 20170928115919671462
2017-09-28 11:59:29,821 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928115929813194
2017-09-28 11:59:29,837 [salt.minion      ][INFO    ][10954] Starting a new job with PID 10954
2017-09-28 11:59:29,847 [salt.minion      ][INFO    ][10954] Returning information for job: 20170928115929813194
2017-09-28 11:59:39,969 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928115939961531
2017-09-28 11:59:39,985 [salt.minion      ][INFO    ][11031] Starting a new job with PID 11031
2017-09-28 11:59:39,997 [salt.minion      ][INFO    ][11031] Returning information for job: 20170928115939961531
2017-09-28 11:59:50,121 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928115950114531
2017-09-28 11:59:50,137 [salt.minion      ][INFO    ][11108] Starting a new job with PID 11108
2017-09-28 11:59:50,149 [salt.minion      ][INFO    ][11108] Returning information for job: 20170928115950114531
2017-09-28 12:00:00,279 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120000274194
2017-09-28 12:00:00,297 [salt.minion      ][INFO    ][11175] Starting a new job with PID 11175
2017-09-28 12:00:00,309 [salt.minion      ][INFO    ][11175] Returning information for job: 20170928120000274194
2017-09-28 12:00:10,446 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120010440823
2017-09-28 12:00:10,465 [salt.minion      ][INFO    ][11263] Starting a new job with PID 11263
2017-09-28 12:00:10,476 [salt.minion      ][INFO    ][11263] Returning information for job: 20170928120010440823
2017-09-28 12:00:20,615 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120020609221
2017-09-28 12:00:20,633 [salt.minion      ][INFO    ][11349] Starting a new job with PID 11349
2017-09-28 12:00:20,645 [salt.minion      ][INFO    ][11349] Returning information for job: 20170928120020609221
2017-09-28 12:00:30,786 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120030780708
2017-09-28 12:00:30,800 [salt.minion      ][INFO    ][11426] Starting a new job with PID 11426
2017-09-28 12:00:30,811 [salt.minion      ][INFO    ][11426] Returning information for job: 20170928120030780708
2017-09-28 12:00:40,962 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120040959173
2017-09-28 12:00:40,978 [salt.minion      ][INFO    ][11503] Starting a new job with PID 11503
2017-09-28 12:00:40,989 [salt.minion      ][INFO    ][11503] Returning information for job: 20170928120040959173
2017-09-28 12:00:51,141 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120051138586
2017-09-28 12:00:51,156 [salt.minion      ][INFO    ][11585] Starting a new job with PID 11585
2017-09-28 12:00:51,167 [salt.minion      ][INFO    ][11585] Returning information for job: 20170928120051138586
2017-09-28 12:01:01,328 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120101325599
2017-09-28 12:01:01,345 [salt.minion      ][INFO    ][11662] Starting a new job with PID 11662
2017-09-28 12:01:01,357 [salt.minion      ][INFO    ][11662] Returning information for job: 20170928120101325599
2017-09-28 12:01:11,521 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120111518938
2017-09-28 12:01:11,539 [salt.minion      ][INFO    ][11744] Starting a new job with PID 11744
2017-09-28 12:01:11,550 [salt.minion      ][INFO    ][11744] Returning information for job: 20170928120111518938
2017-09-28 12:01:14,458 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-api-cloudwatch'] in directory '/root'
2017-09-28 12:01:21,720 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120121717690
2017-09-28 12:01:21,734 [salt.minion      ][INFO    ][12083] Starting a new job with PID 12083
2017-09-28 12:01:21,751 [salt.minion      ][INFO    ][12083] Returning information for job: 20170928120121717690
2017-09-28 12:01:29,615 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:01:29,641 [salt.state       ][INFO    ][10512] Made the following changes:
'python-magnumclient' changed from 'absent' to '2.0.0-1'
'python-ceilometerclient' changed from 'absent' to '2.4.0-2'
'python-manilaclient' changed from 'absent' to '1.8.1-2'
'python-heatclient' changed from 'absent' to '1.1.0-2'
'python-zaqarclient' changed from 'absent' to '1.0.0-3'
'python-senlinclient' changed from 'absent' to '0.4.0-2'
'python-barbicanclient' changed from 'absent' to '4.0.1-2'
'heat-api-cloudwatch' changed from 'absent' to '1:6.1.2-0ubuntu1'
'python-croniter' changed from 'absent' to '0.3.8-1'
'python-mistralclient' changed from 'absent' to '1:2.0.0-3'
'heat-common' changed from 'absent' to '1:6.1.2-0ubuntu1'
'python-designateclient' changed from 'absent' to '2.1.0-2'
'python-troveclient' changed from 'absent' to '1:2.1.1-2'
'python-heat' changed from 'absent' to '1:6.1.2-0ubuntu1'
'python-saharaclient' changed from 'absent' to '0.14.0-2'
'python-swiftclient' changed from 'absent' to '1:3.0.0-0ubuntu1'

2017-09-28 12:01:29,655 [salt.state       ][INFO    ][10512] Loading fresh modules for state activity
2017-09-28 12:01:29,669 [salt.state       ][INFO    ][10512] Completed state [heat-api-cloudwatch] at time 12:01:29.668627 duration_in_ms=137489.918
2017-09-28 12:01:29,674 [salt.state       ][INFO    ][10512] Running state [heat-api-cfn] at time 12:01:29.674139
2017-09-28 12:01:29,674 [salt.state       ][INFO    ][10512] Executing state pkg.installed for heat-api-cfn
2017-09-28 12:01:29,922 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-api-cfn'] in directory '/root'
2017-09-28 12:01:31,926 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120131924402
2017-09-28 12:01:31,940 [salt.minion      ][INFO    ][12552] Starting a new job with PID 12552
2017-09-28 12:01:31,954 [salt.minion      ][INFO    ][12552] Returning information for job: 20170928120131924402
2017-09-28 12:01:32,630 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:01:32,656 [salt.state       ][INFO    ][10512] Made the following changes:
'heat-api-cfn' changed from 'absent' to '1:6.1.2-0ubuntu1'

2017-09-28 12:01:32,667 [salt.state       ][INFO    ][10512] Loading fresh modules for state activity
2017-09-28 12:01:32,691 [salt.state       ][INFO    ][10512] Completed state [heat-api-cfn] at time 12:01:32.691120 duration_in_ms=3016.98
2017-09-28 12:01:32,696 [salt.state       ][INFO    ][10512] Running state [python-heatclient] at time 12:01:32.695642
2017-09-28 12:01:32,696 [salt.state       ][INFO    ][10512] Executing state pkg.installed for python-heatclient
2017-09-28 12:01:32,905 [salt.state       ][INFO    ][10512] Package python-heatclient is already installed
2017-09-28 12:01:32,905 [salt.state       ][INFO    ][10512] Completed state [python-heatclient] at time 12:01:32.905266 duration_in_ms=209.624
2017-09-28 12:01:32,905 [salt.state       ][INFO    ][10512] Running state [heat-common] at time 12:01:32.905443
2017-09-28 12:01:32,906 [salt.state       ][INFO    ][10512] Executing state pkg.installed for heat-common
2017-09-28 12:01:32,908 [salt.state       ][INFO    ][10512] Package heat-common is already installed
2017-09-28 12:01:32,908 [salt.state       ][INFO    ][10512] Completed state [heat-common] at time 12:01:32.908469 duration_in_ms=3.025
2017-09-28 12:01:32,909 [salt.state       ][INFO    ][10512] Running state [gettext-base] at time 12:01:32.908625
2017-09-28 12:01:32,909 [salt.state       ][INFO    ][10512] Executing state pkg.installed for gettext-base
2017-09-28 12:01:32,912 [salt.state       ][INFO    ][10512] Package gettext-base is already installed
2017-09-28 12:01:32,912 [salt.state       ][INFO    ][10512] Completed state [gettext-base] at time 12:01:32.911628 duration_in_ms=3.003
2017-09-28 12:01:32,912 [salt.state       ][INFO    ][10512] Running state [heat-engine] at time 12:01:32.911785
2017-09-28 12:01:32,912 [salt.state       ][INFO    ][10512] Executing state pkg.installed for heat-engine
2017-09-28 12:01:32,920 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-engine'] in directory '/root'
2017-09-28 12:01:35,587 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:01:35,612 [salt.state       ][INFO    ][10512] Made the following changes:
'heat-engine' changed from 'absent' to '1:6.1.2-0ubuntu1'

2017-09-28 12:01:35,624 [salt.state       ][INFO    ][10512] Loading fresh modules for state activity
2017-09-28 12:01:35,637 [salt.state       ][INFO    ][10512] Completed state [heat-engine] at time 12:01:35.636509 duration_in_ms=2724.724
2017-09-28 12:01:35,641 [salt.state       ][INFO    ][10512] Running state [heat-api] at time 12:01:35.641363
2017-09-28 12:01:35,642 [salt.state       ][INFO    ][10512] Executing state pkg.installed for heat-api
2017-09-28 12:01:35,853 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-api'] in directory '/root'
2017-09-28 12:01:38,517 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:01:38,542 [salt.state       ][INFO    ][10512] Made the following changes:
'heat-api' changed from 'absent' to '1:6.1.2-0ubuntu1'

2017-09-28 12:01:38,554 [salt.state       ][INFO    ][10512] Loading fresh modules for state activity
2017-09-28 12:01:38,567 [salt.state       ][INFO    ][10512] Completed state [heat-api] at time 12:01:38.566581 duration_in_ms=2925.218
2017-09-28 12:01:38,569 [salt.state       ][INFO    ][10512] Running state [/etc/heat/heat.conf] at time 12:01:38.568771
2017-09-28 12:01:38,569 [salt.state       ][INFO    ][10512] Executing state file.managed for /etc/heat/heat.conf
2017-09-28 12:01:38,603 [salt.fileclient  ][INFO    ][10512] Fetching file from saltenv 'base', ** done ** 'heat/files/ocata/heat.conf.Debian'
2017-09-28 12:01:38,672 [salt.fileclient  ][INFO    ][10512] Fetching file from saltenv 'base', ** done ** 'heat/map.jinja'
2017-09-28 12:01:38,776 [salt.state       ][INFO    ][10512] File changed:
--- 
+++ 
@@ -1,4 +1,272 @@
+
 [DEFAULT]
+
+#
+# From heat.api.middleware.ssl
+#
+region_name_for_services=RegionOne
+
+# The HTTP Header that will be used to determine what the original request
+# protocol scheme was, even if it was removed by an SSL terminator proxy.
+# (string value)
+# Deprecated group/name - [DEFAULT]/secure_proxy_ssl_header
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+#
+# From heat.common.config
+#
+
+# Name of the engine node. This can be an opaque identifier. It is not
+# necessarily a hostname, FQDN, or IP address. (string value)
+#host = lgw01-02
+
+# List of directories to search for plug-ins. (list value)
+#plugin_dirs = /usr/lib64/heat,/usr/lib/heat,/usr/local/lib/heat,/usr/local/lib64/heat
+
+# The directory to search for environment files. (string value)
+#environment_dir = /etc/heat/environment.d
+
+# The directory to search for template files. (string value)
+#template_dir = /etc/heat/templates
+
+# Select deferred auth method, stored password or trusts. (string value)
+# Allowed values: password, trusts
+#deferred_auth_method = trusts
+
+# Allow reauthentication on token expiry, such that long-running tasks may
+# complete. Note this defeats the expiry of any provided user tokens. (string
+# value)
+# Allowed values: '', trusts
+#reauthentication_auth_method =
+
+# Gap, in seconds, to determine whether the given token is about to expire.
+# (integer value)
+#stale_token_duration = 30
+
+# Subset of trustor roles to be delegated to heat. If left unset, all roles of
+# a user will be delegated to heat when creating a stack. (list value)
+#trusts_delegated_roles =
+
+# Maximum resources allowed per top-level stack. -1 stands for unlimited.
+# (integer value)
+#max_resources_per_stack = 1000
+
+# Maximum number of stacks any one tenant may have active at one time. (integer
+# value)
+#max_stacks_per_tenant = 100
+
+# Number of times to retry to bring a resource to a non-error state. Set to 0
+# to disable retries. (integer value)
+#action_retry_limit = 5
+
+# Number of times to retry when a client encounters an expected intermittent
+# error. Set to 0 to disable retries. (integer value)
+#client_retry_limit = 2
+
+# Maximum length of a server name to be used in nova. (integer value)
+# Maximum value: 53
+#max_server_name_length = 53
+
+# Number of times to check whether an interface has been attached or detached.
+# (integer value)
+# Minimum value: 1
+#max_interface_check_attempts = 10
+
+# Controls how many events will be pruned whenever a stack's events are purged.
+# Set this lower to keep more events at the expense of more frequent purges.
+# (integer value)
+# Minimum value: 1
+#event_purge_batch_size = 200
+
+# Rough number of maximum events that will be available per stack. Actual
+# number of events can be a bit higher since purge checks take place randomly
+# 200/event_purge_batch_size percent of the time. Older events are deleted when
+# events are purged. Set to 0 for unlimited events per stack. (integer value)
+#max_events_per_stack = 1000
+
+# Timeout in seconds for stack action (ie. create or update). (integer value)
+#stack_action_timeout = 3600
+
+# The amount of time in seconds after an error has occurred that tasks may
+# continue to run before being cancelled. (integer value)
+#error_wait_time = 240
+
+# RPC timeout for the engine liveness check that is used for stack locking.
+# (integer value)
+#engine_life_check_timeout = 2
+
+# Enable the legacy OS::Heat::CWLiteAlarm resource. (boolean value)
+#enable_cloud_watch_lite = false
+
+# Enable the preview Stack Abandon feature. (boolean value)
+#enable_stack_abandon = false
+
+# Enable the preview Stack Adopt feature. (boolean value)
+#enable_stack_adopt = false
+
+# Enables engine with convergence architecture. All stacks with this option
+# will be created using convergence engine. (boolean value)
+#convergence_engine = true
+
+# On update, enables heat to collect existing resource properties from reality
+# and converge to updated template. (boolean value)
+#observe_on_update = false
+
+# Template default for how the server should receive the metadata required for
+# software configuration. POLL_SERVER_CFN will allow calls to the cfn API
+# action DescribeStackResource authenticated with the provided keypair
+# (requires enabled heat-api-cfn). POLL_SERVER_HEAT will allow calls to the
+# Heat API resource-show using the provided keystone credentials (requires
+# keystone v3 API, and configured stack_user_* config options). POLL_TEMP_URL
+# will create and populate a Swift TempURL with metadata for polling (requires
+# object-store endpoint which supports TempURL).ZAQAR_MESSAGE will create a
+# dedicated zaqar queue and post the metadata for polling. (string value)
+# Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE
+#default_software_config_transport = POLL_SERVER_CFN
+
+# Template default for how the server should signal to heat with the deployment
+# output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL
+# (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will create a Swift TempURL
+# to be signaled via HTTP PUT (requires object-store endpoint which supports
+# TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using
+# the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar
+# queue to be signaled using the provided keystone credentials. (string value)
+# Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, ZAQAR_SIGNAL
+#default_deployment_signal_transport = CFN_SIGNAL
+
+# Template default for how the user_data should be formatted for the server.
+# For HEAT_CFNTOOLS, the user_data is bundled as part of the heat-cfntools
+# cloud-init boot configuration data. For RAW the user_data is passed to Nova
+# unmodified. For SOFTWARE_CONFIG user_data is bundled as part of the software
+# config data, and metadata is derived from any associated SoftwareDeployment
+# resources. (string value)
+# Allowed values: HEAT_CFNTOOLS, RAW, SOFTWARE_CONFIG
+#default_user_data_format = HEAT_CFNTOOLS
+
+# Stacks containing these tag names will be hidden. Multiple tags should be
+# given in a comma-delimited list (eg. hidden_stack_tags=hide_me,me_too). (list
+# value)
+#hidden_stack_tags = data-processing-cluster
+
+# Deprecated. (string value)
+#onready = <None>
+
+# When this feature is enabled, scheduler hints identifying the heat stack
+# context of a server or volume resource are passed to the configured
+# schedulers in nova and cinder, for creates done using heat resource types
+# OS::Cinder::Volume, OS::Nova::Server, and AWS::EC2::Instance.
+# heat_root_stack_id will be set to the id of the root stack of the resource,
+# heat_stack_id will be set to the id of the resource's parent stack,
+# heat_stack_name will be set to the name of the resource's parent stack,
+# heat_path_in_stack will be set to a list of comma delimited strings of
+# stackresourcename and stackname with list[0] being 'rootstackname',
+# heat_resource_name will be set to the resource's name, and heat_resource_uuid
+# will be set to the resource's orchestration id. (boolean value)
+#stack_scheduler_hints = false
+
+# Encrypt template parameters that were marked as hidden and also all the
+# resource properties before storing them in database. (boolean value)
+#encrypt_parameters_and_properties = false
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 60
+
+# URL of the Heat metadata server. NOTE: Setting this is only needed if you
+# require instances to use a different endpoint than in the keystone catalog
+# (string value)
+#heat_metadata_server_url = <None>
+heat_metadata_server_url=https://10.167.4.80:8000
+
+# URL of the Heat waitcondition server. (string value)
+#heat_waitcondition_server_url = <None>
+heat_waitcondition_server_url=https://10.167.4.80:8000/v1/waitcondition
+
+# URL of the Heat CloudWatch server. (string value)
+#heat_watch_server_url =
+heat_watch_server_url=https://10.167.4.80:8003
+
+# Instance connection to CFN/CW API via https. (string value)
+#instance_connection_is_secure = 0
+instance_connection_is_secure=0
+
+# Instance connection to CFN/CW API validate certs if SSL is used. (string
+# value)
+#instance_connection_https_validate_certificates = 1
+
+# Default region name used to get services endpoints. (string value)
+#region_name_for_services = <None>
+
+# Keystone role for heat template-defined users. (string value)
+#heat_stack_user_role = heat_stack_user
+
+# Keystone domain ID which contains heat template-defined users. If this option
+# is set, stack_user_domain_name option will be ignored. (string value)
+# Deprecated group/name - [DEFAULT]/stack_user_domain
+#stack_user_domain_id = <None>
+
+# Keystone domain name which contains heat template-defined users. If
+# `stack_user_domain_id` option is set, this option is ignored. (string value)
+#stack_user_domain_name = <None>
+
+# Keystone username, a user with roles sufficient to manage
+# users and projects in the stack_user_domain. (string value)
+stack_domain_admin = heat_domain_admin
+
+# Keystone password for stack_domain_admin user. (string
+# value)
+stack_domain_admin_password=opnfv_secret
+
+stack_user_domain_name = heat_user_domain
+
+# Maximum raw byte size of any template. (integer value)
+#max_template_size = 524288
+
+# Maximum depth allowed when using nested stacks. (integer value)
+#max_nested_stack_depth = 5
+
+# Number of heat-engine processes to fork and run. Will default to either to 4
+# or number of CPUs on the host, whichever is greater. (integer value)
+#num_engine_workers = <None>
+
+#
+# From heat.common.crypt
+#
+
+# Key used to encrypt authentication info in the database. Length of this key
+# must be 32 characters. (string value)
+#auth_encryption_key = notgood but just long enough i t
+
+#
+# From heat.common.wsgi
+#
+
+# Maximum raw byte size of JSON request body. Should be larger than
+# max_template_size. (integer value)
+#max_json_body_size = 1048576
+
+#
+# From heat.engine.clients
+#
+
+# Fully qualified class name to use as a client backend. (string value)
+#cloud_backend = heat.engine.clients.OpenStackClients
+
+#
+# From heat.engine.notification
+#
+
+# Default notification level for outgoingnotifications. (string value)
+#default_notification_level = INFO
+
+# Default publisher_id for outgoing notifications. (string value)
+#default_publisher_id = <None>
+
+#
+# From heat.engine.resources
+#
+
+# Custom template for the built-in loadbalancer nested stack. (string value)
+#loadbalancer_template = <None>
 
