2019-04-30 21:43:08,084 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:09,364 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:09,366 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:09,368 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:09,370 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,125 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,128 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,130 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,313 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,316 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,318 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,320 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:12,839 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,090 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,093 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,095 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,098 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,100 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,103 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,106 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,108 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,111 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,113 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,116 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,118 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,121 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,123 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,126 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,128 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,131 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,133 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,136 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,138 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,141 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,143 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,146 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,148 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,151 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,153 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,156 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,158 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,160 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,163 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,165 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,168 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,170 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,173 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,175 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,178 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,180 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,183 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,185 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,187 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,190 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,192 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,195 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:43:13,197 [salt.utils.decorators:82  ][ERROR   ][2010] Exception encountered when attempting to inspect frame in dependency decorator: list index out of range
2019-04-30 21:44:51,841 [salt.utils.decorators:613 ][WARNING ][2010] The function "module.run" is using its deprecated version and will expire in version "Sodium".
2019-04-30 21:45:08,326 [salt.utils.decorators:613 ][WARNING ][6126] The function "module.run" is using its deprecated version and will expire in version "Sodium".
2019-04-30 21:45:45,066 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /boot/grub/grub.cfg - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,515 [salt.utils.decorators:613 ][WARNING ][6126] The function "module.run" is using its deprecated version and will expire in version "Sodium".
2019-04-30 21:46:00,591 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/shadow - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,592 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/gshadow - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,593 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/group- - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,594 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/group - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,595 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/passwd- - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,595 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/passwd - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,596 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/gshadow- - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:00,597 [salt.loaded.int.states.file:2298][WARNING ][6126] State for file: /etc/shadow- - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 21:46:02,599 [salt.loaded.int.module.debian_ip:1964][WARNING ][6126] The network state sls is requiring a reboot of the system to properly apply network configuration.
2019-04-30 21:46:02,751 [salt.loaded.int.module.cmdmod:730 ][ERROR   ][6126] Command '['umount', '/dev/shm']' failed with return code: 32
2019-04-30 21:46:02,752 [salt.loaded.int.module.cmdmod:734 ][ERROR   ][6126] stderr: umount: /dev/shm: target is busy
        (In some cases useful info about processes that
         use the device is found by lsof(8) or fuser(1).)
2019-04-30 21:46:02,752 [salt.loaded.int.module.cmdmod:736 ][ERROR   ][6126] retcode: 32
2019-04-30 21:46:26,931 [salt.utils.parsers:1051][WARNING ][1662] Minion received a SIGTERM. Exiting.
2019-04-30 21:47:12,139 [salt.cli.daemons :293 ][INFO    ][1731] Setting up the Salt Minion "ctl02.mcp-ovs-ha.local"
2019-04-30 21:47:14,817 [salt.cli.daemons :82  ][INFO    ][1731] Starting up the Salt Minion
2019-04-30 21:47:14,818 [salt.utils.event :1017][INFO    ][1731] Starting pull socket on /var/run/salt/minion/minion_event_5df6a4616f_pull.ipc
2019-04-30 21:47:16,490 [salt.minion      :976 ][INFO    ][1731] Creating minion process manager
2019-04-30 21:47:18,038 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][1731] Executing command ['date', '+%z'] in directory '/root'
2019-04-30 21:47:18,078 [salt.utils.schedule:568 ][INFO    ][1731] Updating job settings for scheduled job: __mine_interval
2019-04-30 21:47:18,083 [salt.minion      :1108][INFO    ][1731] Added mine.update to scheduler
2019-04-30 21:47:18,096 [salt.minion      :1975][INFO    ][1731] Minion is starting as user 'root'
2019-04-30 21:47:18,108 [salt.minion      :2336][INFO    ][1731] Minion is ready to receive requests!
2019-04-30 21:47:27,638 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430214727627780
2019-04-30 21:47:27,651 [salt.minion      :1432][INFO    ][1827] Starting a new job with PID 1827
2019-04-30 21:47:27,820 [salt.minion      :1711][INFO    ][1827] Returning information for job: 20190430214727627780
2019-04-30 21:48:08,269 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command test.ping with jid 20190430214808259937
2019-04-30 21:48:08,280 [salt.minion      :1432][INFO    ][1832] Starting a new job with PID 1832
2019-04-30 21:48:08,511 [salt.minion      :1711][INFO    ][1832] Returning information for job: 20190430214808259937
2019-04-30 21:48:09,213 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command pkg.upgrade with jid 20190430214809204670
2019-04-30 21:48:09,231 [salt.minion      :1432][INFO    ][1837] Starting a new job with PID 1837
2019-04-30 21:48:09,677 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][1837] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 21:48:11,667 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][1837] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'dist-upgrade'] in directory '/root'
2019-04-30 21:48:24,271 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430214824262928
2019-04-30 21:48:24,284 [salt.minion      :1432][INFO    ][1893] Starting a new job with PID 1893
2019-04-30 21:48:24,295 [salt.minion      :1711][INFO    ][1893] Returning information for job: 20190430214824262928
2019-04-30 21:48:54,498 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430214854487319
2019-04-30 21:48:54,508 [salt.minion      :1432][INFO    ][2089] Starting a new job with PID 2089
2019-04-30 21:48:54,522 [salt.minion      :1711][INFO    ][2089] Returning information for job: 20190430214854487319
2019-04-30 21:49:24,591 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430214924585554
2019-04-30 21:49:24,601 [salt.minion      :1432][INFO    ][2358] Starting a new job with PID 2358
2019-04-30 21:49:24,622 [salt.minion      :1711][INFO    ][2358] Returning information for job: 20190430214924585554
2019-04-30 21:49:54,783 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430214954779556
2019-04-30 21:49:54,792 [salt.minion      :1432][INFO    ][2587] Starting a new job with PID 2587
2019-04-30 21:49:54,804 [salt.minion      :1711][INFO    ][2587] Returning information for job: 20190430214954779556
2019-04-30 21:50:25,001 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430215024997446
2019-04-30 21:50:25,010 [salt.minion      :1432][INFO    ][3809] Starting a new job with PID 3809
2019-04-30 21:50:25,027 [salt.minion      :1711][INFO    ][3809] Returning information for job: 20190430215024997446
2019-04-30 21:50:31,065 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][1837] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 21:50:31,090 [salt.minion      :1711][INFO    ][1837] Returning information for job: 20190430214809204670
2019-04-30 21:51:11,668 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command test.ping with jid 20190430215111669999
2019-04-30 21:51:11,680 [salt.minion      :1432][INFO    ][4038] Starting a new job with PID 4038
2019-04-30 21:51:11,697 [salt.minion      :1711][INFO    ][4038] Returning information for job: 20190430215111669999
2019-04-30 21:53:28,849 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430215328839862
2019-04-30 21:53:28,859 [salt.minion      :1432][INFO    ][4043] Starting a new job with PID 4043
2019-04-30 21:53:32,813 [salt.state       :915 ][INFO    ][4043] Loading fresh modules for state activity
2019-04-30 21:53:32,873 [salt.fileclient  :1219][INFO    ][4043] Fetching file from saltenv 'base', ** done ** 'keepalived/init.sls'
2019-04-30 21:53:32,898 [salt.fileclient  :1219][INFO    ][4043] Fetching file from saltenv 'base', ** done ** 'keepalived/cluster.sls'
2019-04-30 21:53:35,133 [salt.state       :1780][INFO    ][4043] Running state [keepalived] at time 21:53:35.133386
2019-04-30 21:53:35,133 [salt.state       :1813][INFO    ][4043] Executing state pkg.installed for [keepalived]
2019-04-30 21:53:35,134 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 21:53:35,422 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['apt-cache', '-q', 'policy', 'keepalived'] in directory '/root'
2019-04-30 21:53:35,492 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 21:53:37,111 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 21:53:37,128 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'keepalived'] in directory '/root'
2019-04-30 21:53:43,682 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 21:53:43,713 [salt.state       :300 ][INFO    ][4043] Made the following changes:
'libsnmp30' changed from 'absent' to '5.7.3+dfsg-1ubuntu4.2'
'libsensors4' changed from 'absent' to '1:3.4.0-2'
'libsnmp-base' changed from 'absent' to '5.7.3+dfsg-1ubuntu4.2'
'keepalived' changed from 'absent' to '1:1.2.24-1ubuntu0.16.04.1'
'ipvsadm' changed from 'absent' to '1:1.28-3'
'libnl-route-3-200' changed from 'absent' to '3.2.27-1ubuntu0.16.04.1'

2019-04-30 21:53:43,744 [salt.state       :915 ][INFO    ][4043] Loading fresh modules for state activity
2019-04-30 21:53:43,778 [salt.state       :1951][INFO    ][4043] Completed state [keepalived] at time 21:53:43.778817 duration_in_ms=8645.432
2019-04-30 21:53:43,782 [salt.state       :1780][INFO    ][4043] Running state [lsof] at time 21:53:43.782951
2019-04-30 21:53:43,783 [salt.state       :1813][INFO    ][4043] Executing state pkg.installed for [lsof]
2019-04-30 21:53:44,171 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430215343877363
2019-04-30 21:53:44,181 [salt.minion      :1432][INFO    ][5388] Starting a new job with PID 5388
2019-04-30 21:53:44,191 [salt.minion      :1711][INFO    ][5388] Returning information for job: 20190430215343877363
2019-04-30 21:53:44,270 [salt.state       :300 ][INFO    ][4043] All specified packages are already installed
2019-04-30 21:53:44,271 [salt.state       :1951][INFO    ][4043] Completed state [lsof] at time 21:53:44.271014 duration_in_ms=488.062
2019-04-30 21:53:44,287 [salt.state       :1780][INFO    ][4043] Running state [/etc/keepalived/keepalived.conf] at time 21:53:44.287778
2019-04-30 21:53:44,288 [salt.state       :1813][INFO    ][4043] Executing state file.managed for [/etc/keepalived/keepalived.conf]
2019-04-30 21:53:44,309 [salt.fileclient  :1219][INFO    ][4043] Fetching file from saltenv 'base', ** done ** 'keepalived/files/keepalived.conf'
2019-04-30 21:53:44,341 [salt.state       :300 ][INFO    ][4043] File changed:
New file
2019-04-30 21:53:44,341 [salt.state       :1951][INFO    ][4043] Completed state [/etc/keepalived/keepalived.conf] at time 21:53:44.341144 duration_in_ms=53.366
2019-04-30 21:53:44,342 [salt.state       :1780][INFO    ][4043] Running state [keepalived] at time 21:53:44.342222
2019-04-30 21:53:44,342 [salt.state       :1813][INFO    ][4043] Executing state service.running for [keepalived]
2019-04-30 21:53:44,342 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemctl', 'status', 'keepalived.service', '-n', '0'] in directory '/root'
2019-04-30 21:53:44,353 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemctl', 'is-active', 'keepalived.service'] in directory '/root'
2019-04-30 21:53:44,363 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2019-04-30 21:53:44,373 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'keepalived.service'] in directory '/root'
2019-04-30 21:53:44,459 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemctl', 'is-active', 'keepalived.service'] in directory '/root'
2019-04-30 21:53:44,469 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2019-04-30 21:53:44,479 [salt.loaded.int.module.cmdmod:395 ][INFO    ][4043] Executing command ['systemctl', 'is-enabled', 'keepalived.service'] in directory '/root'
2019-04-30 21:53:44,487 [salt.state       :300 ][INFO    ][4043] {'keepalived': True}
2019-04-30 21:53:44,488 [salt.state       :1951][INFO    ][4043] Completed state [keepalived] at time 21:53:44.488148 duration_in_ms=145.926
2019-04-30 21:53:44,489 [salt.minion      :1711][INFO    ][4043] Returning information for job: 20190430215328839862
2019-04-30 21:55:05,909 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command pillar.get with jid 20190430215505899701
2019-04-30 21:55:05,924 [salt.minion      :1432][INFO    ][5441] Starting a new job with PID 5441
2019-04-30 21:55:05,929 [salt.minion      :1711][INFO    ][5441] Returning information for job: 20190430215505899701
2019-04-30 22:01:02,572 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430220102562635
2019-04-30 22:01:02,583 [salt.minion      :1432][INFO    ][5454] Starting a new job with PID 5454
2019-04-30 22:01:03,452 [salt.state       :915 ][INFO    ][5454] Loading fresh modules for state activity
2019-04-30 22:01:03,605 [salt.fileclient  :1219][INFO    ][5454] Fetching file from saltenv 'base', ** done ** 'glusterfs/client.sls'
2019-04-30 22:01:03,636 [salt.fileclient  :1219][INFO    ][5454] Fetching file from saltenv 'base', ** done ** 'glusterfs/map.jinja'
2019-04-30 22:01:03,656 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:01:03,936 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command 'systemd-escape -p --suffix=mount /var/lib/glance/images' in directory '/root'
2019-04-30 22:01:03,944 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command 'systemd-escape -p --suffix=mount /var/lib/keystone/fernet-keys' in directory '/root'
2019-04-30 22:01:03,951 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command 'systemd-escape -p --suffix=mount /var/lib/keystone/credential-keys' in directory '/root'
2019-04-30 22:01:04,657 [salt.state       :1780][INFO    ][5454] Running state [glusterfs-client] at time 22:01:04.657314
2019-04-30 22:01:04,657 [salt.state       :1813][INFO    ][5454] Executing state pkg.installed for [glusterfs-client]
2019-04-30 22:01:04,671 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['apt-cache', '-q', 'policy', 'glusterfs-client'] in directory '/root'
2019-04-30 22:01:04,720 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:01:06,191 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:01:06,209 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'glusterfs-client'] in directory '/root'
2019-04-30 22:01:12,292 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:01:12,319 [salt.state       :300 ][INFO    ][5454] Made the following changes:
'glusterfs-client' changed from 'absent' to '3.13.2-ubuntu1~xenial2'
'libaio1' changed from 'absent' to '0.3.110-2'
'attr' changed from 'absent' to '1:2.4.47-2'
'libpython2.7' changed from 'absent' to '2.7.12-1ubuntu0~16.04.4'
'glusterfs-common' changed from 'absent' to '3.13.2-ubuntu1~xenial2'
'librdmacm1' changed from 'absent' to '1.0.21-1'
'liburcu4' changed from 'absent' to '0.9.1-3'
'libibverbs1' changed from 'absent' to '1.1.8-1.1ubuntu2'

2019-04-30 22:01:12,338 [salt.state       :915 ][INFO    ][5454] Loading fresh modules for state activity
2019-04-30 22:01:12,361 [salt.state       :1951][INFO    ][5454] Completed state [glusterfs-client] at time 22:01:12.361505 duration_in_ms=7704.191
2019-04-30 22:01:12,367 [salt.state       :1780][INFO    ][5454] Running state [attr] at time 22:01:12.367359
2019-04-30 22:01:12,367 [salt.state       :1813][INFO    ][5454] Executing state pkg.installed for [attr]
2019-04-30 22:01:12,809 [salt.state       :300 ][INFO    ][5454] All specified packages are already installed
2019-04-30 22:01:12,809 [salt.state       :1951][INFO    ][5454] Completed state [attr] at time 22:01:12.809530 duration_in_ms=442.169
2019-04-30 22:01:12,811 [salt.state       :1780][INFO    ][5454] Running state [/etc/systemd/system/var-lib-glance-images.mount] at time 22:01:12.811507
2019-04-30 22:01:12,811 [salt.state       :1813][INFO    ][5454] Executing state file.managed for [/etc/systemd/system/var-lib-glance-images.mount]
2019-04-30 22:01:12,832 [salt.fileclient  :1219][INFO    ][5454] Fetching file from saltenv 'base', ** done ** 'glusterfs/files/glusterfs-client.mount'
2019-04-30 22:01:12,841 [salt.state       :300 ][INFO    ][5454] File changed:
New file
2019-04-30 22:01:12,841 [salt.state       :1951][INFO    ][5454] Completed state [/etc/systemd/system/var-lib-glance-images.mount] at time 22:01:12.841164 duration_in_ms=29.657
2019-04-30 22:01:12,841 [salt.state       :1780][INFO    ][5454] Running state [var-lib-glance-images.mount] at time 22:01:12.841917
2019-04-30 22:01:12,842 [salt.state       :1813][INFO    ][5454] Executing state service.running for [var-lib-glance-images.mount]
2019-04-30 22:01:12,842 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'status', 'var-lib-glance-images.mount', '-n', '0'] in directory '/root'
2019-04-30 22:01:12,855 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-active', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:12,866 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:12,880 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:12,943 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-active', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:12,954 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:12,968 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:12,983 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'systemctl', 'enable', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:13,074 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-glance-images.mount'] in directory '/root'
2019-04-30 22:01:13,084 [salt.state       :300 ][INFO    ][5454] {'var-lib-glance-images.mount': True}
2019-04-30 22:01:13,085 [salt.state       :1951][INFO    ][5454] Completed state [var-lib-glance-images.mount] at time 22:01:13.085013 duration_in_ms=243.095
2019-04-30 22:01:13,085 [salt.state       :1780][INFO    ][5454] Running state [/var/lib/glance/images] at time 22:01:13.085639
2019-04-30 22:01:13,085 [salt.state       :1813][INFO    ][5454] Executing state file.directory for [/var/lib/glance/images]
2019-04-30 22:01:13,088 [salt.state       :300 ][INFO    ][5454] {'group': 'glance', 'user': 'glance'}
2019-04-30 22:01:13,088 [salt.state       :1951][INFO    ][5454] Completed state [/var/lib/glance/images] at time 22:01:13.088206 duration_in_ms=2.568
2019-04-30 22:01:13,088 [salt.state       :1780][INFO    ][5454] Running state [/etc/systemd/system/var-lib-keystone-fernet\x2dkeys.mount] at time 22:01:13.088377
2019-04-30 22:01:13,088 [salt.state       :1813][INFO    ][5454] Executing state file.managed for [/etc/systemd/system/var-lib-keystone-fernet\x2dkeys.mount]
2019-04-30 22:01:13,107 [salt.state       :300 ][INFO    ][5454] File changed:
New file
2019-04-30 22:01:13,107 [salt.state       :1951][INFO    ][5454] Completed state [/etc/systemd/system/var-lib-keystone-fernet\x2dkeys.mount] at time 22:01:13.107893 duration_in_ms=19.516
2019-04-30 22:01:13,108 [salt.state       :1780][INFO    ][5454] Running state [var-lib-keystone-fernet\x2dkeys.mount] at time 22:01:13.108290
2019-04-30 22:01:13,108 [salt.state       :1813][INFO    ][5454] Executing state service.running for [var-lib-keystone-fernet\x2dkeys.mount]
2019-04-30 22:01:13,108 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'status', 'var-lib-keystone-fernet\\x2dkeys.mount', '-n', '0'] in directory '/root'
2019-04-30 22:01:13,120 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-active', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,131 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,145 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,215 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-active', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,227 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,241 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,258 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'systemctl', 'enable', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,333 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-fernet\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,344 [salt.state       :300 ][INFO    ][5454] {'var-lib-keystone-fernet\\x2dkeys.mount': True}
2019-04-30 22:01:13,344 [salt.state       :1951][INFO    ][5454] Completed state [var-lib-keystone-fernet\x2dkeys.mount] at time 22:01:13.344330 duration_in_ms=236.04
2019-04-30 22:01:13,345 [salt.state       :1780][INFO    ][5454] Running state [/var/lib/keystone/fernet-keys] at time 22:01:13.345039
2019-04-30 22:01:13,345 [salt.state       :1813][INFO    ][5454] Executing state file.directory for [/var/lib/keystone/fernet-keys]
2019-04-30 22:01:13,347 [salt.state       :300 ][INFO    ][5454] {'group': 'keystone', 'user': 'keystone', 'mode': '0750'}
2019-04-30 22:01:13,348 [salt.state       :1951][INFO    ][5454] Completed state [/var/lib/keystone/fernet-keys] at time 22:01:13.348038 duration_in_ms=2.998
2019-04-30 22:01:13,348 [salt.state       :1780][INFO    ][5454] Running state [/etc/systemd/system/var-lib-keystone-credential\x2dkeys.mount] at time 22:01:13.348200
2019-04-30 22:01:13,348 [salt.state       :1813][INFO    ][5454] Executing state file.managed for [/etc/systemd/system/var-lib-keystone-credential\x2dkeys.mount]
2019-04-30 22:01:13,367 [salt.state       :300 ][INFO    ][5454] File changed:
New file
2019-04-30 22:01:13,367 [salt.state       :1951][INFO    ][5454] Completed state [/etc/systemd/system/var-lib-keystone-credential\x2dkeys.mount] at time 22:01:13.367621 duration_in_ms=19.421
2019-04-30 22:01:13,368 [salt.state       :1780][INFO    ][5454] Running state [var-lib-keystone-credential\x2dkeys.mount] at time 22:01:13.368063
2019-04-30 22:01:13,368 [salt.state       :1813][INFO    ][5454] Executing state service.running for [var-lib-keystone-credential\x2dkeys.mount]
2019-04-30 22:01:13,368 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'status', 'var-lib-keystone-credential\\x2dkeys.mount', '-n', '0'] in directory '/root'
2019-04-30 22:01:13,379 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-active', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,388 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,400 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,458 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-active', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,469 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,483 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,497 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemd-run', '--scope', 'systemctl', 'enable', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,589 [salt.loaded.int.module.cmdmod:395 ][INFO    ][5454] Executing command ['systemctl', 'is-enabled', 'var-lib-keystone-credential\\x2dkeys.mount'] in directory '/root'
2019-04-30 22:01:13,599 [salt.state       :300 ][INFO    ][5454] {'var-lib-keystone-credential\\x2dkeys.mount': True}
2019-04-30 22:01:13,599 [salt.state       :1951][INFO    ][5454] Completed state [var-lib-keystone-credential\x2dkeys.mount] at time 22:01:13.599563 duration_in_ms=231.5
2019-04-30 22:01:13,600 [salt.state       :1780][INFO    ][5454] Running state [/var/lib/keystone/credential-keys] at time 22:01:13.600241
2019-04-30 22:01:13,600 [salt.state       :1813][INFO    ][5454] Executing state file.directory for [/var/lib/keystone/credential-keys]
2019-04-30 22:01:13,602 [salt.state       :300 ][INFO    ][5454] {'group': 'keystone', 'user': 'keystone'}
2019-04-30 22:01:13,602 [salt.state       :1951][INFO    ][5454] Completed state [/var/lib/keystone/credential-keys] at time 22:01:13.602333 duration_in_ms=2.092
2019-04-30 22:01:13,603 [salt.minion      :1711][INFO    ][5454] Returning information for job: 20190430220102562635
2019-04-30 22:06:23,953 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430220623943219
2019-04-30 22:06:23,965 [salt.minion      :1432][INFO    ][7020] Starting a new job with PID 7020
2019-04-30 22:06:27,830 [salt.state       :915 ][INFO    ][7020] Loading fresh modules for state activity
2019-04-30 22:06:27,862 [salt.fileclient  :1219][INFO    ][7020] Fetching file from saltenv 'base', ** done ** 'memcached/init.sls'
2019-04-30 22:06:27,946 [salt.fileclient  :1219][INFO    ][7020] Fetching file from saltenv 'base', ** done ** 'memcached/server.sls'
2019-04-30 22:06:27,966 [salt.fileclient  :1219][INFO    ][7020] Fetching file from saltenv 'base', ** done ** 'memcached/map.jinja'
2019-04-30 22:06:28,665 [salt.state       :1780][INFO    ][7020] Running state [memcached] at time 22:06:28.665487
2019-04-30 22:06:28,665 [salt.state       :1813][INFO    ][7020] Executing state pkg.installed for [memcached]
2019-04-30 22:06:28,666 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:06:28,939 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['apt-cache', '-q', 'policy', 'memcached'] in directory '/root'
2019-04-30 22:06:28,987 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:06:30,456 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:06:30,473 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'memcached'] in directory '/root'
2019-04-30 22:06:34,615 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:06:34,641 [salt.state       :300 ][INFO    ][7020] Made the following changes:
'memcached' changed from 'absent' to '1.4.25-2ubuntu1.4'

2019-04-30 22:06:34,658 [salt.state       :915 ][INFO    ][7020] Loading fresh modules for state activity
2019-04-30 22:06:34,681 [salt.state       :1951][INFO    ][7020] Completed state [memcached] at time 22:06:34.681660 duration_in_ms=6016.174
2019-04-30 22:06:34,685 [salt.state       :1780][INFO    ][7020] Running state [python-memcache] at time 22:06:34.685305
2019-04-30 22:06:34,685 [salt.state       :1813][INFO    ][7020] Executing state pkg.installed for [python-memcache]
2019-04-30 22:06:35,145 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:06:35,161 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-memcache'] in directory '/root'
2019-04-30 22:06:37,230 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:06:37,255 [salt.state       :300 ][INFO    ][7020] Made the following changes:
'python-memcache' changed from 'absent' to '1.57+fixed-1~u16.04+mcp1'

2019-04-30 22:06:37,271 [salt.state       :915 ][INFO    ][7020] Loading fresh modules for state activity
2019-04-30 22:06:37,298 [salt.state       :1951][INFO    ][7020] Completed state [python-memcache] at time 22:06:37.298415 duration_in_ms=2613.11
2019-04-30 22:06:37,303 [salt.state       :1780][INFO    ][7020] Running state [/etc/memcached.conf] at time 22:06:37.303009
2019-04-30 22:06:37,303 [salt.state       :1813][INFO    ][7020] Executing state file.managed for [/etc/memcached.conf]
2019-04-30 22:06:37,324 [salt.fileclient  :1219][INFO    ][7020] Fetching file from saltenv 'base', ** done ** 'memcached/files/memcached.conf'
2019-04-30 22:06:37,347 [salt.state       :300 ][INFO    ][7020] File changed:
--- 
+++ 
@@ -1,11 +1,10 @@
+
 # memcached default config file
 # 2003 - Jay Bonci <jaybonci@debian.org>
-# This configuration file is read by the start-memcached script provided as
-# part of the Debian GNU/Linux distribution.
+# This configuration file is read by the start-memcached script provided as part of the Debian GNU/Linux distribution. 
 
 # Run memcached as a daemon. This command is implied, and is not needed for the
-# daemon to run. See the README.Debian that comes with this package for more
-# information.
+# daemon to run. See the README.Debian that comes with this package for more information.
 -d
 
 # Log memcached's output to /var/log/memcached
@@ -18,13 +17,11 @@
 # -vv
 
 # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
-# Note that the daemon will grow to this size, but does not start out holding this much
-# memory
+# Note that the daemon will grow to this size, but does not start out holding this much memory
 -m 64
 
 # Default connection port is 11211
 -p 11211
-
 # Run the daemon as root. The start-memcached will default to running as root if no
 # -u command is present in this config file
 -u memcache
@@ -32,10 +29,12 @@
 # Specify which IP address to listen on. The default is to listen on all IP addresses
 # This parameter is one of the only security measures that memcached has, so make sure
 # it's listening on a firewalled interface.
--l 127.0.0.1
+-l 0.0.0.0
 
 # Limit the number of simultaneous incoming connections. The daemon default is 1024
 # -c 1024
+# Mirantis
+-c 8192
 
 # Lock down all paged memory. Consult with the README and homepage before you do this
 # -k
@@ -45,3 +44,9 @@
 
 # Maximize core file limit
 # -r
+
+# Number of threads to use to process incoming requests.
+-t 1
+
+# Set size of each slab page. Default value for this parameter is 1m, minimum is 1k, max is 128m.
+-I 1m

2019-04-30 22:06:37,350 [salt.state       :1951][INFO    ][7020] Completed state [/etc/memcached.conf] at time 22:06:37.350251 duration_in_ms=47.242
2019-04-30 22:06:37,679 [salt.state       :1780][INFO    ][7020] Running state [memcached] at time 22:06:37.678999
2019-04-30 22:06:37,679 [salt.state       :1813][INFO    ][7020] Executing state service.running for [memcached]
2019-04-30 22:06:37,679 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemctl', 'status', 'memcached.service', '-n', '0'] in directory '/root'
2019-04-30 22:06:37,691 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemctl', 'is-active', 'memcached.service'] in directory '/root'
2019-04-30 22:06:37,702 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemctl', 'is-enabled', 'memcached.service'] in directory '/root'
2019-04-30 22:06:37,711 [salt.state       :300 ][INFO    ][7020] The service memcached is already running
2019-04-30 22:06:37,712 [salt.state       :1951][INFO    ][7020] Completed state [memcached] at time 22:06:37.712036 duration_in_ms=33.038
2019-04-30 22:06:37,712 [salt.state       :1780][INFO    ][7020] Running state [memcached] at time 22:06:37.712397
2019-04-30 22:06:37,712 [salt.state       :1813][INFO    ][7020] Executing state service.mod_watch for [memcached]
2019-04-30 22:06:37,713 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemctl', 'is-active', 'memcached.service'] in directory '/root'
2019-04-30 22:06:37,722 [salt.loaded.int.module.cmdmod:395 ][INFO    ][7020] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'memcached.service'] in directory '/root'
2019-04-30 22:06:37,736 [salt.state       :300 ][INFO    ][7020] {'memcached': True}
2019-04-30 22:06:37,736 [salt.state       :1951][INFO    ][7020] Completed state [memcached] at time 22:06:37.736770 duration_in_ms=24.373
2019-04-30 22:06:37,738 [salt.minion      :1711][INFO    ][7020] Returning information for job: 20190430220623943219
2019-04-30 22:06:39,125 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430220639115393
2019-04-30 22:06:39,135 [salt.minion      :1432][INFO    ][8057] Starting a new job with PID 8057
2019-04-30 22:06:40,145 [salt.state       :915 ][INFO    ][8057] Loading fresh modules for state activity
2019-04-30 22:06:40,186 [salt.fileclient  :1219][INFO    ][8057] Fetching file from saltenv 'base', ** done ** 'haproxy/init.sls'
2019-04-30 22:06:40,203 [salt.fileclient  :1219][INFO    ][8057] Fetching file from saltenv 'base', ** done ** 'haproxy/proxy.sls'
2019-04-30 22:06:40,932 [salt.state       :1780][INFO    ][8057] Running state [haproxy] at time 22:06:40.932587
2019-04-30 22:06:40,933 [salt.state       :1813][INFO    ][8057] Executing state pkg.installed for [haproxy]
2019-04-30 22:06:40,933 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:06:41,230 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['apt-cache', '-q', 'policy', 'haproxy'] in directory '/root'
2019-04-30 22:06:41,282 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:06:42,902 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:06:42,919 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'haproxy'] in directory '/root'
2019-04-30 22:06:49,937 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:06:49,965 [salt.state       :300 ][INFO    ][8057] Made the following changes:
'haproxy' changed from 'absent' to '1.6.3-1ubuntu0.2'
'liblua5.3-0' changed from 'absent' to '5.3.1-1ubuntu2.1'

2019-04-30 22:06:49,983 [salt.state       :915 ][INFO    ][8057] Loading fresh modules for state activity
2019-04-30 22:06:50,006 [salt.state       :1951][INFO    ][8057] Completed state [haproxy] at time 22:06:50.006882 duration_in_ms=9074.296
2019-04-30 22:06:50,010 [salt.state       :1780][INFO    ][8057] Running state [/etc/default/haproxy] at time 22:06:50.010055
2019-04-30 22:06:50,010 [salt.state       :1813][INFO    ][8057] Executing state file.managed for [/etc/default/haproxy]
2019-04-30 22:06:50,030 [salt.fileclient  :1219][INFO    ][8057] Fetching file from saltenv 'base', ** done ** 'haproxy/files/haproxy.default'
2019-04-30 22:06:50,032 [salt.state       :300 ][INFO    ][8057] File changed:
--- 
+++ 
@@ -1,10 +1,5 @@
-# Defaults file for HAProxy
-#
-# This is sourced by both, the initscript and the systemd unit file, so do not
-# treat it as a shell script fragment.
 
-# Change the config file location if needed
-#CONFIG="/etc/haproxy/haproxy.cfg"
-
-# Add extra flags here, see haproxy(1) for a few options
+# Set ENABLED to 1 if you want the init script to start haproxy.
+ENABLED=1
+# Add extra flags here.
 #EXTRAOPTS="-de -m 16"

2019-04-30 22:06:50,033 [salt.state       :1951][INFO    ][8057] Completed state [/etc/default/haproxy] at time 22:06:50.033044 duration_in_ms=22.989
2019-04-30 22:06:50,033 [salt.state       :1780][INFO    ][8057] Running state [/etc/haproxy/haproxy.cfg] at time 22:06:50.033399
2019-04-30 22:06:50,033 [salt.state       :1813][INFO    ][8057] Executing state file.managed for [/etc/haproxy/haproxy.cfg]
2019-04-30 22:06:50,048 [salt.fileclient  :1219][INFO    ][8057] Fetching file from saltenv 'base', ** done ** 'haproxy/files/haproxy.cfg'
2019-04-30 22:06:50,182 [salt.state       :300 ][INFO    ][8057] File changed:
--- 
+++ 
@@ -1,35 +1,200 @@
 global
-	log /dev/log	local0
-	log /dev/log	local1 notice
-	chroot /var/lib/haproxy
-	stats socket /run/haproxy/admin.sock mode 660 level admin
-	stats timeout 30s
-	user haproxy
-	group haproxy
-	daemon
-
-	# Default SSL material locations
-	ca-base /etc/ssl/certs
-	crt-base /etc/ssl/private
-
-	# Default ciphers to use on SSL-enabled listening sockets.
-	# For more information, see ciphers(1SSL). This list is from:
-	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
-	ssl-default-bind-options no-sslv3
+  log /dev/log  local0
+  log /dev/log  local1 notice
+  chroot /var/lib/haproxy
+  stats  socket /run/haproxy/admin.sock mode 660 level admin
+  stats timeout 30s
+  user  haproxy
+  group haproxy
+  daemon
+  pidfile  /var/run/haproxy.pid
+  spread-checks 4
+  tune.maxrewrite 1024
+  tune.bufsize 32768
+  maxconn  25000
+  # SSL options
+  ca-base /etc/haproxy/ssl
+  crt-base /etc/haproxy/ssl
+  tune.ssl.default-dh-param 2048
+  ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+  ssl-default-bind-options no-sslv3 no-tls-tickets
+  ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+  ssl-default-server-options no-sslv3 no-tls-tickets
 
 defaults
-	log	global
-	mode	http
-	option	httplog
-	option	dontlognull
-        timeout connect 5000
-        timeout client  50000
-        timeout server  50000
-	errorfile 400 /etc/haproxy/errors/400.http
-	errorfile 403 /etc/haproxy/errors/403.http
-	errorfile 408 /etc/haproxy/errors/408.http
-	errorfile 500 /etc/haproxy/errors/500.http
-	errorfile 502 /etc/haproxy/errors/502.http
-	errorfile 503 /etc/haproxy/errors/503.http
-	errorfile 504 /etc/haproxy/errors/504.http
+  log  global
+  mode http
+
+  maxconn 8000
+  option  redispatch
+  retries  3
+  stats  enable
+
+  timeout http-request 10s
+  timeout queue 1m
+  timeout connect 10s
+  timeout client 1m
+  timeout server 1m
+  timeout check 10s
+
+listen keystone_public_api
+  bind 10.167.4.35:5000 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:5000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:5000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:5000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen nova_api
+  bind 10.167.4.35:8774 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:8774 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:8774 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:8774 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen placement_api
+  bind 10.167.4.35:8778 
+  
+  mode http
+  balance roundrobin
+  option httpclose
+  option httplog
+  option httpchk GET /
+  http-check expect rstatus (401|200)
+  server ctl01 10.167.4.36:8778 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:8778 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:8778 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen keystone_admin_api
+  bind 10.167.4.35:35357 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:35357 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:35357 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:35357 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen cinder_api
+  bind 10.167.4.35:8776 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:8776 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:8776 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:8776 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen glance_registry_api
+  bind 10.167.4.35:9191 
+  mode http
+  balance roundrobin
+  option  httplog
+  server ctl01 10.167.4.36:9191 check
+  server ctl02 10.167.4.37:9191 check
+  server ctl03 10.167.4.38:9191 check
+
+listen heat_cfn_api
+  bind 10.167.4.35:8000 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:8000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:8000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:8000 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen nova_novnc
+  bind 10.167.4.35:6080 
+  mode http
+  balance roundrobin
+  option  httplog
+  server ctl01 10.167.4.36:6080 check
+  server ctl02 10.167.4.37:6080 check
+  server ctl03 10.167.4.38:6080 check
+
+listen designate_api
+  bind 10.167.4.35:9001 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:9001 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:9001 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen glance_api
+  bind 10.167.4.35:9292 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:9292 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:9292 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:9292 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen heat_api
+  bind 10.167.4.35:8004 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:8004 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:8004 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:8004 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen barbican-api
+  bind 10.167.4.35:9311 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:9311 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:9311 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:9311 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen nova_metadata_api
+  bind 10.167.4.35:8775 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:8775 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:8775 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:8775 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen barbican-admin-api
+  bind 10.167.4.35:9312 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:9312 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:9312 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:9312 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
+listen neutron_api
+  bind 10.167.4.35:9696 
+  # NOTE(vsaienko): by default haproxy uses OPTIONS method when doing check
+  # This is not guaranteed by openstack APIs, change it to GET instead
+  option  httpchk GET /
+  option  httplog
+  option  httpclose
+  server ctl01 10.167.4.36:9696 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl02 10.167.4.37:9696 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+  server ctl03 10.167.4.38:9696 check inter 10s fastinter 2s downinter 3s rise 3 fall 3

2019-04-30 22:06:50,184 [salt.state       :1951][INFO    ][8057] Completed state [/etc/haproxy/haproxy.cfg] at time 22:06:50.184434 duration_in_ms=151.034
2019-04-30 22:06:50,184 [salt.state       :1780][INFO    ][8057] Running state [/etc/haproxy/ssl] at time 22:06:50.184818
2019-04-30 22:06:50,185 [salt.state       :1813][INFO    ][8057] Executing state file.directory for [/etc/haproxy/ssl]
2019-04-30 22:06:50,186 [salt.state       :300 ][INFO    ][8057] {'/etc/haproxy/ssl': 'New Dir'}
2019-04-30 22:06:50,187 [salt.state       :1951][INFO    ][8057] Completed state [/etc/haproxy/ssl] at time 22:06:50.186970 duration_in_ms=2.151
2019-04-30 22:06:50,187 [salt.state       :1780][INFO    ][8057] Running state [/etc/haproxy/errors/429.http11] at time 22:06:50.187308
2019-04-30 22:06:50,187 [salt.state       :1813][INFO    ][8057] Executing state file.managed for [/etc/haproxy/errors/429.http11]
2019-04-30 22:06:50,207 [salt.fileclient  :1219][INFO    ][8057] Fetching file from saltenv 'base', ** done ** 'haproxy/files/errors/429.http11'
2019-04-30 22:06:50,215 [salt.state       :300 ][INFO    ][8057] File changed:
New file
2019-04-30 22:06:50,215 [salt.state       :1951][INFO    ][8057] Completed state [/etc/haproxy/errors/429.http11] at time 22:06:50.215745 duration_in_ms=28.437
2019-04-30 22:06:50,216 [salt.state       :1780][INFO    ][8057] Running state [haproxy_status_packages] at time 22:06:50.216812
2019-04-30 22:06:50,217 [salt.state       :1813][INFO    ][8057] Executing state pkg.installed for [haproxy_status_packages]
2019-04-30 22:06:50,669 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:06:50,688 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'socat'] in directory '/root'
2019-04-30 22:06:52,742 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:06:52,832 [salt.state       :300 ][INFO    ][8057] Made the following changes:
'socat' changed from 'absent' to '1.7.3.1-1'

2019-04-30 22:06:52,843 [salt.state       :915 ][INFO    ][8057] Loading fresh modules for state activity
2019-04-30 22:06:52,864 [salt.state       :1951][INFO    ][8057] Completed state [haproxy_status_packages] at time 22:06:52.863954 duration_in_ms=2647.142
2019-04-30 22:06:52,866 [salt.state       :1780][INFO    ][8057] Running state [/usr/bin/haproxy-status.sh] at time 22:06:52.866282
2019-04-30 22:06:52,866 [salt.state       :1813][INFO    ][8057] Executing state file.managed for [/usr/bin/haproxy-status.sh]
2019-04-30 22:06:52,885 [salt.fileclient  :1219][INFO    ][8057] Fetching file from saltenv 'base', ** done ** 'haproxy/files/haproxy-status.sh'
2019-04-30 22:06:52,904 [salt.state       :300 ][INFO    ][8057] File changed:
New file
2019-04-30 22:06:52,905 [salt.state       :1951][INFO    ][8057] Completed state [/usr/bin/haproxy-status.sh] at time 22:06:52.905090 duration_in_ms=38.807
2019-04-30 22:06:52,913 [salt.state       :1780][INFO    ][8057] Running state [net.ipv4.ip_nonlocal_bind] at time 22:06:52.913061
2019-04-30 22:06:52,913 [salt.state       :1813][INFO    ][8057] Executing state sysctl.present for [net.ipv4.ip_nonlocal_bind]
2019-04-30 22:06:52,915 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command 'sysctl -w net.ipv4.ip_nonlocal_bind="1"' in directory '/root'
2019-04-30 22:06:52,939 [salt.state       :300 ][INFO    ][8057] {'net.ipv4.ip_nonlocal_bind': 1}
2019-04-30 22:06:52,940 [salt.state       :1951][INFO    ][8057] Completed state [net.ipv4.ip_nonlocal_bind] at time 22:06:52.939949 duration_in_ms=26.888
2019-04-30 22:06:53,277 [salt.state       :1780][INFO    ][8057] Running state [haproxy] at time 22:06:53.277225
2019-04-30 22:06:53,277 [salt.state       :1813][INFO    ][8057] Executing state service.running for [haproxy]
2019-04-30 22:06:53,278 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemctl', 'status', 'haproxy.service', '-n', '0'] in directory '/root'
2019-04-30 22:06:53,291 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemctl', 'is-active', 'haproxy.service'] in directory '/root'
2019-04-30 22:06:53,302 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemctl', 'is-enabled', 'haproxy.service'] in directory '/root'
2019-04-30 22:06:53,313 [salt.state       :300 ][INFO    ][8057] The service haproxy is already running
2019-04-30 22:06:53,313 [salt.state       :1951][INFO    ][8057] Completed state [haproxy] at time 22:06:53.313755 duration_in_ms=36.53
2019-04-30 22:06:53,313 [salt.state       :1780][INFO    ][8057] Running state [haproxy] at time 22:06:53.313958
2019-04-30 22:06:53,314 [salt.state       :1813][INFO    ][8057] Executing state service.mod_watch for [haproxy]
2019-04-30 22:06:53,314 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemctl', 'is-active', 'haproxy.service'] in directory '/root'
2019-04-30 22:06:53,325 [salt.loaded.int.module.cmdmod:395 ][INFO    ][8057] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'haproxy.service'] in directory '/root'
2019-04-30 22:06:53,357 [salt.state       :300 ][INFO    ][8057] {'haproxy': True}
2019-04-30 22:06:53,357 [salt.state       :1951][INFO    ][8057] Completed state [haproxy] at time 22:06:53.357455 duration_in_ms=43.496
2019-04-30 22:06:53,359 [salt.minion      :1711][INFO    ][8057] Returning information for job: 20190430220639115393
2019-04-30 22:06:54,601 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command service.status with jid 20190430220654590681
2019-04-30 22:06:54,612 [salt.minion      :1432][INFO    ][9287] Starting a new job with PID 9287
2019-04-30 22:06:55,160 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][9287] Executing command ['systemctl', 'status', 'haproxy.service', '-n', '0'] in directory '/root'
2019-04-30 22:06:55,171 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][9287] Executing command ['systemctl', 'is-active', 'haproxy.service'] in directory '/root'
2019-04-30 22:06:55,179 [salt.minion      :1711][INFO    ][9287] Returning information for job: 20190430220654590681
2019-04-30 22:06:55,870 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command service.restart with jid 20190430220655859647
2019-04-30 22:06:55,881 [salt.minion      :1432][INFO    ][9297] Starting a new job with PID 9297
2019-04-30 22:06:56,432 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][9297] Executing command ['systemctl', 'status', 'rsyslog.service', '-n', '0'] in directory '/root'
2019-04-30 22:06:56,449 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][9297] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'rsyslog.service'] in directory '/root'
2019-04-30 22:06:56,469 [salt.minion      :1711][INFO    ][9297] Returning information for job: 20190430220655859647
2019-04-30 22:09:18,986 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430220918975752
2019-04-30 22:09:18,999 [salt.minion      :1432][INFO    ][9344] Starting a new job with PID 9344
2019-04-30 22:09:22,941 [salt.state       :915 ][INFO    ][9344] Loading fresh modules for state activity
2019-04-30 22:09:22,975 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/server.sls'
2019-04-30 22:09:23,119 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/init.sls'
2019-04-30 22:09:23,143 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/init.sls'
2019-04-30 22:09:23,215 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/service/init.sls'
2019-04-30 22:09:23,266 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/service/modules.sls'
2019-04-30 22:09:23,318 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/service/mpm.sls'
2019-04-30 22:09:23,384 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/site.sls'
2019-04-30 22:09:23,958 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/users.sls'
2019-04-30 22:09:24,006 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/server/robots.sls'
2019-04-30 22:09:24,049 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/db/offline_sync.sls'
2019-04-30 22:09:24,089 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/_ssl/mysql.sls'
2019-04-30 22:09:24,137 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/_ssl/rabbitmq.sls'
2019-04-30 22:09:24,897 [salt.state       :1780][INFO    ][9344] Running state [keystone] at time 22:09:24.897471
2019-04-30 22:09:24,897 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [keystone]
2019-04-30 22:09:24,898 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:09:25,168 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['apt-cache', '-q', 'policy', 'keystone'] in directory '/root'
2019-04-30 22:09:25,218 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:09:26,712 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:09:26,733 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'keystone'] in directory '/root'
2019-04-30 22:09:34,106 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430220934093587
2019-04-30 22:09:34,116 [salt.minion      :1432][INFO    ][9979] Starting a new job with PID 9979
2019-04-30 22:09:34,131 [salt.minion      :1711][INFO    ][9979] Returning information for job: 20190430220934093587
2019-04-30 22:10:04,137 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430221004125818
2019-04-30 22:10:04,150 [salt.minion      :1432][INFO    ][11189] Starting a new job with PID 11189
2019-04-30 22:10:04,166 [salt.minion      :1711][INFO    ][11189] Returning information for job: 20190430221004125818
2019-04-30 22:10:29,854 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:10:29,883 [salt.state       :300 ][INFO    ][9344] Made the following changes:
'python-routes' changed from 'absent' to '2.4.1-1~u16.04+mcp2'
'libapr1' changed from 'absent' to '1.5.2-3'
'python-kombu' changed from 'absent' to '4.1.0-1~u16.04+mcp1'
'python-oslo.concurrency' changed from 'absent' to '3.27.0-2~u16.04+mcp7'
'python-kafka' changed from 'absent' to '1.3.2-1.1~u16.04+mcp2'
'python-testscenarios' changed from 'absent' to '0.4-4'
'python-sqlparse' changed from 'absent' to '0.2.2-1~u16.04+mcp1'
'python-pycadf' changed from 'absent' to '2.7.0-1~u16.04+mcp5'
'xmlsec1' changed from 'absent' to '1.2.20-2ubuntu4'
'python-paste' changed from 'absent' to '2.0.3+dfsg-4.1~u16.04+mcp1'
'python-click' changed from 'absent' to '6.2-2ubuntu1'
'python-typing' changed from 'absent' to '3.6.2-1~u16.04+mcp2'
'python-formencode' changed from 'absent' to '1.3.0-0ubuntu5'
'python-ldap' changed from 'absent' to '3.0.0-1~u16.04+mcp1'
'python-sphinx' changed from 'absent' to '1.6.4-2~u16.04+mcp3'
'libaprutil1-ldap' changed from 'absent' to '1.5.4-1build1'
'python-scrypt' changed from 'absent' to '0.8.0-1~u16.04+mcp2'
'python-migrate' changed from 'absent' to '0.11.0-1~u16.04+mcp3'
'python-cachetools' changed from 'absent' to '2.0.0-2.0~u16.04+mcp1'
'python-linecache2' changed from 'absent' to '1.0.0-2'
'python-pastedeploy-tpl' changed from 'absent' to '1.5.2-1'
'apache2' changed from 'absent' to '2.4.18-2ubuntu3.10'
'python2.7-testscenarios' changed from 'absent' to '1'
'python-werkzeug' changed from 'absent' to '0.14.1+dfsg1-1~u16.04+mcp'
'python-editor' changed from 'absent' to '0.4-2'
'pycadf-common' changed from 'absent' to '2.7.0-1~u16.04+mcp5'
'python-pastescript' changed from 'absent' to '2.0.2-2~u16.04+mcp'
'python-tenacity' changed from 'absent' to '4.12.0-1~u16.04+mcp'
'apache2-data' changed from 'absent' to '2.4.18-2ubuntu3.10'
'python-webob' changed from 'absent' to '1:1.8.2-1~u16.04+mcp'
'python-bcrypt' changed from 'absent' to '3.1.3-1~u16.04+mcp3'
'python-fixtures' changed from 'absent' to '3.0.0-1.1~u16.04+mcp2'
'keystone-common' changed from 'absent' to '2:14.1.0-1~u16.04+mcp22'
'python-testtools' changed from 'absent' to '2.3.0-1.0~u16.04+mcp1'
'python-anyjson' changed from 'absent' to '0.3.3-1build1'
'python-openid' changed from 'absent' to '2.2.5-6'
'python-pastedeploy' changed from 'absent' to '1.5.2-1'
'python-keystone' changed from 'absent' to '2:14.1.0-1~u16.04+mcp22'
'python-aniso8601' changed from 'absent' to '0.83-1'
'apache2-bin' changed from 'absent' to '2.4.18-2ubuntu3.10'
'python-oslo.policy' changed from 'absent' to '1.38.1-1~u16.04+mcp'
'python-contextlib2' changed from 'absent' to '0.5.1-1'
'python2.7-zope.interface' changed from 'absent' to '1'
'python-pyldap' changed from 'absent' to '1'
'python-dnspython' changed from 'absent' to '1.14.0-3.1~u16.04+mcp2'
'python2.7-greenlet' changed from 'absent' to '1'
'python-alembic' changed from 'absent' to '1.0.0-2~u16.04+mcp'
'python-statsd' changed from 'absent' to '3.2.1-2~u16.04+mcp2'
'python-itsdangerous' changed from 'absent' to '0.24+dfsg1-1'
'python-alabaster' changed from 'absent' to '0.7.7-1'
'python-flask-restful' changed from 'absent' to '0.3.5-1~u16.04+mcp0'
'python-oslo.db' changed from 'absent' to '4.40.1-1~u16.04+mcp5'
'python2.7-sqlalchemy-ext' changed from 'absent' to '1'
'python-fasteners' changed from 'absent' to '0.12.0-2ubuntu1'
'libapache2-mod-wsgi' changed from 'absent' to '4.4.15-0.1.1~u16.04+mcp2'
'python-oslo-db' changed from 'absent' to '1'
'python-testresources' changed from 'absent' to '2.0.0-1.0~u16.04+mcp1'
'python-eventlet' changed from 'absent' to '0.20.0-5~u16.04+mcp0'
'python-unittest2' changed from 'absent' to '1.1.0-6.1'
'python2.7-ldap' changed from 'absent' to '1'
'python-extras' changed from 'absent' to '1.0.0-2.0~u16.04+mcp1'
'python-amqp' changed from 'absent' to '2.3.2-1~u16.04+mcp2'
'python-scgi' changed from 'absent' to '1.13-1.1build1'
'python-futurist' changed from 'absent' to '1.6.0-1.0~u16.04+mcp7'
'python-zope.interface' changed from 'absent' to '4.1.3-1build1'
'libaprutil1' changed from 'absent' to '1.5.4-1build1'
'python-repoze.who' changed from 'absent' to '2.2-3'
'python-repoze.lru' changed from 'absent' to '0.6-6'
'python-posix-ipc' changed from 'absent' to '0.9.8-2build2'
'formencode-i18n' changed from 'absent' to '1.3.0-0ubuntu5'
'python-defusedxml' changed from 'absent' to '0.5.0-1~u16.04+mcp1'
'python2.7-testtools' changed from 'absent' to '1'
'python-osprofiler' changed from 'absent' to '2.3.0-1~u16.04+mcp'
'python-colorama' changed from 'absent' to '0.3.7-1'
'python-responses' changed from 'absent' to '0.3.0-1'
'httpd-wsgi' changed from 'absent' to '1'
'python-oslo.messaging' changed from 'absent' to '8.1.2-1~u16.04+mcp12'
'keystone' changed from 'absent' to '2:14.1.0-1~u16.04+mcp22'
'python2.7-alabaster' changed from 'absent' to '1'
'python-oslo.middleware' changed from 'absent' to '3.36.0-1~u16.04+mcp6'
'python-flask' changed from 'absent' to '1.0.2-1~u16.04+mcp'
'apache2-utils' changed from 'absent' to '2.4.18-2ubuntu3.10'
'python-imagesize' changed from 'absent' to '0.7.1-1.1~u16.04+mcp2'
'python-tempita' changed from 'absent' to '0.5.2-1build1'
'python-passlib' changed from 'absent' to '1.7.1-2.1~u16.04+mcp2'
'python-greenlet' changed from 'absent' to '0.4.15-1~u16.04+mcp'
'python-sqlalchemy-ext' changed from 'absent' to '1.2.10+ds1-1~u16.04+mcp'
'python-oslo.service' changed from 'absent' to '1.31.7-1~u16.04+mcp4'
'httpd' changed from 'absent' to '1'
'apache2-api-20120211' changed from 'absent' to '1'
'python-pyasn1-modules' changed from 'absent' to '0.0.7-0.1'
'sphinx-common' changed from 'absent' to '1.6.4-2~u16.04+mcp3'
'libaprutil1-dbd-sqlite3' changed from 'absent' to '1.5.4-1build1'
'python-zopeinterface' changed from 'absent' to '1'
'python-traceback2' changed from 'absent' to '1.4.0-3'
'python-vine' changed from 'absent' to '1.1.3+dfsg-2~u16.04+mcp3'
'python2.7-keystone' changed from 'absent' to '1'
'python-sqlalchemy' changed from 'absent' to '1.2.10+ds1-1~u16.04+mcp'
'python-mimeparse' changed from 'absent' to '0.1.4-1build1'
'python-keystonemiddleware' changed from 'absent' to '5.2.0-2~u16.04+mcp10'
'liblua5.1-0' changed from 'absent' to '5.1.5-8ubuntu1'
'python-pysaml2' changed from 'absent' to '4.5.0-1~u16.04+mcp'
'python-zope' changed from 'absent' to '1'
'python-oslo.cache' changed from 'absent' to '1.30.2-1~u16.04+mcp3'
'httpd-cgi' changed from 'absent' to '1'
'ssl-cert' changed from 'absent' to '1.0.37'
'python-future' changed from 'absent' to '0.15.2-1'

2019-04-30 22:10:29,913 [salt.state       :915 ][INFO    ][9344] Loading fresh modules for state activity
2019-04-30 22:10:29,935 [salt.state       :1951][INFO    ][9344] Completed state [keystone] at time 22:10:29.935769 duration_in_ms=65038.299
2019-04-30 22:10:29,939 [salt.state       :1780][INFO    ][9344] Running state [python-keystone] at time 22:10:29.939481
2019-04-30 22:10:29,939 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-keystone]
2019-04-30 22:10:30,507 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:30,508 [salt.state       :1951][INFO    ][9344] Completed state [python-keystone] at time 22:10:30.508156 duration_in_ms=568.674
2019-04-30 22:10:30,508 [salt.state       :1780][INFO    ][9344] Running state [python-keystoneclient] at time 22:10:30.508386
2019-04-30 22:10:30,508 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-keystoneclient]
2019-04-30 22:10:30,513 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:30,513 [salt.state       :1951][INFO    ][9344] Completed state [python-keystoneclient] at time 22:10:30.513863 duration_in_ms=5.477
2019-04-30 22:10:30,514 [salt.state       :1780][INFO    ][9344] Running state [python-psycopg2] at time 22:10:30.514025
2019-04-30 22:10:30,514 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-psycopg2]
2019-04-30 22:10:30,528 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:10:30,547 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-psycopg2'] in directory '/root'
2019-04-30 22:10:34,242 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430221034230033
2019-04-30 22:10:34,252 [salt.minion      :1432][INFO    ][12741] Starting a new job with PID 12741
2019-04-30 22:10:34,265 [salt.minion      :1711][INFO    ][12741] Returning information for job: 20190430221034230033
2019-04-30 22:10:34,312 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:10:34,340 [salt.state       :300 ][INFO    ][9344] Made the following changes:
'python-psycopg2' changed from 'absent' to '2.7.4-1.0~u16.04+mcp1'
'python-egenix-mxtools' changed from 'absent' to '3.2.9-1'
'python-egenix-mxdatetime' changed from 'absent' to '3.2.9-1'
'libpq5' changed from 'absent' to '9.5.16-0ubuntu0.16.04.1'

2019-04-30 22:10:34,358 [salt.state       :915 ][INFO    ][9344] Loading fresh modules for state activity
2019-04-30 22:10:34,381 [salt.state       :1951][INFO    ][9344] Completed state [python-psycopg2] at time 22:10:34.381768 duration_in_ms=3867.743
2019-04-30 22:10:34,385 [salt.state       :1780][INFO    ][9344] Running state [python-mysqldb] at time 22:10:34.385494
2019-04-30 22:10:34,385 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-mysqldb]
2019-04-30 22:10:34,856 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:10:34,875 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-mysqldb'] in directory '/root'
2019-04-30 22:10:38,099 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:10:38,128 [salt.state       :300 ][INFO    ][9344] Made the following changes:
'python2.7-mysqldb' changed from 'absent' to '1'
'mysql-common' changed from 'absent' to '5.7.26-0ubuntu0.16.04.1'
'mysql-common-5.6' changed from 'absent' to '1'
'libmysqlclient20' changed from 'absent' to '5.7.26-0ubuntu0.16.04.1'
'python-mysqldb' changed from 'absent' to '1.3.7-1build2'

2019-04-30 22:10:38,147 [salt.state       :915 ][INFO    ][9344] Loading fresh modules for state activity
2019-04-30 22:10:38,249 [salt.state       :1951][INFO    ][9344] Completed state [python-mysqldb] at time 22:10:38.249055 duration_in_ms=3863.561
2019-04-30 22:10:38,252 [salt.state       :1780][INFO    ][9344] Running state [mysql-client] at time 22:10:38.252844
2019-04-30 22:10:38,253 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [mysql-client]
2019-04-30 22:10:38,735 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:10:38,755 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'mysql-client'] in directory '/root'
2019-04-30 22:10:42,498 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:10:42,528 [salt.state       :300 ][INFO    ][9344] Made the following changes:
'mysql-client-core-5.7' changed from 'absent' to '5.7.26-0ubuntu0.16.04.1'
'mysql-client' changed from 'absent' to '5.7.26-0ubuntu0.16.04.1'
'virtual-mysql-client' changed from 'absent' to '1'
'mysql-client-5.7' changed from 'absent' to '5.7.26-0ubuntu0.16.04.1'
'virtual-mysql-client-core' changed from 'absent' to '1'

2019-04-30 22:10:42,547 [salt.state       :915 ][INFO    ][9344] Loading fresh modules for state activity
2019-04-30 22:10:42,572 [salt.state       :1951][INFO    ][9344] Completed state [mysql-client] at time 22:10:42.572024 duration_in_ms=4319.18
2019-04-30 22:10:42,576 [salt.state       :1780][INFO    ][9344] Running state [python-six] at time 22:10:42.576046
2019-04-30 22:10:42,576 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-six]
2019-04-30 22:10:43,045 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,045 [salt.state       :1951][INFO    ][9344] Completed state [python-six] at time 22:10:43.045626 duration_in_ms=469.58
2019-04-30 22:10:43,045 [salt.state       :1780][INFO    ][9344] Running state [python-memcache] at time 22:10:43.045857
2019-04-30 22:10:43,046 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-memcache]
2019-04-30 22:10:43,051 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,051 [salt.state       :1951][INFO    ][9344] Completed state [python-memcache] at time 22:10:43.051379 duration_in_ms=5.522
2019-04-30 22:10:43,051 [salt.state       :1780][INFO    ][9344] Running state [python-openstackclient] at time 22:10:43.051540
2019-04-30 22:10:43,051 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-openstackclient]
2019-04-30 22:10:43,056 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,056 [salt.state       :1951][INFO    ][9344] Completed state [python-openstackclient] at time 22:10:43.056529 duration_in_ms=4.99
2019-04-30 22:10:43,056 [salt.state       :1780][INFO    ][9344] Running state [gettext-base] at time 22:10:43.056692
2019-04-30 22:10:43,056 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [gettext-base]
2019-04-30 22:10:43,061 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,061 [salt.state       :1951][INFO    ][9344] Completed state [gettext-base] at time 22:10:43.061749 duration_in_ms=5.057
2019-04-30 22:10:43,061 [salt.state       :1780][INFO    ][9344] Running state [python-pycadf] at time 22:10:43.061917
2019-04-30 22:10:43,062 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [python-pycadf]
2019-04-30 22:10:43,066 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,067 [salt.state       :1951][INFO    ][9344] Completed state [python-pycadf] at time 22:10:43.067010 duration_in_ms=5.094
2019-04-30 22:10:43,067 [salt.state       :1780][INFO    ][9344] Running state [apache2] at time 22:10:43.067495
2019-04-30 22:10:43,067 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [apache2]
2019-04-30 22:10:43,072 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,072 [salt.state       :1951][INFO    ][9344] Completed state [apache2] at time 22:10:43.072531 duration_in_ms=5.036
2019-04-30 22:10:43,072 [salt.state       :1780][INFO    ][9344] Running state [openssl] at time 22:10:43.072863
2019-04-30 22:10:43,073 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [openssl]
2019-04-30 22:10:43,077 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,078 [salt.state       :1951][INFO    ][9344] Completed state [openssl] at time 22:10:43.078001 duration_in_ms=5.138
2019-04-30 22:10:43,078 [salt.state       :1780][INFO    ][9344] Running state [a2enmod ssl] at time 22:10:43.078801
2019-04-30 22:10:43,078 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [a2enmod ssl]
2019-04-30 22:10:43,079 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command 'a2enmod ssl' in directory '/root'
2019-04-30 22:10:43,119 [salt.state       :300 ][INFO    ][9344] {'pid': 13318, 'retcode': 0, 'stderr': '', 'stdout': 'Considering dependency setenvif for ssl:\nModule setenvif already enabled\nConsidering dependency mime for ssl:\nModule mime already enabled\nConsidering dependency socache_shmcb for ssl:\nEnabling module socache_shmcb.\nEnabling module ssl.\nSee /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.\nTo activate the new configuration, you need to run:\n  service apache2 restart'}
2019-04-30 22:10:43,119 [salt.state       :1951][INFO    ][9344] Completed state [a2enmod ssl] at time 22:10:43.119780 duration_in_ms=40.978
2019-04-30 22:10:43,120 [salt.state       :1780][INFO    ][9344] Running state [a2enmod rewrite] at time 22:10:43.120487
2019-04-30 22:10:43,120 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [a2enmod rewrite]
2019-04-30 22:10:43,121 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command 'a2enmod rewrite' in directory '/root'
2019-04-30 22:10:43,156 [salt.state       :300 ][INFO    ][9344] {'pid': 13331, 'retcode': 0, 'stderr': '', 'stdout': 'Enabling module rewrite.\nTo activate the new configuration, you need to run:\n  service apache2 restart'}
2019-04-30 22:10:43,156 [salt.state       :1951][INFO    ][9344] Completed state [a2enmod rewrite] at time 22:10:43.156749 duration_in_ms=36.262
2019-04-30 22:10:43,157 [salt.state       :1780][INFO    ][9344] Running state [libapache2-mod-wsgi] at time 22:10:43.157421
2019-04-30 22:10:43,157 [salt.state       :1813][INFO    ][9344] Executing state pkg.installed for [libapache2-mod-wsgi]
2019-04-30 22:10:43,166 [salt.state       :300 ][INFO    ][9344] All specified packages are already installed
2019-04-30 22:10:43,166 [salt.state       :1951][INFO    ][9344] Completed state [libapache2-mod-wsgi] at time 22:10:43.166434 duration_in_ms=9.013
2019-04-30 22:10:43,166 [salt.state       :1780][INFO    ][9344] Running state [a2enmod wsgi] at time 22:10:43.166799
2019-04-30 22:10:43,166 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [a2enmod wsgi]
2019-04-30 22:10:43,167 [salt.state       :300 ][INFO    ][9344] /etc/apache2/mods-enabled/wsgi.load exists
2019-04-30 22:10:43,167 [salt.state       :1951][INFO    ][9344] Completed state [a2enmod wsgi] at time 22:10:43.167369 duration_in_ms=0.57
2019-04-30 22:10:43,167 [salt.state       :1780][INFO    ][9344] Running state [a2enmod status -q] at time 22:10:43.167717
2019-04-30 22:10:43,167 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [a2enmod status -q]
2019-04-30 22:10:43,168 [salt.state       :300 ][INFO    ][9344] /etc/apache2/mods-enabled/status.load exists
2019-04-30 22:10:43,168 [salt.state       :1951][INFO    ][9344] Completed state [a2enmod status -q] at time 22:10:43.168258 duration_in_ms=0.542
2019-04-30 22:10:43,170 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:10:43.170622
2019-04-30 22:10:43,170 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.load]
2019-04-30 22:10:43,171 [salt.state       :300 ][INFO    ][9344] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2019-04-30 22:10:43,171 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:10:43.171205 duration_in_ms=0.582
2019-04-30 22:10:43,171 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:10:43.171363
2019-04-30 22:10:43,171 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.conf]
2019-04-30 22:10:43,171 [salt.state       :300 ][INFO    ][9344] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2019-04-30 22:10:43,171 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:10:43.171863 duration_in_ms=0.5
2019-04-30 22:10:43,172 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:10:43.172019
2019-04-30 22:10:43,172 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.load]
2019-04-30 22:10:43,172 [salt.state       :300 ][INFO    ][9344] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2019-04-30 22:10:43,172 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:10:43.172533 duration_in_ms=0.513
2019-04-30 22:10:43,172 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:10:43.172692
2019-04-30 22:10:43,172 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.conf]
2019-04-30 22:10:43,173 [salt.state       :300 ][INFO    ][9344] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2019-04-30 22:10:43,173 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:10:43.173208 duration_in_ms=0.515
2019-04-30 22:10:43,174 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 22:10:43.174823
2019-04-30 22:10:43,175 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/apache2/mods-available/mpm_event.conf]
2019-04-30 22:10:43,193 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/mpm/mpm_event.conf'
2019-04-30 22:10:43,225 [salt.state       :300 ][INFO    ][9344] File changed:
--- 
+++ 
@@ -5,14 +5,15 @@
 # ThreadsPerChild: constant number of worker threads in each server process
 # MaxRequestWorkers: maximum number of worker threads
 # MaxConnectionsPerChild: maximum number of requests a server process serves
+
 <IfModule mpm_event_module>
-	StartServers			 2
-	MinSpareThreads		 25
-	MaxSpareThreads		 75
-	ThreadLimit			 64
-	ThreadsPerChild		 25
-	MaxRequestWorkers	  150
-	MaxConnectionsPerChild   0
+    StartServers            5
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
 </IfModule>
 