 #
 # From oslo.log
@@ -6,13 +274,15 @@
 
 # If set to true, the logging level will be set to DEBUG instead of the default
 # INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
 
-# If set to false, the logging level will be set to WARNING instead of the
-# default INFO level. (boolean value)
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
+verbose = true
 
 # The name of a logging configuration file. This file is appended to any
 # existing logging configuration files. For details about logging configuration
@@ -20,6 +290,7 @@
 # configuration files are used then all logging configuration is set in the
 # configuration file and other logging configuration options are ignored (for
 # example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
@@ -33,6 +304,7 @@
 # log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
+log_file=/var/log/heat/heat.log
 
 # (Optional) The base directory used for relative log_file  paths. This option
 # is ignored if log_config_append is set. (string value)
@@ -57,7 +329,7 @@
 
 # Log output to standard error. This option is ignored if log_config_append is
 # set. (boolean value)
-#use_stderr = true
+#use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
@@ -92,6 +364,18 @@
 # value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
@@ -103,62 +387,165 @@
 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
 #rpc_conn_pool_size = 30
 
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
 # The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, dummy
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
 #rpc_zmq_matchmaker = redis
 
-# Type of concurrency used. Either "native" or "eventlet" (string value)
-#rpc_zmq_concurrency = eventlet
-
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
 #rpc_zmq_contexts = 1
 
 # Maximum number of ingress messages to locally buffer per topic. Default is
 # unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
 #rpc_zmq_topic_backlog = <None>
 
 # Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
 #rpc_zmq_ipc_dir = /var/run/openstack
 
 # Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
 # "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
 #rpc_zmq_host = localhost
 
-# Seconds to wait before a cast expires (TTL). The default value of -1
-# specifies an infinite linger period. The value of 0 specifies no linger
-# period. Pending messages shall be discarded immediately when the socket is
-# closed. Only supported by impl_zmq. (integer value)
-#rpc_cast_timeout = -1
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
 
 # The default number of seconds that poll should wait. Poll raises timeout
 # exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
 #rpc_poll_timeout = 1
 
 # Expiration timeout in seconds of a name service record about existing target
 # ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 120
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
 
 # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#use_pub_sub = true
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
 
 # Minimal port number for random ports range. (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#rpc_zmq_min_port = 49152
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
 
 # Maximal port number for random ports range. (integer value)
 # Minimum value: 1
 # Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
 #rpc_zmq_max_port = 65536
 
 # Number of retries to find free port number before fail with ZMQBindError.
 # (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
 #rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
 
 # Size of executor thread pool. (integer value)
 # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
@@ -166,14 +553,17 @@
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
-
-# A URL representing the messaging driver to use and its full configuration. If
-# not set, we fall back to the rpc_backend option and driver specific
-# configuration. (string value)
+rpc_response_timeout = 600
+
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
 #transport_url = <None>
-
-# The messaging driver to use, defaults to rabbit. Other drivers include amqp
-# and zmq. (string value)
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.41:5672,openstack:opnfv_secret@10.167.4.42:5672,openstack:opnfv_secret@10.167.4.43:5672//openstack
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rpc_backend = rabbit
 
 # The default exchange under which topics are scoped. May be overridden by an
@@ -213,6 +603,495 @@
 # Specify a timeout after which a gracefully shutdown server will exit. Zero
 # value means endless wait. (integer value)
 #graceful_shutdown_timeout = 60
+max_resources_per_stack=20000
+max_json_body_size=10880000
+max_template_size=5440000
+
+[auth_password]
+
+#
+# From heat.common.config
+#
+
+# Allow orchestration of multiple clouds. (boolean value)
+#multi_cloud = false
+
+# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least
+# one endpoint needs to be specified. (list value)
+#allowed_auth_uris =
+
+
+[clients]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = publicURL
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = false
+
+
+[clients_aodh]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_barbican]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_ceilometer]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_cinder]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+# Allow client's debug log output. (boolean value)
+#http_log_debug = false
+
+
+[clients_designate]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_glance]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_heat]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+# Optional heat url in format like http://0.0.0.0:8004/v1/%(tenant_id)s.
+# (string value)
+#url =
+
+
+[clients_keystone]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+# Unversioned keystone url in format like http://0.0.0.0:5000. (string value)
+#auth_uri =
+
+
+[clients_magnum]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_manila]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_mistral]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_monasca]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_neutron]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_nova]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+# Allow client's debug log output. (boolean value)
+#http_log_debug = false
+
+
+[clients_sahara]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_senlin]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_swift]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_trove]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_zaqar]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
 
 
 [cors]
@@ -222,7 +1101,8 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (list value)
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -230,17 +1110,18 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
+
 # Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
 
 
 [cors.subdomain]
@@ -250,7 +1131,8 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (list value)
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -258,17 +1140,17 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
 # Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
 
 
 [database]
@@ -277,8 +1159,12 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect
+# the database.
 #sqlite_db = oslo.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
@@ -295,6 +1181,7 @@
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
+connection = mysql+pymysql://heat:opnfv_secret@10.167.4.50/heat?charset=utf8
 
 # The SQLAlchemy connection string to use to connect to the slave database.
 # (string value)
@@ -317,16 +1204,19 @@
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
+#max_pool_size = 5
+max_pool_size = 30
 
 # Maximum number of database connection retries during startup. Set to -1 to
 # specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
+max_retries = -1
 
 # Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
@@ -337,9 +1227,12 @@
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
+max_overflow = 60
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
 # value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -371,13 +1264,231 @@
 #db_max_retries = 20
 
 
+[ec2authtoken]
+
+#
+# Options defined in heat.api.aws.ec2token
+#
+
+# Authentication Endpoint URI. (string value)
+auth_uri=http://10.167.4.10:5000/v2.0
+
+# Allow orchestration of multiple clouds. (boolean value)
+#multi_cloud=false
+
+# Allowed keystone endpoints for auth_uri when multi_cloud is
+# enabled. At least one endpoint needs to be specified. (list
+# value)
+#allowed_auth_uris=
+
+keystone_ec2_uri=http://10.167.4.10:5000/v2.0/ec2tokens
+
+[clients]
+endpoint_type = internalURL
+
+[clients_heat]
+endpoint_type = publicURL
+[clients_keystone]
+auth_uri=http://10.167.4.10:35357
+
+
+[eventlet_opts]
+
+#
+# From heat.common.wsgi
+#
+
+# If False, closes the client socket connection explicitly. (boolean value)
+#wsgi_keep_alive = true
+
+# Timeout for client connections' socket operations. If an incoming connection
+# is idle for this number of seconds it will be closed. A value of '0' means
+# wait forever. (integer value)
+#client_socket_timeout = 900
+
+
+[healthcheck]
+
+#
+# From oslo.middleware
+#
+
+# DEPRECATED: The path to respond to healtcheck requests on. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#path = /healthcheck
+
+# Show more detailed information as part of the response (boolean value)
+#detailed = false
+
+# Additional backends that can perform health checks and report that
+# information back as part of a request. (list value)
+#backends =
+
+# Check the presence of a file to determine if an application is running on a
+# port. Used by DisableByFileHealthcheck plugin. (string value)
+#disable_by_file_path = <None>
+
+# Check the presence of a file based on a port to determine if an application
+# is running on a port. Expects a "port:path" list of strings. Used by
+# DisableByFilesPortsHealthcheck plugin. (list value)
+#disable_by_file_paths =
+
+
+[heat_api]
+
+#
+# From heat.common.wsgi
+#
+
+# Address to bind the server. Useful when selecting a particular network
+# interface. (IP address value)
+# Deprecated group/name - [DEFAULT]/bind_host
+#bind_host = 0.0.0.0
+bind_host = 10.167.4.12
+
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/bind_port
+#bind_port = 8004
+
+# Number of backlog requests to configure the socket with. (integer value)
+# Deprecated group/name - [DEFAULT]/backlog
+#backlog = 4096
+
+# Location of the SSL certificate file to use for SSL mode. (string value)
+# Deprecated group/name - [DEFAULT]/cert_file
+#cert_file = <None>
+
+# Location of the SSL key file to use for enabling SSL mode. (string value)
+# Deprecated group/name - [DEFAULT]/key_file
+#key_file = <None>
+
+# Number of workers for Heat service. Default value 0 means, that service will
+# start number of workers equal number of cores on server. (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/workers
+#workers = 0
+workers=4
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated by the
+# Keystone v3 API with big service catalogs). (integer value)
+#max_header_line = 16384
+
+# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds
+# that the connection must be idle before TCP starts sending keepalive probes.
+# (integer value)
+#tcp_keepidle = 600
+
+
+[heat_api_cfn]
+
+#
+# From heat.common.wsgi
+#
+
+# Address to bind the server. Useful when selecting a particular network
+# interface. (IP address value)
+# Deprecated group/name - [DEFAULT]/bind_host
+#bind_host = 0.0.0.0
+bind_host = 10.167.4.12
+
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/bind_port
+#bind_port = 8000
+
+# Number of backlog requests to configure the socket with. (integer value)
+# Deprecated group/name - [DEFAULT]/backlog
+#backlog = 4096
+
+# Location of the SSL certificate file to use for SSL mode. (string value)
+# Deprecated group/name - [DEFAULT]/cert_file
+#cert_file = <None>
+
+# Location of the SSL key file to use for enabling SSL mode. (string value)
+# Deprecated group/name - [DEFAULT]/key_file
+#key_file = <None>
+
+# Number of workers for Heat service. (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/workers
+#workers = 1
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated by the
+# Keystone v3 API with big service catalogs). (integer value)
+#max_header_line = 16384
+
+# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds
+# that the connection must be idle before TCP starts sending keepalive probes.
+# (integer value)
+#tcp_keepidle = 600
+
+
+[heat_api_cloudwatch]
+
+#
+# From heat.common.wsgi
+#
+
+# Address to bind the server. Useful when selecting a particular network
+# interface. (IP address value)
+# Deprecated group/name - [DEFAULT]/bind_host
+#bind_host = 0.0.0.0
+bind_host = 10.167.4.12
+
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/bind_port
+#bind_port = 8003
+
+# Number of backlog requests to configure the socket with. (integer value)
+# Deprecated group/name - [DEFAULT]/backlog
+#backlog = 4096
+
+# Location of the SSL certificate file to use for SSL mode. (string value)
+# Deprecated group/name - [DEFAULT]/cert_file
+#cert_file = <None>
+
+# Location of the SSL key file to use for enabling SSL mode. (string value)
+# Deprecated group/name - [DEFAULT]/key_file
+#key_file = <None>
+
+# Number of workers for Heat service. (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/workers
+#workers = 1
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated by the
+# Keystone v3 API with big service catalogs.) (integer value)
+#max_header_line = 16384
+
+# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds
+# that the connection must be idle before TCP starts sending keepalive probes.
+# (integer value)
+#tcp_keepidle = 600
+
+
 [keystone_authtoken]
 
 #
 # From keystonemiddleware.auth_token
 #
 
-# Complete public Identity API endpoint. (string value)
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should  ideally be unversioned, client support in the
+# wild varies.  If you're using a versioned v2 endpoint here, then this  should
+# *not* be the same endpoint the service user utilizes  for validating tokens,
+# because normal end users may not be  able to reach that endpoint. (string
+# value)
 #auth_uri = <None>
 
 # API version of the admin Identity API endpoint. (string value)
@@ -395,7 +1506,10 @@
 # API Server. (integer value)
 #http_request_max_retries = 3
 
-# Env key for the swift cache. (string value)
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
 #cache = <None>
 
 # Required if identity server requires client certificate (string value)
@@ -414,12 +1528,17 @@
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
 
-# Directory used to cache files related to PKI tokens. (string value)
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #signing_dir = <None>
 
 # Optionally specify a list of memcached server(s) to use for caching. If left
 # undefined, tokens will instead be cached in-process. (list value)
-# Deprecated group/name - [DEFAULT]/memcache_servers
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
 # In order to prevent excessive effort spent validating tokens, the middleware
@@ -427,10 +1546,14 @@
 # to -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens is retrieved
-# from the Identity service (in seconds). A high number of revocation events
-# combined with a low cache duration may significantly reduce performance.
-# (integer value)
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in
+# the Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be authenticated or
@@ -483,19 +1606,40 @@
 # (string value)
 #enforce_token_bind = permissive
 
-# If true, the revocation list will be checked for cached tokens. This requires
-# that PKI tokens are configured on the identity server. (boolean value)
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #check_revocations_for_cached = false
 
-# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
-# or multiple. The algorithms are those supported by Python standard
-# hashlib.new(). The hashes will be tried in the order given, so put the
-# preferred one first for performance. The result of the first hash will be
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
 # stored in the cache. This will typically be set to multiple values only while
 # migrating from a less secure algorithm to a more secure one. Once all the old
 # tokens are expired this option should be set to a single value for better
 # performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #hash_algorithms = md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
+#service_token_roles = service
+
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
+#service_token_roles_required = false
 
 # Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
 # (string value)
@@ -534,13 +1678,24 @@
 # Service tenant name. (string value)
 #admin_tenant_name = admin
 
-# Authentication type to load (unknown value)
-# Deprecated group/name - [DEFAULT]/auth_plugin
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
 
-# Config Section from which to load plugin specific options (unknown value)
+# Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
-
+auth_type = password
+auth_uri=http://10.167.4.10:5000/v2.0
+#identity_uri=http://10.167.4.10:35357
+#admin_user=heat
+#admin_password=opnfv_secret
+#admin_tenant_name=service
+auth_url=http://10.167.4.10:35357
+username = heat
+password = opnfv_secret
+project_name = service
+project_domain_name = Default
+user_domain_name = Default
 
 [matchmaker_redis]
 
@@ -548,32 +1703,44 @@
 # From oslo.messaging
 #
 
-# Host to locate redis. (string value)
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (port value)
+# DEPRECATED: Use this port to connect to redis host. (port value)
 # Minimum value: 0
 # Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #port = 6379
 
-# Password for Redis server (optional). (string value)
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #password =
 
-# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
 # [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #sentinel_hosts =
 
 # Redis replica set name. (string value)
 #sentinel_group_name = oslo-messaging-zeromq
 
 # Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 500
+#wait_timeout = 2000
 
 # Time in ms to wait before the transaction is killed. (integer value)
 #check_timeout = 20000
 
-# Timeout in ms on blocking socket operations (integer value)
-#socket_timeout = 1000
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout = 10000
 
 
 [oslo_messaging_amqp]
@@ -581,6 +1748,116 @@
 #
 # From oslo.messaging
 #
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file used to verify the server's certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional)
+# (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry = 0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy'   - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic'  - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
 
 # address prefix used when sending to a specific server (string value)
 # Deprecated group/name - [amqp1]/server_request_prefix
@@ -594,57 +1871,113 @@
 # Deprecated group/name - [amqp1]/group_request_prefix
 #group_request_prefix = unicast
 
-# Name for the AMQP container (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file to verify server certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Identifying certificate PEM file to present to clients (string value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign cert_file certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-
+# robin fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify'   - Send Notifications pre-settled
+#  (multi valued)
+#pre_settled = rpc-cast
+#pre_settled = rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host = localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port = 9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes = 1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout = 1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size = 10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group = oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating
+# point value)
+#producer_batch_timeout = 0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size = 16384
 