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# vim: syntax=apache ts=4 sw=4 sts=4 sr et

2019-04-30 22:10:43,225 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 22:10:43.225846 duration_in_ms=51.022
2019-04-30 22:10:43,226 [salt.state       :1780][INFO    ][9344] Running state [a2enmod mpm_event] at time 22:10:43.226518
2019-04-30 22:10:43,226 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [a2enmod mpm_event]
2019-04-30 22:10:43,226 [salt.state       :300 ][INFO    ][9344] /etc/apache2/mods-enabled/mpm_event.load exists
2019-04-30 22:10:43,227 [salt.state       :1951][INFO    ][9344] Completed state [a2enmod mpm_event] at time 22:10:43.227058 duration_in_ms=0.54
2019-04-30 22:10:43,227 [salt.state       :1780][INFO    ][9344] Running state [apache_server_service_task] at time 22:10:43.227906
2019-04-30 22:10:43,228 [salt.state       :1813][INFO    ][9344] Executing state test.show_notification for [apache_server_service_task]
2019-04-30 22:10:43,228 [salt.state       :300 ][INFO    ][9344] Running apache.server.service
2019-04-30 22:10:43,228 [salt.state       :1951][INFO    ][9344] Completed state [apache_server_service_task] at time 22:10:43.228406 duration_in_ms=0.5
2019-04-30 22:10:43,228 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/ports.conf] at time 22:10:43.228770
2019-04-30 22:10:43,228 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/apache2/ports.conf]
2019-04-30 22:10:43,243 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/ports.conf'
2019-04-30 22:10:43,274 [salt.state       :300 ][INFO    ][9344] File changed:
--- 
+++ 
@@ -2,14 +2,14 @@
 # have to change the VirtualHost statement in
 # /etc/apache2/sites-enabled/000-default.conf
 
-Listen 80
+Listen 0.0.0.0:80
 
 <IfModule ssl_module>
-	Listen 443
+	Listen 0.0.0.0:443
 </IfModule>
 
 <IfModule mod_gnutls.c>
-	Listen 443
+	Listen 0.0.0.0:443
 </IfModule>
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

2019-04-30 22:10:43,274 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/ports.conf] at time 22:10:43.274787 duration_in_ms=46.017
2019-04-30 22:10:43,275 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/conf-available/security.conf] at time 22:10:43.275131
2019-04-30 22:10:43,275 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/apache2/conf-available/security.conf]
2019-04-30 22:10:43,289 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/security.conf'
2019-04-30 22:10:43,320 [salt.state       :300 ][INFO    ][9344] File changed:
--- 
+++ 
@@ -1,73 +1,14 @@
-#
-# Disable access to the entire file system except for the directories that
-# are explicitly allowed later.
-#
-# This currently breaks the configurations that come with some web application
-# Debian packages.
-#
-#<Directory />
-#   AllowOverride None
-#   Require all denied
-#</Directory>
+ServerSignature Off
+TraceEnable Off
+ServerTokens Prod
+<DirectoryMatch "/\.svn">
+    Require all denied
+</DirectoryMatch>
 
+<DirectoryMatch "/\.git">
+    Require all denied
+</DirectoryMatch>
 
-# Changing the following options will not really affect the security of the
-# server, but might make attacks slightly more difficult in some cases.
-
-#
-# ServerTokens
-# This directive configures what you return as the Server HTTP response
-# Header. The default is 'Full' which sends information about the OS-Type
-# and compiled in modules.
-# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
-# where Full conveys the most information, and Prod the least.
-#ServerTokens Minimal
-ServerTokens OS
-#ServerTokens Full
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of:  On | Off | EMail
-#ServerSignature Off
-ServerSignature On
-
-#
-# Allow TRACE method
-#
-# Set to "extended" to also reflect the request body (only for testing and
-# diagnostic purposes).
-#
-# Set to one of:  On | Off | extended
-TraceEnable Off
-#TraceEnable On
-
-#
-# Forbid access to version control directories
-#
-# If you use version control systems in your document root, you should
-# probably deny access to their directories. For example, for subversion:
-#
-#<DirectoryMatch "/\.svn">
-#   Require all denied
-#</DirectoryMatch>
-
-#
-# Setting this header will prevent MSIE from interpreting files as something
-# else than declared by the content type in the HTTP headers.
-# Requires mod_headers to be enabled.
-#
-#Header set X-Content-Type-Options: "nosniff"
-
-#
-# Setting this header will prevent other sites from embedding pages from this
-# site as frames. This defends against clickjacking attacks.
-# Requires mod_headers to be enabled.
-#
-#Header set X-Frame-Options: "sameorigin"
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+<DirectoryMatch "/\.hg">
+    Require all denied
+</DirectoryMatch>

2019-04-30 22:10:43,321 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/conf-available/security.conf] at time 22:10:43.321102 duration_in_ms=45.971
2019-04-30 22:10:43,329 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-enabled/keystone.conf] at time 22:10:43.329467
2019-04-30 22:10:43,329 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/sites-enabled/keystone.conf]
2019-04-30 22:10:43,329 [salt.state       :300 ][INFO    ][9344] {'removed': '/etc/apache2/sites-enabled/keystone.conf'}
2019-04-30 22:10:43,330 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-enabled/keystone.conf] at time 22:10:43.330023 duration_in_ms=0.556
2019-04-30 22:10:43,330 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-enabled/wsgi-keystone.conf] at time 22:10:43.330202
2019-04-30 22:10:43,330 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/sites-enabled/wsgi-keystone.conf]
2019-04-30 22:10:43,330 [salt.state       :300 ][INFO    ][9344] File /etc/apache2/sites-enabled/wsgi-keystone.conf is not present
2019-04-30 22:10:43,330 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-enabled/wsgi-keystone.conf] at time 22:10:43.330688 duration_in_ms=0.485
2019-04-30 22:10:43,331 [salt.state       :1780][INFO    ][9344] Running state [keystone_ssl_mysql] at time 22:10:43.331650
2019-04-30 22:10:43,331 [salt.state       :1813][INFO    ][9344] Executing state test.show_notification for [keystone_ssl_mysql]
2019-04-30 22:10:43,331 [salt.state       :300 ][INFO    ][9344] Running keystone._ssl.mysql
2019-04-30 22:10:43,332 [salt.state       :1951][INFO    ][9344] Completed state [keystone_ssl_mysql] at time 22:10:43.332098 duration_in_ms=0.448
2019-04-30 22:10:43,332 [salt.state       :1780][INFO    ][9344] Running state [keystone_ssl_rabbitmq] at time 22:10:43.332564
2019-04-30 22:10:43,332 [salt.state       :1813][INFO    ][9344] Executing state test.show_notification for [keystone_ssl_rabbitmq]
2019-04-30 22:10:43,332 [salt.state       :300 ][INFO    ][9344] Running keystone._ssl.rabbitmq
2019-04-30 22:10:43,333 [salt.state       :1951][INFO    ][9344] Completed state [keystone_ssl_rabbitmq] at time 22:10:43.333023 duration_in_ms=0.458
2019-04-30 22:10:43,333 [salt.state       :1780][INFO    ][9344] Running state [/etc/keystone/keystone.conf] at time 22:10:43.333540
2019-04-30 22:10:43,333 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/keystone/keystone.conf]
2019-04-30 22:10:43,351 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/files/rocky/keystone.conf.Debian'
2019-04-30 22:10:43,430 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/_log.conf'
2019-04-30 22:10:43,447 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/messaging/_default.conf'
2019-04-30 22:10:43,471 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/_cache.conf'
2019-04-30 22:10:43,489 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/messaging/_notifications.conf'
2019-04-30 22:10:43,503 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/messaging/_rabbit.conf'
2019-04-30 22:10:43,528 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/_database.conf'
2019-04-30 22:10:43,547 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/_cors.conf'
2019-04-30 22:10:43,561 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/_middleware.conf'
2019-04-30 22:10:43,573 [salt.state       :300 ][INFO    ][9344] File changed:
--- 
+++ 
@@ -1,5 +1,5 @@
+
 [DEFAULT]
-log_dir = /var/log/keystone
 
 #
 # From keystone
@@ -134,7 +134,7 @@
 # Possible values:
 # basic - <No description provided>
 # cadf - <No description provided>
-#notification_format = cadf
+notification_format = basic
 
 # You can reduce the number of notifications keystone emits by explicitly
 # opting out. Keystone will not emit notifications that match the patterns
@@ -148,7 +148,6 @@
 #notification_opt_out = identity.authenticate.success
 #notification_opt_out = identity.authenticate.pending
 #notification_opt_out = identity.authenticate.failed
-
 #
 # From oslo.log
 #
@@ -312,6 +311,7 @@
 # exception when timeout expired. (integer value)
 #rpc_poll_timeout = 1
 
+
 # Expiration timeout in seconds of a name service record about existing target
 # ( < 0 means no timeout). (integer value)
 #zmq_target_expire = 300
@@ -439,6 +439,7 @@
 # https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
 # (string value)
 #transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
 
 # DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
 # include amqp and zmq. (string value)
@@ -450,6 +451,7 @@
 # The default exchange under which topics are scoped. May be overridden by an
 # exchange name specified in the transport_url option. (string value)
 #control_exchange = keystone
+
 
 
 [application_credential]
@@ -494,6 +496,7 @@
 # A list of role names which are prohibited from being an implied role. (list
 # value)
 #prohibited_implied_role = admin
+driver = sql
 
 
 [auth]
@@ -508,6 +511,8 @@
 # are being invoked to validate attributes in the request environment, it can
 # cause conflicts. (list value)
 #methods = external,password,token,oauth1,mapped,application_credential
+
+methods = password,token
 
 # Entry point for the password auth plugin module in the
 # `keystone.auth.password` namespace. You do not need to set this unless you
@@ -549,88 +554,6 @@
 #application_credential = <None>
 
 
-[cache]
-
-#
-# From oslo.cache
-#
-
-# Prefix for building the configuration dictionary for the cache region. This
-# should not need to be changed unless there is another dogpile.cache region
-# with the same configuration name. (string value)
-#config_prefix = cache.oslo
-
-# Default TTL, in seconds, for any cached item in the dogpile.cache region.
-# This applies to any cached method that doesn't have an explicit cache
-# expiration time defined for it. (integer value)
-#expiration_time = 600
-
-# Cache backend module. For eventlet-based or environments with hundreds of
-# threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is
-# recommended. For environments with less than 100 threaded servers, Memcached
-# (dogpile.cache.memcached) or Redis (dogpile.cache.redis) is recommended. Test
-# environments with a single instance of the server can use the
-# dogpile.cache.memory backend. (string value)
-# Possible values:
-# oslo_cache.memcache_pool - <No description provided>
-# oslo_cache.dict - <No description provided>
-# oslo_cache.mongo - <No description provided>
-# oslo_cache.etcd3gw - <No description provided>
-# dogpile.cache.memcached - <No description provided>
-# dogpile.cache.pylibmc - <No description provided>
-# dogpile.cache.bmemcached - <No description provided>
-# dogpile.cache.dbm - <No description provided>
-# dogpile.cache.redis - <No description provided>
-# dogpile.cache.memory - <No description provided>
-# dogpile.cache.memory_pickle - <No description provided>
-# dogpile.cache.null - <No description provided>
-#backend = dogpile.cache.null
-
-# Arguments supplied to the backend module. Specify this option once per
-# argument to be passed to the dogpile.cache backend. Example format:
-# "<argname>:<value>". (multi valued)
-#backend_argument =
-
-# Proxy classes to import that will affect the way the dogpile.cache backend
-# functions. See the dogpile.cache documentation on changing-backend-behavior.
-# (list value)
-#proxies =
-
-# Global toggle for caching. (boolean value)
-#enabled = true
-
-# Extra debugging from the cache backend (cache keys, get/set/delete/etc
-# calls). This is only really useful if you need to see the specific cache-
-# backend get/set/delete calls with the keys/values.  Typically this should be
-# left set to false. (boolean value)
-#debug_cache_backend = false
-
-# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
-# oslo_cache.memcache_pool backends only). (list value)
-#memcache_servers = localhost:11211
-
-# Number of seconds memcached server is considered dead before it is tried
-# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (integer value)
-#memcache_dead_retry = 300
-
-# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
-# oslo_cache.memcache_pool backends only). (floating point value)
-#memcache_socket_timeout = 3.0
-
-# Max total number of open connections to every memcached server.
-# (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_maxsize = 10
-
-# Number of seconds a connection to memcached is held unused in the pool before
-# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_unused_timeout = 60
-
-# Number of seconds that an operation will wait to get a memcache client
-# connection. (integer value)
-#memcache_pool_connection_get_timeout = 10
-
-
 [catalog]
 
 #
@@ -639,14 +562,14 @@
 
 # Absolute path to the file used for the templated catalog backend. This option
 # is only used if the `[catalog] driver` is set to `templated`. (string value)
-#template_file = default_catalog.templates
+template_file = default_catalog.templates
 
 # Entry point for the catalog driver in the `keystone.catalog` namespace.
 # Keystone provides a `sql` option (which supports basic CRUD operations
 # through SQL), a `templated` option (which loads the catalog from a templated
 # catalog file on disk), and a `endpoint_filter.sql` option (which supports
 # arbitrary service catalogs per project). (string value)
-#driver = sql
+driver = sql
 
 # Toggle for catalog caching. This has no effect unless global caching is
 # enabled. In a typical deployment, there is no reason to disable this.
@@ -664,35 +587,6 @@
 # deployment to have enough services or endpoints to exceed a reasonable limit.
 # (integer value)
 #list_limit = <None>
-
-
-[cors]
-
-#
-# From oslo.middleware
-#
-
-# Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
-# slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
-# Headers. (list value)
-#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual request.
-# (list value)
-#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
 
 
 [credential]
@@ -718,123 +612,7 @@
 # of keys should be managed separately and require different rotation policies.
 # Do not share this repository with the repository used to manage keys for
 # Fernet tokens. (string value)
-#key_repository = /etc/keystone/credential-keys/
-
-
-[database]
-connection = sqlite:////var/lib/keystone/keystone.db
-
-#
-# From oslo.db
-#
-
-# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = true
-
-# The back end to use for the database. (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-#backend = sqlalchemy
-
-# The SQLAlchemy connection string to use to connect to the database. (string
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set
-# by the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# If True, transparently enables support for handling MySQL Cluster (NDB).
-# (boolean value)
-#mysql_enable_ndb = false
-
-# Connections which have been present in the connection pool longer than this
-# number of seconds will be replaced with a new one the next time they are
-# checked out from the pool. (integer value)
-# Deprecated group/name - [DATABASE]/idle_timeout
-# Deprecated group/name - [database]/idle_timeout
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#connection_recycle_time = 3600
-
-# DEPRECATED: Minimum number of SQL connections to keep open in a pool.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to set the minimum pool size is not supported by
-# sqlalchemy.
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool. Setting a value of
-# 0 indicates no limit. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
-# Minimum value: 0
-# Maximum value: 100
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout = <None>
-
-# Enable the experimental use of database reconnect on connection lost.
-# (boolean value)
-#use_db_reconnect = false
-
-# Seconds between retries of a database transaction. (integer value)
-#db_retry_interval = 1
-
-# If True, increases the interval between retries of a database operation up to
-# db_max_retry_interval. (boolean value)
-#db_inc_retry_interval = true
-
-# If db_inc_retry_interval is set, the maximum seconds between retries of a
-# database operation. (integer value)
-#db_max_retry_interval = 10
-
-# Maximum retries in case of connection error or deadlock error before error is
-# raised. Set to -1 to specify an infinite retry count. (integer value)
-#db_max_retries = 20
-
-# Optional URL parameters to append onto the connection URL at connect time;
-# specify as param1=value1&param2=value2&... (string value)
-#connection_parameters =
+key_repository = /var/lib/keystone/credential-keys
 
 
 [domain_config]
@@ -906,7 +684,7 @@
 # Reason: Support for running keystone under eventlet has been removed in the
 # Newton release. These options remain for backwards compatibility because they
 # are used for URL substitutions.
-#public_bind_host = 0.0.0.0
+#public_bind_host = 10.167.4.37
 
 # DEPRECATED: The port number for the public service to listen on. (port value)
 # Minimum value: 0
@@ -928,7 +706,7 @@
 # Reason: Support for running keystone under eventlet has been removed in the
 # Newton release. These options remain for backwards compatibility because they
 # are used for URL substitutions.
-#admin_bind_host = 0.0.0.0
+#admin_bind_host = 10.167.4.37
 
 # DEPRECATED: The port number for the admin service to listen on. (port value)
 # Minimum value: 0
@@ -943,7 +721,6 @@
 
 
 [extra_headers]
-Distribution = Ubuntu
 
 #
 # From keystone
@@ -951,7 +728,6 @@
 
 # Specifies the distribution of the keystone server. (string value)
 #Distribution = Ubuntu
-
 
 [federation]
 
@@ -998,6 +774,8 @@
 # Toggle for federation caching. This has no effect unless global caching is
 # enabled. There is typically no reason to disable this. (boolean value)
 #caching = true
+
+
 
 
 [fernet_tokens]
@@ -1027,7 +805,7 @@
 # `keystone-manage fernet_rotate` *twice* on a key repository without syncing
 # other nodes will result in tokens that can not be validated by all nodes.
 # (string value)
-#key_repository = /etc/keystone/fernet-keys/
+key_repository = /var/lib/keystone/fernet-keys
 
 # This controls how many keys are held in rotation by `keystone-manage
 # fernet_rotate` before they are discarded. The default value of 3 means that
@@ -1036,35 +814,7 @@
 # Increasing this value means that additional secondary keys will be kept in
 # the rotation. (integer value)
 # Minimum value: 1
-#max_active_keys = 3
-
-
-[healthcheck]
-
-#
-# From oslo.middleware
-#
-
-# DEPRECATED: The path to respond to healtcheck requests on. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#path = /healthcheck
-
-# Show more detailed information as part of the response (boolean value)
-#detailed = false
-
-# Additional backends that can perform health checks and report that
-# information back as part of a request. (list value)
-#backends =
-
-# Check the presence of a file to determine if an application is running on a
-# port. Used by DisableByFileHealthcheck plugin. (string value)
-#disable_by_file_path = <None>
-
-# Check the presence of a file based on a port to determine if an application
-# is running on a port. Expects a "port:path" list of strings. Used by
-# DisableByFilesPortsHealthcheck plugin. (list value)
-#disable_by_file_paths =
+max_active_keys = 51
 
 
 [identity]
@@ -1113,7 +863,7 @@
 # specific configuration is defined for the domain in question. Unless your
 # deployment primarily relies on `ldap` AND is not using domain-specific
 # configuration, you should typically leave this set to `sql`. (string value)
-#driver = sql
+driver = sql
 
 # Toggle for identity caching. This has no effect unless global caching is
 # enabled. There is typically no reason to disable this. (boolean value)
@@ -1499,52 +1249,6 @@
 #auth_pool_connection_lifetime = 60
 
 
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
-# [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
 [memcache]
 
 #
@@ -1598,687 +1302,6 @@
 #access_token_duration = 86400
 
 
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it
-# will use the system's CA-bundle to verify the server's certificate. (boolean
-# value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string
-# value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string
-# value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional)
-# (string value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the
-# hostname in the transport_url. In some configurations it may be preferable to
-# use the virtual hostname instead, for example if the server uses the Server
-# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
-# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the
-# username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the
-# password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively
-# support virtual hosting (such as qpidd). When set to true the virtual host
-# name will be added to all message bus addresses, effectively creating a
-# private 'subnet' per virtual host. Set to False if the message bus supports
-# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
-# as the name of the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-
-# robin fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating
-# point value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
-# Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set,
-# we fall back to the same configuration used for RPC. (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
-
-# The maximum number of attempts to re-send a notification message which failed
-# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
-# (integer value)
-#retry = -1
-
-
-[oslo_messaging_rabbit]
-
-#
-# From oslo.messaging
-#
-
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_durable_queues
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-#amqp_auto_delete = false
-
-# Connect over SSL. (boolean value)
-# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
-#ssl = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
-
-# How long to wait before reconnecting in response to an AMQP consumer cancel
-# notification. (floating point value)
-#kombu_reconnect_delay = 1.0
-
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may not be available in future versions. (string value)
-#kombu_compression = <None>
-
-# How long to wait a missing client before abandoning to send it its replies.
-# This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
-#kombu_missing_consumer_retry_timeout = 60
-
-# Determines how the next RabbitMQ node is chosen in case the one we are
-# currently connected to becomes unavailable. Takes effect only if more than
-# one RabbitMQ node is provided in config. (string value)
-# Possible values:
-# round-robin - <No description provided>
-# shuffle - <No description provided>
-#kombu_failover_strategy = round-robin
-
-# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_host = localhost
-
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
-# value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_port = 5672
-
-# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_hosts = $rabbit_host:$rabbit_port
-
-# DEPRECATED: The RabbitMQ userid. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_userid = guest
-
-# DEPRECATED: The RabbitMQ password. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_password = guest
-
-# The RabbitMQ login method. (string value)
-# Possible values:
-# PLAIN - <No description provided>
-# AMQPLAIN - <No description provided>
-# RABBIT-CR-DEMO - <No description provided>
-#rabbit_login_method = AMQPLAIN
-
-# DEPRECATED: The RabbitMQ virtual host. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_virtual_host = /
-
-# How frequently to retry connecting with RabbitMQ. (integer value)
-#rabbit_retry_interval = 1
-
-# How long to backoff for between retries when connecting to RabbitMQ. (integer
-# value)
-#rabbit_retry_backoff = 2
-
-# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-# (integer value)
-#rabbit_interval_max = 30
-
-# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#rabbit_max_retries = 0
-
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
-# is no longer controlled by the x-ha-policy argument when declaring a queue.
-# If you just want to make sure that all queues (except those with auto-
-# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
-# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
-#rabbit_ha_queues = false
-
-# Positive integer representing duration in seconds for queue TTL (x-expires).
-# Queues which are unused for the duration of the TTL are automatically
-# deleted. The parameter affects only reply and fanout queues. (integer value)
-# Minimum value: 1
-#rabbit_transient_queues_ttl = 1800
-
-# Specifies the number of messages to prefetch. Setting to zero allows
-# unlimited messages. (integer value)
-#rabbit_qos_prefetch_count = 0
-
-# Number of seconds after which the Rabbit broker is considered down if
-# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
-# value)
-#heartbeat_timeout_threshold = 60
-
-# How often times during the heartbeat_timeout_threshold we check the
-# heartbeat. (integer value)
-#heartbeat_rate = 2
-
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger
-# period. The value of 0 specifies no linger period. Pending messages shall be
-# discarded immediately when the socket is closed. Positive values specify an
-# upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target
-# ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to
-# skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value
-# and 0) means to skip any overrides and leave it to OS default. (integer
-# value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0)
-# means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is
-# not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-
-[oslo_middleware]
-
-#
-# From oslo.middleware
-#
-
-# The maximum body size for each  request, in bytes. (integer value)
-# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
-# Deprecated group/name - [DEFAULT]/max_request_body_size
-#max_request_body_size = 114688
-
-# DEPRECATED: The HTTP Header that will be used to determine what the original
-# request protocol scheme was, even if it was hidden by a SSL termination
-# proxy. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#secure_proxy_ssl_header = X-Forwarded-Proto
-
-# Whether the application is behind a proxy or not. This determines if the
-# middleware should parse the headers or not. (boolean value)
-#enable_proxy_headers_parsing = false
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating
-# policies. If ``True``, the scope of the token used in the request is compared
-# to the ``scope_types`` of the policy being enforced. If the scopes do not
-# match, an ``InvalidScope`` exception will be raised. If ``False``, a message
-# will be logged informing operators that policies are being invoked with
-# mismatching scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check (string
-# value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
-
-
 [policy]
 
 #
@@ -2289,127 +1312,11 @@
 # Supplied drivers are `rules` (which does not support any CRUD operations for
 # the v3 policy API) and `sql`. Typically, there is no reason to set this
 # option unless you are providing a custom entry point. (string value)
-#driver = sql
+driver = sql
 
 # Maximum number of entities that will be returned in a policy collection.
 # (integer value)
 #list_limit = <None>
-
-
-[profiler]
-
-#
-# From osprofiler
-#
-
-#
-# Enable the profiling for all services on this node.
-#
-# Default value is False (fully disable the profiling feature).
-#
-# Possible values:
-#
-# * True: Enables the feature
-# * False: Disables the feature. The profiling cannot be started via this
-# project
-#   operations. If the profiling is triggered by another project, this project
-#   part will be empty.
-#  (boolean value)
-# Deprecated group/name - [profiler]/profiler_enabled
-#enabled = false
-
-#
-# Enable SQL requests profiling in services.
-#
-# Default value is False (SQL requests won't be traced).
-#
-# Possible values:
-#
-# * True: Enables SQL requests profiling. Each SQL query will be part of the
-#   trace and can the be analyzed by how much time was spent for that.
-# * False: Disables SQL requests profiling. The spent time is only shown on a
-#   higher level of operations. Single SQL queries cannot be analyzed this way.
-#  (boolean value)
-#trace_sqlalchemy = false
-
-#
-# Secret key(s) to use for encrypting context data for performance profiling.
-#
-# This string value should have the following format:
-# <key1>[,<key2>,...<keyn>],
-# where each key is some random string. A user who triggers the profiling via
-# the REST API has to set one of these keys in the headers of the REST API call
-# to include profiling results of this node for this particular project.
-#
-# Both "enabled" flag and "hmac_keys" config options should be set to enable
-# profiling. Also, to generate correct profiling information across all
-# services
-# at least one key needs to be consistent between OpenStack projects. This
-# ensures it can be used from client side to generate the trace, containing
-# information from all possible resources.
-#  (string value)
-#hmac_keys = SECRET_KEY
-
-#
-# Connection string for a notifier backend.
-#
-# Default value is ``messaging://`` which sets the notifier to oslo_messaging.
-#
-# Examples of possible values:
-#
-# * ``messaging://`` - use oslo_messaging driver for sending spans.
-# * ``redis://127.0.0.1:6379`` - use redis driver for sending spans.
-# * ``mongodb://127.0.0.1:27017`` - use mongodb driver for sending spans.
-# * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch driver for sending
-#   spans.
-# * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver for sending
-# spans.
-#  (string value)
-#connection_string = messaging://
-
-#
-# Document type for notification indexing in elasticsearch.
-#  (string value)
-#es_doc_type = notification
-
-#
-# This parameter is a time value parameter (for example: es_scroll_time=2m),
-# indicating for how long the nodes that participate in the search will
-# maintain
-# relevant resources in order to continue and support it.
-#  (string value)
-#es_scroll_time = 2m
-
-#
-# Elasticsearch splits large requests in batches. This parameter defines
-# maximum size of each batch (for example: es_scroll_size=10000).
-#  (integer value)
-#es_scroll_size = 10000
-
-#
-# Redissentinel provides a timeout option on the connections.
-# This parameter defines that timeout (for example: socket_timeout=0.1).
-#  (floating point value)
-#socket_timeout = 0.1
-
-#
-# Redissentinel uses a service name to identify a master redis service.
-# This parameter defines the name (for example:
-# ``sentinal_service_name=mymaster``).
-#  (string value)
-#sentinel_service_name = mymaster
-
-#
-# Enable filter traces that contain error/exception to a separated place.
-#
-# Default value is set to False.
-#
-# Possible values:
-#
-# * True: Enable filter traces that contain error/exception.
-# * False: Disable the filter.
-#  (boolean value)
-#filter_error_trace = false
 
 
 [resource]
@@ -2830,7 +1737,7 @@
 # impact of a compromised token. (integer value)
 # Minimum value: 0
 # Maximum value: 9223372036854775807
-#expiration = 3600
+expiration = 3600
 
 # Entry point for the token provider in the `keystone.token.provider`
 # namespace. The token provider controls the token construction, validation,
@@ -2840,9 +1747,13 @@
 # command). (string value)
 #provider = fernet
 
+provider = fernet
+
+
 # Toggle for caching token creation and validation data. This has no effect
 # unless global caching is enabled. (boolean value)
 #caching = true
+caching = false
 
 # The number of seconds to cache token creation and validation data. This has
 # no effect unless both global and `[token] caching` are enabled. (integer
@@ -2888,6 +1799,8 @@
 # the built-in expiry time. This allows long running operations to succeed.
 # Defaults to two days. (integer value)
 #allow_expired_window = 172800
+
+hash_algorithm = sha256
 
 
 [tokenless_auth]
@@ -2977,7 +1890,420 @@
 # flat - <No description provided>
 # strict_two_level - <No description provided>
 #enforcement_model = flat
-
+[cache]
+#
+# From oslo.cache
+#
+
+# Prefix for building the configuration dictionary for the cache region. This
+# should not need to be changed unless there is another dogpile.cache region
+# with the same configuration name. (string value)
+#config_prefix = cache.oslo
+
+# Default TTL, in seconds, for any cached item in the dogpile.cache region.
+# This applies to any cached method that doesn't have an explicit cache
+# expiration time defined for it. (integer value)
+#expiration_time = 600
+
+# Cache backend module. For eventlet-based or environments with hundreds of
+# threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is
+# recommended. For environments with less than 100 threaded servers, Memcached
+# (dogpile.cache.memcached) or Redis (dogpile.cache.redis) is recommended. Test
+# environments with a single instance of the server can use the
+# dogpile.cache.memory backend. (string value)
+# Possible values:
+# oslo_cache.memcache_pool - <No description provided>
+# oslo_cache.dict - <No description provided>
+# oslo_cache.mongo - <No description provided>
+# oslo_cache.etcd3gw - <No description provided>
+# dogpile.cache.memcached - <No description provided>
+# dogpile.cache.pylibmc - <No description provided>
+# dogpile.cache.bmemcached - <No description provided>
+# dogpile.cache.dbm - <No description provided>
+# dogpile.cache.redis - <No description provided>
+# dogpile.cache.memory - <No description provided>
+# dogpile.cache.memory_pickle - <No description provided>
+# dogpile.cache.null - <No description provided>
+#backend = dogpile.cache.null
+backend = oslo_cache.memcache_pool
+
+# Arguments supplied to the backend module. Specify this option once per
+# argument to be passed to the dogpile.cache backend. Example format:
+# "<argname>:<value>". (multi valued)
+#backend_argument =
+
+# Proxy classes to import that will affect the way the dogpile.cache backend
+# functions. See the dogpile.cache documentation on changing-backend-behavior.
+# (list value)
+#proxies =
+
+# Global toggle for caching. (boolean value)
+#enabled = true
+enabled = True
+
+# Extra debugging from the cache backend (cache keys, get/set/delete/etc
+# calls). This is only really useful if you need to see the specific cache-
+# backend get/set/delete calls with the keys/values.  Typically this should be
+# left set to false. (boolean value)
+#debug_cache_backend = false
+
+# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (list value)
+#memcache_servers = localhost:11211
+memcache_servers =10.167.4.36:11211,10.167.4.37:11211,10.167.4.38:11211
+
+# Number of seconds memcached server is considered dead before it is tried
+# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (integer value)
+#memcache_dead_retry = 300
+
+# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (floating point value)
+#memcache_socket_timeout = 3.0
+
+# Max total number of open connections to every memcached server.
+# (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_maxsize = 10
+
+# Number of seconds a connection to memcached is held unused in the pool before
+# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_unused_timeout = 60
+
+# Number of seconds that an operation will wait to get a memcache client
+# connection. (integer value)
+#memcache_pool_connection_get_timeout = 10
+
+
+[oslo_messaging_notifications]
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+driver=messagingv2
+
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+# The maximum number of attempts to re-send a notification message which failed
+# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
+# (integer value)
+#retry = -1
+[oslo_messaging_rabbit]
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete = false
+
+# Connect over SSL. (boolean value)
+# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
+#ssl = false
+
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than
+# one RabbitMQ node is provided in config. (string value)
+# Possible values:
+# round-robin - <No description provided>
+# shuffle - <No description provided>
+#kombu_failover_strategy = round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host = localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port = 5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid = guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Possible values:
+# PLAIN - <No description provided>
+# AMQPLAIN - <No description provided>
+# RABBIT-CR-DEMO - <No description provided>
+#rabbit_login_method = AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
+#rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
+#rabbit_interval_max = 30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue.
+# If you just want to make sure that all queues (except those with auto-
+# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
+# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically
+# deleted. The parameter affects only reply and fanout queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
+#heartbeat_timeout_threshold = 60
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+
+
+[oslo_policy]
+
+[database]
+#
+# From oslo.db
+#
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+#connection = <None>
+connection = mysql+pymysql://keystone:opnfv_secret@10.167.4.23/keystone?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set
+# by the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# If True, transparently enables support for handling MySQL Cluster (NDB).
+# (boolean value)
+#mysql_enable_ndb = false
+
+# Connections which have been present in the connection pool longer than this
+# number of seconds will be replaced with a new one the next time they are
+# checked out from the pool. (integer value)
+# Deprecated group/name - [DATABASE]/idle_timeout
+# Deprecated group/name - [database]/idle_timeout
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#connection_recycle_time = 3600
+connection_recycle_time = 300
+
+# DEPRECATED: Minimum number of SQL connections to keep open in a pool.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: The option to set the minimum pool size is not supported by
+# sqlalchemy.
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection lost.
+# (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
+#db_max_retries = 20
+
+# Optional URL parameters to append onto the connection URL at connect time;
+# specify as param1=value1&param2=value2&... (string value)
+#connection_parameters =
+
+
+[cors]
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
+
+
+[healthcheck]
+
+[oslo_middleware]
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+max_request_body_size= 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by a SSL termination
+# proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+enable_proxy_headers_parsing = True
+
+
+[profiler]
 
 [wsgi]
 

2019-04-30 22:10:43,574 [salt.state       :1951][INFO    ][9344] Completed state [/etc/keystone/keystone.conf] at time 22:10:43.574604 duration_in_ms=241.064
2019-04-30 22:10:43,575 [salt.state       :1780][INFO    ][9344] Running state [/etc/keystone/keystone-paste.ini] at time 22:10:43.575183
2019-04-30 22:10:43,575 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/keystone/keystone-paste.ini]
2019-04-30 22:10:43,589 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/files/rocky/keystone-paste.ini.Debian'
2019-04-30 22:10:43,595 [salt.state       :300 ][INFO    ][9344] File changed:
--- 
+++ 
@@ -1,8 +1,3 @@
-# !!! WARNING: THIS FILE IS NO LONGER USED. KEYSTONE IS LOADED DIRECTLY AND
-# !!!          WILL IGNORE THIS FILE. THIS FILE WILL BE REMOVED IN THE STEIN
-# !!!          RELEASE. IT IS BEING MAINTAINED TO EASE THE TRANSITION OF THE
-# !!!          DEPLOYMENT TOOLING IN THE WILD.
-
 # Keystone PasteDeploy configuration file.
 
 [filter:debug]
@@ -13,6 +8,9 @@
 
 [filter:build_auth_context]
 use = egg:keystone#build_auth_context
+
+[filter:token_auth]
+use = egg:keystone#token_auth
 
 [filter:json_body]
 use = egg:keystone#json_body
@@ -57,17 +55,17 @@
 [pipeline:public_api]
 # The last item in this pipeline must be public_service or an equivalent
 # application. It cannot be a filter.
-pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context json_body ec2_extension public_service
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
 
 [pipeline:admin_api]
 # The last item in this pipeline must be admin_service or an equivalent
 # application. It cannot be a filter.
-pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context json_body ec2_extension s3_extension admin_service
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
 
 [pipeline:api_v3]
 # The last item in this pipeline must be service_v3 or an equivalent
 # application. It cannot be a filter.
-pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context json_body ec2_extension_v3 s3_extension service_v3
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
 
 [app:public_version_service]
 use = egg:keystone#public_version_service

2019-04-30 22:10:43,595 [salt.state       :1951][INFO    ][9344] Completed state [/etc/keystone/keystone-paste.ini] at time 22:10:43.595139 duration_in_ms=19.957
2019-04-30 22:10:43,595 [salt.state       :1780][INFO    ][9344] Running state [/etc/keystone/policy.json] at time 22:10:43.595509
2019-04-30 22:10:43,595 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/keystone/policy.json]
2019-04-30 22:10:43,595 [salt.loaded.int.states.file:2298][WARNING ][9344] State for file: /etc/keystone/policy.json - Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily.
2019-04-30 22:10:43,596 [salt.state       :300 ][INFO    ][9344] {'new': 'file /etc/keystone/policy.json created', 'group': 'keystone', 'mode': '0640'}
2019-04-30 22:10:43,596 [salt.state       :1951][INFO    ][9344] Completed state [/etc/keystone/policy.json] at time 22:10:43.596807 duration_in_ms=1.298
2019-04-30 22:10:43,596 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 22:10:43.596967
2019-04-30 22:10:43,597 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/sites-enabled/000-default.conf]
2019-04-30 22:10:43,597 [salt.state       :300 ][INFO    ][9344] {'removed': '/etc/apache2/sites-enabled/000-default.conf'}
2019-04-30 22:10:43,597 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 22:10:43.597487 duration_in_ms=0.521
2019-04-30 22:10:43,597 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:10:43.597860
2019-04-30 22:10:43,598 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:10:43,611 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/wsgi.conf'
2019-04-30 22:10:43,629 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_name.conf'
2019-04-30 22:10:43,667 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_wsgi.conf'
2019-04-30 22:10:43,683 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_ssl.conf'
2019-04-30 22:10:43,733 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_core.conf'
2019-04-30 22:10:43,747 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_log.conf'
2019-04-30 22:10:43,762 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_limits.conf'
2019-04-30 22:10:43,768 [salt.state       :300 ][INFO    ][9344] File changed:
New file
2019-04-30 22:10:43,769 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:10:43.769026 duration_in_ms=171.165
2019-04-30 22:10:43,769 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:10:43.769416
2019-04-30 22:10:43,769 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:10:43,900 [salt.state       :300 ][INFO    ][9344] File changed:
New file
2019-04-30 22:10:43,900 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:10:43.900226 duration_in_ms=130.809
2019-04-30 22:10:43,900 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:10:43.900600
2019-04-30 22:10:43,900 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/etc/apache2/sites-available/keystone_wsgi.conf]
2019-04-30 22:10:43,915 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/files/apache.conf'
2019-04-30 22:10:43,951 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/files/rocky/wsgi-keystone.conf'
2019-04-30 22:10:44,080 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'apache/files/_locations.conf'
2019-04-30 22:10:44,100 [salt.state       :300 ][INFO    ][9344] File changed:
New file
2019-04-30 22:10:44,100 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:10:44.100694 duration_in_ms=200.094
2019-04-30 22:10:44,101 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:10:44.101102
2019-04-30 22:10:44,101 [salt.state       :1813][INFO    ][9344] Executing state file.symlink for [/etc/apache2/sites-enabled/keystone_wsgi.conf]
2019-04-30 22:10:44,102 [salt.state       :300 ][INFO    ][9344] {'new': '/etc/apache2/sites-enabled/keystone_wsgi.conf'}
2019-04-30 22:10:44,102 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:10:44.102467 duration_in_ms=1.365
2019-04-30 22:10:44,105 [salt.state       :1780][INFO    ][9344] Running state [apache2] at time 22:10:44.105221
2019-04-30 22:10:44,105 [salt.state       :1813][INFO    ][9344] Executing state service.running for [apache2]
2019-04-30 22:10:44,105 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:10:44,119 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:10:44,129 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:10:44,140 [salt.state       :300 ][INFO    ][9344] The service apache2 is already running
2019-04-30 22:10:44,141 [salt.state       :1951][INFO    ][9344] Completed state [apache2] at time 22:10:44.141097 duration_in_ms=35.875
2019-04-30 22:10:44,141 [salt.state       :1780][INFO    ][9344] Running state [apache2] at time 22:10:44.141310
2019-04-30 22:10:44,141 [salt.state       :1813][INFO    ][9344] Executing state service.mod_watch for [apache2]
2019-04-30 22:10:44,142 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:10:44,151 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemd-run', '--scope', 'systemctl', 'reload', 'apache2.service'] in directory '/root'
2019-04-30 22:10:44,279 [salt.state       :300 ][INFO    ][9344] {'apache2': True}
2019-04-30 22:10:44,280 [salt.state       :1951][INFO    ][9344] Completed state [apache2] at time 22:10:44.280119 duration_in_ms=138.808
2019-04-30 22:10:44,281 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/conf-enabled/security.conf] at time 22:10:44.281123
2019-04-30 22:10:44,281 [salt.state       :1813][INFO    ][9344] Executing state file.symlink for [/etc/apache2/conf-enabled/security.conf]
2019-04-30 22:10:44,283 [salt.state       :300 ][INFO    ][9344] {'new': '/etc/apache2/conf-enabled/security.conf'}
2019-04-30 22:10:44,283 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/conf-enabled/security.conf] at time 22:10:44.283707 duration_in_ms=2.584
2019-04-30 22:10:44,283 [salt.state       :1780][INFO    ][9344] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:10:44.283923
2019-04-30 22:10:44,284 [salt.state       :1813][INFO    ][9344] Executing state file.absent for [/etc/apache2/sites-enabled/keystone_wsgi]
2019-04-30 22:10:44,284 [salt.state       :300 ][INFO    ][9344] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2019-04-30 22:10:44,284 [salt.state       :1951][INFO    ][9344] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:10:44.284565 duration_in_ms=0.643
2019-04-30 22:10:44,285 [salt.state       :1780][INFO    ][9344] Running state [keystone-manage db_sync && sleep 1] at time 22:10:44.285213
2019-04-30 22:10:44,285 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [keystone-manage db_sync && sleep 1]
2019-04-30 22:10:44,285 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command '/bin/false' as user 'keystone' in directory '/var/lib/keystone'
2019-04-30 22:10:44,431 [salt.state       :300 ][INFO    ][9344] onlyif execution failed
2019-04-30 22:10:44,432 [salt.state       :1951][INFO    ][9344] Completed state [keystone-manage db_sync && sleep 1] at time 22:10:44.432124 duration_in_ms=146.911
2019-04-30 22:10:44,432 [salt.state       :1780][INFO    ][9344] Running state [keystone] at time 22:10:44.432956
2019-04-30 22:10:44,433 [salt.state       :1813][INFO    ][9344] Executing state service.dead for [keystone]
2019-04-30 22:10:44,433 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemctl', 'status', 'keystone.service', '-n', '0'] in directory '/root'
2019-04-30 22:10:44,445 [salt.state       :300 ][INFO    ][9344] The named service keystone is not available
2019-04-30 22:10:44,445 [salt.state       :1951][INFO    ][9344] Completed state [keystone] at time 22:10:44.445539 duration_in_ms=12.583
2019-04-30 22:10:44,445 [salt.state       :1780][INFO    ][9344] Running state [keystone] at time 22:10:44.445753
2019-04-30 22:10:44,446 [salt.state       :1813][INFO    ][9344] Executing state service.mod_watch for [keystone]
2019-04-30 22:10:44,446 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command ['systemctl', 'is-active', 'keystone.service'] in directory '/root'
2019-04-30 22:10:44,455 [salt.state       :300 ][INFO    ][9344] Service is already stopped
2019-04-30 22:10:44,455 [salt.state       :1951][INFO    ][9344] Completed state [keystone] at time 22:10:44.455922 duration_in_ms=10.169
2019-04-30 22:10:44,456 [salt.state       :1780][INFO    ][9344] Running state [/root/keystonerc] at time 22:10:44.456692
2019-04-30 22:10:44,456 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/root/keystonerc]
2019-04-30 22:10:44,474 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/files/keystonerc'
2019-04-30 22:10:44,506 [salt.state       :300 ][INFO    ][9344] File changed:
New file
2019-04-30 22:10:44,506 [salt.state       :1951][INFO    ][9344] Completed state [/root/keystonerc] at time 22:10:44.506358 duration_in_ms=49.665
2019-04-30 22:10:44,506 [salt.state       :1780][INFO    ][9344] Running state [/root/keystonercv3] at time 22:10:44.506838
2019-04-30 22:10:44,507 [salt.state       :1813][INFO    ][9344] Executing state file.managed for [/root/keystonercv3]
2019-04-30 22:10:44,521 [salt.fileclient  :1219][INFO    ][9344] Fetching file from saltenv 'base', ** done ** 'keystone/files/keystonercv3'
2019-04-30 22:10:44,548 [salt.state       :300 ][INFO    ][9344] File changed:
New file
2019-04-30 22:10:44,548 [salt.state       :1951][INFO    ][9344] Completed state [/root/keystonercv3] at time 22:10:44.548872 duration_in_ms=42.033
2019-04-30 22:10:44,549 [salt.state       :1780][INFO    ][9344] Running state [/var/lib/keystone/fernet-keys] at time 22:10:44.549257
2019-04-30 22:10:44,549 [salt.state       :1813][INFO    ][9344] Executing state file.directory for [/var/lib/keystone/fernet-keys]
2019-04-30 22:10:44,550 [salt.state       :300 ][INFO    ][9344] Directory /var/lib/keystone/fernet-keys is in the correct state
Directory /var/lib/keystone/fernet-keys updated
2019-04-30 22:10:44,550 [salt.state       :1951][INFO    ][9344] Completed state [/var/lib/keystone/fernet-keys] at time 22:10:44.550857 duration_in_ms=1.601
2019-04-30 22:10:44,551 [salt.state       :1780][INFO    ][9344] Running state [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone] at time 22:10:44.551562
2019-04-30 22:10:44,551 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone]
2019-04-30 22:10:44,552 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone' as user 'keystone' in directory '/var/lib/keystone'
2019-04-30 22:10:45,865 [salt.state       :300 ][INFO    ][9344] {'pid': 13547, 'retcode': 0, 'stderr': '', 'stdout': '2019-04-30 22:10:45.783 13554 INFO keystone.common.fernet_utils [-] Key repository is already initialized; aborting.\x1b[00m'}
2019-04-30 22:10:45,866 [salt.state       :1951][INFO    ][9344] Completed state [keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone] at time 22:10:45.866157 duration_in_ms=1314.594
2019-04-30 22:10:45,867 [salt.state       :1780][INFO    ][9344] Running state [/var/lib/keystone/credential-keys] at time 22:10:45.867033
2019-04-30 22:10:45,867 [salt.state       :1813][INFO    ][9344] Executing state file.directory for [/var/lib/keystone/credential-keys]
2019-04-30 22:10:45,868 [salt.state       :300 ][INFO    ][9344] Directory /var/lib/keystone/credential-keys is in the correct state
Directory /var/lib/keystone/credential-keys updated
2019-04-30 22:10:45,868 [salt.state       :1951][INFO    ][9344] Completed state [/var/lib/keystone/credential-keys] at time 22:10:45.868846 duration_in_ms=1.813
2019-04-30 22:10:45,869 [salt.state       :1780][INFO    ][9344] Running state [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone] at time 22:10:45.869633
2019-04-30 22:10:45,869 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone]
2019-04-30 22:10:45,870 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' as user 'keystone' in directory '/var/lib/keystone'
2019-04-30 22:10:47,186 [salt.state       :300 ][INFO    ][9344] {'pid': 13665, 'retcode': 0, 'stderr': '', 'stdout': '2019-04-30 22:10:47.104 13672 INFO keystone.common.fernet_utils [-] Key repository is already initialized; aborting.\x1b[00m'}
2019-04-30 22:10:47,186 [salt.state       :1951][INFO    ][9344] Completed state [keystone-manage credential_setup --keystone-user keystone --keystone-group keystone] at time 22:10:47.186880 duration_in_ms=1317.247
2019-04-30 22:10:47,187 [salt.state       :1780][INFO    ][9344] Running state [keystone-manage bootstrap --bootstrap-password opnfv_secret --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone --bootstrap-region-id RegionOne --bootstrap-internal-url http://10.167.4.37:5000] at time 22:10:47.187269
2019-04-30 22:10:47,187 [salt.state       :1813][INFO    ][9344] Executing state cmd.run for [keystone-manage bootstrap --bootstrap-password opnfv_secret --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone --bootstrap-region-id RegionOne --bootstrap-internal-url http://10.167.4.37:5000]
2019-04-30 22:10:47,188 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command '. /root/keystonercv3; openstack endpoint list --service identity --interface internal -f value -c URL  |grep 5000' as user 'keystone' in directory '/var/lib/keystone'
2019-04-30 22:10:47,245 [salt.loaded.int.module.cmdmod:395 ][INFO    ][9344] Executing command 'keystone-manage bootstrap --bootstrap-password opnfv_secret --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone --bootstrap-region-id RegionOne --bootstrap-internal-url http://10.167.4.37:5000' as user 'keystone' in directory '/var/lib/keystone'
2019-04-30 22:10:49,233 [salt.state       :300 ][INFO    ][9344] {'pid': 13721, 'retcode': 0, 'stderr': '', 'stdout': '2019-04-30 22:10:48.661 13726 INFO keystone.cmd.bootstrap [-] Domain default already exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.678 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Project admin already exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.680 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] User admin already exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.967 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Role reader exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.973 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Role member exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.984 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Implied role where a262a3eaf5d34fdcbc170f4f86c776cc implies 0ec35520b2e6439288422dad11f3aa7e exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.987 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Role admin exists, skipping creation.\x1b[00m\n2019-04-30 22:10:48.998 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Implied role where 6606815be4bf464f80aad1e91843c8c8 implies a262a3eaf5d34fdcbc170f4f86c776cc exists, skipping creation.\x1b[00m\n2019-04-30 22:10:49.125 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] User admin already has admin on admin.\x1b[00m\n2019-04-30 22:10:49.130 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Granted admin on the system to user admin.\x1b[00m\n2019-04-30 22:10:49.131 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Region RegionOne exists, skipping creation.\x1b[00m\n2019-04-30 22:10:49.138 13726 INFO keystone.cmd.bootstrap [req-d8ffd6c1-af29-4dcc-874b-108196a52392 - - - - -] Skipping internal endpoint as already created\x1b[00m'}
2019-04-30 22:10:49,234 [salt.state       :1951][INFO    ][9344] Completed state [keystone-manage bootstrap --bootstrap-password opnfv_secret --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone --bootstrap-region-id RegionOne --bootstrap-internal-url http://10.167.4.37:5000] at time 22:10:49.234289 duration_in_ms=2047.02
2019-04-30 22:10:49,237 [salt.minion      :1711][INFO    ][9344] Returning information for job: 20190430220918975752
2019-04-30 22:10:49,967 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command service.restart with jid 20190430221049956924
2019-04-30 22:10:49,978 [salt.minion      :1432][INFO    ][13758] Starting a new job with PID 13758
2019-04-30 22:10:50,676 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][13758] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:10:50,696 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][13758] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service'] in directory '/root'
2019-04-30 22:10:52,886 [salt.minion      :1711][INFO    ][13758] Returning information for job: 20190430221049956924
2019-04-30 22:10:53,412 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430221053406442
2019-04-30 22:10:53,423 [salt.minion      :1432][INFO    ][14044] Starting a new job with PID 14044
2019-04-30 22:10:57,060 [salt.state       :915 ][INFO    ][14044] Loading fresh modules for state activity
2019-04-30 22:10:57,098 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/init.sls'
2019-04-30 22:10:57,120 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/service.sls'
2019-04-30 22:10:57,161 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/project.sls'
2019-04-30 22:10:57,367 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/server.sls'
2019-04-30 22:10:57,448 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/os_client_config.sls'
2019-04-30 22:10:57,523 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/resources/init.sls'
2019-04-30 22:10:57,539 [salt.fileclient  :1219][INFO    ][14044] Fetching file from saltenv 'base', ** done ** 'keystone/client/resources/v3.sls'
2019-04-30 22:10:58,401 [salt.state       :1780][INFO    ][14044] Running state [python-os-client-config] at time 22:10:58.401318
2019-04-30 22:10:58,401 [salt.state       :1813][INFO    ][14044] Executing state pkg.installed for [python-os-client-config]
2019-04-30 22:10:58,402 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14044] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:10:58,736 [salt.state       :300 ][INFO    ][14044] All specified packages are already installed
2019-04-30 22:10:58,737 [salt.state       :1951][INFO    ][14044] Completed state [python-os-client-config] at time 22:10:58.736952 duration_in_ms=335.634
2019-04-30 22:10:58,739 [salt.state       :1780][INFO    ][14044] Running state [/root/.config/openstack/clouds.yml] at time 22:10:58.739436
2019-04-30 22:10:58,739 [salt.state       :1813][INFO    ][14044] Executing state file.managed for [/root/.config/openstack/clouds.yml]
2019-04-30 22:10:58,746 [salt.state       :300 ][INFO    ][14044] File changed:
New file
2019-04-30 22:10:58,746 [salt.state       :1951][INFO    ][14044] Completed state [/root/.config/openstack/clouds.yml] at time 22:10:58.746562 duration_in_ms=7.126
2019-04-30 22:10:58,747 [salt.minion      :1711][INFO    ][14044] Returning information for job: 20190430221053406442
2019-04-30 22:13:16,467 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command cmd.run with jid 20190430221316455632
2019-04-30 22:13:16,477 [salt.minion      :1432][INFO    ][14109] Starting a new job with PID 14109
2019-04-30 22:13:16,484 [salt.loader.192.168.11.2.int.module.cmdmod:395 ][INFO    ][14109] Executing command '. /root/keystonercv3; openstack service list' in directory '/root'
2019-04-30 22:13:18,640 [salt.minion      :1711][INFO    ][14109] Returning information for job: 20190430221316455632
2019-04-30 22:14:16,429 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430221416422459
2019-04-30 22:14:16,439 [salt.minion      :1432][INFO    ][14121] Starting a new job with PID 14121
2019-04-30 22:14:20,420 [salt.state       :915 ][INFO    ][14121] Loading fresh modules for state activity
2019-04-30 22:14:20,460 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/init.sls'
2019-04-30 22:14:20,485 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/server.sls'
2019-04-30 22:14:20,629 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/db/offline_sync.sls'
2019-04-30 22:14:20,666 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/_ssl/mysql.sls'
2019-04-30 22:14:20,708 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/_ssl/rabbitmq.sls'
2019-04-30 22:14:21,568 [salt.state       :1780][INFO    ][14121] Running state [glance] at time 22:14:21.568870
2019-04-30 22:14:21,569 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [glance]
2019-04-30 22:14:21,569 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:14:21,863 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['apt-cache', '-q', 'policy', 'glance'] in directory '/root'
2019-04-30 22:14:21,915 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:14:23,393 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:14:23,412 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'glance'] in directory '/root'
2019-04-30 22:14:31,486 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430221431473151
2019-04-30 22:14:31,497 [salt.minion      :1432][INFO    ][14759] Starting a new job with PID 14759
2019-04-30 22:14:31,519 [salt.minion      :1711][INFO    ][14759] Returning information for job: 20190430221431473151
2019-04-30 22:14:49,799 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:14:49,831 [salt.state       :300 ][INFO    ][14121] Made the following changes:
'python-retrying' changed from 'absent' to '1.3.3-1'
'libblas.so.3' changed from 'absent' to '1'
'python-os-win' changed from 'absent' to '3.0.0-1.0~u16.04+mcp2'
'python-oslo.rootwrap' changed from 'absent' to '5.14.1-1~u16.04+mcp6'
'python-os-brick' changed from 'absent' to '2.5.6-1~u16.04+mcp3'
'python-oslo.vmware' changed from 'absent' to '2.26.0-2~u16.04+mcp'
'python-ipaddr' changed from 'absent' to '2.1.11-2'
'python-wsme' changed from 'absent' to '0.8.0-2ubuntu2'
'glance' changed from 'absent' to '2:17.0.0-1~u16.04+mcp35'
'python2.7-numpy' changed from 'absent' to '1'
'glance-store-common' changed from 'absent' to '0.26.1-1~u16.04+mcp6'
'liblapack3' changed from 'absent' to '3.6.0-2ubuntu2'
'python-f2py' changed from 'absent' to '1'
'python2.7-glance' changed from 'absent' to '1'
'os-brick-common' changed from 'absent' to '2.5.6-1~u16.04+mcp3'
'python-kazoo' changed from 'absent' to '2.2.1-1ubuntu1'
'python-semantic-version' changed from 'absent' to '2.3.1-1'
'libblas-common' changed from 'absent' to '3.6.0-2ubuntu2'
'libquadmath0' changed from 'absent' to '5.4.0-6ubuntu1~16.04.11'
'glance-common' changed from 'absent' to '2:17.0.0-1~u16.04+mcp35'
'python-glance-store' changed from 'absent' to '0.26.1-1~u16.04+mcp6'
'libgfortran3' changed from 'absent' to '5.4.0-6ubuntu1~16.04.11'
'python-doc8' changed from 'absent' to '0.6.0-3'
'python-swiftclient' changed from 'absent' to '1:3.6.0-2~u16.04+mcp6'
'python-numpy-dev' changed from 'absent' to '1'
'python-taskflow' changed from 'absent' to '3.1.0-1.0~u16.04+mcp9'
'python-oslo.privsep' changed from 'absent' to '1.29.0-1~u16.04+mcp'
'liblapack.so.3' changed from 'absent' to '1'
'python-automaton' changed from 'absent' to '1.15.0-1.0~u16.04+mcp5'
'python-numpy' changed from 'absent' to '1:1.11.0-1ubuntu1'
'python-cursive' changed from 'absent' to '0.2.1-1.0~u16.04+mcp1'
'python-httplib2' changed from 'absent' to '0.9.1+dfsg-1'
'python-numpy-abi9' changed from 'absent' to '1'
'python-simplegeneric' changed from 'absent' to '0.8.1-1'
'python-glance' changed from 'absent' to '2:17.0.0-1~u16.04+mcp35'
'python-numpy-api10' changed from 'absent' to '1'
'python-barbicanclient' changed from 'absent' to '4.7.2-2~u16.04+mcp4'
'python-castellan' changed from 'absent' to '0.19.0-1~u16.04+mcp4'
'libblas3' changed from 'absent' to '3.6.0-2ubuntu2'
'glance-api' changed from 'absent' to '2:17.0.0-1~u16.04+mcp35'
'python-suds' changed from 'absent' to '0.7~git20150727.94664dd-3'
'python-networkx' changed from 'absent' to '1.11-1ubuntu1'
'python-oslo-rootwrap' changed from 'absent' to '1'
'python-restructuredtext-lint' changed from 'absent' to '0.12.2-2'
'glance-registry' changed from 'absent' to '2:17.0.0-1~u16.04+mcp35'

2019-04-30 22:14:49,852 [salt.state       :915 ][INFO    ][14121] Loading fresh modules for state activity
2019-04-30 22:14:49,886 [salt.state       :1951][INFO    ][14121] Completed state [glance] at time 22:14:49.886340 duration_in_ms=28317.47
2019-04-30 22:14:49,890 [salt.state       :1780][INFO    ][14121] Running state [glance-api] at time 22:14:49.890029
2019-04-30 22:14:49,890 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [glance-api]
2019-04-30 22:14:50,353 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,353 [salt.state       :1951][INFO    ][14121] Completed state [glance-api] at time 22:14:50.353667 duration_in_ms=463.637
2019-04-30 22:14:50,353 [salt.state       :1780][INFO    ][14121] Running state [glance-registry] at time 22:14:50.353889
2019-04-30 22:14:50,354 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [glance-registry]
2019-04-30 22:14:50,359 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,359 [salt.state       :1951][INFO    ][14121] Completed state [glance-registry] at time 22:14:50.359222 duration_in_ms=5.333
2019-04-30 22:14:50,359 [salt.state       :1780][INFO    ][14121] Running state [glance-common] at time 22:14:50.359376
2019-04-30 22:14:50,359 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [glance-common]
2019-04-30 22:14:50,365 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,365 [salt.state       :1951][INFO    ][14121] Completed state [glance-common] at time 22:14:50.365298 duration_in_ms=5.921
2019-04-30 22:14:50,365 [salt.state       :1780][INFO    ][14121] Running state [python-glance] at time 22:14:50.365451
2019-04-30 22:14:50,365 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [python-glance]
2019-04-30 22:14:50,370 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,370 [salt.state       :1951][INFO    ][14121] Completed state [python-glance] at time 22:14:50.370204 duration_in_ms=4.752
2019-04-30 22:14:50,370 [salt.state       :1780][INFO    ][14121] Running state [python-glance-store] at time 22:14:50.370358
2019-04-30 22:14:50,370 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [python-glance-store]
2019-04-30 22:14:50,375 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,375 [salt.state       :1951][INFO    ][14121] Completed state [python-glance-store] at time 22:14:50.375306 duration_in_ms=4.948
2019-04-30 22:14:50,375 [salt.state       :1780][INFO    ][14121] Running state [python-glanceclient] at time 22:14:50.375458
2019-04-30 22:14:50,375 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [python-glanceclient]
2019-04-30 22:14:50,380 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,380 [salt.state       :1951][INFO    ][14121] Completed state [python-glanceclient] at time 22:14:50.380633 duration_in_ms=5.175
2019-04-30 22:14:50,380 [salt.state       :1780][INFO    ][14121] Running state [gettext-base] at time 22:14:50.380794
2019-04-30 22:14:50,380 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [gettext-base]
2019-04-30 22:14:50,385 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,385 [salt.state       :1951][INFO    ][14121] Completed state [gettext-base] at time 22:14:50.385739 duration_in_ms=4.944
2019-04-30 22:14:50,385 [salt.state       :1780][INFO    ][14121] Running state [python-memcache] at time 22:14:50.385891
2019-04-30 22:14:50,386 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [python-memcache]
2019-04-30 22:14:50,390 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,390 [salt.state       :1951][INFO    ][14121] Completed state [python-memcache] at time 22:14:50.390812 duration_in_ms=4.921
2019-04-30 22:14:50,390 [salt.state       :1780][INFO    ][14121] Running state [python-pycadf] at time 22:14:50.390965
2019-04-30 22:14:50,391 [salt.state       :1813][INFO    ][14121] Executing state pkg.installed for [python-pycadf]
2019-04-30 22:14:50,395 [salt.state       :300 ][INFO    ][14121] All specified packages are already installed
2019-04-30 22:14:50,396 [salt.state       :1951][INFO    ][14121] Completed state [python-pycadf] at time 22:14:50.395989 duration_in_ms=5.023
2019-04-30 22:14:50,397 [salt.state       :1780][INFO    ][14121] Running state [/etc/glance/glance-cache.conf] at time 22:14:50.397619
2019-04-30 22:14:50,397 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/glance/glance-cache.conf]
2019-04-30 22:14:50,418 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/files/rocky/glance-cache.conf.Debian'
2019-04-30 22:14:50,473 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/_log.conf'
2019-04-30 22:14:50,489 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/_policy.conf'
2019-04-30 22:14:50,504 [salt.state       :300 ][INFO    ][14121] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
+
 [DEFAULT]
 