 
 [oslo_messaging_notifications]
@@ -657,6 +1990,7 @@
 # messaging, messagingv2, routing, log, test, noop (multi valued)
 # Deprecated group/name - [DEFAULT]/notification_driver
 #driver =
+driver = messagingv2
 
 # A URL representing the messaging driver to use for notifications. If not set,
 # we fall back to the same configuration used for RPC. (string value)
@@ -708,12 +2042,12 @@
 #kombu_reconnect_delay = 1.0
 
 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may notbe available in future versions. (string value)
+# be used. This option may not be available in future versions. (string value)
 #kombu_compression = <None>
 
-# How long to wait a missing client beforce abandoning to send it its replies.
+# How long to wait a missing client before abandoning to send it its replies.
 # This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
 #kombu_missing_consumer_retry_timeout = 60
 
 # Determines how the next RabbitMQ node is chosen in case the one we are
@@ -722,38 +2056,59 @@
 # Allowed values: round-robin, shuffle
 #kombu_failover_strategy = round-robin
 
-# The RabbitMQ broker address where a single node is used. (string value)
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (port value)
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_port = 5672
 
-# RabbitMQ HA cluster host:port pairs. (list value)
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_hosts = $rabbit_host:$rabbit_port
 
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl = false
 
-# The RabbitMQ userid. (string value)
+# DEPRECATED: The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_userid = guest
 
-# The RabbitMQ password. (string value)
+# DEPRECATED: The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
 # Deprecated group/name - [DEFAULT]/rabbit_login_method
 #rabbit_login_method = AMQPLAIN
 
-# The RabbitMQ virtual host. (string value)
+# DEPRECATED: The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_virtual_host = /
 
 # How frequently to retry connecting with RabbitMQ. (integer value)
@@ -768,15 +2123,17 @@
 # (integer value)
 #rabbit_interval_max = 30
 
-# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry
-# count). (integer value)
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
 #rabbit_max_retries = 0
 
 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
 # option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
 # is no longer controlled by the x-ha-policy argument when declaring a queue.
-# If you just want to make sure that all queues (except  those with auto-
+# If you just want to make sure that all queues (except those with auto-
 # generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
 # HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
@@ -812,7 +2169,7 @@
 #frame_max = <None>
 
 # How often to send heartbeats for consumer's connections (integer value)
-#heartbeat_interval = 1
+#heartbeat_interval = 3
 
 # Enable SSL (boolean value)
 #ssl = <None>
@@ -831,8 +2188,12 @@
 # point value)
 #host_connection_reconnect_delay = 0.25
 
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
 # Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 10
+#pool_max_size = 30
 
 # Maximum number of connections to create above `pool_max_size`. (integer
 # value)
@@ -851,10 +2212,15 @@
 # (integer value)
 #pool_stale = 60
 
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type = json
+
 # Persist notification messages. (boolean value)
 #notification_persistence = false
 
-# Exchange name for for sending notifications (string value)
+# Exchange name for sending notifications (string value)
 #default_notification_exchange = ${control_exchange}_notification
 
 # Max number of not acknowledged message which RabbitMQ can send to
@@ -896,7 +2262,7 @@
 
 # Reconnecting retry count in case of connectivity problem during sending RPC
 # message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
-# request could be processed more then one time (integer value)
+# request could be processed more than one time (integer value)
 #default_rpc_retry_attempts = -1
 
 # Reconnecting retry delay in case of connectivity problem during sending RPC
@@ -904,24 +2270,190 @@
 #rpc_retry_delay = 0.25
 
 
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
 [oslo_middleware]
 
 #
 # From oslo.middleware
 #
+enable_proxy_headers_parsing = True
 
 # The maximum body size for each  request, in bytes. (integer value)
 # Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
 # Deprecated group/name - [DEFAULT]/max_request_body_size
 #max_request_body_size = 114688
 
-# The HTTP Header that will be used to determine what the original request
-# protocol scheme was, even if it was hidden by an SSL termination proxy.
-# (string value)
+# DEPRECATED: The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by a SSL termination
+# proxy. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #secure_proxy_ssl_header = X-Forwarded-Proto
 
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+
 
 [oslo_policy]
 
@@ -929,7 +2461,7 @@
 # From oslo.policy
 #
 
-# The JSON file that defines policies. (string value)
+# The file that defines policies. (string value)
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
 
@@ -946,6 +2478,129 @@
 #policy_dirs = policy.d
 
 
+[paste_deploy]
+
+#
+# From heat.common.config
+#
+
+# The flavor to use. (string value)
+#flavor = <None>
+
+# The API paste config file to use. (string value)
+#api_paste_config = api-paste.ini
+
+
+[profiler]
+
+#
+# From heat.common.config
+#
+
+#
+# Enables the profiling for all services on this node. Default value is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via this
+# project
+# operations. If the profiling is triggered by another project, this project
+# part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
+#enabled = false
+
+#
+# Enables SQL requests profiling in services. Default value is False (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only shown on a
+# higher level of operations. Single SQL queries cannot be analyzed this
+# way.
+#  (boolean value)
+#trace_sqlalchemy = false
+
+#
+# Secret key(s) to use for encrypting context data for performance profiling.
+# This string value should have the following format:
+# <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the profiling via
+# the REST API has to set one of these keys in the headers of the REST API call
+# to include profiling results of this node for this particular project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to enable
+# profiling. Also, to generate correct profiling information across all
+# services
+# at least one key needs to be consistent between OpenStack projects. This
+# ensures it can be used from client side to generate the trace, containing
+# information from all possible resources. (string value)
+#hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+# * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications.
+# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending
+# notifications.
+#  (string value)
+#connection_string = messaging://
+
+#
+# Document type for notification indexing in elasticsearch.
+#  (string value)
+#es_doc_type = notification
+
+#
+# This parameter is a time value parameter (for example: es_scroll_time=2m),
+# indicating for how long the nodes that participate in the search will
+# maintain
+# relevant resources in order to continue and support it.
+#  (string value)
+#es_scroll_time = 2m
+
+#
+# Elasticsearch splits large requests in batches. This parameter defines
+# maximum size of each batch (for example: es_scroll_size=10000).
+#  (integer value)
+#es_scroll_size = 10000
+
+#
+# Redissentinel provides a timeout option on the connections.
+# This parameter defines that timeout (for example: socket_timeout=0.1).
+#  (floating point value)
+#socket_timeout = 0.1
+
+#
+# Redissentinel uses a service name to identify a master redis service.
+# This parameter defines the name (for example:
+# sentinal_service_name=mymaster).
+#  (string value)
+#sentinel_service_name = mymaster
+
+
+[revision]
+
+#
+# From heat.common.config
+#
+
+# Heat build revision. If you would prefer to manage your build revision
+# separately, you can move this section to a different file and add it as
+# another config option. (string value)
+#heat_revision = unknown
+
+
 [ssl]
 
 #
@@ -972,3 +2627,87 @@
 # Sets the list of available ciphers. value should be a string in the OpenSSL
 # cipher list format. (string value)
 #ciphers = <None>
+
+
+[trustee]
+
+#
+# From heat.common.context
+#
+auth_plugin = password
+auth_url = http://10.167.4.10:35357
+username = heat
+password = opnfv_secret
+user_domain_name = default
+project_domain_id = default
+user_domain_id = default
+# Authentication type to load (string value)
+# Deprecated group/name - [trustee]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+# Deprecated group/name - [trustee]/tenant-id
+#project_id = <None>
+
+# Project name to scope to (string value)
+# Deprecated group/name - [trustee]/tenant-name
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# User id (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [trustee]/user-name
+#username = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+#password = <None>
+
+
+[volumes]
+
+#
+# From heat.common.config
+#
+
+# Indicate if cinder-backup service is enabled. This is a temporary workaround
+# until cinder-backup service becomes discoverable, see LP#1334856. (boolean
+# value)
+#backups_enabled = true

2017-09-28 12:01:38,777 [salt.state       ][INFO    ][10512] Completed state [/etc/heat/heat.conf] at time 12:01:38.776779 duration_in_ms=208.007
2017-09-28 12:01:38,777 [salt.state       ][INFO    ][10512] Running state [/etc/heat/api-paste.ini] at time 12:01:38.777063
2017-09-28 12:01:38,777 [salt.state       ][INFO    ][10512] Executing state file.managed for /etc/heat/api-paste.ini
2017-09-28 12:01:38,801 [salt.fileclient  ][INFO    ][10512] Fetching file from saltenv 'base', ** done ** 'heat/files/ocata/api-paste.ini'
2017-09-28 12:01:38,804 [salt.state       ][INFO    ][10512] File changed:
--- 
+++ 
@@ -22,14 +22,21 @@
 [pipeline:heat-api-custombackend]
 pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
 
+# To enable, in heat.conf:
+#   [paste_deploy]
+#   flavor = noauth
+#
+[pipeline:heat-api-noauth]
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation noauth context apiv1app
+
 # heat-api-cfn pipeline
 [pipeline:heat-api-cfn]
-pipeline = cors cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
 
 # heat-api-cfn pipeline for standalone heat
 # relies exclusively on authenticating with ec2 signed requests
 [pipeline:heat-api-cfn-standalone]
-pipeline = cors cfnversionnegotiation ec2authtoken context apicfnv1app
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
 
 # heat-api-cloudwatch pipeline
 [pipeline:heat-api-cloudwatch]
@@ -97,6 +104,10 @@
 [filter:custombackendauth]
 paste.filter_factory = heat.common.custom_backend_auth:filter_factory
 
+# Auth middleware that accepts any auth
+[filter:noauth]
+paste.filter_factory = heat.common.noauth:filter_factory
+
 # Middleware to set x-openstack-request-id in http response header
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory

2017-09-28 12:01:38,805 [salt.state       ][INFO    ][10512] Completed state [/etc/heat/api-paste.ini] at time 12:01:38.804563 duration_in_ms=27.501
2017-09-28 12:01:38,806 [salt.state       ][INFO    ][10512] Running state [source /root/keystonercv3; heat-keystone-setup-domain --stack-user-domain-name heat_user_domain --stack-domain-admin heat_domain_admin --stack-domain-admin-password opnfv_secret] at time 12:01:38.805501
2017-09-28 12:01:38,806 [salt.state       ][INFO    ][10512] Executing state cmd.run for source /root/keystonercv3; heat-keystone-setup-domain --stack-user-domain-name heat_user_domain --stack-domain-admin heat_domain_admin --stack-domain-admin-password opnfv_secret
2017-09-28 12:01:38,807 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command 'source /root/keystonercv3; heat-keystone-setup-domain --stack-user-domain-name heat_user_domain --stack-domain-admin heat_domain_admin --stack-domain-admin-password opnfv_secret' in directory '/root'
2017-09-28 12:01:39,841 [salt.state       ][INFO    ][10512] {'pid': 13077, 'retcode': 0, 'stderr': '2017-09-28 12:01:39.481 13078 WARNING oslo_config.cfg [-] Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 12:01:39.675 13078 INFO __main__ [-] Creating domain heat_user_domain\n2017-09-28 12:01:39.694 13078 WARNING __main__ [-] Domain heat_user_domain already exists\n2017-09-28 12:01:39.740 13078 WARNING __main__ [-] User heat_domain_admin already exists', 'stdout': '\nPlease update your heat.conf with the following in [DEFAULT]\n\nstack_user_domain_id=30ff54e253c5446c8ddae768de19bb64\nstack_domain_admin=heat_domain_admin\nstack_domain_admin_password=opnfv_secret'}
2017-09-28 12:01:39,841 [salt.state       ][INFO    ][10512] Completed state [source /root/keystonercv3; heat-keystone-setup-domain --stack-user-domain-name heat_user_domain --stack-domain-admin heat_domain_admin --stack-domain-admin-password opnfv_secret] at time 12:01:39.841420 duration_in_ms=1035.917
2017-09-28 12:01:39,842 [salt.state       ][INFO    ][10512] Running state [heat-manage db_sync] at time 12:01:39.842252
2017-09-28 12:01:39,843 [salt.state       ][INFO    ][10512] Executing state cmd.run for heat-manage db_sync
2017-09-28 12:01:39,843 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command 'heat-manage db_sync' in directory '/root'
2017-09-28 12:01:40,739 [salt.loaded.int.module.cmdmod][ERROR   ][10512] Command 'heat-manage db_sync' failed with return code: 1
2017-09-28 12:01:40,740 [salt.loaded.int.module.cmdmod][ERROR   ][10512] stderr: 2017-09-28 12:01:40.655 13093 WARNING oslo_config.cfg [-] Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
ERROR: <VerNum(79)>
2017-09-28 12:01:40,740 [salt.loaded.int.module.cmdmod][ERROR   ][10512] retcode: 1
2017-09-28 12:01:40,741 [salt.state       ][ERROR   ][10512] {'pid': 13092, 'retcode': 1, 'stderr': '2017-09-28 12:01:40.655 13093 WARNING oslo_config.cfg [-] Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\nERROR: <VerNum(79)>', 'stdout': ''}
2017-09-28 12:01:40,741 [salt.state       ][INFO    ][10512] Completed state [heat-manage db_sync] at time 12:01:40.741098 duration_in_ms=898.844
2017-09-28 12:01:40,742 [salt.state       ][INFO    ][10512] Running state [chown heat:heat /var/log/heat/ -R] at time 12:01:40.741891
2017-09-28 12:01:40,742 [salt.state       ][INFO    ][10512] Executing state cmd.run for chown heat:heat /var/log/heat/ -R
2017-09-28 12:01:40,743 [salt.loaded.int.module.cmdmod][INFO    ][10512] Executing command 'chown heat:heat /var/log/heat/ -R' in directory '/root'
2017-09-28 12:01:40,755 [salt.state       ][INFO    ][10512] {'pid': 13116, 'retcode': 0, 'stderr': '', 'stdout': ''}
2017-09-28 12:01:40,755 [salt.state       ][INFO    ][10512] Completed state [chown heat:heat /var/log/heat/ -R] at time 12:01:40.755184 duration_in_ms=13.292
2017-09-28 12:01:40,834 [salt.minion      ][INFO    ][10512] Returning information for job: 20170928115909631205
2017-09-28 12:01:41,913 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928120141911888
2017-09-28 12:01:41,929 [salt.minion      ][INFO    ][13125] Starting a new job with PID 13125
2017-09-28 12:01:41,962 [salt.minion      ][INFO    ][13125] Returning information for job: 20170928120141911888
2017-09-28 12:06:20,712 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928120620713934
2017-09-28 12:06:20,729 [salt.minion      ][INFO    ][15209] Starting a new job with PID 15209
2017-09-28 12:06:22,375 [salt.state       ][INFO    ][15209] Loading fresh modules for state activity
2017-09-28 12:06:22,399 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/init.sls'
2017-09-28 12:06:22,416 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/controller.sls'
2017-09-28 12:06:22,450 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:06:22,473 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/user.sls'
2017-09-28 12:06:22,503 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/volume.sls'
2017-09-28 12:06:22,533 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:06:22,549 [salt.state       ][INFO    ][15209] Running state [cinder] at time 12:06:22.549104
2017-09-28 12:06:22,549 [salt.state       ][INFO    ][15209] Executing state group.present for cinder
2017-09-28 12:06:22,551 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command 'groupadd -g 304 -r cinder' in directory '/root'
2017-09-28 12:06:22,699 [salt.state       ][INFO    ][15209] {'passwd': 'x', 'gid': 304, 'name': 'cinder', 'members': []}
2017-09-28 12:06:22,699 [salt.state       ][INFO    ][15209] Completed state [cinder] at time 12:06:22.699256 duration_in_ms=150.153
2017-09-28 12:06:22,700 [salt.state       ][INFO    ][15209] Running state [cinder] at time 12:06:22.699532
2017-09-28 12:06:22,700 [salt.state       ][INFO    ][15209] Executing state user.present for cinder
2017-09-28 12:06:22,701 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['useradd', '-s', '/bin/false', '-u', '304', '-g', '304', '-m', '-d', '/var/lib/cinder', '-r', 'cinder'] in directory '/root'
2017-09-28 12:06:22,803 [salt.state       ][INFO    ][15209] {'shell': '/bin/false', 'workphone': '', 'uid': 304, 'passwd': 'x', 'roomnumber': '', 'groups': ['cinder'], 'home': '/var/lib/cinder', 'name': 'cinder', 'gid': 304, 'fullname': '', 'homephone': ''}
2017-09-28 12:06:22,803 [salt.state       ][INFO    ][15209] Completed state [cinder] at time 12:06:22.803123 duration_in_ms=103.59
2017-09-28 12:06:23,581 [salt.state       ][INFO    ][15209] Running state [python-cinder] at time 12:06:23.580956
2017-09-28 12:06:23,581 [salt.state       ][INFO    ][15209] Executing state pkg.installed for python-cinder
2017-09-28 12:06:23,582 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:06:24,110 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 12:06:30,758 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120630755701
2017-09-28 12:06:30,772 [salt.minion      ][INFO    ][15565] Starting a new job with PID 15565
2017-09-28 12:06:30,783 [salt.minion      ][INFO    ][15565] Returning information for job: 20170928120630755701
2017-09-28 12:06:40,900 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120640898795
2017-09-28 12:06:40,917 [salt.minion      ][INFO    ][15640] Starting a new job with PID 15640
2017-09-28 12:06:40,927 [salt.minion      ][INFO    ][15640] Returning information for job: 20170928120640898795
2017-09-28 12:06:51,046 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120651045397
2017-09-28 12:06:51,063 [salt.minion      ][INFO    ][15718] Starting a new job with PID 15718
2017-09-28 12:06:51,075 [salt.minion      ][INFO    ][15718] Returning information for job: 20170928120651045397
2017-09-28 12:07:01,195 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120701195194
2017-09-28 12:07:01,212 [salt.minion      ][INFO    ][15783] Starting a new job with PID 15783
2017-09-28 12:07:01,226 [salt.minion      ][INFO    ][15783] Returning information for job: 20170928120701195194
2017-09-28 12:07:11,351 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120711351611
2017-09-28 12:07:11,367 [salt.minion      ][INFO    ][15858] Starting a new job with PID 15858
2017-09-28 12:07:11,379 [salt.minion      ][INFO    ][15858] Returning information for job: 20170928120711351611
2017-09-28 12:07:21,506 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120721506960
2017-09-28 12:07:21,523 [salt.minion      ][INFO    ][16018] Starting a new job with PID 16018
2017-09-28 12:07:21,536 [salt.minion      ][INFO    ][16018] Returning information for job: 20170928120721506960
2017-09-28 12:07:31,673 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120731668605
2017-09-28 12:07:31,690 [salt.minion      ][INFO    ][16150] Starting a new job with PID 16150
2017-09-28 12:07:31,701 [salt.minion      ][INFO    ][16150] Returning information for job: 20170928120731668605
2017-09-28 12:07:41,840 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120741830375
2017-09-28 12:07:41,858 [salt.minion      ][INFO    ][16225] Starting a new job with PID 16225
2017-09-28 12:07:41,869 [salt.minion      ][INFO    ][16225] Returning information for job: 20170928120741830375
2017-09-28 12:07:52,005 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120751994774
2017-09-28 12:07:52,024 [salt.minion      ][INFO    ][16307] Starting a new job with PID 16307
2017-09-28 12:07:52,036 [salt.minion      ][INFO    ][16307] Returning information for job: 20170928120751994774
2017-09-28 12:08:02,180 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120802168561
2017-09-28 12:08:02,197 [salt.minion      ][INFO    ][16369] Starting a new job with PID 16369
2017-09-28 12:08:02,208 [salt.minion      ][INFO    ][16369] Returning information for job: 20170928120802168561
2017-09-28 12:08:12,350 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120812339880
2017-09-28 12:08:12,366 [salt.minion      ][INFO    ][16445] Starting a new job with PID 16445
2017-09-28 12:08:12,378 [salt.minion      ][INFO    ][16445] Returning information for job: 20170928120812339880
2017-09-28 12:08:22,523 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120822514802
2017-09-28 12:08:22,538 [salt.minion      ][INFO    ][16525] Starting a new job with PID 16525
2017-09-28 12:08:22,549 [salt.minion      ][INFO    ][16525] Returning information for job: 20170928120822514802
2017-09-28 12:08:25,720 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-cinder'] in directory '/root'
2017-09-28 12:08:32,701 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120832690769
2017-09-28 12:08:32,716 [salt.minion      ][INFO    ][16820] Starting a new job with PID 16820
2017-09-28 12:08:32,736 [salt.minion      ][INFO    ][16820] Returning information for job: 20170928120832690769
2017-09-28 12:08:35,671 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:08:35,696 [salt.state       ][INFO    ][15209] Made the following changes:
'python-redis' changed from 'absent' to '2.10.5-1ubuntu1'
'python-pymemcache' changed from 'absent' to '1.3.2-2ubuntu1'
'python-zake' changed from 'absent' to '0.1.6-1'
'python-cinder' changed from 'absent' to '2:8.1.1-0ubuntu3'
'python-suds' changed from 'absent' to '0.7~git20150727.94664dd-3'
'python-voluptuous' changed from 'absent' to '0.8.8-1ubuntu1'
'python-tooz' changed from 'absent' to '1.34.0-1ubuntu1'
'python-oslo.vmware' changed from 'absent' to '2.5.0-2'