 #
@@ -28,44 +29,11 @@
 #  (boolean value)
 #allow_additional_image_properties = true
 
-# "
-# Secure hashing algorithm used for computing the 'os_hash_value' property.
-#
-# This option configures the Glance "multihash", which consists of two
-# image properties: the 'os_hash_algo' and the 'os_hash_value'.  The
-# 'os_hash_algo' will be populated by the value of this configuration
-# option, and the 'os_hash_value' will be populated by the hexdigest computed
-# when the algorithm is applied to the uploaded or imported image data.
-#
-# The value must be a valid secure hash algorithm name recognized by the
-# python 'hashlib' library.  You can determine what these are by examining
-# the 'hashlib.algorithms_available' data member of the version of the
-# library being used in your Glance installation.  For interoperability
-# purposes, however, we recommend that you use the set of secure hash
-# names supplied by the 'hashlib.algorithms_guaranteed' data member because
-# those algorithms are guaranteed to be supported by the 'hashlib' library
-# on all platforms.  Thus, any image consumer using 'hashlib' locally should
-# be able to verify the 'os_hash_value' of the image.
-#
-# The default value of 'sha512' is a performant secure hash algorithm.
-#
-# If this option is misconfigured, any attempts to store image data will fail.
-# For that reason, we recommend using the default value.
-#
-# Possible values:
-#     * Any secure hash algorithm name recognized by the Python 'hashlib'
-#       library
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#hashing_algorithm = sha512
-
 #
 # Maximum number of image members per image.
 #
-# This limits the maximum of users an image can be shared with. Any negative
+# This limits the maximum of users an image can be shared with. Any
+# negative
 # value is interpreted as unlimited.
 #
 # Related options:
@@ -77,10 +45,12 @@
 #
 # Maximum number of properties allowed on an image.
 #
-# This enforces an upper limit on the number of additional properties an image
+# This enforces an upper limit on the number of additional properties
+# an image
 # can have. Any negative value is interpreted as unlimited.
 #
-# NOTE: This won't have any impact if additional properties are disabled. Please
+# NOTE: This won't have any impact if additional properties are
+# disabled. Please
 # refer to ``allow_additional_image_properties``.
 #
 # Related options:
@@ -137,7 +107,8 @@
 #
 # Finally, when this configuration option is set to
 # ``glance.db.simple.api``, image catalog data is stored in and read
-# from an in-memory data structure. This is primarily used for testing.
+# from an in-memory data structure. This is primarily used for
+# testing.
 #
 # Related options:
 #     * enable_v2_api
@@ -150,8 +121,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #data_api = glance.db.sqlalchemy.api
 
 #
@@ -268,9 +239,10 @@
 #  (boolean value)
 # This option is deprecated for removal since Newton.
 # Its value may be silently ignored in the future.
-# Reason: This option will be removed in the Pike release or later because the
-# same functionality can be achieved with greater granularity by using policies.
-# Please see the Newton release notes for more information.
+# Reason: This option will be removed in the Pike release or later
+# because the same functionality can be achieved with greater
+# granularity by using policies. Please see the Newton release notes
+# for more information.
 #show_multiple_locations = false
 
 #
@@ -302,18 +274,25 @@
 #
 # Maximum amount of image storage per tenant.
 #
-# This enforces an upper limit on the cumulative storage consumed by all images
+# This enforces an upper limit on the cumulative storage consumed by
+# all images
 # of a tenant across all stores. This is a per-tenant limit.
 #
-# The default unit for this configuration option is Bytes. However, storage
-# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
-# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
-# TeraBytes respectively. Note that there should not be any space between the
-# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# The default unit for this configuration option is Bytes. However,
+# storage
+# units can be specified using case-sensitive literals ``B``, ``KB``,
+# ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes,
+# GigaBytes and
+# TeraBytes respectively. Note that there should not be any space
+# between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative
+# values
 # are invalid and result in errors.
 #
 # Possible values:
-#     * A string that is a valid concatenation of a non-negative integer
+#     * A string that is a valid concatenation of a non-negative
+# integer
 #       representing the storage value and an optional string literal
 #       representing storage units as mentioned above.
 #
@@ -322,6 +301,40 @@
 #
 #  (string value)
 #user_storage_quota = 0
+
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
+#enable_v1_api = true
 
 #
 # Deploy the v2 OpenStack Images API.
@@ -335,18 +348,44 @@
 #       option, which is enabled by default, is also recommended
 #       to be disabled.
 #
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
 # Possible values:
 #     * True
 #     * False
 #
 # Related options:
 #     * enable_v2_registry
+#     * enable_v1_api
 #
 #  (boolean value)
 #enable_v2_api = true
 
 #
-#                     DEPRECATED FOR REMOVAL
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
 #  (boolean value)
 #enable_v1_registry = true
 
@@ -380,8 +419,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #enable_v2_registry = true
 
 #
@@ -399,7 +438,7 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 #pydev_worker_debug_host = localhost
 
 #
@@ -486,26 +525,55 @@
 #
 # Related options:
 #     * [task]/work_dir
+#     * [DEFAULT]/enable_image_import (*deprecated*)
 #
 #  (string value)
 #node_staging_uri = file:///tmp/staging/
 
+# DEPRECATED:
+# Enables the Image Import workflow introduced in Pike
+#
+# As '[DEFAULT]/node_staging_uri' is required for the Image
+# Import, it's disabled per default in Pike, enabled per
+# default in Queens and removed in Rocky. This allows Glance to
+# operate with previous version configs upon upgrade.
+#
+# Setting this option to False will disable the endpoints related
+# to Image Import Refactoring work.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri (boolean value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is deprecated for removal in Rocky.
+#
+# It was introduced to make sure that the API is not enabled
+# before the '[DEFAULT]/node_staging_uri' is defined and is
+# long term redundant.
+#enable_image_import = true
+
 #
 # List of enabled Image Import Methods
 #
 # Both 'glance-direct' and 'web-download' are enabled by default.
 #
 # Related options:
-#     * [DEFAULT]/node_staging_uri (list value)
-#enabled_import_methods = [glance-direct,web-download]
-
-#
-# The relative path to sqlite file database that will be used for image cache
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
+
+#
+# The relative path to sqlite file database that will be used for
+# image cache
 # management.
 #
-# This is a relative path to the sqlite file database that tracks the age and
-# usage statistics of image cache. The path is relative to image cache base
-# directory, specified by the configuration option ``image_cache_dir``.
+# This is a relative path to the sqlite file database that tracks the
+# age and
+# usage statistics of image cache. The path is relative to image cache
+# base
+# directory, specified by the configuration option
+# ``image_cache_dir``.
 #
 # This is a lightweight database with just one table.
 #
@@ -521,23 +589,33 @@
 #
 # The driver to use for image cache management.
 #
-# This configuration option provides the flexibility to choose between the
-# different image-cache drivers available. An image-cache driver is responsible
-# for providing the essential functions of image-cache like write images to/read
-# images from cache, track age and usage of cached images, provide a list of
-# cached images, fetch size of the cache, queue images for caching and clean up
+# This configuration option provides the flexibility to choose between
+# the
+# different image-cache drivers available. An image-cache driver is
+# responsible
+# for providing the essential functions of image-cache like write
+# images to/read
+# images from cache, track age and usage of cached images, provide a
+# list of
+# cached images, fetch size of the cache, queue images for caching and
+# clean up
 # the cache, etc.
 #
 # The essential functions of a driver are defined in the base class
-# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers (existing
-# and prospective) must implement this interface. Currently available drivers
-# are ``sqlite`` and ``xattr``. These drivers primarily differ in the way they
+# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers
+# (existing
+# and prospective) must implement this interface. Currently available
+# drivers
+# are ``sqlite`` and ``xattr``. These drivers primarily differ in the
+# way they
 # store the information about cached images:
-#     * The ``sqlite`` driver uses a sqlite database (which sits on every glance
+#     * The ``sqlite`` driver uses a sqlite database (which sits on
+# every glance
 #     node locally) to track the usage of cached images.
-#     * The ``xattr`` driver uses the extended attributes of files to store this
-#     information. It also requires a filesystem that sets ``atime`` on the
-# files
+#     * The ``xattr`` driver uses the extended attributes of files to
+# store this
+#     information. It also requires a filesystem that sets ``atime``
+# on the files
 #     when accessed.
 #
 # Possible values:
@@ -554,21 +632,32 @@
 #image_cache_driver = sqlite
 
 #
-# The upper limit on cache size, in bytes, after which the cache-pruner cleans
+# The upper limit on cache size, in bytes, after which the cache-
+# pruner cleans
 # up the image cache.
 #
-# NOTE: This is just a threshold for cache-pruner to act upon. It is NOT a
-# hard limit beyond which the image cache would never grow. In fact, depending
-# on how often the cache-pruner runs and how quickly the cache fills, the image
-# cache can far exceed the size specified here very easily. Hence, care must be
-# taken to appropriately schedule the cache-pruner and in setting this limit.
-#
-# Glance caches an image when it is downloaded. Consequently, the size of the
-# image cache grows over time as the number of downloads increases. To keep the
+# NOTE: This is just a threshold for cache-pruner to act upon. It is
+# NOT a
+# hard limit beyond which the image cache would never grow. In fact,
+# depending
+# on how often the cache-pruner runs and how quickly the cache fills,
+# the image
+# cache can far exceed the size specified here very easily. Hence,
+# care must be
+# taken to appropriately schedule the cache-pruner and in setting this
+# limit.
+#
+# Glance caches an image when it is downloaded. Consequently, the size
+# of the
+# image cache grows over time as the number of downloads increases. To
+# keep the
 # cache size from becoming unmanageable, it is recommended to run the
-# cache-pruner as a periodic task. When the cache pruner is kicked off, it
-# compares the current size of image cache and triggers a cleanup if the image
-# cache grew beyond the size specified here. After the cleanup, the size of
+# cache-pruner as a periodic task. When the cache pruner is kicked
+# off, it
+# compares the current size of image cache and triggers a cleanup if
+# the image
+# cache grew beyond the size specified here. After the cleanup, the
+# size of
 # cache is less than or equal to size specified here.
 #
 # Possible values:
@@ -581,19 +670,36 @@
 # Minimum value: 0
 #image_cache_max_size = 10737418240
 
-#
-# The amount of time, in seconds, an incomplete image remains in the cache.
-#
-# Incomplete images are images for which download is in progress. Please see the
-# description of configuration option ``image_cache_dir`` for more detail.
-# Sometimes, due to various reasons, it is possible the download may hang and
-# the incompletely downloaded image remains in the ``incomplete`` directory.
-# This configuration option sets a time limit on how long the incomplete images
-# should remain in the ``incomplete`` directory before they are cleaned up.
-# Once an incomplete image spends more time than is specified here, it'll be
+image_cache_max_size = 10737418240
+image_cache_stall_time = 86400
+image_cache_dir = /var/lib/glance/image-cache/
+
+
+os_region_name = RegionOne
+
+
+#
+# The amount of time, in seconds, an incomplete image remains in the
+# cache.
+#
+# Incomplete images are images for which download is in progress.
+# Please see the
+# description of configuration option ``image_cache_dir`` for more
+# detail.
+# Sometimes, due to various reasons, it is possible the download may
+# hang and
+# the incompletely downloaded image remains in the ``incomplete``
+# directory.
+# This configuration option sets a time limit on how long the
+# incomplete images
+# should remain in the ``incomplete`` directory before they are
+# cleaned up.
+# Once an incomplete image spends more time than is specified here,
+# it'll be
 # removed by cache-cleaner on its next run.
 #
-# It is recommended to run cache-cleaner as a periodic task on the Glance API
+# It is recommended to run cache-cleaner as a periodic task on the
+# Glance API
 # nodes to keep the incomplete images from occupying disk space.
 #
 # Possible values:
@@ -609,25 +715,39 @@
 #
 # Base directory for image cache.
 #
-# This is the location where image data is cached and served out of. All cached
-# images are stored directly under this directory. This directory also contains
-# three subdirectories, namely, ``incomplete``, ``invalid`` and ``queue``.
-#
-# The ``incomplete`` subdirectory is the staging area for downloading images. An
-# image is first downloaded to this directory. When the image download is
-# successful it is moved to the base directory. However, if the download fails,
-# the partially downloaded image file is moved to the ``invalid`` subdirectory.
-#
-# The ``queue``subdirectory is used for queuing images for download. This is
-# used primarily by the cache-prefetcher, which can be scheduled as a periodic
-# task like cache-pruner and cache-cleaner, to cache images ahead of their
-# usage.
-# Upon receiving the request to cache an image, Glance touches a file in the
-# ``queue`` directory with the image id as the file name. The cache-prefetcher,
+# This is the location where image data is cached and served out of.
+# All cached
+# images are stored directly under this directory. This directory also
+# contains
+# three subdirectories, namely, ``incomplete``, ``invalid`` and
+# ``queue``.
+#
+# The ``incomplete`` subdirectory is the staging area for downloading
+# images. An
+# image is first downloaded to this directory. When the image download
+# is
+# successful it is moved to the base directory. However, if the
+# download fails,
+# the partially downloaded image file is moved to the ``invalid``
+# subdirectory.
+#
+# The ``queue``subdirectory is used for queuing images for download.
+# This is
+# used primarily by the cache-prefetcher, which can be scheduled as a
+# periodic
+# task like cache-pruner and cache-cleaner, to cache images ahead of
+# their usage.
+# Upon receiving the request to cache an image, Glance touches a file
+# in the
+# ``queue`` directory with the image id as the file name. The cache-
+# prefetcher,
 # when running, polls for the files in ``queue`` directory and starts
-# downloading them in the order they were created. When the download is
-# successful, the zero-sized file is deleted from the ``queue`` directory.
-# If the download fails, the zero-sized file remains and it'll be retried the
+# downloading them in the order they were created. When the download
+# is
+# successful, the zero-sized file is deleted from the ``queue``
+# directory.
+# If the download fails, the zero-sized file remains and it'll be
+# retried the
 # next time cache-prefetcher runs.
 #
 # Possible values:
@@ -648,16 +768,16 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
 # Reason:
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_host = 0.0.0.0
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
+#registry_host = 10.167.4.35
 
 # DEPRECATED:
 # Port the registry server is listening on.
@@ -677,8 +797,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_port = 9191
 
 # DEPRECATED:
@@ -714,8 +834,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_protocol = http
 
 # DEPRECATED:
@@ -743,8 +863,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_key_file = /etc/ssl/key/key-file.pem
 
 # DEPRECATED:
@@ -773,8 +893,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_cert_file = /etc/ssl/certs/file.crt
 
 # DEPRECATED:
@@ -805,8 +925,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_ca_file = /etc/ssl/cafile/file.ca
 
 # DEPRECATED:
@@ -837,8 +957,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_insecure = false
 
 # DEPRECATED:
@@ -865,204 +985,210 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_timeout = 600
 
-# DEPRECATED: Whether to pass through the user token when making requests to the
-# registry. To prevent failures with token expiration during big files upload,
-# it is recommended to set this parameter to False.If "use_user_token" is not in
-# effect, then admin credentials can be specified. (boolean value)
+# DEPRECATED: Whether to pass through the user token when making
+# requests to the registry. To prevent failures with token expiration
+# during big files upload, it is recommended to set this parameter to
+# False.If "use_user_token" is not in effect, then admin credentials
+# can be specified. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
-# DEPRECATED: The administrators user name. If "use_user_token" is not in
-# effect, then admin credentials can be specified. (string value)
+# DEPRECATED: The administrators user name. If "use_user_token" is not
+# in effect, then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_user = <None>
 
-# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
-# then admin credentials can be specified. (string value)
+# DEPRECATED: The administrators password. If "use_user_token" is not
+# in effect, then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_password = <None>
 
-# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
-# not in effect, then admin tenant name can be specified. (string value)
+# DEPRECATED: The tenant name of the administrative user. If
+# "use_user_token" is not in effect, then admin tenant name can be
+# specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_tenant_name = <None>
 
-# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
-# effect and using keystone auth, then URL of keystone can be specified. (string
-# value)
+# DEPRECATED: The URL to the keystone service. If "use_user_token" is
+# not in effect and using keystone auth, then URL of keystone can be
+# specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_url = <None>
 
-# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
-# in effect, then auth strategy can be specified. (string value)
+# DEPRECATED: The strategy to use for authentication. If
+# "use_user_token" is not in effect, then auth strategy can be
+# specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_strategy = noauth
 
-# DEPRECATED: The region for the authentication service. If "use_user_token" is
-# not in effect and using keystone auth, then region name can be specified.
-# (string value)
+# DEPRECATED: The region for the authentication service. If
+# "use_user_token" is not in effect and using keystone auth, then
+# region name can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
-
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 # Note: This option can be changed without restarting.
 #debug = false
 
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths. This option
-# is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/image-cache.log
+
+# (Optional) The base directory used for relative log_file  paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and Linux
-# platform is used. This option is ignored if log_config_append is set. (boolean
-# value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append is
-# set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# Enable journald for logging. If running in a systemd environment you may wish
-# to enable journal support. Doing so will use the journal native protocol which
-# includes structured metadata in addition to log messages.This option is
-# ignored if log_config_append is set. (boolean value)
+# Enable journald for logging. If running in a systemd environment you
+# may wish to enable journal support. Doing so will use the journal
+# native protocol which includes structured metadata in addition to
+# log messages.This option is ignored if log_config_append is set.
+# (boolean value)
 #use_journal = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Use JSON formatting for logging. This option is ignored if log_config_append
-# is set. (boolean value)
+# Use JSON formatting for logging. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_json = false
 
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined. (string
+# Format string to use for log messages when context is undefined.
+# (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string
 # value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message is
-# DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message. (string value)
+# The format for an instance that is passed with the log message.
+# (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message. (string
-# value)
+# The format for an instance UUID that is passed with the log message.
+# (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Interval, number of seconds, of log rate limiting. (integer value)
 #rate_limit_interval = 0
 
-# Maximum number of logged messages per rate_limit_interval. (integer value)
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
 #rate_limit_burst = 0
 
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
-# empty string. Logs with level greater or equal to rate_limit_except_level are
-# not filtered. An empty string means that all levels are filtered. (string
-# value)
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
 #rate_limit_except_level = CRITICAL
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
-
 [glance_store]
 
 #
 # From glance.store
 #
 
-# DEPRECATED:
+#
 # List of enabled Glance stores.
 #
 # Register the storage backends to use for storing disk images
@@ -1083,18 +1209,9 @@
 #     * default_store
 #
 #  (list value)
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option is deprecated against new config option
-# ``enabled_backends`` which helps to configure multiple backend stores
-# of different schemes.
-#
-# This option is scheduled for removal in the Stein development
-# cycle.
 #stores = file,http
 
-# DEPRECATED:
+#
 # The default scheme to use for storing images.
 #
 # Provide a string value representing the default scheme to use for
@@ -1136,18 +1253,9 @@
 # sheepdog - <No description provided>
 # cinder - <No description provided>
 # vsphere - <No description provided>
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option is deprecated against new config option
-# ``default_backend`` which acts similar to ``default_store`` config
-# option.
-#
-# This option is scheduled for removal in the Stein development
-# cycle.
 #default_store = file
 
-# DEPRECATED:
+#
 # Minimum interval in seconds to execute updating dynamic storage
 # capabilities based on current backend status.
 #
@@ -1162,19 +1270,14 @@
 # By default, this option is set to zero and is disabled. Provide an
 # integer value greater than zero to enable this option.
 #
-# NOTE 1: For more information on store capabilities and their updates,
-# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
-# /store-capabilities.html
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-
+# specs/specs/kilo/store-capabilities.html
 #
 # For more information on setting up a particular store in your
 # deployment and help with the usage of this feature, please contact
 # the storage driver maintainers listed here:
-# https://docs.openstack.org/glance_store/latest/user/drivers.html
-#
-# NOTE 2: The dynamic store update capability described above is not
-# implemented by any current store drivers.  Thus, this option DOES
-# NOT DO ANYTHING (and it never has).  It is DEPRECATED and scheduled
-# for removal early in the Stein development cycle.
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
 #
 # Possible values:
 #     * Zero
@@ -1185,15 +1288,6 @@
 #
 #  (integer value)
 # Minimum value: 0
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option configures a stub method that has not been implemented
-# for any existing store drivers.  Hence it is non-operational, and
-# giving it a value does absolutely nothing.
-#
-# This option is scheduled for removal early in the Stein development
-# cycle.
 #store_capabilities_update_min_interval = 0
 
 #
@@ -1202,16 +1296,20 @@
 # When the ``cinder_endpoint_template`` is not set and any of
 # ``cinder_store_auth_address``, ``cinder_store_user_name``,
 # ``cinder_store_project_name``, ``cinder_store_password`` is not set,
-# cinder store uses this information to lookup cinder endpoint from the service
-# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# cinder store uses this information to lookup cinder endpoint from
+# the service
+# catalog in the current context. ``cinder_os_region_name``, if set,
+# is taken
 # into consideration to fetch the appropriate endpoint.
 #
-# The service catalog can be listed by the ``openstack catalog list`` command.
+# The service catalog can be listed by the ``openstack catalog list``
+# command.
 #
 # Possible values:
 #     * A string of of the following form:
 #       ``<service_type>:<service_name>:<interface>``
-#       At least ``service_type`` and ``interface`` should be specified.
+#       At least ``service_type`` and ``interface`` should be
+# specified.
 #       ``service_name`` can be omitted.
 #
 # Related options:
@@ -1228,18 +1326,22 @@
 #
 # Override service catalog lookup with template for cinder endpoint.
 #
-# When this option is set, this value is used to generate cinder endpoint,
+# When this option is set, this value is used to generate cinder
+# endpoint,
 # instead of looking up from the service catalog.
 # This value is ignored if ``cinder_store_auth_address``,
 # ``cinder_store_user_name``, ``cinder_store_project_name``, and
 # ``cinder_store_password`` are specified.
 #
-# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
-#
-# Possible values:
-#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+# If this configuration option is set, ``cinder_catalog_info`` will be
+# ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s``
+# is
 #       replaced with the current tenant (project) name.
-#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#       For example:
+# ``http://cinder.openstack.example.org/v2/%%(tenant)s``
 #
 # Related options:
 #     * cinder_store_auth_address
@@ -1254,10 +1356,14 @@
 #
 # Region name to lookup cinder service from the service catalog.
 #
-# This is used only when ``cinder_catalog_info`` is used for determining the
-# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
-# the specified region. It is useful when multiple regions are listed in the
-# catalog. If this is not set, the endpoint is looked up from every region.
+# This is used only when ``cinder_catalog_info`` is used for
+# determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is
+# filtered to
+# the specified region. It is useful when multiple regions are listed
+# in the
+# catalog. If this is not set, the endpoint is looked up from every
+# region.
 #
 # Possible values:
 #     * A string that is a valid region name.
@@ -1273,9 +1379,10 @@
 # Location of a CA certificates file used for cinder client requests.
 #
 # The specified CA certificates file, if set, is used to verify cinder
-# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
-# ignored.
-# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value
+# is ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the
+# verification.
 #
 # Possible values:
 #     * Path to a ca certificates file
@@ -1289,7 +1396,8 @@
 #
 # Number of cinderclient retries on failed http calls.
 #
-# When a call failed by any errors, cinderclient will retry the call up to the
+# When a call failed by any errors, cinderclient will retry the call
+# up to the
 # specified times after sleeping a few seconds.
 #
 # Possible values:
@@ -1306,11 +1414,16 @@
 # Time period, in seconds, to wait for a cinder volume transition to
 # complete.
 #
-# When the cinder volume is created, deleted, or attached to the glance node to
-# read/write the volume data, the volume's state is changed. For example, the
-# newly created volume status changes from ``creating`` to ``available`` after
-# the creation process is completed. This specifies the maximum time to wait for
-# the status change. If a timeout occurs while waiting, or the status is changed
+# When the cinder volume is created, deleted, or attached to the
+# glance node to
+# read/write the volume data, the volume's state is changed. For
+# example, the
+# newly created volume status changes from ``creating`` to
+# ``available`` after
+# the creation process is completed. This specifies the maximum time
+# to wait for
+# the status change. If a timeout occurs while waiting, or the status
+# is changed
 # to an unexpected value (e.g. `error``), the image creation fails.
 #
 # Possible values:
@@ -1326,8 +1439,10 @@
 #
 # Allow to perform insecure SSL requests to cinder.
 #
-# If this option is set to True, HTTPS endpoint connection is verified using the
-# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+# If this option is set to True, HTTPS endpoint connection is verified
+# using the
+# CA certificates file specified by ``cinder_ca_certificates_file``
+# option.
 #
 # Possible values:
 #     * True
@@ -1342,15 +1457,23 @@
 #
 # The address where the cinder authentication service is listening.
 #
-# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
-# ``cinder_store_project_name``, and ``cinder_store_password`` options are
-# specified, the specified values are always used for the authentication.
-# This is useful to hide the image volumes from users by storing them in a
-# project/tenant specific to the image service. It also enables users to share
-# the image volume among other projects under the control of glance's ACL.
-#
-# If either of these options are not set, the cinder endpoint is looked up
-# from the service catalog, and current context's user and project are used.
+# When all of ``cinder_store_auth_address``,
+# ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options
+# are
+# specified, the specified values are always used for the
+# authentication.
+# This is useful to hide the image volumes from users by storing them
+# in a
+# project/tenant specific to the image service. It also enables users
+# to share
+# the image volume among other projects under the control of glance's
+# ACL.
+#
+# If either of these options are not set, the cinder endpoint is
+# looked up
+# from the service catalog, and current context's user and project are
+# used.
 #
 # Possible values:
 #     * A valid authentication service address, for example:
@@ -1367,7 +1490,8 @@
 #
 # User name to authenticate against cinder.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the user of the current context is used.
 #
 # Possible values:
@@ -1384,11 +1508,13 @@
 #
 # Password for the user authenticating against cinder.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the user of the current context is used.
 #
 # Possible values:
-#     * A valid password for the user specified by ``cinder_store_user_name``
+#     * A valid password for the user specified by
+# ``cinder_store_user_name``
 #
 # Related options:
 #     * cinder_store_auth_address
@@ -1401,10 +1527,12 @@
 #
 # Project name where the image volume is stored in cinder.
 #
-# If this configuration option is not set, the project in current context is
+# If this configuration option is not set, the project in current
+# context is
 # used.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the project of the current context is used.
 #
 # Possible values:
@@ -1419,11 +1547,15 @@
 #cinder_store_project_name = <None>
 
 #
-# Path to the rootwrap configuration file to use for running commands as root.
-#
-# The cinder store requires root privileges to operate the image volumes (for
-# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
-# The configuration file should allow the required commands by cinder store and
+# Path to the rootwrap configuration file to use for running commands
+# as root.
+#
+# The cinder store requires root privileges to operate the image
+# volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data,
+# etc.).
+# The configuration file should allow the required commands by cinder
+# store and
 # os-brick library.
 #
 # Possible values:
@@ -1438,11 +1570,14 @@
 #
 # Volume type that will be used for volume creation in cinder.
 #
-# Some cinder backends can have several volume types to optimize storage usage.
-# Adding this option allows an operator to choose a specific volume type
+# Some cinder backends can have several volume types to optimize
+# storage usage.
+# Adding this option allows an operator to choose a specific volume
+# type
 # in cinder that can be optimized for images.
 #
-# If this is not set, then the default volume type specified in the cinder
+# If this is not set, then the default volume type specified in the
+# cinder
 # configuration will be used for volume creation.
 #
 # Possible values:
@@ -1497,7 +1632,7 @@
 #
 # More information on configuring filesystem store with multiple store
 # directories can be found at
-# https://docs.openstack.org/glance/latest/configuration/configuring.html
+# http://docs.openstack.org/developer/glance/configuring.html
 #
 # NOTE: This directory is used only when filesystem store is used as a
 # storage backend. Either ``filesystem_store_datadir`` or
@@ -1538,8 +1673,10 @@
 #
 # File access permissions for the image files.
 #
-# Set the intended file access permissions for image data. This provides
-# a way to enable other services, e.g. Nova, to consume images directly
+# Set the intended file access permissions for image data. This
+# provides
+# a way to enable other services, e.g. Nova, to consume images
+# directly
 # from the filesystem store. The users running the services that are
 # intended to be given access to could be made a member of the group
 # that owns the files created. Assigning a value less then or equal to
@@ -1548,7 +1685,7 @@
 # digit.
 #
 # For more information, please refer the documentation at
-# https://docs.openstack.org/glance/latest/configuration/configuring.html
+# http://docs.openstack.org/developer/glance/configuring.html
 #
 # Possible values:
 #     * A valid file access permission
@@ -1565,8 +1702,10 @@
 # Path to the CA bundle file.
 #
 # This configuration option enables the operator to use a custom
-# Certificate Authority file to verify the remote server certificate. If
-# this option is set, the ``https_insecure`` option will be ignored and
+# Certificate Authority file to verify the remote server certificate.
+# If
+# this option is set, the ``https_insecure`` option will be ignored
+# and
 # the CA file specified will be used to authenticate the server
 # certificate and establish a secure connection to the server.
 #
@@ -1584,8 +1723,10 @@
 #
 # This configuration option takes in a boolean value to determine
 # whether or not to verify the remote server certificate. If set to
-# True, the remote server certificate is not verified. If the option is
-# set to False, then the default CA truststore is used for verification.
+# True, the remote server certificate is not verified. If the option
+# is
+# set to False, then the default CA truststore is used for
+# verification.
 #
 # This option is ignored if ``https_ca_certificates_file`` is set.
 # The remote server certificate will then be verified using the file
@@ -1608,12 +1749,14 @@
 # This configuration option specifies the http/https proxy information
 # that should be used to connect to the remote server. The proxy
 # information should be a key value pair of the scheme and proxy, for
-# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# example, http:10.0.0.1:3128. You can also specify proxies for
+# multiple
 # schemes by separating the key value pairs with a comma, for example,
 # http:10.0.0.1:3128, https:10.0.0.1:1080.
 #
 # Possible values:
-#     * A comma separated list of scheme:proxy pairs as described above
+#     * A comma separated list of scheme:proxy pairs as described
+# above
 #
 # Related options:
 #     * None
@@ -1625,11 +1768,13 @@
 # Size, in megabytes, to chunk RADOS images into.
 #
 # Provide an integer value representing the size in megabytes to chunk
-# Glance images into. The default chunk size is 8 megabytes. For optimal
+# Glance images into. The default chunk size is 8 megabytes. For
+# optimal
 # performance, the value should be a power of two.
 #
 # When Ceph's RBD object storage system is used as the storage backend
-# for storing Glance images, the images are chunked into objects of the
+# for storing Glance images, the images are chunked into objects of
+# the
 # size set using this option. These chunked objects are then stored
 # across the distributed block data store to use for Glance.
 #
@@ -1646,8 +1791,10 @@
 #
 # RADOS pool in which images are stored.
 #
-# When RBD is used as the storage backend for storing Glance images, the
-# images are stored by means of logical grouping of the objects (chunks
+# When RBD is used as the storage backend for storing Glance images,
+# the
+# images are stored by means of logical grouping of the objects
+# (chunks
 # of images) into a ``pool``. Each pool is defined with the number of
 # placement groups it can contain. The default pool that is used is
 # 'images'.
@@ -1667,7 +1814,8 @@
 #
 # RADOS user to authenticate as.
 #
-# This configuration option takes in the RADOS user to authenticate as.
+# This configuration option takes in the RADOS user to authenticate
+# as.
 # This is only needed when RADOS authentication is enabled and is
 # applicable only if the user is using Cephx authentication. If the
 # value for this option is not set by the user or is set to None, a
@@ -1686,9 +1834,11 @@
 #
 # Ceph configuration file path.
 #
-# This configuration option takes in the path to the Ceph configuration
+# This configuration option takes in the path to the Ceph
+# configuration
 # file to be used. If the value for this option is not set by the user
-# or is set to None, librados will locate the default configuration file
+# or is set to None, librados will locate the default configuration
+# file
 # which is located at /etc/ceph/ceph.conf. If using Cephx
 # authentication, this file should include a reference to the right
 # keyring in a client.<USER> section
@@ -1706,7 +1856,8 @@
 # Timeout value for connecting to Ceph cluster.
 #
 # This configuration option takes in the timeout value in seconds used
-# when connecting to the Ceph cluster i.e. it sets the time to wait for
+# when connecting to the Ceph cluster i.e. it sets the time to wait
+# for
 # glance-api before closing the connection. This prevents glance-api
 # hangups during the connection to RBD. If the value for this option
 # is set to less than or equal to 0, no timeout is set and the default
@@ -1790,7 +1941,7 @@
 # Related Options:
 #     * sheepdog_store_port
 #
-#  (host address value)
+#  (unknown value)
 #sheepdog_store_address = 127.0.0.1
 