2017-09-28 12:08:35,710 [salt.state       ][INFO    ][15209] Loading fresh modules for state activity
2017-09-28 12:08:35,734 [salt.state       ][INFO    ][15209] Completed state [python-cinder] at time 12:08:35.734309 duration_in_ms=132153.352
2017-09-28 12:08:35,739 [salt.state       ][INFO    ][15209] Running state [lvm2] at time 12:08:35.739271
2017-09-28 12:08:35,739 [salt.state       ][INFO    ][15209] Executing state pkg.installed for lvm2
2017-09-28 12:08:35,961 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'lvm2'] in directory '/root'
2017-09-28 12:08:42,889 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120842879935
2017-09-28 12:08:42,902 [salt.minion      ][INFO    ][18266] Starting a new job with PID 18266
2017-09-28 12:08:42,914 [salt.minion      ][INFO    ][18266] Returning information for job: 20170928120842879935
2017-09-28 12:08:51,675 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:08:51,703 [salt.state       ][INFO    ][15209] Made the following changes:
'libreadline5' changed from 'absent' to '5.2+dfsg-3build1'
'dmsetup' changed from 'absent' to '2:1.02.110-1ubuntu10'
'dmeventd' changed from 'absent' to '2:1.02.110-1ubuntu10'
'liblvm2cmd2.02' changed from 'absent' to '2.02.133-1ubuntu10'
'lvm2' changed from 'absent' to '2.02.133-1ubuntu10'

2017-09-28 12:08:51,715 [salt.state       ][INFO    ][15209] Loading fresh modules for state activity
2017-09-28 12:08:51,728 [salt.state       ][INFO    ][15209] Completed state [lvm2] at time 12:08:51.728044 duration_in_ms=15988.772
2017-09-28 12:08:51,734 [salt.state       ][INFO    ][15209] Running state [cinder-api] at time 12:08:51.733538
2017-09-28 12:08:51,734 [salt.state       ][INFO    ][15209] Executing state pkg.installed for cinder-api
2017-09-28 12:08:51,971 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cinder-api'] in directory '/root'
2017-09-28 12:08:53,071 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120853062629
2017-09-28 12:08:53,085 [salt.minion      ][INFO    ][22545] Starting a new job with PID 22545
2017-09-28 12:08:53,101 [salt.minion      ][INFO    ][22545] Returning information for job: 20170928120853062629
2017-09-28 12:09:03,268 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120903259593
2017-09-28 12:09:03,284 [salt.minion      ][INFO    ][22676] Starting a new job with PID 22676
2017-09-28 12:09:03,308 [salt.minion      ][INFO    ][22676] Returning information for job: 20170928120903259593
2017-09-28 12:09:05,005 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:09:05,045 [salt.state       ][INFO    ][15209] Made the following changes:
'cinder-api' changed from 'absent' to '2:8.1.1-0ubuntu3'
'cinder-common' changed from 'absent' to '2:8.1.1-0ubuntu3'

2017-09-28 12:09:05,057 [salt.state       ][INFO    ][15209] Loading fresh modules for state activity
2017-09-28 12:09:05,070 [salt.state       ][INFO    ][15209] Completed state [cinder-api] at time 12:09:05.069493 duration_in_ms=13335.955
2017-09-28 12:09:05,076 [salt.state       ][INFO    ][15209] Running state [python-memcache] at time 12:09:05.075897
2017-09-28 12:09:05,076 [salt.state       ][INFO    ][15209] Executing state pkg.installed for python-memcache
2017-09-28 12:09:05,297 [salt.state       ][INFO    ][15209] Package python-memcache is already installed
2017-09-28 12:09:05,297 [salt.state       ][INFO    ][15209] Completed state [python-memcache] at time 12:09:05.296784 duration_in_ms=220.887
2017-09-28 12:09:05,297 [salt.state       ][INFO    ][15209] Running state [python-pycadf] at time 12:09:05.297042
2017-09-28 12:09:05,297 [salt.state       ][INFO    ][15209] Executing state pkg.installed for python-pycadf
2017-09-28 12:09:05,300 [salt.state       ][INFO    ][15209] Package python-pycadf is already installed
2017-09-28 12:09:05,300 [salt.state       ][INFO    ][15209] Completed state [python-pycadf] at time 12:09:05.300040 duration_in_ms=2.998
2017-09-28 12:09:05,300 [salt.state       ][INFO    ][15209] Running state [gettext-base] at time 12:09:05.300281
2017-09-28 12:09:05,300 [salt.state       ][INFO    ][15209] Executing state pkg.installed for gettext-base
2017-09-28 12:09:05,303 [salt.state       ][INFO    ][15209] Package gettext-base is already installed
2017-09-28 12:09:05,303 [salt.state       ][INFO    ][15209] Completed state [gettext-base] at time 12:09:05.303114 duration_in_ms=2.833
2017-09-28 12:09:05,303 [salt.state       ][INFO    ][15209] Running state [cinder-scheduler] at time 12:09:05.303310
2017-09-28 12:09:05,303 [salt.state       ][INFO    ][15209] Executing state pkg.installed for cinder-scheduler
2017-09-28 12:09:05,311 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cinder-scheduler'] in directory '/root'
2017-09-28 12:09:08,418 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:09:08,447 [salt.state       ][INFO    ][15209] Made the following changes:
'cinder-scheduler' changed from 'absent' to '2:8.1.1-0ubuntu3'

2017-09-28 12:09:08,459 [salt.state       ][INFO    ][15209] Loading fresh modules for state activity
2017-09-28 12:09:08,485 [salt.state       ][INFO    ][15209] Completed state [cinder-scheduler] at time 12:09:08.484490 duration_in_ms=3181.179
2017-09-28 12:09:08,487 [salt.state       ][INFO    ][15209] Running state [/etc/cinder/cinder.conf] at time 12:09:08.486672
2017-09-28 12:09:08,487 [salt.state       ][INFO    ][15209] Executing state file.managed for /etc/cinder/cinder.conf
2017-09-28 12:09:08,529 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/files/ocata/cinder.conf.controller.Debian'
2017-09-28 12:09:08,626 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:08,682 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/files/backend/_lvm.conf'
2017-09-28 12:09:08,687 [salt.state       ][INFO    ][15209] File changed:
--- 
+++ 
@@ -1,11 +1,157 @@
+
+
 [DEFAULT]
 rootwrap_config = /etc/cinder/rootwrap.conf
 api_paste_confg = /etc/cinder/api-paste.ini
+
 iscsi_helper = tgtadm
 volume_name_template = volume-%s
-volume_group = cinder-volumes
+#volume_group = cinder
+
 verbose = True
+
+osapi_volume_workers = 4
+
 auth_strategy = keystone
+
 state_path = /var/lib/cinder
-lock_path = /var/lock/cinder
+
+use_syslog=False
+
+glance_num_retries=0
+debug=False
+
+os_region_name=RegionOne
+allow_availability_zone_fallback = True
+
+#glance_api_ssl_compression=False
+#glance_api_insecure=False
+
+osapi_volume_listen=10.167.4.12
+
+glance_api_servers = http://10.167.4.10:9292
+
+glance_host=10.167.4.10
+glance_port=9292
+glance_api_version=2
+
+enable_v3_api = True
+
+os_privileged_user_name=cinder
+os_privileged_user_password=opnfv_secret
+os_privileged_user_tenant=service
+os_privileged_user_auth_url=http://10.167.4.10:5000/v3/
+
+volume_backend_name=DEFAULT
+
+default_volume_type=lvm-driver
+
+enabled_backends=lvm-driver
+
+
+#RPC response timeout recommended by Hitachi
+rpc_response_timeout=3600
+
+#Rabbit
+control_exchange=cinder
+
+
+volume_clear=none
+
+
+
+volume_name_template = volume-%s
+
+#volume_group = vg_cinder_volume
+
 volumes_dir = /var/lib/cinder/volumes
+log_dir=/var/log/cinder
+
+# Use syslog for logging. (boolean value)
+#use_syslog=false
+
+use_syslog=false
+verbose=True
+lock_path=/var/lock/cinder
+
+nova_catalog_admin_info = compute:nova:adminURL
+nova_catalog_info = compute:nova:internalURL
+
+osapi_volume_extension = cinder.api.contrib.standard_extensions
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.41:5672,openstack:opnfv_secret@10.167.4.42:5672,openstack:opnfv_secret@10.167.4.43:5672//openstack
+
+[oslo_messaging_notifications]
+driver = messagingv2
+
+[oslo_concurrency]
+
+lock_path=/var/lock/cinder
+
+[oslo_middleware]
+
+enable_proxy_headers_parsing = True
+
+
+[keystone_authtoken]
+signing_dir=/tmp/keystone-signing-cinder
+revocation_cache_time = 10
+auth_type = password
+user_domain_name = Default
+project_domain_name = Default
+project_name = service
+username = cinder
+password = opnfv_secret
+
+auth_uri=http://10.167.4.10:5000
+auth_url=http://10.167.4.10:35357
+# Temporary disabled for backward compataiblity
+#auth_uri=http://10.167.4.10/identity
+#auth_url=http://10.167.4.10/identity_v2_admin
+memcached_servers=10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211,10.167.4.11:11211,10.167.4.12:11211,10.167.4.13:11211
+auth_version = v3
+
+[barbican]
+auth_endpoint=http://10.167.4.10:5000
+
+[database]
+idle_timeout=3600
+max_pool_size=30
+max_retries=-1
+max_overflow=40
+connection = mysql+pymysql://cinder:opnfv_secret@10.167.4.50/cinder?charset=utf8
+[lvm-driver]
+host=ctl02
+volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
+volume_backend_name=lvm-driver
+lvm_type = default
+iscsi_helper = tgtadm
+volume_group = cinder-volume
+
+[cors]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID

2017-09-28 12:09:08,688 [salt.state       ][INFO    ][15209] Completed state [/etc/cinder/cinder.conf] at time 12:09:08.688362 duration_in_ms=201.689
2017-09-28 12:09:08,689 [salt.state       ][INFO    ][15209] Running state [/etc/cinder/api-paste.ini] at time 12:09:08.688781
2017-09-28 12:09:08,689 [salt.state       ][INFO    ][15209] Executing state file.managed for /etc/cinder/api-paste.ini
2017-09-28 12:09:08,711 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/files/ocata/api-paste.ini.controller.Debian'
2017-09-28 12:09:08,744 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:08,787 [salt.state       ][INFO    ][15209] File changed:
--- 
+++ 
@@ -47,7 +47,7 @@
 paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
 
 [filter:sizelimit]
-paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory
+paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
 
 [app:apiv1]
 paste.app_factory = cinder.api.v1.router:APIRouter.factory
@@ -73,3 +73,4 @@
 
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+

2017-09-28 12:09:08,787 [salt.state       ][INFO    ][15209] Completed state [/etc/cinder/api-paste.ini] at time 12:09:08.787031 duration_in_ms=98.248
2017-09-28 12:09:08,787 [salt.state       ][INFO    ][15209] Running state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 12:09:08.787302
2017-09-28 12:09:08,787 [salt.state       ][INFO    ][15209] Executing state file.managed for /etc/apache2/conf-available/cinder-wsgi.conf
2017-09-28 12:09:08,820 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/files/ocata/cinder-wsgi.conf'
2017-09-28 12:09:08,849 [salt.fileclient  ][INFO    ][15209] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:08,864 [salt.state       ][INFO    ][15209] File changed:
New file
2017-09-28 12:09:08,864 [salt.state       ][INFO    ][15209] Completed state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 12:09:08.864342 duration_in_ms=77.039
2017-09-28 12:09:09,008 [salt.state       ][INFO    ][15209] Running state [apache2] at time 12:09:09.007884
2017-09-28 12:09:09,012 [salt.state       ][INFO    ][15209] Executing state service.running for apache2
2017-09-28 12:09:09,014 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2017-09-28 12:09:09,029 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2017-09-28 12:09:09,038 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 12:09:09,048 [salt.state       ][INFO    ][15209] The service apache2 is already running
2017-09-28 12:09:09,048 [salt.state       ][INFO    ][15209] Completed state [apache2] at time 12:09:09.047913 duration_in_ms=40.027
2017-09-28 12:09:09,048 [salt.state       ][INFO    ][15209] Running state [apache2] at time 12:09:09.048097
2017-09-28 12:09:09,048 [salt.state       ][INFO    ][15209] Executing state service.mod_watch for apache2
2017-09-28 12:09:09,049 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2017-09-28 12:09:09,061 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 12:09:09,074 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service'] in directory '/root'
2017-09-28 12:09:09,443 [salt.loaded.int.module.cmdmod][ERROR   ][15209] Command '['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service']' failed with return code: 1
2017-09-28 12:09:09,444 [salt.loaded.int.module.cmdmod][ERROR   ][15209] output: Running scope as unit run-rebe77c2e75f643ab8dc59643186a864d.scope.
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
2017-09-28 12:09:09,444 [salt.state       ][ERROR   ][15209] {'apache2': False}
2017-09-28 12:09:09,444 [salt.state       ][INFO    ][15209] Completed state [apache2] at time 12:09:09.444048 duration_in_ms=395.95
2017-09-28 12:09:09,445 [salt.state       ][INFO    ][15209] Running state [cinder-scheduler] at time 12:09:09.444509
2017-09-28 12:09:09,445 [salt.state       ][INFO    ][15209] Executing state service.running for cinder-scheduler
2017-09-28 12:09:09,445 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'status', 'cinder-scheduler.service', '-n', '0'] in directory '/root'
2017-09-28 12:09:09,457 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:09,477 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-enabled', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:09,494 [salt.state       ][INFO    ][15209] The service cinder-scheduler is already running
2017-09-28 12:09:09,495 [salt.state       ][INFO    ][15209] Completed state [cinder-scheduler] at time 12:09:09.494712 duration_in_ms=50.202
2017-09-28 12:09:09,495 [salt.state       ][INFO    ][15209] Running state [cinder-scheduler] at time 12:09:09.494891
2017-09-28 12:09:09,495 [salt.state       ][INFO    ][15209] Executing state service.mod_watch for cinder-scheduler
2017-09-28 12:09:09,496 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:09,506 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemctl', 'is-enabled', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:09,517 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:13,471 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120913463806
2017-09-28 12:09:13,484 [salt.minion      ][INFO    ][23236] Starting a new job with PID 23236
2017-09-28 12:09:13,497 [salt.minion      ][INFO    ][23236] Returning information for job: 20170928120913463806
2017-09-28 12:09:23,669 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120923662528
2017-09-28 12:09:23,690 [salt.minion      ][INFO    ][23331] Starting a new job with PID 23331
2017-09-28 12:09:23,703 [salt.minion      ][INFO    ][23331] Returning information for job: 20170928120923662528
2017-09-28 12:09:24,658 [salt.state       ][INFO    ][15209] {'cinder-scheduler': True}
2017-09-28 12:09:24,658 [salt.state       ][INFO    ][15209] Completed state [cinder-scheduler] at time 12:09:24.658207 duration_in_ms=15163.314
2017-09-28 12:09:24,660 [salt.state       ][INFO    ][15209] Running state [cinder-manage db sync; sleep 5;] at time 12:09:24.660183
2017-09-28 12:09:24,661 [salt.state       ][INFO    ][15209] Executing state cmd.run for cinder-manage db sync; sleep 5;
2017-09-28 12:09:24,661 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command 'cinder-manage db sync; sleep 5;' in directory '/root'
2017-09-28 12:09:30,705 [salt.state       ][INFO    ][15209] {'pid': 23363, 'retcode': 0, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 12:09:25.595 23364 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py:241: NotSupportedWarning: Configuration option(s) [\'use_tpool\'] not supported\n  exception.NotSupportedWarning\n\n2017-09-28 12:09:25.639 23364 CRITICAL cinder [-] KeyError: <VerNum(96)>\n2017-09-28 12:09:25.639 23364 ERROR cinder Traceback (most recent call last):\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/bin/cinder-manage", line 10, in <module>\n2017-09-28 12:09:25.639 23364 ERROR cinder     sys.exit(main())\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/cinder/cmd/manage.py", line 597, in main\n2017-09-28 12:09:25.639 23364 ERROR cinder     fn(*fn_args)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/cinder/cmd/manage.py", line 215, in sync\n2017-09-28 12:09:25.639 23364 ERROR cinder     return db_migration.db_sync(version)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/cinder/db/migration.py", line 73, in db_sync\n2017-09-28 12:09:25.639 23364 ERROR cinder     init_version=init_version)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/migration.py", line 79, in db_sync\n2017-09-28 12:09:25.639 23364 ERROR cinder     migration = versioning_api.upgrade(engine, repository, version)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 186, in upgrade\n2017-09-28 12:09:25.639 23364 ERROR cinder     return _migrate(url, repository, version, upgrade=True, err=err, **opts)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "<decorator-gen-15>", line 2, in _migrate\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py", line 160, in with_engine\n2017-09-28 12:09:25.639 23364 ERROR cinder     return f(*a, **kw)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 345, in _migrate\n2017-09-28 12:09:25.639 23364 ERROR cinder     changeset = schema.changeset(version)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/schema.py", line 82, in changeset\n2017-09-28 12:09:25.639 23364 ERROR cinder     changeset = self.repository.changeset(database, start_ver, version)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 225, in changeset\n2017-09-28 12:09:25.639 23364 ERROR cinder     changes = [self.version(v).script(database, op) for v in versions]\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 189, in version\n2017-09-28 12:09:25.639 23364 ERROR cinder     return self.versions.version(*p, **k)\n2017-09-28 12:09:25.639 23364 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/version.py", line 163, in version\n2017-09-28 12:09:25.639 23364 ERROR cinder     return self.versions[VerNum(vernum)]\n2017-09-28 12:09:25.639 23364 ERROR cinder KeyError: <VerNum(96)>\n2017-09-28 12:09:25.639 23364 ERROR cinder', 'stdout': ''}
2017-09-28 12:09:30,705 [salt.state       ][INFO    ][15209] Completed state [cinder-manage db sync; sleep 5;] at time 12:09:30.705395 duration_in_ms=6045.213
2017-09-28 12:09:30,706 [salt.state       ][INFO    ][15209] Running state [source /root/keystonerc; cinder type-create lvm-driver] at time 12:09:30.705781
2017-09-28 12:09:30,706 [salt.state       ][INFO    ][15209] Executing state cmd.run for source /root/keystonerc; cinder type-create lvm-driver
2017-09-28 12:09:30,707 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command 'source /root/keystonerc; cinder type-list | grep lvm-driver' in directory '/root'
2017-09-28 12:09:31,553 [salt.state       ][INFO    ][15209] unless execution succeeded
2017-09-28 12:09:31,553 [salt.state       ][INFO    ][15209] Completed state [source /root/keystonerc; cinder type-create lvm-driver] at time 12:09:31.553214 duration_in_ms=847.432
2017-09-28 12:09:31,554 [salt.state       ][INFO    ][15209] Running state [source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver] at time 12:09:31.554025
2017-09-28 12:09:31,554 [salt.state       ][INFO    ][15209] Executing state cmd.run for source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver
2017-09-28 12:09:31,555 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command 'source /root/keystonerc; cinder extra-specs-list | grep "{u'volume_backend_name': u'lvm-driver'}"' in directory '/root'
2017-09-28 12:09:32,396 [salt.loaded.int.module.cmdmod][INFO    ][15209] Executing command 'source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver' in directory '/root'
2017-09-28 12:09:33,340 [salt.state       ][INFO    ][15209] {'pid': 23440, 'retcode': 0, 'stderr': '', 'stdout': ''}
2017-09-28 12:09:33,341 [salt.state       ][INFO    ][15209] Completed state [source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver] at time 12:09:33.340662 duration_in_ms=1786.635
2017-09-28 12:09:33,342 [salt.minion      ][INFO    ][15209] Returning information for job: 20170928120620713934
2017-09-28 12:09:34,178 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928120934173561
2017-09-28 12:09:34,194 [salt.minion      ][INFO    ][23467] Starting a new job with PID 23467
2017-09-28 12:09:36,818 [salt.state       ][INFO    ][23467] Loading fresh modules for state activity
2017-09-28 12:09:36,843 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/init.sls'
2017-09-28 12:09:36,859 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/controller.sls'
2017-09-28 12:09:36,890 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:36,914 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/user.sls'
2017-09-28 12:09:36,940 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/volume.sls'
2017-09-28 12:09:36,972 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:37,822 [salt.state       ][INFO    ][23467] Running state [python-cinder] at time 12:09:37.821777
2017-09-28 12:09:37,822 [salt.state       ][INFO    ][23467] Executing state pkg.installed for python-cinder
2017-09-28 12:09:37,822 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:09:38,272 [salt.state       ][INFO    ][23467] Package python-cinder is already installed
2017-09-28 12:09:38,272 [salt.state       ][INFO    ][23467] Completed state [python-cinder] at time 12:09:38.271790 duration_in_ms=450.012
2017-09-28 12:09:38,272 [salt.state       ][INFO    ][23467] Running state [lvm2] at time 12:09:38.272031
2017-09-28 12:09:38,272 [salt.state       ][INFO    ][23467] Executing state pkg.installed for lvm2
2017-09-28 12:09:38,275 [salt.state       ][INFO    ][23467] Package lvm2 is already installed
2017-09-28 12:09:38,275 [salt.state       ][INFO    ][23467] Completed state [lvm2] at time 12:09:38.275067 duration_in_ms=3.037
2017-09-28 12:09:38,275 [salt.state       ][INFO    ][23467] Running state [cinder-api] at time 12:09:38.275238
2017-09-28 12:09:38,275 [salt.state       ][INFO    ][23467] Executing state pkg.installed for cinder-api
2017-09-28 12:09:38,278 [salt.state       ][INFO    ][23467] Package cinder-api is already installed
2017-09-28 12:09:38,278 [salt.state       ][INFO    ][23467] Completed state [cinder-api] at time 12:09:38.278185 duration_in_ms=2.947
2017-09-28 12:09:38,278 [salt.state       ][INFO    ][23467] Running state [python-memcache] at time 12:09:38.278354
2017-09-28 12:09:38,279 [salt.state       ][INFO    ][23467] Executing state pkg.installed for python-memcache
2017-09-28 12:09:38,281 [salt.state       ][INFO    ][23467] Package python-memcache is already installed
2017-09-28 12:09:38,281 [salt.state       ][INFO    ][23467] Completed state [python-memcache] at time 12:09:38.281297 duration_in_ms=2.943
2017-09-28 12:09:38,281 [salt.state       ][INFO    ][23467] Running state [python-pycadf] at time 12:09:38.281459
2017-09-28 12:09:38,282 [salt.state       ][INFO    ][23467] Executing state pkg.installed for python-pycadf
2017-09-28 12:09:38,284 [salt.state       ][INFO    ][23467] Package python-pycadf is already installed
2017-09-28 12:09:38,285 [salt.state       ][INFO    ][23467] Completed state [python-pycadf] at time 12:09:38.284479 duration_in_ms=3.02
2017-09-28 12:09:38,285 [salt.state       ][INFO    ][23467] Running state [gettext-base] at time 12:09:38.284646
2017-09-28 12:09:38,285 [salt.state       ][INFO    ][23467] Executing state pkg.installed for gettext-base
2017-09-28 12:09:38,287 [salt.state       ][INFO    ][23467] Package gettext-base is already installed
2017-09-28 12:09:38,288 [salt.state       ][INFO    ][23467] Completed state [gettext-base] at time 12:09:38.287552 duration_in_ms=2.906
2017-09-28 12:09:38,288 [salt.state       ][INFO    ][23467] Running state [cinder-scheduler] at time 12:09:38.287713
2017-09-28 12:09:38,288 [salt.state       ][INFO    ][23467] Executing state pkg.installed for cinder-scheduler
2017-09-28 12:09:38,291 [salt.state       ][INFO    ][23467] Package cinder-scheduler is already installed
2017-09-28 12:09:38,291 [salt.state       ][INFO    ][23467] Completed state [cinder-scheduler] at time 12:09:38.290655 duration_in_ms=2.942
2017-09-28 12:09:38,292 [salt.state       ][INFO    ][23467] Running state [/etc/cinder/cinder.conf] at time 12:09:38.292309
2017-09-28 12:09:38,293 [salt.state       ][INFO    ][23467] Executing state file.managed for /etc/cinder/cinder.conf
2017-09-28 12:09:38,335 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/files/ocata/cinder.conf.controller.Debian'
2017-09-28 12:09:38,389 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:38,416 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/files/backend/_lvm.conf'
2017-09-28 12:09:38,419 [salt.state       ][INFO    ][23467] File /etc/cinder/cinder.conf is in the correct state
2017-09-28 12:09:38,419 [salt.state       ][INFO    ][23467] Completed state [/etc/cinder/cinder.conf] at time 12:09:38.418812 duration_in_ms=126.503
2017-09-28 12:09:38,419 [salt.state       ][INFO    ][23467] Running state [/etc/cinder/api-paste.ini] at time 12:09:38.419192
2017-09-28 12:09:38,419 [salt.state       ][INFO    ][23467] Executing state file.managed for /etc/cinder/api-paste.ini
2017-09-28 12:09:38,440 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/files/ocata/api-paste.ini.controller.Debian'
2017-09-28 12:09:38,461 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:38,476 [salt.state       ][INFO    ][23467] File /etc/cinder/api-paste.ini is in the correct state
2017-09-28 12:09:38,476 [salt.state       ][INFO    ][23467] Completed state [/etc/cinder/api-paste.ini] at time 12:09:38.476207 duration_in_ms=57.015
2017-09-28 12:09:38,477 [salt.state       ][INFO    ][23467] Running state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 12:09:38.476604
2017-09-28 12:09:38,477 [salt.state       ][INFO    ][23467] Executing state file.managed for /etc/apache2/conf-available/cinder-wsgi.conf
2017-09-28 12:09:38,495 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/files/ocata/cinder-wsgi.conf'
2017-09-28 12:09:38,512 [salt.fileclient  ][INFO    ][23467] Fetching file from saltenv 'base', ** done ** 'cinder/map.jinja'
2017-09-28 12:09:38,528 [salt.state       ][INFO    ][23467] File /etc/apache2/conf-available/cinder-wsgi.conf is in the correct state
2017-09-28 12:09:38,528 [salt.state       ][INFO    ][23467] Completed state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 12:09:38.527994 duration_in_ms=51.39
2017-09-28 12:09:38,529 [salt.state       ][INFO    ][23467] Running state [apache2] at time 12:09:38.529251
2017-09-28 12:09:38,530 [salt.state       ][INFO    ][23467] Executing state service.running for apache2
2017-09-28 12:09:38,530 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2017-09-28 12:09:38,551 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2017-09-28 12:09:38,563 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 12:09:38,577 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 12:09:38,591 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'apache2.service'] in directory '/root'
2017-09-28 12:09:38,660 [salt.loaded.int.module.cmdmod][ERROR   ][23467] Command '['systemd-run', '--scope', 'systemctl', 'start', 'apache2.service']' failed with return code: 1
2017-09-28 12:09:38,661 [salt.loaded.int.module.cmdmod][ERROR   ][23467] output: Running scope as unit run-r40a61ebf33414f7fbb46f0615b60c7ed.scope.
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
2017-09-28 12:09:38,662 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2017-09-28 12:09:38,676 [salt.state       ][ERROR   ][23467] Service apache2 is already enabled, and is dead
2017-09-28 12:09:38,677 [salt.state       ][INFO    ][23467] Completed state [apache2] at time 12:09:38.676714 duration_in_ms=147.461
2017-09-28 12:09:38,677 [salt.state       ][INFO    ][23467] Running state [cinder-scheduler] at time 12:09:38.677257
2017-09-28 12:09:38,678 [salt.state       ][INFO    ][23467] Executing state service.running for cinder-scheduler
2017-09-28 12:09:38,678 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'status', 'cinder-scheduler.service', '-n', '0'] in directory '/root'
2017-09-28 12:09:38,689 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:38,701 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command ['systemctl', 'is-enabled', 'cinder-scheduler.service'] in directory '/root'
2017-09-28 12:09:38,712 [salt.state       ][INFO    ][23467] The service cinder-scheduler is already running
2017-09-28 12:09:38,713 [salt.state       ][INFO    ][23467] Completed state [cinder-scheduler] at time 12:09:38.712763 duration_in_ms=35.504
2017-09-28 12:09:38,714 [salt.state       ][INFO    ][23467] Running state [cinder-manage db sync; sleep 5;] at time 12:09:38.714457
2017-09-28 12:09:38,715 [salt.state       ][INFO    ][23467] Executing state cmd.run for cinder-manage db sync; sleep 5;
2017-09-28 12:09:38,716 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command 'cinder-manage db sync; sleep 5;' in directory '/root'
2017-09-28 12:09:44,273 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928120944267386
2017-09-28 12:09:44,293 [salt.minion      ][INFO    ][23606] Starting a new job with PID 23606
2017-09-28 12:09:44,306 [salt.minion      ][INFO    ][23606] Returning information for job: 20170928120944267386
2017-09-28 12:09:44,750 [salt.state       ][INFO    ][23467] {'pid': 23559, 'retcode': 0, 'stderr': 'Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.\n2017-09-28 12:09:39.631 23560 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py:241: NotSupportedWarning: Configuration option(s) [\'use_tpool\'] not supported\n  exception.NotSupportedWarning\n\n2017-09-28 12:09:39.675 23560 CRITICAL cinder [-] KeyError: <VerNum(96)>\n2017-09-28 12:09:39.675 23560 ERROR cinder Traceback (most recent call last):\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/bin/cinder-manage", line 10, in <module>\n2017-09-28 12:09:39.675 23560 ERROR cinder     sys.exit(main())\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/cinder/cmd/manage.py", line 597, in main\n2017-09-28 12:09:39.675 23560 ERROR cinder     fn(*fn_args)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/cinder/cmd/manage.py", line 215, in sync\n2017-09-28 12:09:39.675 23560 ERROR cinder     return db_migration.db_sync(version)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/cinder/db/migration.py", line 73, in db_sync\n2017-09-28 12:09:39.675 23560 ERROR cinder     init_version=init_version)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/migration.py", line 79, in db_sync\n2017-09-28 12:09:39.675 23560 ERROR cinder     migration = versioning_api.upgrade(engine, repository, version)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 186, in upgrade\n2017-09-28 12:09:39.675 23560 ERROR cinder     return _migrate(url, repository, version, upgrade=True, err=err, **opts)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "<decorator-gen-15>", line 2, in _migrate\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py", line 160, in with_engine\n2017-09-28 12:09:39.675 23560 ERROR cinder     return f(*a, **kw)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/api.py", line 345, in _migrate\n2017-09-28 12:09:39.675 23560 ERROR cinder     changeset = schema.changeset(version)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/schema.py", line 82, in changeset\n2017-09-28 12:09:39.675 23560 ERROR cinder     changeset = self.repository.changeset(database, start_ver, version)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 225, in changeset\n2017-09-28 12:09:39.675 23560 ERROR cinder     changes = [self.version(v).script(database, op) for v in versions]\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/repository.py", line 189, in version\n2017-09-28 12:09:39.675 23560 ERROR cinder     return self.versions.version(*p, **k)\n2017-09-28 12:09:39.675 23560 ERROR cinder   File "/usr/lib/python2.7/dist-packages/migrate/versioning/version.py", line 163, in version\n2017-09-28 12:09:39.675 23560 ERROR cinder     return self.versions[VerNum(vernum)]\n2017-09-28 12:09:39.675 23560 ERROR cinder KeyError: <VerNum(96)>\n2017-09-28 12:09:39.675 23560 ERROR cinder', 'stdout': ''}
2017-09-28 12:09:44,751 [salt.state       ][INFO    ][23467] Completed state [cinder-manage db sync; sleep 5;] at time 12:09:44.750506 duration_in_ms=6036.047
2017-09-28 12:09:44,751 [salt.state       ][INFO    ][23467] Running state [source /root/keystonerc; cinder type-create lvm-driver] at time 12:09:44.750942
2017-09-28 12:09:44,751 [salt.state       ][INFO    ][23467] Executing state cmd.run for source /root/keystonerc; cinder type-create lvm-driver
2017-09-28 12:09:44,752 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command 'source /root/keystonerc; cinder type-list | grep lvm-driver' in directory '/root'
2017-09-28 12:09:45,606 [salt.state       ][INFO    ][23467] unless execution succeeded
2017-09-28 12:09:45,606 [salt.state       ][INFO    ][23467] Completed state [source /root/keystonerc; cinder type-create lvm-driver] at time 12:09:45.605881 duration_in_ms=854.937
2017-09-28 12:09:45,607 [salt.state       ][INFO    ][23467] Running state [source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver] at time 12:09:45.606788
2017-09-28 12:09:45,607 [salt.state       ][INFO    ][23467] Executing state cmd.run for source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver
2017-09-28 12:09:45,608 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command 'source /root/keystonerc; cinder extra-specs-list | grep "{u'volume_backend_name': u'lvm-driver'}"' in directory '/root'
2017-09-28 12:09:46,463 [salt.loaded.int.module.cmdmod][INFO    ][23467] Executing command 'source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver' in directory '/root'
2017-09-28 12:09:47,305 [salt.state       ][INFO    ][23467] {'pid': 23646, 'retcode': 0, 'stderr': '', 'stdout': ''}
2017-09-28 12:09:47,305 [salt.state       ][INFO    ][23467] Completed state [source /root/keystonerc; cinder type-key lvm-driver set volume_backend_name=lvm-driver] at time 12:09:47.305427 duration_in_ms=1698.637
2017-09-28 12:09:47,307 [salt.minion      ][INFO    ][23467] Returning information for job: 20170928120934173561
2017-09-28 12:16:46,518 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command test.ping with jid 20170928121646524767
2017-09-28 12:16:46,537 [salt.minion      ][INFO    ][26774] Starting a new job with PID 26774
2017-09-28 12:16:46,568 [salt.minion      ][INFO    ][26774] Returning information for job: 20170928121646524767
2017-09-28 12:19:43,090 [salt.utils.schedule][INFO    ][14972] Running scheduled job: __mine_interval
2017-09-28 12:22:54,325 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command state.sls with jid 20170928122254321820
2017-09-28 12:22:54,344 [salt.minion      ][INFO    ][29456] Starting a new job with PID 29456
2017-09-28 12:22:56,010 [salt.state       ][INFO    ][29456] Loading fresh modules for state activity
2017-09-28 12:22:56,036 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/init.sls'
2017-09-28 12:22:56,059 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/server.sls'
2017-09-28 12:22:56,094 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/map.jinja'
2017-09-28 12:22:56,129 [salt.state       ][INFO    ][29456] Running state [/usr/sbin/policy-rc.d] at time 12:22:56.128574
2017-09-28 12:22:56,129 [salt.state       ][INFO    ][29456] Executing state file.managed for /usr/sbin/policy-rc.d
2017-09-28 12:22:56,139 [salt.state       ][INFO    ][29456] File changed:
New file
2017-09-28 12:22:56,139 [salt.state       ][INFO    ][29456] Completed state [/usr/sbin/policy-rc.d] at time 12:22:56.138985 duration_in_ms=10.41
2017-09-28 12:22:56,937 [salt.state       ][INFO    ][29456] Running state [neutron-server] at time 12:22:56.936830
2017-09-28 12:22:56,937 [salt.state       ][INFO    ][29456] Executing state pkg.installed for neutron-server
2017-09-28 12:22:56,937 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:22:57,371 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2017-09-28 12:22:59,824 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'neutron-server'] in directory '/root'
2017-09-28 12:23:04,369 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928122304364150
2017-09-28 12:23:04,384 [salt.minion      ][INFO    ][30024] Starting a new job with PID 30024
2017-09-28 12:23:04,400 [salt.minion      ][INFO    ][30024] Returning information for job: 20170928122304364150
2017-09-28 12:23:12,963 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:23:12,990 [salt.state       ][INFO    ][29456] Made the following changes:
'python-waitress' changed from 'absent' to '0.8.10-1'
'ipset' changed from 'absent' to '6.29-1'
'neutron-server' changed from 'absent' to '2:8.4.0-0ubuntu5'
'python-neutron-fwaas' changed from 'absent' to '1:8.2.0-0ubuntu1'
'python-singledispatch' changed from 'absent' to '3.4.0.3-2'
'neutron-plugin-ml2' changed from 'absent' to '2:8.4.0-0ubuntu5'
'libipset3' changed from 'absent' to '6.29-1'
'python-neutron' changed from 'absent' to '2:8.4.0-0ubuntu5'
'python-pecan' changed from 'absent' to '1.0.2-2ubuntu1'
'python-logutils' changed from 'absent' to '0.3.3-5'
'ipset-6.29' changed from 'absent' to '1'
'python-openvswitch' changed from 'absent' to '2.5.2-0ubuntu0.16.04.1'
'python-webtest' changed from 'absent' to '2.0.18-1ubuntu1'
'neutron-plugin' changed from 'absent' to '1'
'python2.7-neutron' changed from 'absent' to '1'
'neutron-common' changed from 'absent' to '2:8.4.0-0ubuntu5'
'python2.7-waitress' changed from 'absent' to '1'
'python-neutron-lib' changed from 'absent' to '0.0.2-2'