 #
@@ -1798,7 +1949,8 @@
 #
 # This boolean determines whether or not to verify the server
 # certificate. If this option is set to True, swiftclient won't check
-# for a valid SSL certificate when authenticating. If the option is set
+# for a valid SSL certificate when authenticating. If the option is
+# set
 # to False, then the default CA truststore is used for verification.
 #
 # Possible values:
@@ -1814,7 +1966,8 @@
 #
 # Path to the CA bundle file.
 #
-# This configuration option enables the operator to specify the path to
+# This configuration option enables the operator to specify the path
+# to
 # a custom Certificate Authority file for SSL verification when
 # connecting to Swift.
 #
@@ -1870,7 +2023,8 @@
 # the container and object to the configured URL.
 #
 # Possible values:
-#     * String value representing a valid URL path up to a Swift container
+#     * String value representing a valid URL path up to a Swift
+# container
 #
 # Related Options:
 #     * None
@@ -1882,9 +2036,12 @@
 # Endpoint Type of Swift service.
 #
 # This string value indicates the endpoint type to use to fetch the
-# Swift endpoint. The endpoint type determines the actions the user will
-# be allowed to perform, for instance, reading and writing to the Store.
-# This setting is only used if swift_store_auth_version is greater than
+# Swift endpoint. The endpoint type determines the actions the user
+# will
+# be allowed to perform, for instance, reading and writing to the
+# Store.
+# This setting is only used if swift_store_auth_version is greater
+# than
 # 1.
 #
 # Possible values:
@@ -1924,32 +2081,46 @@
 #swift_store_service_type = object-store
 
 #
-# Name of single container to store images/name prefix for multiple containers
-#
-# When a single container is being used to store images, this configuration
-# option indicates the container within the Glance account to be used for
-# storing all images. When multiple containers are used to store images, this
+# Name of single container to store images/name prefix for multiple
+# containers
+#
+# When a single container is being used to store images, this
+# configuration
+# option indicates the container within the Glance account to be used
+# for
+# storing all images. When multiple containers are used to store
+# images, this
 # will be the name prefix for all containers. Usage of single/multiple
 # containers can be controlled using the configuration option
 # ``swift_store_multiple_containers_seed``.
 #
-# When using multiple containers, the containers will be named after the value
-# set for this configuration option with the first N chars of the image UUID
+# When using multiple containers, the containers will be named after
+# the value
+# set for this configuration option with the first N chars of the
+# image UUID
 # as the suffix delimited by an underscore (where N is specified by
 # ``swift_store_multiple_containers_seed``).
 #
-# Example: if the seed is set to 3 and swift_store_container = ``glance``, then
-# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed in
-# the container ``glance_fda``. All dashes in the UUID are included when
-# creating the container name but do not count toward the character limit, so
+# Example: if the seed is set to 3 and swift_store_container =
+# ``glance``, then
+# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be
+# placed in
+# the container ``glance_fda``. All dashes in the UUID are included
+# when
+# creating the container name but do not count toward the character
+# limit, so
 # when N=10 the container name would be ``glance_fdae39a1-ba.``
 #
 # Possible values:
-#     * If using single container, this configuration option can be any string
+#     * If using single container, this configuration option can be
+# any string
 #       that is a valid swift container name in Glance's Swift account
-#     * If using multiple containers, this configuration option can be any
-#       string as long as it satisfies the container naming rules enforced by
-#       Swift. The value of ``swift_store_multiple_containers_seed`` should be
+#     * If using multiple containers, this configuration option can be
+# any
+#       string as long as it satisfies the container naming rules
+# enforced by
+#       Swift. The value of ``swift_store_multiple_containers_seed``
+# should be
 #       taken into account as well.
 #
 # Related options:
@@ -1961,24 +2132,31 @@
 #swift_store_container = glance
 
 #
-# The size threshold, in MB, after which Glance will start segmenting image
-# data.
-#
-# Swift has an upper limit on the size of a single uploaded object. By default,
-# this is 5GB. To upload objects bigger than this limit, objects are segmented
-# into multiple smaller objects that are tied together with a manifest file.
+# The size threshold, in MB, after which Glance will start segmenting
+# image data.
+#
+# Swift has an upper limit on the size of a single uploaded object. By
+# default,
+# this is 5GB. To upload objects bigger than this limit, objects are
+# segmented
+# into multiple smaller objects that are tied together with a manifest
+# file.
 # For more detail, refer to
-# https://docs.openstack.org/swift/latest/overview_large_objects.html
-#
-# This configuration option specifies the size threshold over which the Swift
+# http://docs.openstack.org/developer/swift/overview_large_objects.html
+#
+# This configuration option specifies the size threshold over which
+# the Swift
 # driver will start segmenting image data into multiple smaller files.
-# Currently, the Swift driver only supports creating Dynamic Large Objects.
-#
-# NOTE: This should be set by taking into account the large object limit
+# Currently, the Swift driver only supports creating Dynamic Large
+# Objects.
+#
+# NOTE: This should be set by taking into account the large object
+# limit
 # enforced by the Swift cluster in consideration.
 #
 # Possible values:
-#     * A positive integer that is less than or equal to the large object limit
+#     * A positive integer that is less than or equal to the large
+# object limit
 #       enforced by the Swift cluster in consideration.
 #
 # Related options:
@@ -1989,20 +2167,26 @@
 #swift_store_large_object_size = 5120
 
 #
-# The maximum size, in MB, of the segments when image data is segmented.
-#
-# When image data is segmented to upload images that are larger than the limit
-# enforced by the Swift cluster, image data is broken into segments that are no
+# The maximum size, in MB, of the segments when image data is
+# segmented.
+#
+# When image data is segmented to upload images that are larger than
+# the limit
+# enforced by the Swift cluster, image data is broken into segments
+# that are no
 # bigger than the size specified by this configuration option.
 # Refer to ``swift_store_large_object_size`` for more detail.
 #
 # For example: if ``swift_store_large_object_size`` is 5GB and
-# ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will be
-# segmented into 7 segments where the first six segments will be 1GB in size and
+# ``swift_store_large_object_chunk_size`` is 1GB, an image of size
+# 6.2GB will be
+# segmented into 7 segments where the first six segments will be 1GB
+# in size and
 # the seventh segment will be 0.2GB.
 #
 # Possible values:
-#     * A positive integer that is less than or equal to the large object limit
+#     * A positive integer that is less than or equal to the large
+# object limit
 #       enforced by Swift cluster in consideration.
 #
 # Related options:
@@ -2015,9 +2199,12 @@
 #
 # Create container, if it doesn't already exist, when uploading image.
 #
-# At the time of uploading an image, if the corresponding container doesn't
-# exist, it will be created provided this configuration option is set to True.
-# By default, it won't be created. This behavior is applicable for both single
+# At the time of uploading an image, if the corresponding container
+# doesn't
+# exist, it will be created provided this configuration option is set
+# to True.
+# By default, it won't be created. This behavior is applicable for
+# both single
 # and multiple containers mode.
 #
 # Possible values:
@@ -2033,9 +2220,12 @@
 #
 # Store images in tenant's Swift account.
 #
-# This enables multi-tenant storage mode which causes Glance images to be stored
-# in tenant specific Swift accounts. If this is disabled, Glance stores all
-# images in its own account. More details multi-tenant store can be found at
+# This enables multi-tenant storage mode which causes Glance images to
+# be stored
+# in tenant specific Swift accounts. If this is disabled, Glance
+# stores all
+# images in its own account. More details multi-tenant store can be
+# found at
 # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage
 #
 # NOTE: If using multi-tenant swift store, please make sure
@@ -2055,18 +2245,26 @@
 #
 # Seed indicating the number of containers to use for storing images.
 #
-# When using a single-tenant store, images can be stored in one or more than one
-# containers. When set to 0, all images will be stored in one single container.
-# When set to an integer value between 1 and 32, multiple containers will be
-# used to store images. This configuration option will determine how many
-# containers are created. The total number of containers that will be used is
-# equal to 16^N, so if this config option is set to 2, then 16^2=256 containers
+# When using a single-tenant store, images can be stored in one or
+# more than one
+# containers. When set to 0, all images will be stored in one single
+# container.
+# When set to an integer value between 1 and 32, multiple containers
+# will be
+# used to store images. This configuration option will determine how
+# many
+# containers are created. The total number of containers that will be
+# used is
+# equal to 16^N, so if this config option is set to 2, then 16^2=256
+# containers
 # will be used to store images.
 #
-# Please refer to ``swift_store_container`` for more detail on the naming
-# convention. More detail about using multiple containers can be found at
-# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-
-# multiple-containers.html
+# Please refer to ``swift_store_container`` for more detail on the
+# naming
+# convention. More detail about using multiple containers can be found
+# at
+# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-
+# store-multiple-containers.html
 #
 # NOTE: This is used only when swift_store_multi_tenant is disabled.
 #
@@ -2091,7 +2289,8 @@
 # default value is an empty list.
 #
 # Possible values:
-#     * A comma separated list of strings representing UUIDs of Keystone
+#     * A comma separated list of strings representing UUIDs of
+# Keystone
 #       projects/tenants
 #
 # Related options:
@@ -2243,30 +2442,34 @@
 #  (string value)
 #default_swift_reference = ref1
 
-# DEPRECATED: Version of the authentication service to use. Valid versions are 2
-# and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string value)
+# DEPRECATED: Version of the authentication service to use. Valid
+# versions are 2 and 3 for keystone and 1 (deprecated) for swauth and
+# rackspace. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason:
-# The option 'auth_version' in the Swift back-end configuration file is
+# The option 'auth_version' in the Swift back-end configuration file
+# is
 # used instead.
 #swift_store_auth_version = 2
 
-# DEPRECATED: The address where the Swift authentication service is listening.
-# (string value)
+# DEPRECATED: The address where the Swift authentication service is
+# listening. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason:
-# The option 'auth_address' in the Swift back-end configuration file is
+# The option 'auth_address' in the Swift back-end configuration file
+# is
 # used instead.
 #swift_store_auth_address = <None>
 
-# DEPRECATED: The user to authenticate against the Swift authentication service.
-# (string value)
+# DEPRECATED: The user to authenticate against the Swift
+# authentication service. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason:
-# The option 'user' in the Swift back-end configuration file is set instead.
+# The option 'user' in the Swift back-end configuration file is set
+# instead.
 #swift_store_user = <None>
 
 # DEPRECATED: Auth key for the user authenticating against the Swift
@@ -2327,227 +2530,57 @@
 #  (string value)
 #swift_upload_buffer_dir = <None>
 
-#
-# Address of the ESX/ESXi or vCenter Server target system.
-#
-# This configuration option sets the address of the ESX/ESXi or vCenter
-# Server target system. This option is required when using the VMware
-# storage backend. The address can contain an IP address (127.0.0.1) or
-# a DNS name (www.my-domain.com).
-#
-# Possible Values:
-#     * A valid IPv4 or IPv6 address
-#     * A valid DNS name
-#
-# Related options:
-#     * vmware_server_username
-#     * vmware_server_password
-#
-#  (host address value)
-#vmware_server_host = 127.0.0.1
-
-#
-# Server username.
-#
-# This configuration option takes the username for authenticating with
-# the VMware ESX/ESXi or vCenter Server. This option is required when
-# using the VMware storage backend.
-#
-# Possible Values:
-#     * Any string that is the username for a user with appropriate
-#       privileges
-#
-# Related options:
-#     * vmware_server_host
-#     * vmware_server_password
-#
-#  (string value)
-#vmware_server_username = root
-
-#
-# Server password.
-#
-# This configuration option takes the password for authenticating with
-# the VMware ESX/ESXi or vCenter Server. This option is required when
-# using the VMware storage backend.
-#
-# Possible Values:
-#     * Any string that is a password corresponding to the username
-#       specified using the "vmware_server_username" option
-#
-# Related options:
-#     * vmware_server_host
-#     * vmware_server_username
-#
-#  (string value)
-#vmware_server_password = vmware
-
-#
-# The number of VMware API retries.
-#
-# This configuration option specifies the number of times the VMware
-# ESX/VC server API must be retried upon connection related issues or
-# server API call overload. It is not possible to specify 'retry
-# forever'.
-#
-# Possible Values:
-#     * Any positive integer value
-#
-# Related options:
-#     * None
-#
-#  (integer value)
-# Minimum value: 1
-#vmware_api_retry_count = 10
-
-#
-# Interval in seconds used for polling remote tasks invoked on VMware
-# ESX/VC server.
-#
-# This configuration option takes in the sleep time in seconds for polling an
-# on-going async task as part of the VMWare ESX/VC server API call.
-#
-# Possible Values:
-#     * Any positive integer value
-#
-# Related options:
-#     * None
-#
-#  (integer value)
-# Minimum value: 1
-#vmware_task_poll_interval = 5
-
-#
-# The directory where the glance images will be stored in the datastore.
-#
-# This configuration option specifies the path to the directory where the
-# glance images will be stored in the VMware datastore. If this option
-# is not set,  the default directory where the glance images are stored
-# is openstack_glance.
-#
-# Possible Values:
-#     * Any string that is a valid path to a directory
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#vmware_store_image_dir = /openstack_glance
-
-#
-# Set verification of the ESX/vCenter server certificate.
-#
-# This configuration option takes a boolean value to determine
-# whether or not to verify the ESX/vCenter server certificate. If this
-# option is set to True, the ESX/vCenter server certificate is not
-# verified. If this option is set to False, then the default CA
-# truststore is used for verification.
-#
-# This option is ignored if the "vmware_ca_file" option is set. In that
-# case, the ESX/vCenter server certificate will then be verified using
-# the file specified using the "vmware_ca_file" option .
-#
-# Possible Values:
-#     * True
-#     * False
-#
-# Related options:
-#     * vmware_ca_file
-#
-#  (boolean value)
-# Deprecated group/name - [glance_store]/vmware_api_insecure
-#vmware_insecure = false
-
-#
-# Absolute path to the CA bundle file.
-#
-# This configuration option enables the operator to use a custom
-# Cerificate Authority File to verify the ESX/vCenter certificate.
-#
-# If this option is set, the "vmware_insecure" option will be ignored
-# and the CA file specified will be used to authenticate the ESX/vCenter
-# server certificate and establish a secure connection to the server.
-#
-# Possible Values:
-#     * Any string that is a valid absolute path to a CA file
-#
-# Related options:
-#     * vmware_insecure
-#
-#  (string value)
-#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt
-
-#
-# The datastores where the image can be stored.
-#
-# This configuration option specifies the datastores where the image can
-# be stored in the VMWare store backend. This option may be specified
-# multiple times for specifying multiple datastores. The datastore name
-# should be specified after its datacenter path, separated by ":". An
-# optional weight may be given after the datastore name, separated again
-# by ":" to specify the priority. Thus, the required format becomes
-# <datacenter_path>:<datastore_name>:<optional_weight>.
-#
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for selection
-# last. If multiple datastores have the same weight, then the one with
-# the most free space available is selected.
-#
-# Possible Values:
-#     * Any string of the format:
-#       <datacenter_path>:<datastore_name>:<optional_weight>
-#
-# Related options:
-#    * None
-#
-#  (multi valued)
-#vmware_datastores =
+
+os_region_name = RegionOne
 
 
 [oslo_policy]
-
 #
 # From oslo.policy
 #
 
-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
+# This option controls whether or not to enforce scope when evaluating
+# policies. If ``True``, the scope of the token used in the request is
+# compared to the ``scope_types`` of the policy being enforced. If the
+# scopes do not match, an ``InvalidScope`` exception will be raised.
+# If ``False``, a message will be logged informing operators that
+# policies are being invoked with mismatching scope. (boolean value)
 #enforce_scope = false
 
 # The file that defines policies. (string value)
 #policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
+policy_file = /etc/glance/policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string
+# value)
 #policy_default_rule = default
 
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
+# Directories where policy configuration files are stored. They can be
+# relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by
+# policy_file must exist for these directories to be searched.
+# Missing or empty directories are ignored. (multi valued)
 #policy_dirs = policy.d
 
-# Content Type to send and receive data for REST based policy check (string
-# value)
+# Content Type to send and receive data for REST based policy check
+# (string value)
 # Possible values:
 # application/x-www-form-urlencoded - <No description provided>
 # application/json - <No description provided>
 #remote_content_type = application/x-www-form-urlencoded
 
-# server identity verification for REST based policy check (boolean value)
+# server identity verification for REST based policy check (boolean
+# value)
 #remote_ssl_verify_server_crt = false
 
-# Absolute path to ca cert file for REST based policy check (string value)
+# Absolute path to ca cert file for REST based policy check (string
+# value)
 #remote_ssl_ca_crt_file = <None>
 
-# Absolute path to client cert for REST based policy check (string value)
+# Absolute path to client cert for REST based policy check (string
+# value)
 #remote_ssl_client_crt_file = <None>
 
 # Absolute path client key file REST based policy check (string value)
 #remote_ssl_client_key_file = <None>
+

2019-04-30 22:14:50,505 [salt.state       :1951][INFO    ][14121] Completed state [/etc/glance/glance-cache.conf] at time 22:14:50.505378 duration_in_ms=107.759
2019-04-30 22:14:50,506 [salt.state       :1780][INFO    ][14121] Running state [glance_ssl_mysql] at time 22:14:50.506454
2019-04-30 22:14:50,506 [salt.state       :1813][INFO    ][14121] Executing state test.show_notification for [glance_ssl_mysql]
2019-04-30 22:14:50,506 [salt.state       :300 ][INFO    ][14121] Running glance._ssl.mysql
2019-04-30 22:14:50,506 [salt.state       :1951][INFO    ][14121] Completed state [glance_ssl_mysql] at time 22:14:50.506928 duration_in_ms=0.474
2019-04-30 22:14:50,507 [salt.state       :1780][INFO    ][14121] Running state [glance_ssl_rabbitmq] at time 22:14:50.507196
2019-04-30 22:14:50,507 [salt.state       :1813][INFO    ][14121] Executing state test.show_notification for [glance_ssl_rabbitmq]
2019-04-30 22:14:50,507 [salt.state       :300 ][INFO    ][14121] Running glance._ssl.rabbitmq
2019-04-30 22:14:50,507 [salt.state       :1951][INFO    ][14121] Completed state [glance_ssl_rabbitmq] at time 22:14:50.507642 duration_in_ms=0.446
2019-04-30 22:14:50,508 [salt.state       :1780][INFO    ][14121] Running state [/etc/glance/glance-registry.conf] at time 22:14:50.508004
2019-04-30 22:14:50,508 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/glance/glance-registry.conf]
2019-04-30 22:14:50,523 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/files/rocky/glance-registry.conf.Debian'
2019-04-30 22:14:50,581 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/_database.conf'
2019-04-30 22:14:50,608 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/keystonemiddleware/_auth_token.conf'
2019-04-30 22:14:50,629 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/keystoneauth/_type_password.conf'
2019-04-30 22:14:50,652 [salt.state       :300 ][INFO    ][14121] File changed:
--- 
+++ 
@@ -1,16 +1,20 @@
+
 [DEFAULT]
 
 #
 # From glance.registry
 #
 
-# DEPRECATED:
+#
 # Set the image owner to tenant or the authenticated user.
 #
-# Assign a boolean value to determine the owner of an image. When set to
+# Assign a boolean value to determine the owner of an image. When set
+# to
 # True, the owner of the image is the tenant. When set to False, the
-# owner of the image will be the authenticated user issuing the request.
-# Setting it to False makes the image private to the associated user and
+# owner of the image will be the authenticated user issuing the
+# request.
+# Setting it to False makes the image private to the associated user
+# and
 # sharing with other users within the same tenant (or "project")
 # requires explicit image sharing via image membership.
 #
@@ -22,15 +26,6 @@
 #     * None
 #
 #  (boolean value)
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# The non-default setting for this option misaligns Glance with other
-# OpenStack services with respect to resource ownership.  Further, surveys
-# indicate that this option is not used by operators.  The option will be
-# removed early in the 'S' development cycle following the standard OpenStack
-# deprecation policy.  As the option is not in wide use, no migration path is
-# proposed.
 #owner_is_tenant = true
 
 #
@@ -74,7 +69,8 @@
 #
 # Provide  an integer value to limit the length of the request ID to
 # the specified length. The default value is 64. Users can change this
-# to any ineteger value between 0 and 16384 however keeping in mind that
+# to any ineteger value between 0 and 16384 however keeping in mind
+# that
 # a larger value may flood the logs.
 #
 # Possible values:
@@ -111,44 +107,11 @@
 #  (boolean value)
 #allow_additional_image_properties = true
 
-# "
-# Secure hashing algorithm used for computing the 'os_hash_value' property.
-#
-# This option configures the Glance "multihash", which consists of two
-# image properties: the 'os_hash_algo' and the 'os_hash_value'.  The
-# 'os_hash_algo' will be populated by the value of this configuration
-# option, and the 'os_hash_value' will be populated by the hexdigest computed
-# when the algorithm is applied to the uploaded or imported image data.
-#
-# The value must be a valid secure hash algorithm name recognized by the
-# python 'hashlib' library.  You can determine what these are by examining
-# the 'hashlib.algorithms_available' data member of the version of the
-# library being used in your Glance installation.  For interoperability
-# purposes, however, we recommend that you use the set of secure hash
-# names supplied by the 'hashlib.algorithms_guaranteed' data member because
-# those algorithms are guaranteed to be supported by the 'hashlib' library
-# on all platforms.  Thus, any image consumer using 'hashlib' locally should
-# be able to verify the 'os_hash_value' of the image.
-#
-# The default value of 'sha512' is a performant secure hash algorithm.
-#
-# If this option is misconfigured, any attempts to store image data will fail.
-# For that reason, we recommend using the default value.
-#
-# Possible values:
-#     * Any secure hash algorithm name recognized by the Python 'hashlib'
-#       library
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#hashing_algorithm = sha512
-
 #
 # Maximum number of image members per image.
 #
-# This limits the maximum of users an image can be shared with. Any negative
+# This limits the maximum of users an image can be shared with. Any
+# negative
 # value is interpreted as unlimited.
 #
 # Related options:
@@ -160,10 +123,12 @@
 #
 # Maximum number of properties allowed on an image.
 #
-# This enforces an upper limit on the number of additional properties an image
+# This enforces an upper limit on the number of additional properties
+# an image
 # can have. Any negative value is interpreted as unlimited.
 #
-# NOTE: This won't have any impact if additional properties are disabled. Please
+# NOTE: This won't have any impact if additional properties are
+# disabled. Please
 # refer to ``allow_additional_image_properties``.
 #
 # Related options:
@@ -220,7 +185,8 @@
 #
 # Finally, when this configuration option is set to
 # ``glance.db.simple.api``, image catalog data is stored in and read
-# from an in-memory data structure. This is primarily used for testing.
+# from an in-memory data structure. This is primarily used for
+# testing.
 #
 # Related options:
 #     * enable_v2_api
@@ -233,8 +199,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #data_api = glance.db.sqlalchemy.api
 
 #
@@ -351,9 +317,10 @@
 #  (boolean value)
 # This option is deprecated for removal since Newton.
 # Its value may be silently ignored in the future.
-# Reason: This option will be removed in the Pike release or later because the
-# same functionality can be achieved with greater granularity by using policies.
-# Please see the Newton release notes for more information.
+# Reason: This option will be removed in the Pike release or later
+# because the same functionality can be achieved with greater
+# granularity by using policies. Please see the Newton release notes
+# for more information.
 #show_multiple_locations = false
 
 #
@@ -385,18 +352,25 @@
 #
 # Maximum amount of image storage per tenant.
 #
-# This enforces an upper limit on the cumulative storage consumed by all images
+# This enforces an upper limit on the cumulative storage consumed by
+# all images
 # of a tenant across all stores. This is a per-tenant limit.
 #
-# The default unit for this configuration option is Bytes. However, storage
-# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
-# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
-# TeraBytes respectively. Note that there should not be any space between the
-# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# The default unit for this configuration option is Bytes. However,
+# storage
+# units can be specified using case-sensitive literals ``B``, ``KB``,
+# ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes,
+# GigaBytes and
+# TeraBytes respectively. Note that there should not be any space
+# between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative
+# values
 # are invalid and result in errors.
 #
 # Possible values:
-#     * A string that is a valid concatenation of a non-negative integer
+#     * A string that is a valid concatenation of a non-negative
+# integer
 #       representing the storage value and an optional string literal
 #       representing storage units as mentioned above.
 #
@@ -405,6 +379,40 @@
 #
 #  (string value)
 #user_storage_quota = 0
+
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
+#enable_v1_api = true
 
 #
 # Deploy the v2 OpenStack Images API.
@@ -418,18 +426,44 @@
 #       option, which is enabled by default, is also recommended
 #       to be disabled.
 #
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
 # Possible values:
 #     * True
 #     * False
 #
 # Related options:
 #     * enable_v2_registry
+#     * enable_v1_api
 #
 #  (boolean value)
 #enable_v2_api = true
 
 #
-#                     DEPRECATED FOR REMOVAL
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
 #  (boolean value)
 #enable_v1_registry = true
 
@@ -463,8 +497,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #enable_v2_registry = true
 
 #
@@ -482,7 +516,7 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 #pydev_worker_debug_host = localhost
 
 #
@@ -569,18 +603,43 @@
 #
 # Related options:
 #     * [task]/work_dir
+#     * [DEFAULT]/enable_image_import (*deprecated*)
 #
 #  (string value)
 #node_staging_uri = file:///tmp/staging/
 
+# DEPRECATED:
+# Enables the Image Import workflow introduced in Pike
+#
+# As '[DEFAULT]/node_staging_uri' is required for the Image
+# Import, it's disabled per default in Pike, enabled per
+# default in Queens and removed in Rocky. This allows Glance to
+# operate with previous version configs upon upgrade.
+#
+# Setting this option to False will disable the endpoints related
+# to Image Import Refactoring work.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri (boolean value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is deprecated for removal in Rocky.
+#
+# It was introduced to make sure that the API is not enabled
+# before the '[DEFAULT]/node_staging_uri' is defined and is
+# long term redundant.
+#enable_image_import = true
+
 #
 # List of enabled Image Import Methods
 #
 # Both 'glance-direct' and 'web-download' are enabled by default.
 #
 # Related options:
-#     * [DEFAULT]/node_staging_uri (list value)
-#enabled_import_methods = [glance-direct,web-download]
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # IP address to bind the glance servers to.
@@ -599,8 +658,9 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 #bind_host = 0.0.0.0
+bind_host = 10.167.4.37
 
 #
 # Port number on which the server will listen.
@@ -620,6 +680,7 @@
 # Minimum value: 0
 # Maximum value: 65535
 #bind_port = <None>
+bind_port = 9191
 
 #
 # Set the number of incoming connection requests.
@@ -720,9 +781,9 @@
 #  (string value)
 #key_file = /etc/ssl/key/key-file.pem
 
-# DEPRECATED: The HTTP header used to determine the scheme for the original
-# request, even if it was removed by an SSL terminating proxy. Typical value is
-# "HTTP_X_FORWARDED_PROTO". (string value)
+# DEPRECATED: The HTTP header used to determine the scheme for the
+# original request, even if it was removed by an SSL terminating
+# proxy. Typical value is "HTTP_X_FORWARDED_PROTO". (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason: Use the http_proxy_to_wsgi middleware instead.
@@ -735,7 +796,8 @@
 # process workers to service requests. By default, the number of CPUs
 # available is set as the value for ``workers`` limited to 8. For
 # example if the processor count is 6, 6 workers will be used, if the
-# processor count is 24 only 8 workers will be used. The limit will only
+# processor count is 24 only 8 workers will be used. The limit will
+# only
 # apply to the default value, if 24 workers is configured, 24 is used.
 #
 # Each worker process is made to listen on the port set in the
@@ -754,6 +816,7 @@
 #  (integer value)
 # Minimum value: 0
 #workers = <None>
+workers = 8
 
 #
 # Maximum line size of message headers.
@@ -823,312 +886,301 @@
 #  (integer value)
 # Minimum value: 0
 #client_socket_timeout = 900
-
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 # Note: This option can be changed without restarting.
 #debug = false
 
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths. This option
-# is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/registry.log
+
+# (Optional) The base directory used for relative log_file  paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and Linux
-# platform is used. This option is ignored if log_config_append is set. (boolean
-# value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append is
-# set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# Enable journald for logging. If running in a systemd environment you may wish
-# to enable journal support. Doing so will use the journal native protocol which
-# includes structured metadata in addition to log messages.This option is
-# ignored if log_config_append is set. (boolean value)
+# Enable journald for logging. If running in a systemd environment you
+# may wish to enable journal support. Doing so will use the journal
+# native protocol which includes structured metadata in addition to
+# log messages.This option is ignored if log_config_append is set.
+# (boolean value)
 #use_journal = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Use JSON formatting for logging. This option is ignored if log_config_append
-# is set. (boolean value)
+# Use JSON formatting for logging. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_json = false
 
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined. (string
+# Format string to use for log messages when context is undefined.
+# (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string
 # value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message is
-# DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message. (string value)
+# The format for an instance that is passed with the log message.
+# (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message. (string
-# value)
+# The format for an instance UUID that is passed with the log message.
+# (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Interval, number of seconds, of log rate limiting. (integer value)
 #rate_limit_interval = 0
 
-# Maximum number of logged messages per rate_limit_interval. (integer value)
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
 #rate_limit_burst = 0
 