2017-09-28 12:23:13,004 [salt.state       ][INFO    ][29456] Loading fresh modules for state activity
2017-09-28 12:23:13,029 [salt.state       ][INFO    ][29456] Completed state [neutron-server] at time 12:23:13.028832 duration_in_ms=16092.003
2017-09-28 12:23:13,034 [salt.state       ][INFO    ][29456] Running state [python-neutron-lbaas] at time 12:23:13.033735
2017-09-28 12:23:13,034 [salt.state       ][INFO    ][29456] Executing state pkg.installed for python-neutron-lbaas
2017-09-28 12:23:13,260 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-neutron-lbaas'] in directory '/root'
2017-09-28 12:23:14,519 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command saltutil.find_job with jid 20170928122314515288
2017-09-28 12:23:14,535 [salt.minion      ][INFO    ][30400] Starting a new job with PID 30400
2017-09-28 12:23:14,548 [salt.minion      ][INFO    ][30400] Returning information for job: 20170928122314515288
2017-09-28 12:23:16,944 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/root'
2017-09-28 12:23:16,970 [salt.state       ][INFO    ][29456] Made the following changes:
'python-pyasn1-modules' changed from 'absent' to '0.0.7-0.1'
'python-neutron-lbaas' changed from 'absent' to '2:8.3.0-0ubuntu3'

2017-09-28 12:23:16,982 [salt.state       ][INFO    ][29456] Loading fresh modules for state activity
2017-09-28 12:23:16,995 [salt.state       ][INFO    ][29456] Completed state [python-neutron-lbaas] at time 12:23:16.994983 duration_in_ms=3961.248
2017-09-28 12:23:16,1000 [salt.state       ][INFO    ][29456] Running state [python-pycadf] at time 12:23:16.999697
2017-09-28 12:23:16,1000 [salt.state       ][INFO    ][29456] Executing state pkg.installed for python-pycadf
2017-09-28 12:23:17,282 [salt.state       ][INFO    ][29456] Package python-pycadf is already installed
2017-09-28 12:23:17,282 [salt.state       ][INFO    ][29456] Completed state [python-pycadf] at time 12:23:17.282242 duration_in_ms=282.545
2017-09-28 12:23:17,283 [salt.state       ][INFO    ][29456] Running state [gettext-base] at time 12:23:17.282499
2017-09-28 12:23:17,283 [salt.state       ][INFO    ][29456] Executing state pkg.installed for gettext-base
2017-09-28 12:23:17,285 [salt.state       ][INFO    ][29456] Package gettext-base is already installed
2017-09-28 12:23:17,286 [salt.state       ][INFO    ][29456] Completed state [gettext-base] at time 12:23:17.285570 duration_in_ms=3.071
2017-09-28 12:23:17,286 [salt.state       ][INFO    ][29456] Running state [/usr/sbin/policy-rc.d] at time 12:23:17.286433
2017-09-28 12:23:17,287 [salt.state       ][INFO    ][29456] Executing state file.absent for /usr/sbin/policy-rc.d
2017-09-28 12:23:17,287 [salt.state       ][INFO    ][29456] {'removed': '/usr/sbin/policy-rc.d'}
2017-09-28 12:23:17,287 [salt.state       ][INFO    ][29456] Completed state [/usr/sbin/policy-rc.d] at time 12:23:17.287053 duration_in_ms=0.62
2017-09-28 12:23:17,287 [salt.state       ][INFO    ][29456] Running state [/etc/neutron/plugins/ml2/ml2_conf.ini] at time 12:23:17.287354
2017-09-28 12:23:17,288 [salt.state       ][INFO    ][29456] Executing state file.managed for /etc/neutron/plugins/ml2/ml2_conf.ini
2017-09-28 12:23:17,312 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/files/ocata/ml2_conf.ini'
2017-09-28 12:23:17,340 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/map.jinja'
2017-09-28 12:23:17,362 [salt.state       ][INFO    ][29456] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
+
 [DEFAULT]
 
 #
@@ -6,10 +7,11 @@
 
 # If set to true, the logging level will be set to DEBUG instead of the default
 # INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
 
-# If set to false, the logging level will be set to WARNING instead of the
-# default INFO level. (boolean value)
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
@@ -20,6 +22,7 @@
 # configuration files are used then all logging configuration is set in the
 # configuration file and other logging configuration options are ignored (for
 # example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
@@ -57,7 +60,7 @@
 
 # Log output to standard error. This option is ignored if log_config_append is
 # set. (boolean value)
-#use_stderr = true
+#use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
@@ -92,6 +95,18 @@
 # value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
@@ -105,32 +120,38 @@
 # List of network type driver entrypoints to be loaded from the
 # neutron.ml2.type_drivers namespace. (list value)
 #type_drivers = local,flat,vlan,gre,vxlan,geneve
+type_drivers = local,flat,vlan,gre,vxlan
 
 # Ordered list of network_types to allocate as tenant networks. The default
 # value 'local' is useful for single-box testing but provides no connectivity
 # between hosts. (list value)
 #tenant_network_types = local
+tenant_network_types = flat,vxlan
 
 # An ordered list of networking mechanism driver entrypoints to be loaded from
 # the neutron.ml2.mechanism_drivers namespace. (list value)
 #mechanism_drivers =
+mechanism_drivers =openvswitch,l2population
 
 # An ordered list of extension driver entrypoints to be loaded from the
 # neutron.ml2.extension_drivers namespace. For example: extension_drivers =
 # port_security,qos (list value)
 #extension_drivers =
+extension_drivers=port_security
 
 # Maximum size of an IP packet (MTU) that can traverse the underlying physical
-# network infrastructure without fragmentation for overlay/tunnel networks. In
-# most cases, use the same value as the global_physnet_mtu option. (integer
-# value)
-#path_mtu = 1500
+# network infrastructure without fragmentation when using an overlay/tunnel
+# protocol. This option allows specifying a physical network MTU value that
+# differs from the default global_physnet_mtu value. (integer value)
+#path_mtu = 0
+path_mtu = 1500
 
 # A list of mappings of physical networks to MTU values. The format of the
 # mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
 # network MTU value that differs from the default global_physnet_mtu value.
 # (list value)
 #physical_network_mtus =
+physical_network_mtus =physnet1:1500
 
 # Default network type for external networks when no provider attributes are
 # specified. By default it is None, which means that if provider attributes are
@@ -140,6 +161,10 @@
 # option. (string value)
 #external_network_type = <None>
 
+# IP version of all overlay (tunnel) network endpoints. Use a value of 4 for
+# IPv4 or 6 for IPv6. (integer value)
+#overlay_ip_version = 4
+
 
 [ml2_type_flat]
 
@@ -151,6 +176,7 @@
 # default '*' to allow flat networks with arbitrary physical_network names. Use
 # an empty list to disable flat networks. (list value)
 #flat_networks = *
+flat_networks = *
 
 
 [ml2_type_geneve]
@@ -168,7 +194,7 @@
 # + IP + UDP + GENEVE header sizes. The default size for this field is 50,
 # which is the size of the Geneve header without any additional option headers.
 # (integer value)
-#max_header_size = 50
+#max_header_size = 30
 
 
 [ml2_type_gre]
@@ -180,6 +206,7 @@
 # Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE
 # tunnel IDs that are available for tenant network allocation (list value)
 #tunnel_id_ranges =
+tunnel_id_ranges =2:65535
 
 
 [ml2_type_vlan]
@@ -193,6 +220,7 @@
 # networks, as well as ranges of VLAN tags on each available for allocation to
 # tenant networks. (list value)
 #network_vlan_ranges =
+network_vlan_ranges = physnet1
 
 
 [ml2_type_vxlan]
@@ -204,11 +232,13 @@
 # Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
 # VXLAN VNI IDs that are available for tenant network allocation (list value)
 #vni_ranges =
+vni_ranges = 2:65535
 
 # Multicast group for VXLAN. When configured, will enable sending all broadcast
 # traffic to this multicast group. When left unconfigured, will disable
 # multicast VXLAN mode. (string value)
 #vxlan_group = <None>
+vxlan_group = 224.0.0.1
 
 
 [securitygroup]
@@ -224,6 +254,8 @@
 # should be false when using no security groups or using the nova security
 # group API. (boolean value)
 #enable_security_group = true
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
 
 # Use ipset to speed-up the iptables based security groups. Enabling ipset
 # support requires that ipset is installed on L2 agent node. (boolean value)

2017-09-28 12:23:17,362 [salt.state       ][INFO    ][29456] Completed state [/etc/neutron/plugins/ml2/ml2_conf.ini] at time 12:23:17.362248 duration_in_ms=74.892
2017-09-28 12:23:17,363 [salt.state       ][INFO    ][29456] Running state [ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini] at time 12:23:17.363321
2017-09-28 12:23:17,364 [salt.state       ][INFO    ][29456] Executing state cmd.run for ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2017-09-28 12:23:17,364 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command 'test -e /etc/neutron/plugin.ini' in directory '/root'
2017-09-28 12:23:17,376 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command 'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini' in directory '/root'
2017-09-28 12:23:17,385 [salt.state       ][INFO    ][29456] {'pid': 30494, 'retcode': 0, 'stderr': '', 'stdout': ''}
2017-09-28 12:23:17,385 [salt.state       ][INFO    ][29456] Completed state [ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini] at time 12:23:17.385361 duration_in_ms=22.038
2017-09-28 12:23:17,386 [salt.state       ][INFO    ][29456] Running state [/etc/neutron/neutron.conf] at time 12:23:17.386277
2017-09-28 12:23:17,387 [salt.state       ][INFO    ][29456] Executing state file.managed for /etc/neutron/neutron.conf
2017-09-28 12:23:17,409 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/files/ocata/neutron-server.conf.Debian'
2017-09-28 12:23:17,480 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/map.jinja'
2017-09-28 12:23:17,509 [salt.state       ][INFO    ][29456] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
+
 [DEFAULT]
 
 #
@@ -7,14 +8,17 @@
 # Where to store Neutron state files. This directory must be writable by the
 # agent. (string value)
 #state_path = /var/lib/neutron
+state_path = /var/lib/neutron
 
 # The host IP to bind to (string value)
 #bind_host = 0.0.0.0
+bind_host = 10.167.4.12
 
 # The port to bind to (port value)
 # Minimum value: 0
 # Maximum value: 65535
 #bind_port = 9696
+bind_port = 9696
 
 # The path for API extensions. Note that this can be a colon-separated list of
 # paths. For example: api_extensions_path =
@@ -22,36 +26,36 @@
 # neutron.extensions is appended to this, so if your extensions are in there
 # you don't need to specify them here. (string value)
 #api_extensions_path =
+agent_down_time = 30
 
 # The type of authentication to use (string value)
 #auth_strategy = keystone
-
-# The core plugin Neutron will use (string value)
-core_plugin = ml2
+auth_strategy = keystone
+
+
+
+core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+
+service_plugins = router,metering
 
 # The service plugins Neutron will use (list value)
 #service_plugins =
+
+allow_pagination = False
+
 
 # The base MAC address Neutron will use for VIFs. The first 3 octets will
 # remain unchanged. If the 4th octet is not 00, it will also be used. The
 # others will be randomly generated. (string value)
 #base_mac = fa:16:3e:00:00:00
 
-# How many times Neutron will retry MAC generation (integer value)
-#mac_generation_retries = 16
-
 # Allow the usage of the bulk API (boolean value)
 #allow_bulk = true
-
-# Allow the usage of the pagination (boolean value)
-#allow_pagination = false
-
-# Allow the usage of the sorting (boolean value)
-#allow_sorting = false
 
 # The maximum number of items returned in a single response, value was
 # 'infinite' or negative integer means no limit (string value)
 #pagination_max_limit = -1
+pagination_max_limit = -1
 
 # Default value of availability zone hints. The availability zone aware
 # schedulers use this when the resources availability_zone_hints is empty.
@@ -67,31 +71,11 @@
 # Maximum number of host routes per subnet (integer value)
 #max_subnet_host_routes = 20
 
-# Maximum number of fixed ips per port. This option is deprecated and will be
-# removed in the N release. (integer value)
+# DEPRECATED: Maximum number of fixed ips per port. This option is deprecated
+# and will be removed in the Ocata release. (integer value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #max_fixed_ips_per_port = 5
-
-# Default IPv4 subnet pool to be used for automatic subnet CIDR allocation.
-# Specifies by UUID the pool to be used in case where creation of a subnet is
-# being called without a subnet pool ID. If not set then no pool will be used
-# unless passed explicitly to the subnet create. If no pool is used, then a
-# CIDR must be passed to create a subnet and that subnet will not be allocated
-# from any pool; it will be considered part of the tenant's private address
-# space. This option is deprecated for removal in the N release. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#default_ipv4_subnet_pool = <None>
-
-# Default IPv6 subnet pool to be used for automatic subnet CIDR allocation.
-# Specifies by UUID the pool to be used in case where creation of a subnet is
-# being called without a subnet pool ID. See the description for
-# default_ipv4_subnet_pool for more information. This option is deprecated for
-# removal in the N release. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#default_ipv6_subnet_pool = <None>
 
 # Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to
 # True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable
@@ -103,11 +87,12 @@
 
 # DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
 # lease times. (integer value)
-# Deprecated group/name - [DEFAULT]/dhcp_lease_time
 #dhcp_lease_duration = 86400
+dhcp_lease_duration = 600
 
 # Domain to use for building the hostnames (string value)
 #dns_domain = openstacklocal
+dns_domain = novalocal
 
 # Driver for external DNS integration. (string value)
 #external_dns_driver = <None>
@@ -119,46 +104,36 @@
 # MUST be set to False if Neutron is being used in conjunction with Nova
 # security groups. (boolean value)
 #allow_overlapping_ips = false
+allow_overlapping_ips = True
 
 # Hostname to be used by the Neutron server, agents and services running on
 # this machine. All the agents and services running on this machine must use
 # the same host value. (string value)
 #host = example.domain
 
-# Ensure that configured gateway is on subnet. For IPv6, validate only if
-# gateway is not a link local address. Deprecated, to be removed during the
-# Newton release, at which point the gateway will not be forced on to subnet.
-# (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#force_gateway_on_subnet = true
-
 # Send notification to nova when port status changes (boolean value)
 #notify_nova_on_port_status_changes = true
+notify_nova_on_port_status_changes = true
 
 # Send notification to nova when port data (fixed_ips/floatingip) changes so
 # nova can update its cache. (boolean value)
 #notify_nova_on_port_data_changes = true
+notify_nova_on_port_data_changes = true
 
 # Number of seconds between sending events to nova if there are any events to
 # send. (integer value)
 #send_events_interval = 2
 
-# If True, advertise network MTU values if core plugin calculates them. MTU is
-# advertised to running instances via DHCP and RA MTU options. (boolean value)
-#advertise_mtu = true
-
-# Neutron IPAM (IP address management) driver to use. If ipam_driver is not set
-# (default behavior), no IPAM driver is used. In order to use the reference
-# implementation of Neutron IPAM driver, use 'internal'. (string value)
-#ipam_driver = <None>
+# Neutron IPAM (IP address management) driver to use. By default, the reference
+# implementation of the Neutron IPAM driver is used. (string value)
+#ipam_driver = internal
 
 # If True, then allow plugins that support it to create VLAN transparent
 # networks. (boolean value)
 #vlan_transparent = false
 
 # This will choose the web framework in which to run the Neutron API server.
-# 'pecan' is a new experiemental rewrite of the API server. (string value)
+# 'pecan' is a new experimental rewrite of the API server. (string value)
 # Allowed values: legacy, pecan
 #web_framework = legacy
 
@@ -166,11 +141,10 @@
 # MTU for all virtual network components. For flat and VLAN networks, neutron
 # uses this value without modification. For overlay networks such as VXLAN,
 # neutron automatically subtracts the overlay protocol overhead from this
-# value. Defaults to 1500, the standard value for Ethernet. If using the ML2
-# plug-in with overlay/tunnel networks, also configure the ml2 path_mtu option
-# with the same value as the global_physnet_mtu option. (integer value)
+# value. Defaults to 1500, the standard value for Ethernet. (integer value)
 # Deprecated group/name - [ml2]/segment_mtu
 #global_physnet_mtu = 1500
+global_physnet_mtu = 1500
 
 # Number of backlog requests to configure the socket with (integer value)
 #backlog = 4096
@@ -181,7 +155,7 @@
 # Enable SSL on the API server (boolean value)
 #use_ssl = false
 
-# Seconds between running periodic tasks (integer value)
+# Seconds between running periodic tasks. (integer value)
 #periodic_interval = 40
 
 # Number of separate API worker processes for service. If not specified, the
@@ -189,12 +163,14 @@
 # (integer value)
 #api_workers = <None>
 
-# Number of RPC worker processes for service (integer value)
+# Number of RPC worker processes for service. (integer value)
 #rpc_workers = 1
-
-# Number of RPC worker processes dedicated to state reports queue (integer
+rpc_workers = 4
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
 # value)
 #rpc_state_report_workers = 1
+rpc_state_report_workers = 4
 
 # Range of seconds to randomly delay when starting the periodic task scheduler
 # to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -229,10 +205,6 @@
 #
 # From neutron.db
 #
-
-# Seconds to regard the agent is down; should be at least twice
-# report_interval, to be sure the agent is down for good. (integer value)
-#agent_down_time = 75
 
 # Representing the resource type whose load is being reported by the agent.
 # This can be "networks", "subnets" or "ports". When specified (Default is
@@ -273,6 +245,7 @@
 # a given tenant network, providing high availability for DHCP service.
 # (integer value)
 #dhcp_agents_per_network = 1
+dhcp_agents_per_network = 2
 
 # Enable services on an agent with admin_state_up False. If this option is
 # False, when admin_state_up of an agent is turned False, services on it will
@@ -292,9 +265,11 @@
 # System-wide flag to determine the type of router that tenants can create.
 # Only admin can override. (boolean value)
 #router_distributed = false
+router_distributed = False
 
 # Driver to use for scheduling router to a default L3 agent (string value)
 #router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
+router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
 
 # Allow auto scheduling of routers to L3 agent. (boolean value)
 #router_auto_schedule = true
@@ -302,17 +277,16 @@
 # Automatically reschedule routers from offline L3 agents to online L3 agents.
 # (boolean value)
 #allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
 
 # Enable HA mode for virtual routers. (boolean value)
 #l3_ha = false
+l3_ha = True
 
 # Maximum number of L3 agents which a HA router will be scheduled on. If it is
 # set to 0 then the router will be scheduled on every agent. (integer value)
 #max_l3_agents_per_router = 3
-
-# Minimum number of L3 agents that have to be available in order to allow a new
-# HA router to be scheduled. (integer value)
-#min_l3_agents_per_router = 2
+max_l3_agents_per_router = 0
 
 # Subnet used for the l3 HA admin network. (string value)
 #l3_ha_net_cidr = 169.254.192.0/18
@@ -340,13 +314,15 @@
 
 # If set to true, the logging level will be set to DEBUG instead of the default
 # INFO level. (boolean value)
+# Note: This option can be changed without restarting.
 #debug = false
 
-# If set to false, the logging level will be set to WARNING instead of the
-# default INFO level. (boolean value)
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
+verbose = true
 
 # The name of a logging configuration file. This file is appended to any
 # existing logging configuration files. For details about logging configuration
@@ -354,6 +330,7 @@
 # configuration files are used then all logging configuration is set in the
 # configuration file and other logging configuration options are ignored (for
 # example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
@@ -391,7 +368,7 @@
 
 # Log output to standard error. This option is ignored if log_config_append is
 # set. (boolean value)
-#use_stderr = true
+#use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
@@ -426,6 +403,18 @@
 # value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
@@ -437,77 +426,186 @@
 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
 #rpc_conn_pool_size = 30
 
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
 # The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, dummy
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
 #rpc_zmq_matchmaker = redis
 
-# Type of concurrency used. Either "native" or "eventlet" (string value)
-#rpc_zmq_concurrency = eventlet
-
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
 #rpc_zmq_contexts = 1
 
 # Maximum number of ingress messages to locally buffer per topic. Default is
 # unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
 #rpc_zmq_topic_backlog = <None>
 
 # Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
 #rpc_zmq_ipc_dir = /var/run/openstack
 
 # Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
 # "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
 #rpc_zmq_host = localhost
 
-# Seconds to wait before a cast expires (TTL). The default value of -1
-# specifies an infinite linger period. The value of 0 specifies no linger
-# period. Pending messages shall be discarded immediately when the socket is
-# closed. Only supported by impl_zmq. (integer value)
-#rpc_cast_timeout = -1
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+zmq_linger = 30
 
 # The default number of seconds that poll should wait. Poll raises timeout
 # exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
 #rpc_poll_timeout = 1
 
 # Expiration timeout in seconds of a name service record about existing target
 # ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 120
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
 
 # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
 # value)
-#use_pub_sub = true
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
 
 # Minimal port number for random ports range. (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#rpc_zmq_min_port = 49152
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
 
 # Maximal port number for random ports range. (integer value)
 # Minimum value: 1
 # Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
 #rpc_zmq_max_port = 65536
 
 # Number of retries to find free port number before fail with ZMQBindError.
 # (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
 #rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
 
 # Size of executor thread pool. (integer value)
 # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
 #executor_thread_pool_size = 64
+executor_thread_pool_size = 70
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
-
-# A URL representing the messaging driver to use and its full configuration. If
-# not set, we fall back to the rpc_backend option and driver specific
-# configuration. (string value)
+rpc_response_timeout=120
+
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
 #transport_url = <None>
-
-# The messaging driver to use, defaults to rabbit. Other drivers include amqp
-# and zmq. (string value)
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.41:5672,openstack:opnfv_secret@10.167.4.42:5672,openstack:opnfv_secret@10.167.4.43:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rpc_backend = rabbit
 
 # The default exchange under which topics are scoped. May be overridden by an
@@ -546,6 +644,7 @@
 # is idle for this number of seconds it will be closed. A value of '0' means
 # wait forever. (integer value)
 #client_socket_timeout = 900
+nova_url = http://10.167.4.10:8774/v2
 
 
 [agent]
@@ -565,13 +664,17 @@
 # required, set this to False for a performance improvement. (boolean value)
 #use_helper_for_ns_read = true
 
-# Root helper daemon application to use when possible. (string value)
-#root_helper_daemon = <None>
+# Root helper daemon application to use when possible. For the agent which
+# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
+# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
+# to pass commands to Dom0. (string value)
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
 
 # Seconds between nodes reporting state to server; should be less than
 # agent_down_time, best if it is half or less than agent_down_time. (floating
 # point value)
 #report_interval = 30
+report_interval = 10
 
 # Log agent heartbeats (boolean value)
 #log_agent_heartbeats = false
@@ -582,6 +685,12 @@
 # (boolean value)
 #comment_iptables_rules = true
 
+# Duplicate every iptables difference calculation to ensure the format being
+# generated matches the format of iptables-save. This option should not be
+# turned on for production systems because it imposes a performance penalty.
+# (boolean value)
+#debug_iptables_rules = false
+
 # Action to be executed when a child process dies (string value)
 # Allowed values: respawn, exit
 #check_child_processes_action = respawn
@@ -601,7 +710,8 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (list value)
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -621,7 +731,6 @@
 # (list value)
 #allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
 
-
 [cors.subdomain]
 
 #
@@ -629,7 +738,8 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (list value)
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -664,8 +774,12 @@
 # From oslo.db
 #
 
-# The file name to use with SQLite. (string value)
+# DEPRECATED: The file name to use with SQLite. (string value)
 # Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect
+# the database.
 #sqlite_db = oslo.sqlite
 
 # If True, SQLite uses synchronous mode. (boolean value)
@@ -681,7 +795,8 @@
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
-connection = sqlite:////var/lib/neutron/neutron.sqlite
+
+connection = mysql+pymysql://neutron:opnfv_secret@10.167.4.50/neutron?charset=utf8
 
 # The SQLAlchemy connection string to use to connect to the slave database.
 # (string value)
@@ -698,35 +813,43 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
+idle_timeout = 3600
 
 # Minimum number of SQL connections to keep open in a pool. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. (integer value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = <None>
+#max_pool_size = 5
+max_pool_size = 20
 
 # Maximum number of database connection retries during startup. Set to -1 to
 # specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
+max_retries = -1
 
 # Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
+retry_interval = 2
 
 # If set, use this value for max_overflow with SQLAlchemy. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
+max_overflow = 20
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
 # value)
+# Minimum value: 0
+# Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
 
@@ -760,11 +883,31 @@
 
 [keystone_authtoken]
 
+auth_region=RegionOne
+auth_protocol=http
+revocation_cache_time = 10
+auth_type = password
+auth_host = 10.167.4.10
+auth_port = 35357
+user_domain_id = default
+project_domain_id = default
+project_name = service
+username = neutron
+password = opnfv_secret
+auth_uri=http://10.167.4.10:5000
+auth_url=http://10.167.4.10:35357
 #
 # From keystonemiddleware.auth_token
 #
 
-# Complete public Identity API endpoint. (string value)
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should  ideally be unversioned, client support in the
+# wild varies.  If you're using a versioned v2 endpoint here, then this  should
+# *not* be the same endpoint the service user utilizes  for validating tokens,
+# because normal end users may not be  able to reach that endpoint. (string
+# value)
 #auth_uri = <None>
 
 # API version of the admin Identity API endpoint. (string value)
@@ -782,7 +925,10 @@
 # API Server. (integer value)
 #http_request_max_retries = 3
 
-# Env key for the swift cache. (string value)
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
 #cache = <None>
 
 # Required if identity server requires client certificate (string value)
@@ -801,12 +947,17 @@
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
 
-# Directory used to cache files related to PKI tokens. (string value)
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #signing_dir = <None>
 
 # Optionally specify a list of memcached server(s) to use for caching. If left
 # undefined, tokens will instead be cached in-process. (list value)
-# Deprecated group/name - [DEFAULT]/memcache_servers
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
 # In order to prevent excessive effort spent validating tokens, the middleware
@@ -814,10 +965,14 @@
 # to -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens is retrieved
-# from the Identity service (in seconds). A high number of revocation events
-# combined with a low cache duration may significantly reduce performance.
-# (integer value)
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in
+# the Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be authenticated or
@@ -870,19 +1025,40 @@
 # (string value)
 #enforce_token_bind = permissive
 
-# If true, the revocation list will be checked for cached tokens. This requires
-# that PKI tokens are configured on the identity server. (boolean value)
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #check_revocations_for_cached = false
 
-# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
-# or multiple. The algorithms are those supported by Python standard
-# hashlib.new(). The hashes will be tried in the order given, so put the
-# preferred one first for performance. The result of the first hash will be
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
 # stored in the cache. This will typically be set to multiple values only while
 # migrating from a less secure algorithm to a more secure one. Once all the old
 # tokens are expired this option should be set to a single value for better
 # performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #hash_algorithms = md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
+#service_token_roles = service
+
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
+#service_token_roles_required = false
 
 # Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
 # (string value)
@@ -921,11 +1097,11 @@
 # Service tenant name. (string value)
 #admin_tenant_name = admin
 
-# Authentication type to load (unknown value)
-# Deprecated group/name - [DEFAULT]/auth_plugin
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
 
-# Config Section from which to load plugin specific options (unknown value)
+# Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
 
@@ -935,32 +1111,44 @@
 # From oslo.messaging
 #
 
-# Host to locate redis. (string value)
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (port value)
+# DEPRECATED: Use this port to connect to redis host. (port value)
 # Minimum value: 0
 # Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #port = 6379
 
-# Password for Redis server (optional). (string value)
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #password =
 
-# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
 # [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #sentinel_hosts =
 
 # Redis replica set name. (string value)
 #sentinel_group_name = oslo-messaging-zeromq
 
 # Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 500
+#wait_timeout = 2000
 
 # Time in ms to wait before the transaction is killed. (integer value)
 #check_timeout = 20000
 
-# Timeout in ms on blocking socket operations (integer value)
-#socket_timeout = 1000
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout = 10000
 
 
 [nova]
@@ -972,22 +1160,31 @@
 # Name of nova region to use. Useful if keystone manages more than one region.
 # (string value)
 #region_name = <None>
+region_name = RegionOne
 
 # Type of the nova endpoint to use.  This endpoint will be looked up in the
 # keystone catalog and should be one of public, internal or admin. (string
 # value)
 # Allowed values: public, admin, internal
 #endpoint_type = public
+endpoint_type = internal
 
 #
 # From nova.auth
 #
 
-# Authentication URL (unknown value)
+# Authentication URL (string value)
 #auth_url = <None>
-
-# Authentication type to load (unknown value)
-# Deprecated group/name - [DEFAULT]/auth_plugin
+user_domain_id = default
+project_domain_id = default
+project_name = service
+password = opnfv_secret
+username = nova
+auth_type = password
+auth_url = http://10.167.4.10:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
 #auth_type = <None>
 
 # PEM encoded Certificate Authority to use when verifying HTTPs connections.
@@ -998,19 +1195,19 @@
 #certfile = <None>
 
 # Optional domain ID to use with v3 and v2 parameters. It will be used for both
-# the user and project domain in v3 and ignored in v2 authentication. (unknown
+# the user and project domain in v3 and ignored in v2 authentication. (string
 # value)
 #default_domain_id = <None>
 
 # Optional domain name to use with v3 API and v2 parameters. It will be used
 # for both the user and project domain in v3 and ignored in v2 authentication.
-# (unknown value)
+# (string value)
 #default_domain_name = <None>
 