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
-# empty string. Logs with level greater or equal to rate_limit_except_level are
-# not filtered. An empty string means that all levels are filtered. (string
-# value)
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
 #rate_limit_except_level = CRITICAL
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
-#
-# From oslo.messaging
-#
-
-# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size = 30
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger period.
-# The value of 0 specifies no linger period. Pending messages shall be discarded
-# immediately when the socket is closed. Positive values specify an upper bound
-# for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target (
-# < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to skip
-# any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value and
-# 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0) means
-# to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not
-# tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-# Size of executor thread pool when executor is threading or eventlet. (integer
-# value)
-# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
-#executor_thread_pool_size = 64
-
-# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout = 60
-
-# The network address and optional user credentials for connecting to the
-# messaging backend, in URL format. The expected format is:
-#
-# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
-#
-# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
-#
-# For full details on the fields in the URL see the documentation of
-# oslo_messaging.TransportURL at
-# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
-# (string value)
-#transport_url = <None>
-
-# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
-# include amqp and zmq. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rpc_backend = rabbit
-
-# The default exchange under which topics are scoped. May be overridden by an
-# exchange name specified in the transport_url option. (string value)
-#control_exchange = openstack
-
+[paste_deploy]
+
+#
+# From glance.registry
+#
+
+#
+# Deployment flavor to use in the server application pipeline.
+#
+# Provide a string value representing the appropriate deployment
+# flavor used in the server application pipleline. This is typically
+# the partial name of a pipeline in the paste configuration file with
+# the service name removed.
+#
+# For example, if your paste section name in the paste configuration
+# file is [pipeline:glance-api-keystone], set ``flavor`` to
+# ``keystone``.
+#
+# Possible values:
+#     * String value representing a partial pipeline name.
+#
+# Related Options:
+#     * config_file
+#
+#  (string value)
+flavor = keystone
+
+#
+# Name of the paste configuration file.
+#
+# Provide a string value representing the name of the paste
+# configuration file to use for configuring piplelines for
+# server application deployments.
+#
+# NOTES:
+#     * Provide the name or the path relative to the glance directory
+#       for the paste configuration file and not the absolute path.
+#     * The sample paste configuration file shipped with Glance need
+#       not be edited in most cases as it comes with ready-made
+#       pipelines for all common deployment flavors.
+#
+# If no value is specified for this option, the ``paste.ini`` file
+# with the prefix of the corresponding Glance service's configuration
+# file name will be searched for in the known configuration
+# directories. (For example, if this option is missing from or has no
+# value set in ``glance-api.conf``, the service will look for a file
+# named ``glance-api-paste.ini``.) If the paste configuration file is
+# not found, the service will not start.
+#
+# Possible values:
+#     * A string value representing the name of the paste
+# configuration
+#       file.
+#
+# Related Options:
+#     * flavor
+#
+#  (string value)
+#config_file = glance-api-paste.ini
+
+
+[profiler]
+
+#
+# From glance.registry
+#
+
+#
+# Enables the profiling for all services on this node. Default value
+# is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via
+# this project
+# operations. If the profiling is triggered by another project, this
+# project part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
+#enabled = false
+
+#
+# Enables SQL requests profiling in services. Default value is False
+# (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part
+# of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only
+# shown on a
+# higher level of operations. Single SQL queries cannot be analyzed
+# this
+# way.
+#  (boolean value)
+#trace_sqlalchemy = false
+
+#
+# Secret key(s) to use for encrypting context data for performance
+# profiling.
+# This string value should have the following format:
+# <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the
+# profiling via
+# the REST API has to set one of these keys in the headers of the REST
+# API call
+# to include profiling results of this node for this particular
+# project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to
+# enable
+# profiling. Also, to generate correct profiling information across
+# all services
+# at least one key needs to be consistent between OpenStack projects.
+# This
+# ensures it can be used from client side to generate the trace,
+# containing
+# information from all possible resources. (string value)
+#hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is
+# messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+# * mongodb://127.0.0.1:27017 : use mongodb driver for sending
+# notifications.
+# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for
+# sending
+# notifications.
+#  (string value)
+#connection_string = messaging://
+
+#
+# Document type for notification indexing in elasticsearch.
+#  (string value)
+#es_doc_type = notification
+
+#
+# This parameter is a time value parameter (for example:
+# es_scroll_time=2m),
+# indicating for how long the nodes that participate in the search
+# will maintain
+# relevant resources in order to continue and support it.
+#  (string value)
+#es_scroll_time = 2m
+
+#
+# Elasticsearch splits large requests in batches. This parameter
+# defines
+# maximum size of each batch (for example: es_scroll_size=10000).
+#  (integer value)
+#es_scroll_size = 10000
+
+#
+# Redissentinel provides a timeout option on the connections.
+# This parameter defines that timeout (for example:
+# socket_timeout=0.1).
+#  (floating point value)
+#socket_timeout = 0.1
+
+#
+# Redissentinel uses a service name to identify a master redis
+# service.
+# This parameter defines the name (for example:
+# sentinal_service_name=mymaster).
+#  (string value)
+#sentinel_service_name = mymaster
 
 [database]
-connection = sqlite:////var/lib/glance/glance.sqlite
-backend = sqlalchemy
-
 #
 # From oslo.db
 #
@@ -1140,71 +1192,75 @@
 # Deprecated group/name - [DEFAULT]/db_backend
 #backend = sqlalchemy
 
-# The SQLAlchemy connection string to use to connect to the database. (string
-# value)
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
+connection = mysql+pymysql://glance:opnfv_secret@10.167.4.23/glance?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
 #slave_connection = <None>
 
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
-# the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
 #mysql_sql_mode = TRADITIONAL
 
-# If True, transparently enables support for handling MySQL Cluster (NDB).
-# (boolean value)
+# If True, transparently enables support for handling MySQL Cluster
+# (NDB). (boolean value)
 #mysql_enable_ndb = false
 
-# Connections which have been present in the connection pool longer than this
-# number of seconds will be replaced with a new one the next time they are
-# checked out from the pool. (integer value)
+# Connections which have been present in the connection pool longer
+# than this number of seconds will be replaced with a new one the next
+# time they are checked out from the pool. (integer value)
 # Deprecated group/name - [DATABASE]/idle_timeout
 # Deprecated group/name - [database]/idle_timeout
 # Deprecated group/name - [DEFAULT]/sql_idle_timeout
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #connection_recycle_time = 3600
-
-# DEPRECATED: Minimum number of SQL connections to keep open in a pool. (integer
+# (obryndzii) we change default connection_recycle_time to 280 in order to fix numerous
+# DBConnection errors in services until we implement this setting in reclass-system
+connection_recycle_time = 300
+
+# Minimum number of SQL connections to keep open in a pool. (integer
 # value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to set the minimum pool size is not supported by
-# sqlalchemy.
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
-# indicates no limit. (integer value)
+# Maximum number of SQL connections to keep open in a pool. Setting a
+# value of 0 indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
 #max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
 
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
 # Minimum value: 0
 # Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
@@ -1214,58 +1270,106 @@
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
 #connection_trace = false
 
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection lost. (boolean
-# value)
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
 
-# If True, increases the interval between retries of a database operation up to
-# db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
 #db_inc_retry_interval = true
 
-# If db_inc_retry_interval is set, the maximum seconds between retries of a
-# database operation. (integer value)
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
 #db_max_retry_interval = 10
 
-# Maximum retries in case of connection error or deadlock error before error is
-# raised. Set to -1 to specify an infinite retry count. (integer value)
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
 #db_max_retries = 20
 
-# Optional URL parameters to append onto the connection URL at connect time;
-# specify as param1=value1&param2=value2&... (string value)
-#connection_parameters =
-
 #
 # From oslo.db.concurrency
 #
 
-# Enable the experimental use of thread pooling for all DB API calls (boolean
-# value)
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
 # Deprecated group/name - [DEFAULT]/dbapi_use_tpool
 #use_tpool = false
 
+[oslo_policy]
+#
+# From oslo.policy
+#
+
+# This option controls whether or not to enforce scope when evaluating
+# policies. If ``True``, the scope of the token used in the request is
+# compared to the ``scope_types`` of the policy being enforced. If the
+# scopes do not match, an ``InvalidScope`` exception will be raised.
+# If ``False``, a message will be logged informing operators that
+# policies are being invoked with mismatching scope. (boolean value)
+#enforce_scope = false
+
+# The file that defines policies. (string value)
+#policy_file = policy.json
+policy_file = /etc/glance/policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string
+# value)
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored. They can be
+# relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by
+# policy_file must exist for these directories to be searched.
+# Missing or empty directories are ignored. (multi valued)
+#policy_dirs = policy.d
+
+# Content Type to send and receive data for REST based policy check
+# (string value)
+# Possible values:
+# application/x-www-form-urlencoded - <No description provided>
+# application/json - <No description provided>
+#remote_content_type = application/x-www-form-urlencoded
+
+# server identity verification for REST based policy check (boolean
+# value)
+#remote_ssl_verify_server_crt = false
+
+# Absolute path to ca cert file for REST based policy check (string
+# value)
+#remote_ssl_ca_crt_file = <None>
+
+# Absolute path to client cert for REST based policy check (string
+# value)
+#remote_ssl_client_crt_file = <None>
+
+# Absolute path client key file REST based policy check (string value)
+#remote_ssl_client_key_file = <None>
 
 [keystone_authtoken]
-
 #
 # From keystonemiddleware.auth_token
 #
 
 # Complete "public" Identity API endpoint. This endpoint should not be an
-# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
-# clients are redirected to this endpoint to authenticate. Although this
-# endpoint should ideally be unversioned, client support in the wild varies. If
-# you're using a versioned v2 endpoint here, then this should *not* be the same
-# endpoint the service user utilizes for validating tokens, because normal end
-# users may not be able to reach that endpoint. (string value)
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
 # Deprecated group/name - [keystone_authtoken]/auth_uri
 #www_authenticate_uri = <None>
+www_authenticate_uri = http://10.167.4.35:5000
 
 # DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
 # be an "admin" endpoint, as it should be accessible by all end users.
@@ -1278,9 +1382,10 @@
 # release. (string value)
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
-# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and
-# will be removed in the S  release.
+# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
+# and will be removed in the S  release.
 #auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
@@ -1293,8 +1398,8 @@
 # value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with Identity API
-# Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
 #http_request_max_retries = 3
 
 # Request environment key where the Swift cache object is stored. When
@@ -1318,10 +1423,11 @@
 
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
+region_name = RegionOne
 
 # DEPRECATED: Directory used to cache files related to PKI tokens. This option
-# has been deprecated in the Ocata release and will be removed in the P release.
-# (string value)
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
@@ -1332,42 +1438,12 @@
 # Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating tokens, the middleware
-# caches previously-seen tokens for a configurable duration (in seconds). Set to
-# -1 to disable caching completely. (integer value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of revocation
-# events combined with a low cache duration may significantly reduce
-# performance. Only valid for PKI tokens. This option has been deprecated in the
-# Ocata release and will be removed in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
-# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-# cache. If the value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-# Possible values:
-# None - <No description provided>
-# MAC - <No description provided>
-# ENCRYPT - <No description provided>
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is
-# used for key derivation. (string value)
-#memcache_secret_key = <None>
-
 # (Optional) Number of seconds memcached server is considered dead before it is
 # tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every memcached server.
-# (integer value)
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
 #memcache_pool_maxsize = 10
 
 # (Optional) Socket timeout in seconds for communicating with a memcached
@@ -1393,11 +1469,11 @@
 
 # Used to control the use and type of token binding. Can be set to: "disabled"
 # to not check token binding. "permissive" (default) to validate binding
-# information if the bind type is of a form known to the server and ignore it if
-# not. "strict" like "permissive" but if the bind type is unknown the token will
-# be rejected. "required" any form of token binding is needed to be allowed.
-# Finally the name of a binding method that must be present in tokens. (string
-# value)
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
 #enforce_token_bind = permissive
 
 # DEPRECATED: If true, the revocation list will be checked for cached tokens.
@@ -1424,891 +1500,126 @@
 # A choice of roles that must be present in a service token. Service tokens are
 # allowed to request that an expired token can be used and so this check should
 # tightly control that only actual services should be sending this token. Roles
-# here are applied as an ANY check so any role in this list must be present. For
-# backwards compatibility reasons this currently only affects the allow_expired
-# check. (list value)
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
 #service_token_roles = service
 
-# For backwards compatibility reasons we must let valid service tokens pass that
-# don't pass the service_token_roles check as valid. Setting this true will
-# become the default in a future release and should be enabled if possible.
-# (boolean value)
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
 #service_token_roles_required = false
 
 # Authentication type to load (string value)
 # Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
+auth_type = password
 
 # Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
-# [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it
-# will use the system's CA-bundle to verify the server's certificate. (boolean
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
 # value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internalURL
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
 # value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the
-# hostname in the transport_url. In some configurations it may be preferable to
-# use the virtual hostname instead, for example if the server uses the Server
-# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
-# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively
-# support virtual hosting (such as qpidd). When set to true the virtual host
-# name will be added to all message bus addresses, effectively creating a
-# private 'subnet' per virtual host. Set to False if the message bus supports
-# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
-# as the name of the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-robin
-# fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating point
-# value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
-# Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are messaging,
-# messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set,
-# we fall back to the same configuration used for RPC. (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
-
-# The maximum number of attempts to re-send a notification message which failed
-# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
-# (integer value)
-#retry = -1
-
-
-[oslo_messaging_rabbit]
-
-#
-# From oslo.messaging
-#
-
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_durable_queues
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-#amqp_auto_delete = false
-
-# Connect over SSL. (boolean value)
-# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
-#ssl = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
-
-# How long to wait before reconnecting in response to an AMQP consumer cancel
-# notification. (floating point value)
-#kombu_reconnect_delay = 1.0
-
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may not be available in future versions. (string value)
-#kombu_compression = <None>
-
-# How long to wait a missing client before abandoning to send it its replies.
-# This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
-#kombu_missing_consumer_retry_timeout = 60
-
-# Determines how the next RabbitMQ node is chosen in case the one we are
-# currently connected to becomes unavailable. Takes effect only if more than one
-# RabbitMQ node is provided in config. (string value)
-# Possible values:
-# round-robin - <No description provided>
-# shuffle - <No description provided>
-#kombu_failover_strategy = round-robin
-
-# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_host = localhost
-
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_port = 5672
-
-# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_hosts = $rabbit_host:$rabbit_port
-
-# DEPRECATED: The RabbitMQ userid. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_userid = guest
-
-# DEPRECATED: The RabbitMQ password. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_password = guest
-
-# The RabbitMQ login method. (string value)
-# Possible values:
-# PLAIN - <No description provided>
-# AMQPLAIN - <No description provided>
-# RABBIT-CR-DEMO - <No description provided>
-#rabbit_login_method = AMQPLAIN
-
-# DEPRECATED: The RabbitMQ virtual host. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_virtual_host = /
-
-# How frequently to retry connecting with RabbitMQ. (integer value)
-#rabbit_retry_interval = 1
-
-# How long to backoff for between retries when connecting to RabbitMQ. (integer
-# value)
-#rabbit_retry_backoff = 2
-
-# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-# (integer value)
-#rabbit_interval_max = 30
-
-# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#rabbit_max_retries = 0
-
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
-# is no longer controlled by the x-ha-policy argument when declaring a queue. If
-# you just want to make sure that all queues (except those with auto-generated
-# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
-# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
-#rabbit_ha_queues = false
-
-# Positive integer representing duration in seconds for queue TTL (x-expires).
-# Queues which are unused for the duration of the TTL are automatically deleted.
-# The parameter affects only reply and fanout queues. (integer value)
-# Minimum value: 1
-#rabbit_transient_queues_ttl = 1800
-
-# Specifies the number of messages to prefetch. Setting to zero allows unlimited
-# messages. (integer value)
-#rabbit_qos_prefetch_count = 0
-
-# Number of seconds after which the Rabbit broker is considered down if
-# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
-# value)
-#heartbeat_timeout_threshold = 60
-
-# How often times during the heartbeat_timeout_threshold we check the heartbeat.
-# (integer value)
-#heartbeat_rate = 2
-
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger period.
-# The value of 0 specifies no linger period. Pending messages shall be discarded
-# immediately when the socket is closed. Positive values specify an upper bound
-# for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target (
-# < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to skip
-# any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value and
-# 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0) means
-# to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not
-# tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check (string
-# value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
-
-
-[paste_deploy]
-
-#
-# From glance.registry
-#
-
-#
-# Deployment flavor to use in the server application pipeline.
-#
-# Provide a string value representing the appropriate deployment
-# flavor used in the server application pipleline. This is typically
-# the partial name of a pipeline in the paste configuration file with
-# the service name removed.
-#
-# For example, if your paste section name in the paste configuration
-# file is [pipeline:glance-api-keystone], set ``flavor`` to
-# ``keystone``.
-#
-# Possible values:
-#     * String value representing a partial pipeline name.
-#
-# Related Options:
-#     * config_file
-#
-#  (string value)
-#flavor = keystone
-
-#
-# Name of the paste configuration file.
-#
-# Provide a string value representing the name of the paste
-# configuration file to use for configuring piplelines for
-# server application deployments.
-#
-# NOTES:
-#     * Provide the name or the path relative to the glance directory
-#       for the paste configuration file and not the absolute path.
-#     * The sample paste configuration file shipped with Glance need
-#       not be edited in most cases as it comes with ready-made
-#       pipelines for all common deployment flavors.
-#
-# If no value is specified for this option, the ``paste.ini`` file
-# with the prefix of the corresponding Glance service's configuration
-# file name will be searched for in the known configuration
-# directories. (For example, if this option is missing from or has no
-# value set in ``glance-api.conf``, the service will look for a file
-# named ``glance-api-paste.ini``.) If the paste configuration file is
-# not found, the service will not start.
-#
-# Possible values:
-#     * A string value representing the name of the paste configuration
-#       file.
-#
-# Related Options:
-#     * flavor
-#
-#  (string value)
-#config_file = glance-api-paste.ini
-
-
-[profiler]
-
-#
-# From glance.registry
-#
-
-#
-# Enable the profiling for all services on this node.
-#
-# Default value is False (fully disable the profiling feature).
-#
-# Possible values:
-#
-# * True: Enables the feature
-# * False: Disables the feature. The profiling cannot be started via this
-# project
-#   operations. If the profiling is triggered by another project, this project
-#   part will be empty.
-#  (boolean value)
-# Deprecated group/name - [profiler]/profiler_enabled
-#enabled = false
-
-#
-# Enable SQL requests profiling in services.
-#
-# Default value is False (SQL requests won't be traced).
-#
-# Possible values:
-#
-# * True: Enables SQL requests profiling. Each SQL query will be part of the
-#   trace and can the be analyzed by how much time was spent for that.
-# * False: Disables SQL requests profiling. The spent time is only shown on a
-#   higher level of operations. Single SQL queries cannot be analyzed this way.
-#  (boolean value)
-#trace_sqlalchemy = false
-
-#
-# Secret key(s) to use for encrypting context data for performance profiling.
-#
-# This string value should have the following format: <key1>[,<key2>,...<keyn>],
-# where each key is some random string. A user who triggers the profiling via
-# the REST API has to set one of these keys in the headers of the REST API call
-# to include profiling results of this node for this particular project.
-#
-# Both "enabled" flag and "hmac_keys" config options should be set to enable
-# profiling. Also, to generate correct profiling information across all services
-# at least one key needs to be consistent between OpenStack projects. This
-# ensures it can be used from client side to generate the trace, containing
-# information from all possible resources.
-#  (string value)
-#hmac_keys = SECRET_KEY
-
-#
-# Connection string for a notifier backend.
-#
-# Default value is ``messaging://`` which sets the notifier to oslo_messaging.
-#
-# Examples of possible values:
-#
-# * ``messaging://`` - use oslo_messaging driver for sending spans.
-# * ``redis://127.0.0.1:6379`` - use redis driver for sending spans.
-# * ``mongodb://127.0.0.1:27017`` - use mongodb driver for sending spans.
-# * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch driver for sending
-#   spans.
-# * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver for sending
-# spans.
-#  (string value)
-#connection_string = messaging://
-
-#
-# Document type for notification indexing in elasticsearch.
-#  (string value)
-#es_doc_type = notification
-
-#
-# This parameter is a time value parameter (for example: es_scroll_time=2m),
-# indicating for how long the nodes that participate in the search will maintain
-# relevant resources in order to continue and support it.
-#  (string value)
-#es_scroll_time = 2m
-
-#
-# Elasticsearch splits large requests in batches. This parameter defines
-# maximum size of each batch (for example: es_scroll_size=10000).
-#  (integer value)
-#es_scroll_size = 10000
-
-#
-# Redissentinel provides a timeout option on the connections.
-# This parameter defines that timeout (for example: socket_timeout=0.1).
-#  (floating point value)
-#socket_timeout = 0.1
-
-#
-# Redissentinel uses a service name to identify a master redis service.
-# This parameter defines the name (for example:
-# ``sentinal_service_name=mymaster``).
-#  (string value)
-#sentinel_service_name = mymaster
-
-#
-# Enable filter traces that contain error/exception to a separated place.
-#
-# Default value is set to False.
-#
-# Possible values:
-#
-# * True: Enable filter traces that contain error/exception.
-# * False: Disable the filter.
-#  (boolean value)
-#filter_error_trace = false
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = glance

2019-04-30 22:14:50,653 [salt.state       :1951][INFO    ][14121] Completed state [/etc/glance/glance-registry.conf] at time 22:14:50.653265 duration_in_ms=145.259
2019-04-30 22:14:50,653 [salt.state       :1780][INFO    ][14121] Running state [/etc/glance/glance-scrubber.conf] at time 22:14:50.653712
2019-04-30 22:14:50,653 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/glance/glance-scrubber.conf]
2019-04-30 22:14:50,671 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/files/rocky/glance-scrubber.conf.Debian'
2019-04-30 22:14:50,755 [salt.state       :300 ][INFO    ][14121] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
+
 [DEFAULT]
 
 #
@@ -28,44 +29,11 @@
 #  (boolean value)
 #allow_additional_image_properties = true
 
-# "
-# Secure hashing algorithm used for computing the 'os_hash_value' property.
-#
-# This option configures the Glance "multihash", which consists of two
-# image properties: the 'os_hash_algo' and the 'os_hash_value'.  The
-# 'os_hash_algo' will be populated by the value of this configuration
-# option, and the 'os_hash_value' will be populated by the hexdigest computed
-# when the algorithm is applied to the uploaded or imported image data.
-#
-# The value must be a valid secure hash algorithm name recognized by the
-# python 'hashlib' library.  You can determine what these are by examining
-# the 'hashlib.algorithms_available' data member of the version of the
-# library being used in your Glance installation.  For interoperability
-# purposes, however, we recommend that you use the set of secure hash
-# names supplied by the 'hashlib.algorithms_guaranteed' data member because
-# those algorithms are guaranteed to be supported by the 'hashlib' library
-# on all platforms.  Thus, any image consumer using 'hashlib' locally should
-# be able to verify the 'os_hash_value' of the image.
-#
-# The default value of 'sha512' is a performant secure hash algorithm.
-#
-# If this option is misconfigured, any attempts to store image data will fail.
-# For that reason, we recommend using the default value.
-#
-# Possible values:
-#     * Any secure hash algorithm name recognized by the Python 'hashlib'
-#       library
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#hashing_algorithm = sha512
-
 #
 # Maximum number of image members per image.
 #
-# This limits the maximum of users an image can be shared with. Any negative
+# This limits the maximum of users an image can be shared with. Any
+# negative
 # value is interpreted as unlimited.
 #
 # Related options:
@@ -77,10 +45,12 @@
 #
 # Maximum number of properties allowed on an image.
 #
-# This enforces an upper limit on the number of additional properties an image
+# This enforces an upper limit on the number of additional properties
+# an image
 # can have. Any negative value is interpreted as unlimited.
 #
-# NOTE: This won't have any impact if additional properties are disabled. Please
+# NOTE: This won't have any impact if additional properties are
+# disabled. Please
 # refer to ``allow_additional_image_properties``.
 #
 # Related options:
@@ -137,7 +107,8 @@
 #
 # Finally, when this configuration option is set to
 # ``glance.db.simple.api``, image catalog data is stored in and read
-# from an in-memory data structure. This is primarily used for testing.
+# from an in-memory data structure. This is primarily used for
+# testing.
 #
 # Related options:
 #     * enable_v2_api
@@ -150,8 +121,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #data_api = glance.db.sqlalchemy.api
 
 #
@@ -268,9 +239,10 @@
 #  (boolean value)
 # This option is deprecated for removal since Newton.
 # Its value may be silently ignored in the future.
-# Reason: This option will be removed in the Pike release or later because the
-# same functionality can be achieved with greater granularity by using policies.
-# Please see the Newton release notes for more information.
+# Reason: This option will be removed in the Pike release or later
+# because the same functionality can be achieved with greater
+# granularity by using policies. Please see the Newton release notes
+# for more information.
 #show_multiple_locations = false
 
 #
@@ -302,18 +274,25 @@
 #
 # Maximum amount of image storage per tenant.
 #
-# This enforces an upper limit on the cumulative storage consumed by all images
+# This enforces an upper limit on the cumulative storage consumed by
+# all images
 # of a tenant across all stores. This is a per-tenant limit.
 #
-# The default unit for this configuration option is Bytes. However, storage
-# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
-# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
-# TeraBytes respectively. Note that there should not be any space between the
-# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# The default unit for this configuration option is Bytes. However,
+# storage
+# units can be specified using case-sensitive literals ``B``, ``KB``,
+# ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes,
+# GigaBytes and
+# TeraBytes respectively. Note that there should not be any space
+# between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative
+# values
 # are invalid and result in errors.
 #
 # Possible values:
-#     * A string that is a valid concatenation of a non-negative integer
+#     * A string that is a valid concatenation of a non-negative
+# integer
 #       representing the storage value and an optional string literal
 #       representing storage units as mentioned above.
 #
@@ -322,6 +301,40 @@
 #
 #  (string value)
 #user_storage_quota = 0
+
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
+#enable_v1_api = true
 
 #
 # Deploy the v2 OpenStack Images API.
@@ -335,18 +348,44 @@
 #       option, which is enabled by default, is also recommended
 #       to be disabled.
 #
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
 # Possible values:
 #     * True
 #     * False
 #
 # Related options:
 #     * enable_v2_registry
+#     * enable_v1_api
 #
 #  (boolean value)
 #enable_v2_api = true
 
 #
-#                     DEPRECATED FOR REMOVAL
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
 #  (boolean value)
 #enable_v1_registry = true
 
@@ -380,8 +419,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #enable_v2_registry = true
 
 #
@@ -399,7 +438,7 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 #pydev_worker_debug_host = localhost
 
 #
@@ -486,31 +525,63 @@
 #
 # Related options:
 #     * [task]/work_dir
+#     * [DEFAULT]/enable_image_import (*deprecated*)
 #
 #  (string value)
 #node_staging_uri = file:///tmp/staging/
 
+# DEPRECATED:
+# Enables the Image Import workflow introduced in Pike
+#
+# As '[DEFAULT]/node_staging_uri' is required for the Image
+# Import, it's disabled per default in Pike, enabled per
+# default in Queens and removed in Rocky. This allows Glance to
+# operate with previous version configs upon upgrade.
+#
+# Setting this option to False will disable the endpoints related
+# to Image Import Refactoring work.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri (boolean value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is deprecated for removal in Rocky.
+#
+# It was introduced to make sure that the API is not enabled
+# before the '[DEFAULT]/node_staging_uri' is defined and is
+# long term redundant.
+#enable_image_import = true
+
 #
 # List of enabled Image Import Methods
 #
 # Both 'glance-direct' and 'web-download' are enabled by default.
 #
 # Related options:
-#     * [DEFAULT]/node_staging_uri (list value)
-#enabled_import_methods = [glance-direct,web-download]
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # The amount of time, in seconds, to delay image scrubbing.
 #
-# When delayed delete is turned on, an image is put into ``pending_delete``
-# state upon deletion until the scrubber deletes its image data. Typically, soon
-# after the image is put into ``pending_delete`` state, it is available for
-# scrubbing. However, scrubbing can be delayed until a later point using this
-# configuration option. This option denotes the time period an image spends in
+# When delayed delete is turned on, an image is put into
+# ``pending_delete``
+# state upon deletion until the scrubber deletes its image data.
+# Typically, soon
+# after the image is put into ``pending_delete`` state, it is
+# available for
+# scrubbing. However, scrubbing can be delayed until a later point
+# using this
+# configuration option. This option denotes the time period an image
+# spends in
 # ``pending_delete`` state before it is available for scrubbing.
 #
-# It is important to realize that this has storage implications. The larger the
-# ``scrub_time``, the longer the time to reclaim backend storage from deleted
+# It is important to realize that this has storage implications. The
+# larger the
+# ``scrub_time``, the longer the time to reclaim backend storage from
+# deleted
 # images.
 #
 # Possible values:
@@ -526,11 +597,16 @@
 #
 # The size of thread pool to be used for scrubbing images.
 #
-# When there are a large number of images to scrub, it is beneficial to scrub
-# images in parallel so that the scrub queue stays in control and the backend
-# storage is reclaimed in a timely fashion. This configuration option denotes
-# the maximum number of images to be scrubbed in parallel. The default value is
-# one, which signifies serial scrubbing. Any value above one indicates parallel
+# When there are a large number of images to scrub, it is beneficial
+# to scrub
+# images in parallel so that the scrub queue stays in control and the
+# backend
+# storage is reclaimed in a timely fashion. This configuration option
+# denotes
+# the maximum number of images to be scrubbed in parallel. The default
+# value is
+# one, which signifies serial scrubbing. Any value above one indicates
+# parallel
 # scrubbing.
 #
 # Possible values:
@@ -546,19 +622,28 @@
 #
 # Turn on/off delayed delete.
 #
-# Typically when an image is deleted, the ``glance-api`` service puts the image
-# into ``deleted`` state and deletes its data at the same time. Delayed delete
-# is a feature in Glance that delays the actual deletion of image data until a
+# Typically when an image is deleted, the ``glance-api`` service puts
+# the image
+# into ``deleted`` state and deletes its data at the same time.
+# Delayed delete
+# is a feature in Glance that delays the actual deletion of image data
+# until a
 # later point in time (as determined by the configuration option
 # ``scrub_time``).
-# When delayed delete is turned on, the ``glance-api`` service puts the image
-# into ``pending_delete`` state upon deletion and leaves the image data in the
-# storage backend for the image scrubber to delete at a later time. The image
-# scrubber will move the image into ``deleted`` state upon successful deletion
+# When delayed delete is turned on, the ``glance-api`` service puts
+# the image
+# into ``pending_delete`` state upon deletion and leaves the image
+# data in the
+# storage backend for the image scrubber to delete at a later time.
+# The image
+# scrubber will move the image into ``deleted`` state upon successful
+# deletion
 # of image data.
 #
-# NOTE: When delayed delete is turned on, image scrubber MUST be running as a
-# periodic task to prevent the backend storage from filling up with undesired
+# NOTE: When delayed delete is turned on, image scrubber MUST be
+# running as a
+# periodic task to prevent the backend storage from filling up with
+# undesired
 # usage.
 #
 # Possible values:
@@ -576,13 +661,19 @@
 #
 # Time interval, in seconds, between scrubber runs in daemon mode.
 #
-# Scrubber can be run either as a cron job or daemon. When run as a daemon, this
-# configuration time specifies the time period between two runs. When the
-# scrubber wakes up, it fetches and scrubs all ``pending_delete`` images that
-# are available for scrubbing after taking ``scrub_time`` into consideration.
-#
-# If the wakeup time is set to a large number, there may be a large number of
-# images to be scrubbed for each run. Also, this impacts how quickly the backend
+# Scrubber can be run either as a cron job or daemon. When run as a
+# daemon, this
+# configuration time specifies the time period between two runs. When
+# the
+# scrubber wakes up, it fetches and scrubs all ``pending_delete``
+# images that
+# are available for scrubbing after taking ``scrub_time`` into
+# consideration.
+#
+# If the wakeup time is set to a large number, there may be a large
+# number of
+# images to be scrubbed for each run. Also, this impacts how quickly
+# the backend
 # storage is reclaimed.
 #
 # Possible values:
@@ -594,7 +685,7 @@
 #
 #  (integer value)
 # Minimum value: 0
-#wakeup_time = 300
+wakeup_time = 300
 