-# Domain ID to scope to (unknown value)
+# Domain ID to scope to (string value)
 #domain_id = <None>
 
-# Domain name to scope to (unknown value)
+# Domain name to scope to (string value)
 #domain_name = <None>
 
 # Verify HTTPS connections. (boolean value)
@@ -1019,46 +1216,46 @@
 # PEM encoded client certificate key file (string value)
 #keyfile = <None>
 
-# User's password (unknown value)
+# User's password (string value)
 #password = <None>
 
-# Domain ID containing project (unknown value)
+# Domain ID containing project (string value)
 #project_domain_id = <None>
 
-# Domain name containing project (unknown value)
+# Domain name containing project (string value)
 #project_domain_name = <None>
 
-# Project ID to scope to (unknown value)
-# Deprecated group/name - [DEFAULT]/tenant-id
+# Project ID to scope to (string value)
+# Deprecated group/name - [nova]/tenant-id
 #project_id = <None>
 
-# Project name to scope to (unknown value)
-# Deprecated group/name - [DEFAULT]/tenant-name
+# Project name to scope to (string value)
+# Deprecated group/name - [nova]/tenant-name
 #project_name = <None>
 
-# Tenant ID (unknown value)
+# Tenant ID (string value)
 #tenant_id = <None>
 
-# Tenant Name (unknown value)
+# Tenant Name (string value)
 #tenant_name = <None>
 
 # Timeout value for http requests (integer value)
 #timeout = <None>
 
-# Trust ID (unknown value)
+# Trust ID (string value)
 #trust_id = <None>
 
-# User's domain id (unknown value)
+# User's domain id (string value)
 #user_domain_id = <None>
 
-# User's domain name (unknown value)
+# User's domain name (string value)
 #user_domain_name = <None>
 
-# User id (unknown value)
+# User id (string value)
 #user_id = <None>
 
-# Username (unknown value)
-# Deprecated group/name - [DEFAULT]/user-name
+# Username (string value)
+# Deprecated group/name - [nova]/user-name
 #username = <None>
 
 
@@ -1080,6 +1277,7 @@
 # (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
 #lock_path = /tmp
+lock_path = $state_path/lock
 
 
 [oslo_messaging_amqp]
@@ -1087,6 +1285,116 @@
 #
 # From oslo.messaging
 #
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file used to verify the server's certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional)
+# (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry = 0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy'   - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic'  - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
 
 # address prefix used when sending to a specific server (string value)
 # Deprecated group/name - [amqp1]/server_request_prefix
@@ -1100,57 +1408,113 @@
 # Deprecated group/name - [amqp1]/group_request_prefix
 #group_request_prefix = unicast
 
-# Name for the AMQP container (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file to verify server certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Identifying certificate PEM file to present to clients (string value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign cert_file certificate (string value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-
+# robin fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify'   - Send Notifications pre-settled
+#  (multi valued)
+#pre_settled = rpc-cast
+#pre_settled = rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host = localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port = 9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes = 1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout = 1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size = 10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group = oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating
+# point value)
+#producer_batch_timeout = 0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size = 16384
 
 
 [oslo_messaging_notifications]
@@ -1214,12 +1578,12 @@
 #kombu_reconnect_delay = 1.0
 
 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may notbe available in future versions. (string value)
+# be used. This option may not be available in future versions. (string value)
 #kombu_compression = <None>
 
-# How long to wait a missing client beforce abandoning to send it its replies.
+# How long to wait a missing client before abandoning to send it its replies.
 # This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
 #kombu_missing_consumer_retry_timeout = 60
 
 # Determines how the next RabbitMQ node is chosen in case the one we are
@@ -1228,61 +1592,86 @@
 # Allowed values: round-robin, shuffle
 #kombu_failover_strategy = round-robin
 
-# The RabbitMQ broker address where a single node is used. (string value)
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (port value)
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
 # Minimum value: 0
 # Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_port = 5672
 
-# RabbitMQ HA cluster host:port pairs. (list value)
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_hosts = $rabbit_host:$rabbit_port
 
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl = false
 
-# The RabbitMQ userid. (string value)
+# DEPRECATED: The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_userid = guest
 
-# The RabbitMQ password. (string value)
+# DEPRECATED: The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
 # Deprecated group/name - [DEFAULT]/rabbit_login_method
 #rabbit_login_method = AMQPLAIN
 
-# The RabbitMQ virtual host. (string value)
+# DEPRECATED: The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_virtual_host = /
 
 # How frequently to retry connecting with RabbitMQ. (integer value)
 #rabbit_retry_interval = 1
+rabbit_retry_interval = 1
 
 # How long to backoff for between retries when connecting to RabbitMQ. (integer
 # value)
 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
 #rabbit_retry_backoff = 2
+rabbit_retry_backoff = 2
 
 # Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
 # (integer value)
 #rabbit_interval_max = 30
 
-# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry
-# count). (integer value)
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
 #rabbit_max_retries = 0
 
 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
 # option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
 # is no longer controlled by the x-ha-policy argument when declaring a queue.
-# If you just want to make sure that all queues (except  those with auto-
+# If you just want to make sure that all queues (except those with auto-
 # generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
 # HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
@@ -1302,10 +1691,12 @@
 # heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
 # value)
 #heartbeat_timeout_threshold = 60
+heartbeat_timeout_threshold = 0
 
 # How often times during the heartbeat_timeout_threshold we check the
 # heartbeat. (integer value)
 #heartbeat_rate = 2
+heartbeat_rate = 2
 
 # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
 # Deprecated group/name - [DEFAULT]/fake_rabbit
@@ -1318,7 +1709,7 @@
 #frame_max = <None>
 
 # How often to send heartbeats for consumer's connections (integer value)
-#heartbeat_interval = 1
+#heartbeat_interval = 3
 
 # Enable SSL (boolean value)
 #ssl = <None>
@@ -1337,8 +1728,12 @@
 # point value)
 #host_connection_reconnect_delay = 0.25
 
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
 # Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 10
+#pool_max_size = 30
 
 # Maximum number of connections to create above `pool_max_size`. (integer
 # value)
@@ -1357,10 +1752,15 @@
 # (integer value)
 #pool_stale = 60
 
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type = json
+
 # Persist notification messages. (boolean value)
 #notification_persistence = false
 
-# Exchange name for for sending notifications (string value)
+# Exchange name for sending notifications (string value)
 #default_notification_exchange = ${control_exchange}_notification
 
 # Max number of not acknowledged message which RabbitMQ can send to
@@ -1402,7 +1802,7 @@
 
 # Reconnecting retry count in case of connectivity problem during sending RPC
 # message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
-# request could be processed more then one time (integer value)
+# request could be processed more than one time (integer value)
 #default_rpc_retry_attempts = -1
 
 # Reconnecting retry delay in case of connectivity problem during sending RPC
@@ -1410,13 +1810,185 @@
 #rpc_retry_delay = 0.25
 
 
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware.http_proxy_to_wsgi
+#
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+
+
 [oslo_policy]
 
 #
 # From oslo.policy
 #
 
-# The JSON file that defines policies. (string value)
+# The file that defines policies. (string value)
 # Deprecated group/name - [DEFAULT]/policy_file
 #policy_file = policy.json
 
@@ -1439,7 +2011,10 @@
 # From neutron.qos
 #
 
-# Drivers list to use to send the update notification (list value)
+# DEPRECATED: Drivers list to use to send the update notification. This option
+# will be unused in Pike. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
 #notification_drivers = message_queue
 
 
@@ -1448,12 +2023,6 @@
 #
 # From neutron
 #
-
-# Resource name(s) that are supported in quota features. This option is now
-# deprecated for removal. (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#quota_items = network,subnet,port
 
 # Default number of resource allowed per tenant. A negative value means
 # unlimited. (integer value)
@@ -1471,11 +2040,11 @@
 # (integer value)
 #quota_port = 50
 
-# Default driver to use for quota checks (string value)
+# Default driver to use for quota checks. (string value)
 #quota_driver = neutron.db.quota.driver.DbQuotaDriver
 
-# Keep in track in the database of current resourcequota usage. Plugins which
-# do not leverage the neutron database should set this flag to False (boolean
+# Keep in track in the database of current resource quota usage. Plugins which
+# do not leverage the neutron database should set this flag to False. (boolean
 # value)
 #track_quota_usage = true
 
@@ -1526,3 +2095,6 @@
 # Sets the list of available ciphers. value should be a string in the OpenSSL
 # cipher list format. (string value)
 #ciphers = <None>
+[service_providers]
+
+

2017-09-28 12:23:17,510 [salt.state       ][INFO    ][29456] Completed state [/etc/neutron/neutron.conf] at time 12:23:17.509703 duration_in_ms=123.426
2017-09-28 12:23:17,510 [salt.state       ][INFO    ][29456] Running state [neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head] at time 12:23:17.510006
2017-09-28 12:23:17,510 [salt.state       ][INFO    ][29456] Executing state cmd.run for neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
2017-09-28 12:23:17,511 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head' in directory '/root'
2017-09-28 12:23:18,628 [salt.loaded.int.module.cmdmod][ERROR   ][29456] Command 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head' failed with return code: 1
2017-09-28 12:23:18,628 [salt.loaded.int.module.cmdmod][ERROR   ][29456] stderr: No handlers could be found for logger "oslo_config.cfg"
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Traceback (most recent call last):
  File "/usr/bin/neutron-db-manage", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 750, in main
    return_val |= bool(CONF.command.func(config, CONF.command.name))
  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 224, in do_upgrade
    run_sanity_checks(config, revision)
  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 732, in run_sanity_checks
    script_dir.run_env()
  File "/usr/lib/python2.7/dist-packages/alembic/script/base.py", line 397, in run_env
    util.load_python_file(self.dir, 'env.py')
  File "/usr/lib/python2.7/dist-packages/alembic/util/pyfiles.py", line 81, in load_python_file
    module = load_module_py(module_id, path)
  File "/usr/lib/python2.7/dist-packages/alembic/util/compat.py", line 79, in load_module_py
    mod = imp.load_source(module_id, path, fp)
  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/env.py", line 126, in <module>
    run_migrations_online()
  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/env.py", line 120, in run_migrations_online
    context.run_migrations()
  File "<string>", line 8, in run_migrations
  File "/usr/lib/python2.7/dist-packages/alembic/runtime/environment.py", line 797, in run_migrations
    self.get_context().run_migrations(**kw)
  File "/usr/lib/python2.7/dist-packages/alembic/runtime/migration.py", line 303, in run_migrations
    for step in self._migrations_fn(heads, self):
  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 723, in check_sanity
    revision, rev, implicit_base=True):
  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 610, in _iterate_revisions
    requested_lowers = self.get_revisions(lower)
  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 299, in get_revisions
    return sum([self.get_revisions(id_elem) for id_elem in id_], ())
  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 304, in get_revisions
    for rev_id in resolved_id)
  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 304, in <genexpr>
    for rev_id in resolved_id)
  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 359, in _revision_for_ident
    resolved_id)
alembic.script.revision.ResolutionError: No such revision or branch '5c85685d616d'
2017-09-28 12:23:18,629 [salt.loaded.int.module.cmdmod][ERROR   ][29456] retcode: 1
2017-09-28 12:23:18,629 [salt.state       ][ERROR   ][29456] {'pid': 30499, 'retcode': 1, 'stderr': 'No handlers could be found for logger "oslo_config.cfg"\nINFO  [alembic.runtime.migration] Context impl MySQLImpl.\nINFO  [alembic.runtime.migration] Will assume non-transactional DDL.\nTraceback (most recent call last):\n  File "/usr/bin/neutron-db-manage", line 10, in <module>\n    sys.exit(main())\n  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 750, in main\n    return_val |= bool(CONF.command.func(config, CONF.command.name))\n  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 224, in do_upgrade\n    run_sanity_checks(config, revision)\n  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 732, in run_sanity_checks\n    script_dir.run_env()\n  File "/usr/lib/python2.7/dist-packages/alembic/script/base.py", line 397, in run_env\n    util.load_python_file(self.dir, \'env.py\')\n  File "/usr/lib/python2.7/dist-packages/alembic/util/pyfiles.py", line 81, in load_python_file\n    module = load_module_py(module_id, path)\n  File "/usr/lib/python2.7/dist-packages/alembic/util/compat.py", line 79, in load_module_py\n    mod = imp.load_source(module_id, path, fp)\n  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/env.py", line 126, in <module>\n    run_migrations_online()\n  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/env.py", line 120, in run_migrations_online\n    context.run_migrations()\n  File "<string>", line 8, in run_migrations\n  File "/usr/lib/python2.7/dist-packages/alembic/runtime/environment.py", line 797, in run_migrations\n    self.get_context().run_migrations(**kw)\n  File "/usr/lib/python2.7/dist-packages/alembic/runtime/migration.py", line 303, in run_migrations\n    for step in self._migrations_fn(heads, self):\n  File "/usr/lib/python2.7/dist-packages/neutron/db/migration/cli.py", line 723, in check_sanity\n    revision, rev, implicit_base=True):\n  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 610, in _iterate_revisions\n    requested_lowers = self.get_revisions(lower)\n  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 299, in get_revisions\n    return sum([self.get_revisions(id_elem) for id_elem in id_], ())\n  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 304, in get_revisions\n    for rev_id in resolved_id)\n  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 304, in <genexpr>\n    for rev_id in resolved_id)\n  File "/usr/lib/python2.7/dist-packages/alembic/script/revision.py", line 359, in _revision_for_ident\n    resolved_id)\nalembic.script.revision.ResolutionError: No such revision or branch \'5c85685d616d\'', 'stdout': ''}
2017-09-28 12:23:18,629 [salt.state       ][INFO    ][29456] Completed state [neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head] at time 12:23:18.628972 duration_in_ms=1118.963
2017-09-28 12:23:18,629 [salt.state       ][INFO    ][29456] Running state [/etc/neutron/api-paste.ini] at time 12:23:18.629356
2017-09-28 12:23:18,630 [salt.state       ][INFO    ][29456] Executing state file.managed for /etc/neutron/api-paste.ini
2017-09-28 12:23:18,651 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/files/ocata/api-paste.ini.Debian'
2017-09-28 12:23:18,670 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/map.jinja'
2017-09-28 12:23:18,692 [salt.state       ][INFO    ][29456] File changed:
--- 
+++ 
@@ -1,12 +1,18 @@
+
 [composite:neutron]
 use = egg:Paste#urlmap
-/: neutronversions
+/: neutronversions_composite
 /v2.0: neutronapi_v2_0
 
 [composite:neutronapi_v2_0]
 use = call:neutron.auth:pipeline_factory
-noauth = cors request_id catch_errors extensions neutronapiapp_v2_0
-keystone = cors request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
+noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
+keystone = cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
+
+[composite:neutronversions_composite]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi neutronversions
+keystone = cors http_proxy_to_wsgi neutronversions
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware:RequestId.factory
@@ -17,6 +23,9 @@
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = neutron
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
 
 [filter:keystonecontext]
 paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
@@ -32,3 +41,6 @@
 
 [app:neutronapiapp_v2_0]
 paste.app_factory = neutron.api.v2.router:APIRouter.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory

2017-09-28 12:23:18,692 [salt.state       ][INFO    ][29456] Completed state [/etc/neutron/api-paste.ini] at time 12:23:18.692303 duration_in_ms=62.946
2017-09-28 12:23:18,693 [salt.state       ][INFO    ][29456] Running state [/etc/default/neutron-server] at time 12:23:18.692563
2017-09-28 12:23:18,693 [salt.state       ][INFO    ][29456] Executing state file.managed for /etc/default/neutron-server
2017-09-28 12:23:18,712 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/files/ocata/neutron-server'
2017-09-28 12:23:18,733 [salt.fileclient  ][INFO    ][29456] Fetching file from saltenv 'base', ** done ** 'neutron/map.jinja'
2017-09-28 12:23:18,755 [salt.state       ][INFO    ][29456] File changed:
--- 
+++ 
@@ -1,5 +1,8 @@
+# Generated by Salt.
+
 # defaults for neutron-server
 
 # path to config file corresponding to the core_plugin specified in
 # neutron.conf
-NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"
+#NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"
2017-09-28 12:23:18,755 [salt.state       ][INFO    ][29456] Completed state [/etc/default/neutron-server] at time 12:23:18.754891 duration_in_ms=62.326
2017-09-28 12:23:18,756 [salt.state       ][INFO    ][29456] Running state [neutron-server] at time 12:23:18.755709
2017-09-28 12:23:18,756 [salt.state       ][INFO    ][29456] Executing state service.running for neutron-server
2017-09-28 12:23:18,756 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'status', 'neutron-server.service', '-n', '0'] in directory '/root'
2017-09-28 12:23:18,769 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'is-active', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,780 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,789 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,797 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,829 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'is-active', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,845 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,866 [salt.loaded.int.module.cmdmod][INFO    ][29456] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2017-09-28 12:23:18,877 [salt.state       ][INFO    ][29456] {'neutron-server': True}
2017-09-28 12:23:18,877 [salt.state       ][INFO    ][29456] Completed state [neutron-server] at time 12:23:18.876732 duration_in_ms=121.022
2017-09-28 12:23:18,878 [salt.minion      ][INFO    ][29456] Returning information for job: 20170928122254321820
2017-09-28 13:11:19,101 [salt.minion      ][INFO    ][14972] User sudo_ubuntu Executing command cp.push_dir with jid 20170928131120526204
2017-09-28 13:11:19,129 [salt.minion      ][INFO    ][19220] Starting a new job with PID 19220