 #
 # Run scrubber as a daemon.
@@ -618,266 +709,131 @@
 #
 #  (boolean value)
 #daemon = false
-
-#
-# Restore the image status from 'pending_delete' to 'active'.
-#
-# This option is used by administrator to reset the image's status from
-# 'pending_delete' to 'active' when the image is deleted by mistake and
-# 'pending delete' feature is enabled in Glance. Please make sure the
-# glance-scrubber daemon is stopped before restoring the image to avoid image
-# data inconsistency.
-#
-# Possible values:
-#     * image's uuid
-#
-#  (string value)
-#restore = <None>
-
+daemon = false
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 # Note: This option can be changed without restarting.
 #debug = false
 
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths. This option
-# is ignored if log_config_append is set. (string value)
+log_file = /var/log/glance/scrubber.log
+
+# (Optional) The base directory used for relative log_file  paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and Linux
-# platform is used. This option is ignored if log_config_append is set. (boolean
-# value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append is
-# set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# Enable journald for logging. If running in a systemd environment you may wish
-# to enable journal support. Doing so will use the journal native protocol which
-# includes structured metadata in addition to log messages.This option is
-# ignored if log_config_append is set. (boolean value)
+# Enable journald for logging. If running in a systemd environment you
+# may wish to enable journal support. Doing so will use the journal
+# native protocol which includes structured metadata in addition to
+# log messages.This option is ignored if log_config_append is set.
+# (boolean value)
 #use_journal = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Use JSON formatting for logging. This option is ignored if log_config_append
-# is set. (boolean value)
+# Use JSON formatting for logging. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_json = false
 
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined. (string
+# Format string to use for log messages when context is undefined.
+# (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string
 # value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message is
-# DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message. (string value)
+# The format for an instance that is passed with the log message.
+# (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message. (string
-# value)
+# The format for an instance UUID that is passed with the log message.
+# (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Interval, number of seconds, of log rate limiting. (integer value)
 #rate_limit_interval = 0
 
-# Maximum number of logged messages per rate_limit_interval. (integer value)
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
 #rate_limit_burst = 0
 
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
-# empty string. Logs with level greater or equal to rate_limit_except_level are
-# not filtered. An empty string means that all levels are filtered. (string
-# value)
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
 #rate_limit_except_level = CRITICAL
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
-
-[database]
-
-#
-# From oslo.db
-#
-
-# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = true
-
-# The back end to use for the database. (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-#backend = sqlalchemy
-
-# The SQLAlchemy connection string to use to connect to the database. (string
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
-# the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# If True, transparently enables support for handling MySQL Cluster (NDB).
-# (boolean value)
-#mysql_enable_ndb = false
-
-# Connections which have been present in the connection pool longer than this
-# number of seconds will be replaced with a new one the next time they are
-# checked out from the pool. (integer value)
-# Deprecated group/name - [DATABASE]/idle_timeout
-# Deprecated group/name - [database]/idle_timeout
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#connection_recycle_time = 3600
-
-# DEPRECATED: Minimum number of SQL connections to keep open in a pool. (integer
-# value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to set the minimum pool size is not supported by
-# sqlalchemy.
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
-# indicates no limit. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
-# Minimum value: 0
-# Maximum value: 100
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout = <None>
-
-# Enable the experimental use of database reconnect on connection lost. (boolean
-# value)
-#use_db_reconnect = false
-
-# Seconds between retries of a database transaction. (integer value)
-#db_retry_interval = 1
-
-# If True, increases the interval between retries of a database operation up to
-# db_max_retry_interval. (boolean value)
-#db_inc_retry_interval = true
-
-# If db_inc_retry_interval is set, the maximum seconds between retries of a
-# database operation. (integer value)
-#db_max_retry_interval = 10
-
-# Maximum retries in case of connection error or deadlock error before error is
-# raised. Set to -1 to specify an infinite retry count. (integer value)
-#db_max_retries = 20
-
-# Optional URL parameters to append onto the connection URL at connect time;
-# specify as param1=value1&param2=value2&... (string value)
-#connection_parameters =
-
-#
-# From oslo.db.concurrency
-#
-
-# Enable the experimental use of thread pooling for all DB API calls (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
-#use_tpool = false
-
-
 [glance_store]
 
 #
 # From glance.store
 #
 
-# DEPRECATED:
+#
 # List of enabled Glance stores.
 #
 # Register the storage backends to use for storing disk images
@@ -898,18 +854,9 @@
 #     * default_store
 #
 #  (list value)
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option is deprecated against new config option
-# ``enabled_backends`` which helps to configure multiple backend stores
-# of different schemes.
-#
-# This option is scheduled for removal in the Stein development
-# cycle.
 #stores = file,http
 
-# DEPRECATED:
+#
 # The default scheme to use for storing images.
 #
 # Provide a string value representing the default scheme to use for
@@ -951,18 +898,9 @@
 # sheepdog - <No description provided>
 # cinder - <No description provided>
 # vsphere - <No description provided>
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option is deprecated against new config option
-# ``default_backend`` which acts similar to ``default_store`` config
-# option.
-#
-# This option is scheduled for removal in the Stein development
-# cycle.
 #default_store = file
 
-# DEPRECATED:
+#
 # Minimum interval in seconds to execute updating dynamic storage
 # capabilities based on current backend status.
 #
@@ -977,19 +915,14 @@
 # By default, this option is set to zero and is disabled. Provide an
 # integer value greater than zero to enable this option.
 #
-# NOTE 1: For more information on store capabilities and their updates,
-# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
-# /store-capabilities.html
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-
+# specs/specs/kilo/store-capabilities.html
 #
 # For more information on setting up a particular store in your
 # deployment and help with the usage of this feature, please contact
 # the storage driver maintainers listed here:
-# https://docs.openstack.org/glance_store/latest/user/drivers.html
-#
-# NOTE 2: The dynamic store update capability described above is not
-# implemented by any current store drivers.  Thus, this option DOES
-# NOT DO ANYTHING (and it never has).  It is DEPRECATED and scheduled
-# for removal early in the Stein development cycle.
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
 #
 # Possible values:
 #     * Zero
@@ -1000,15 +933,6 @@
 #
 #  (integer value)
 # Minimum value: 0
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option configures a stub method that has not been implemented
-# for any existing store drivers.  Hence it is non-operational, and
-# giving it a value does absolutely nothing.
-#
-# This option is scheduled for removal early in the Stein development
-# cycle.
 #store_capabilities_update_min_interval = 0
 
 #
@@ -1017,16 +941,20 @@
 # When the ``cinder_endpoint_template`` is not set and any of
 # ``cinder_store_auth_address``, ``cinder_store_user_name``,
 # ``cinder_store_project_name``, ``cinder_store_password`` is not set,
-# cinder store uses this information to lookup cinder endpoint from the service
-# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# cinder store uses this information to lookup cinder endpoint from
+# the service
+# catalog in the current context. ``cinder_os_region_name``, if set,
+# is taken
 # into consideration to fetch the appropriate endpoint.
 #
-# The service catalog can be listed by the ``openstack catalog list`` command.
+# The service catalog can be listed by the ``openstack catalog list``
+# command.
 #
 # Possible values:
 #     * A string of of the following form:
 #       ``<service_type>:<service_name>:<interface>``
-#       At least ``service_type`` and ``interface`` should be specified.
+#       At least ``service_type`` and ``interface`` should be
+# specified.
 #       ``service_name`` can be omitted.
 #
 # Related options:
@@ -1043,18 +971,22 @@
 #
 # Override service catalog lookup with template for cinder endpoint.
 #
-# When this option is set, this value is used to generate cinder endpoint,
+# When this option is set, this value is used to generate cinder
+# endpoint,
 # instead of looking up from the service catalog.
 # This value is ignored if ``cinder_store_auth_address``,
 # ``cinder_store_user_name``, ``cinder_store_project_name``, and
 # ``cinder_store_password`` are specified.
 #
-# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
-#
-# Possible values:
-#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+# If this configuration option is set, ``cinder_catalog_info`` will be
+# ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s``
+# is
 #       replaced with the current tenant (project) name.
-#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#       For example:
+# ``http://cinder.openstack.example.org/v2/%%(tenant)s``
 #
 # Related options:
 #     * cinder_store_auth_address
@@ -1069,10 +1001,14 @@
 #
 # Region name to lookup cinder service from the service catalog.
 #
-# This is used only when ``cinder_catalog_info`` is used for determining the
-# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
-# the specified region. It is useful when multiple regions are listed in the
-# catalog. If this is not set, the endpoint is looked up from every region.
+# This is used only when ``cinder_catalog_info`` is used for
+# determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is
+# filtered to
+# the specified region. It is useful when multiple regions are listed
+# in the
+# catalog. If this is not set, the endpoint is looked up from every
+# region.
 #
 # Possible values:
 #     * A string that is a valid region name.
@@ -1088,9 +1024,10 @@
 # Location of a CA certificates file used for cinder client requests.
 #
 # The specified CA certificates file, if set, is used to verify cinder
-# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
-# ignored.
-# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value
+# is ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the
+# verification.
 #
 # Possible values:
 #     * Path to a ca certificates file
@@ -1104,7 +1041,8 @@
 #
 # Number of cinderclient retries on failed http calls.
 #
-# When a call failed by any errors, cinderclient will retry the call up to the
+# When a call failed by any errors, cinderclient will retry the call
+# up to the
 # specified times after sleeping a few seconds.
 #
 # Possible values:
@@ -1121,11 +1059,16 @@
 # Time period, in seconds, to wait for a cinder volume transition to
 # complete.
 #
-# When the cinder volume is created, deleted, or attached to the glance node to
-# read/write the volume data, the volume's state is changed. For example, the
-# newly created volume status changes from ``creating`` to ``available`` after
-# the creation process is completed. This specifies the maximum time to wait for
-# the status change. If a timeout occurs while waiting, or the status is changed
+# When the cinder volume is created, deleted, or attached to the
+# glance node to
+# read/write the volume data, the volume's state is changed. For
+# example, the
+# newly created volume status changes from ``creating`` to
+# ``available`` after
+# the creation process is completed. This specifies the maximum time
+# to wait for
+# the status change. If a timeout occurs while waiting, or the status
+# is changed
 # to an unexpected value (e.g. `error``), the image creation fails.
 #
 # Possible values:
@@ -1141,8 +1084,10 @@
 #
 # Allow to perform insecure SSL requests to cinder.
 #
-# If this option is set to True, HTTPS endpoint connection is verified using the
-# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+# If this option is set to True, HTTPS endpoint connection is verified
+# using the
+# CA certificates file specified by ``cinder_ca_certificates_file``
+# option.
 #
 # Possible values:
 #     * True
@@ -1157,15 +1102,23 @@
 #
 # The address where the cinder authentication service is listening.
 #
-# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
-# ``cinder_store_project_name``, and ``cinder_store_password`` options are
-# specified, the specified values are always used for the authentication.
-# This is useful to hide the image volumes from users by storing them in a
-# project/tenant specific to the image service. It also enables users to share
-# the image volume among other projects under the control of glance's ACL.
-#
-# If either of these options are not set, the cinder endpoint is looked up
-# from the service catalog, and current context's user and project are used.
+# When all of ``cinder_store_auth_address``,
+# ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options
+# are
+# specified, the specified values are always used for the
+# authentication.
+# This is useful to hide the image volumes from users by storing them
+# in a
+# project/tenant specific to the image service. It also enables users
+# to share
+# the image volume among other projects under the control of glance's
+# ACL.
+#
+# If either of these options are not set, the cinder endpoint is
+# looked up
+# from the service catalog, and current context's user and project are
+# used.
 #
 # Possible values:
 #     * A valid authentication service address, for example:
@@ -1182,7 +1135,8 @@
 #
 # User name to authenticate against cinder.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the user of the current context is used.
 #
 # Possible values:
@@ -1199,11 +1153,13 @@
 #
 # Password for the user authenticating against cinder.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the user of the current context is used.
 #
 # Possible values:
-#     * A valid password for the user specified by ``cinder_store_user_name``
+#     * A valid password for the user specified by
+# ``cinder_store_user_name``
 #
 # Related options:
 #     * cinder_store_auth_address
@@ -1216,10 +1172,12 @@
 #
 # Project name where the image volume is stored in cinder.
 #
-# If this configuration option is not set, the project in current context is
+# If this configuration option is not set, the project in current
+# context is
 # used.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the project of the current context is used.
 #
 # Possible values:
@@ -1234,11 +1192,15 @@
 #cinder_store_project_name = <None>
 
 #
-# Path to the rootwrap configuration file to use for running commands as root.
-#
-# The cinder store requires root privileges to operate the image volumes (for
-# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
-# The configuration file should allow the required commands by cinder store and
+# Path to the rootwrap configuration file to use for running commands
+# as root.
+#
+# The cinder store requires root privileges to operate the image
+# volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data,
+# etc.).
+# The configuration file should allow the required commands by cinder
+# store and
 # os-brick library.
 #
 # Possible values:
@@ -1253,11 +1215,14 @@
 #
 # Volume type that will be used for volume creation in cinder.
 #
-# Some cinder backends can have several volume types to optimize storage usage.
-# Adding this option allows an operator to choose a specific volume type
+# Some cinder backends can have several volume types to optimize
+# storage usage.
+# Adding this option allows an operator to choose a specific volume
+# type
 # in cinder that can be optimized for images.
 #
-# If this is not set, then the default volume type specified in the cinder
+# If this is not set, then the default volume type specified in the
+# cinder
 # configuration will be used for volume creation.
 #
 # Possible values:
@@ -1312,7 +1277,7 @@
 #
 # More information on configuring filesystem store with multiple store
 # directories can be found at
-# https://docs.openstack.org/glance/latest/configuration/configuring.html
+# http://docs.openstack.org/developer/glance/configuring.html
 #
 # NOTE: This directory is used only when filesystem store is used as a
 # storage backend. Either ``filesystem_store_datadir`` or
@@ -1353,8 +1318,10 @@
 #
 # File access permissions for the image files.
 #
-# Set the intended file access permissions for image data. This provides
-# a way to enable other services, e.g. Nova, to consume images directly
+# Set the intended file access permissions for image data. This
+# provides
+# a way to enable other services, e.g. Nova, to consume images
+# directly
 # from the filesystem store. The users running the services that are
 # intended to be given access to could be made a member of the group
 # that owns the files created. Assigning a value less then or equal to
@@ -1363,7 +1330,7 @@
 # digit.
 #
 # For more information, please refer the documentation at
-# https://docs.openstack.org/glance/latest/configuration/configuring.html
+# http://docs.openstack.org/developer/glance/configuring.html
 #
 # Possible values:
 #     * A valid file access permission
@@ -1380,8 +1347,10 @@
 # Path to the CA bundle file.
 #
 # This configuration option enables the operator to use a custom
-# Certificate Authority file to verify the remote server certificate. If
-# this option is set, the ``https_insecure`` option will be ignored and
+# Certificate Authority file to verify the remote server certificate.
+# If
+# this option is set, the ``https_insecure`` option will be ignored
+# and
 # the CA file specified will be used to authenticate the server
 # certificate and establish a secure connection to the server.
 #
@@ -1399,8 +1368,10 @@
 #
 # This configuration option takes in a boolean value to determine
 # whether or not to verify the remote server certificate. If set to
-# True, the remote server certificate is not verified. If the option is
-# set to False, then the default CA truststore is used for verification.
+# True, the remote server certificate is not verified. If the option
+# is
+# set to False, then the default CA truststore is used for
+# verification.
 #
 # This option is ignored if ``https_ca_certificates_file`` is set.
 # The remote server certificate will then be verified using the file
@@ -1423,12 +1394,14 @@
 # This configuration option specifies the http/https proxy information
 # that should be used to connect to the remote server. The proxy
 # information should be a key value pair of the scheme and proxy, for
-# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# example, http:10.0.0.1:3128. You can also specify proxies for
+# multiple
 # schemes by separating the key value pairs with a comma, for example,
 # http:10.0.0.1:3128, https:10.0.0.1:1080.
 #
 # Possible values:
-#     * A comma separated list of scheme:proxy pairs as described above
+#     * A comma separated list of scheme:proxy pairs as described
+# above
 #
 # Related options:
 #     * None
@@ -1440,11 +1413,13 @@
 # Size, in megabytes, to chunk RADOS images into.
 #
 # Provide an integer value representing the size in megabytes to chunk
-# Glance images into. The default chunk size is 8 megabytes. For optimal
+# Glance images into. The default chunk size is 8 megabytes. For
+# optimal
 # performance, the value should be a power of two.
 #
 # When Ceph's RBD object storage system is used as the storage backend
-# for storing Glance images, the images are chunked into objects of the
+# for storing Glance images, the images are chunked into objects of
+# the
 # size set using this option. These chunked objects are then stored
 # across the distributed block data store to use for Glance.
 #
@@ -1461,8 +1436,10 @@
 #
 # RADOS pool in which images are stored.
 #
-# When RBD is used as the storage backend for storing Glance images, the
-# images are stored by means of logical grouping of the objects (chunks
+# When RBD is used as the storage backend for storing Glance images,
+# the
+# images are stored by means of logical grouping of the objects
+# (chunks
 # of images) into a ``pool``. Each pool is defined with the number of
 # placement groups it can contain. The default pool that is used is
 # 'images'.
@@ -1482,7 +1459,8 @@
 #
 # RADOS user to authenticate as.
 #
-# This configuration option takes in the RADOS user to authenticate as.
+# This configuration option takes in the RADOS user to authenticate
+# as.
 # This is only needed when RADOS authentication is enabled and is
 # applicable only if the user is using Cephx authentication. If the
 # value for this option is not set by the user or is set to None, a
@@ -1501,9 +1479,11 @@
 #
 # Ceph configuration file path.
 #
-# This configuration option takes in the path to the Ceph configuration
+# This configuration option takes in the path to the Ceph
+# configuration
 # file to be used. If the value for this option is not set by the user
-# or is set to None, librados will locate the default configuration file
+# or is set to None, librados will locate the default configuration
+# file
 # which is located at /etc/ceph/ceph.conf. If using Cephx
 # authentication, this file should include a reference to the right
 # keyring in a client.<USER> section
@@ -1521,7 +1501,8 @@
 # Timeout value for connecting to Ceph cluster.
 #
 # This configuration option takes in the timeout value in seconds used
-# when connecting to the Ceph cluster i.e. it sets the time to wait for
+# when connecting to the Ceph cluster i.e. it sets the time to wait
+# for
 # glance-api before closing the connection. This prevents glance-api
 # hangups during the connection to RBD. If the value for this option
 # is set to less than or equal to 0, no timeout is set and the default
@@ -1605,7 +1586,7 @@
 # Related Options:
 #     * sheepdog_store_port
 #
-#  (host address value)
+#  (unknown value)
 #sheepdog_store_address = 127.0.0.1
 
 #
@@ -1613,7 +1594,8 @@
 #
 # This boolean determines whether or not to verify the server
 # certificate. If this option is set to True, swiftclient won't check
-# for a valid SSL certificate when authenticating. If the option is set
+# for a valid SSL certificate when authenticating. If the option is
+# set
 # to False, then the default CA truststore is used for verification.
 #
 # Possible values:
@@ -1629,7 +1611,8 @@
 #
 # Path to the CA bundle file.
 #
-# This configuration option enables the operator to specify the path to
+# This configuration option enables the operator to specify the path
+# to
 # a custom Certificate Authority file for SSL verification when
 # connecting to Swift.
 #
@@ -1685,7 +1668,8 @@
 # the container and object to the configured URL.
 #
 # Possible values:
-#     * String value representing a valid URL path up to a Swift container
+#     * String value representing a valid URL path up to a Swift
+# container
 #
 # Related Options:
 #     * None
@@ -1697,9 +1681,12 @@
 # Endpoint Type of Swift service.
 #
 # This string value indicates the endpoint type to use to fetch the
-# Swift endpoint. The endpoint type determines the actions the user will
-# be allowed to perform, for instance, reading and writing to the Store.
-# This setting is only used if swift_store_auth_version is greater than
+# Swift endpoint. The endpoint type determines the actions the user
+# will
+# be allowed to perform, for instance, reading and writing to the
+# Store.
+# This setting is only used if swift_store_auth_version is greater
+# than
 # 1.
 #
 # Possible values:
@@ -1739,32 +1726,46 @@
 #swift_store_service_type = object-store
 
 #
-# Name of single container to store images/name prefix for multiple containers
-#
-# When a single container is being used to store images, this configuration
-# option indicates the container within the Glance account to be used for
-# storing all images. When multiple containers are used to store images, this
+# Name of single container to store images/name prefix for multiple
+# containers
+#
+# When a single container is being used to store images, this
+# configuration
+# option indicates the container within the Glance account to be used
+# for
+# storing all images. When multiple containers are used to store
+# images, this
 # will be the name prefix for all containers. Usage of single/multiple
 # containers can be controlled using the configuration option
 # ``swift_store_multiple_containers_seed``.
 #
-# When using multiple containers, the containers will be named after the value
-# set for this configuration option with the first N chars of the image UUID
+# When using multiple containers, the containers will be named after
+# the value
+# set for this configuration option with the first N chars of the
+# image UUID
 # as the suffix delimited by an underscore (where N is specified by
 # ``swift_store_multiple_containers_seed``).
 #
-# Example: if the seed is set to 3 and swift_store_container = ``glance``, then
-# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed in
-# the container ``glance_fda``. All dashes in the UUID are included when
-# creating the container name but do not count toward the character limit, so
+# Example: if the seed is set to 3 and swift_store_container =
+# ``glance``, then
+# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be
+# placed in
+# the container ``glance_fda``. All dashes in the UUID are included
+# when
+# creating the container name but do not count toward the character
+# limit, so
 # when N=10 the container name would be ``glance_fdae39a1-ba.``
 #
 # Possible values:
-#     * If using single container, this configuration option can be any string
+#     * If using single container, this configuration option can be
+# any string
 #       that is a valid swift container name in Glance's Swift account
-#     * If using multiple containers, this configuration option can be any
-#       string as long as it satisfies the container naming rules enforced by
-#       Swift. The value of ``swift_store_multiple_containers_seed`` should be
+#     * If using multiple containers, this configuration option can be
+# any
+#       string as long as it satisfies the container naming rules
+# enforced by
+#       Swift. The value of ``swift_store_multiple_containers_seed``
+# should be
 #       taken into account as well.
 #
 # Related options:
@@ -1776,24 +1777,31 @@
 #swift_store_container = glance
 
 #
-# The size threshold, in MB, after which Glance will start segmenting image
-# data.
-#
-# Swift has an upper limit on the size of a single uploaded object. By default,
-# this is 5GB. To upload objects bigger than this limit, objects are segmented
-# into multiple smaller objects that are tied together with a manifest file.
+# The size threshold, in MB, after which Glance will start segmenting
+# image data.
+#
+# Swift has an upper limit on the size of a single uploaded object. By
+# default,
+# this is 5GB. To upload objects bigger than this limit, objects are
+# segmented
+# into multiple smaller objects that are tied together with a manifest
+# file.
 # For more detail, refer to
-# https://docs.openstack.org/swift/latest/overview_large_objects.html
-#
-# This configuration option specifies the size threshold over which the Swift
+# http://docs.openstack.org/developer/swift/overview_large_objects.html
+#
+# This configuration option specifies the size threshold over which
+# the Swift
 # driver will start segmenting image data into multiple smaller files.
-# Currently, the Swift driver only supports creating Dynamic Large Objects.
-#
-# NOTE: This should be set by taking into account the large object limit
+# Currently, the Swift driver only supports creating Dynamic Large
+# Objects.
+#
+# NOTE: This should be set by taking into account the large object
+# limit
 # enforced by the Swift cluster in consideration.
 #
 # Possible values:
-#     * A positive integer that is less than or equal to the large object limit
+#     * A positive integer that is less than or equal to the large
+# object limit
 #       enforced by the Swift cluster in consideration.
 #
 # Related options:
@@ -1804,20 +1812,26 @@
 #swift_store_large_object_size = 5120
 
 #
-# The maximum size, in MB, of the segments when image data is segmented.
-#
-# When image data is segmented to upload images that are larger than the limit
-# enforced by the Swift cluster, image data is broken into segments that are no
+# The maximum size, in MB, of the segments when image data is
+# segmented.
+#
+# When image data is segmented to upload images that are larger than
+# the limit
+# enforced by the Swift cluster, image data is broken into segments
+# that are no
 # bigger than the size specified by this configuration option.
 # Refer to ``swift_store_large_object_size`` for more detail.
 #
 # For example: if ``swift_store_large_object_size`` is 5GB and
-# ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will be
-# segmented into 7 segments where the first six segments will be 1GB in size and
+# ``swift_store_large_object_chunk_size`` is 1GB, an image of size
+# 6.2GB will be
+# segmented into 7 segments where the first six segments will be 1GB
+# in size and
 # the seventh segment will be 0.2GB.
 #
 # Possible values:
-#     * A positive integer that is less than or equal to the large object limit
+#     * A positive integer that is less than or equal to the large
+# object limit
 #       enforced by Swift cluster in consideration.
 #
 # Related options:
@@ -1830,9 +1844,12 @@
 #
 # Create container, if it doesn't already exist, when uploading image.
 #
-# At the time of uploading an image, if the corresponding container doesn't
-# exist, it will be created provided this configuration option is set to True.
-# By default, it won't be created. This behavior is applicable for both single
+# At the time of uploading an image, if the corresponding container
+# doesn't
+# exist, it will be created provided this configuration option is set
+# to True.
+# By default, it won't be created. This behavior is applicable for
+# both single
 # and multiple containers mode.
 #
 # Possible values:
@@ -1848,9 +1865,12 @@
 #
 # Store images in tenant's Swift account.
 #
-# This enables multi-tenant storage mode which causes Glance images to be stored
-# in tenant specific Swift accounts. If this is disabled, Glance stores all
-# images in its own account. More details multi-tenant store can be found at
+# This enables multi-tenant storage mode which causes Glance images to
+# be stored
+# in tenant specific Swift accounts. If this is disabled, Glance
+# stores all
+# images in its own account. More details multi-tenant store can be
+# found at
 # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage
 #
 # NOTE: If using multi-tenant swift store, please make sure
@@ -1870,18 +1890,26 @@
 #
 # Seed indicating the number of containers to use for storing images.
 #
-# When using a single-tenant store, images can be stored in one or more than one
-# containers. When set to 0, all images will be stored in one single container.
-# When set to an integer value between 1 and 32, multiple containers will be
-# used to store images. This configuration option will determine how many
-# containers are created. The total number of containers that will be used is
-# equal to 16^N, so if this config option is set to 2, then 16^2=256 containers
+# When using a single-tenant store, images can be stored in one or
+# more than one
+# containers. When set to 0, all images will be stored in one single
+# container.
+# When set to an integer value between 1 and 32, multiple containers
+# will be
+# used to store images. This configuration option will determine how
+# many
+# containers are created. The total number of containers that will be
+# used is
+# equal to 16^N, so if this config option is set to 2, then 16^2=256
+# containers
 # will be used to store images.
 #
-# Please refer to ``swift_store_container`` for more detail on the naming
-# convention. More detail about using multiple containers can be found at
-# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-
-# multiple-containers.html
+# Please refer to ``swift_store_container`` for more detail on the
+# naming
+# convention. More detail about using multiple containers can be found
+# at
+# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-
+# store-multiple-containers.html
 #
 # NOTE: This is used only when swift_store_multi_tenant is disabled.
 #
@@ -1906,7 +1934,8 @@
 # default value is an empty list.
 #
 # Possible values:
-#     * A comma separated list of strings representing UUIDs of Keystone
+#     * A comma separated list of strings representing UUIDs of
+# Keystone
 #       projects/tenants
 #
 # Related options:
@@ -2058,30 +2087,34 @@
 #  (string value)
 #default_swift_reference = ref1
 
-# DEPRECATED: Version of the authentication service to use. Valid versions are 2
-# and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string value)
+# DEPRECATED: Version of the authentication service to use. Valid
+# versions are 2 and 3 for keystone and 1 (deprecated) for swauth and
+# rackspace. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason:
-# The option 'auth_version' in the Swift back-end configuration file is
+# The option 'auth_version' in the Swift back-end configuration file
+# is
 # used instead.
 #swift_store_auth_version = 2
 
-# DEPRECATED: The address where the Swift authentication service is listening.
-# (string value)
+# DEPRECATED: The address where the Swift authentication service is
+# listening. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason:
-# The option 'auth_address' in the Swift back-end configuration file is
+# The option 'auth_address' in the Swift back-end configuration file
+# is
 # used instead.
 #swift_store_auth_address = <None>
 
-# DEPRECATED: The user to authenticate against the Swift authentication service.
-# (string value)
+# DEPRECATED: The user to authenticate against the Swift
+# authentication service. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason:
-# The option 'user' in the Swift back-end configuration file is set instead.
+# The option 'user' in the Swift back-end configuration file is set
+# instead.
 #swift_store_user = <None>
 
 # DEPRECATED: Auth key for the user authenticating against the Swift
@@ -2145,9 +2178,11 @@
 #
 # Address of the ESX/ESXi or vCenter Server target system.
 #
-# This configuration option sets the address of the ESX/ESXi or vCenter
+# This configuration option sets the address of the ESX/ESXi or
+# vCenter
 # Server target system. This option is required when using the VMware
-# storage backend. The address can contain an IP address (127.0.0.1) or
+# storage backend. The address can contain an IP address (127.0.0.1)
+# or
 # a DNS name (www.my-domain.com).
 #
 # Possible Values:
@@ -2158,7 +2193,7 @@
 #     * vmware_server_username
 #     * vmware_server_password
 #
-#  (host address value)
+#  (unknown value)
 #vmware_server_host = 127.0.0.1
 
 #
@@ -2219,7 +2254,8 @@
 # Interval in seconds used for polling remote tasks invoked on VMware
 # ESX/VC server.
 #
-# This configuration option takes in the sleep time in seconds for polling an
+# This configuration option takes in the sleep time in seconds for
+# polling an
 # on-going async task as part of the VMWare ESX/VC server API call.
 #
 # Possible Values:
@@ -2233,11 +2269,14 @@
 #vmware_task_poll_interval = 5
 
 #
-# The directory where the glance images will be stored in the datastore.
-#
-# This configuration option specifies the path to the directory where the
+# The directory where the glance images will be stored in the
+# datastore.
+#
+# This configuration option specifies the path to the directory where
+# the
 # glance images will be stored in the VMware datastore. If this option
-# is not set,  the default directory where the glance images are stored
+# is not set,  the default directory where the glance images are
+# stored
 # is openstack_glance.
 #
 # Possible Values:
@@ -2258,7 +2297,8 @@
 # verified. If this option is set to False, then the default CA
 # truststore is used for verification.
 #
-# This option is ignored if the "vmware_ca_file" option is set. In that
+# This option is ignored if the "vmware_ca_file" option is set. In
+# that
 # case, the ESX/vCenter server certificate will then be verified using
 # the file specified using the "vmware_ca_file" option .
 #
@@ -2280,7 +2320,8 @@
 # Cerificate Authority File to verify the ESX/vCenter certificate.
 #
 # If this option is set, the "vmware_insecure" option will be ignored
-# and the CA file specified will be used to authenticate the ESX/vCenter
+# and the CA file specified will be used to authenticate the
+# ESX/vCenter
 # server certificate and establish a secure connection to the server.
 #
 # Possible Values:
@@ -2295,18 +2336,22 @@
 #
 # The datastores where the image can be stored.
 #
-# This configuration option specifies the datastores where the image can
+# This configuration option specifies the datastores where the image
+# can
 # be stored in the VMWare store backend. This option may be specified
-# multiple times for specifying multiple datastores. The datastore name
+# multiple times for specifying multiple datastores. The datastore
+# name
 # should be specified after its datacenter path, separated by ":". An
-# optional weight may be given after the datastore name, separated again
+# optional weight may be given after the datastore name, separated
+# again
 # by ":" to specify the priority. Thus, the required format becomes
 # <datacenter_path>:<datastore_name>:<optional_weight>.
 #
 # When adding an image, the datastore with highest weight will be
 # selected, unless there is not enough free space available in cases
 # where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for selection
+# assumed to be zero and the directory will be considered for
+# selection
 # last. If multiple datastores have the same weight, then the one with
 # the most free space available is selected.
 #
@@ -2320,64 +2365,177 @@
 #  (multi valued)
 #vmware_datastores =
 
-
 [oslo_concurrency]
 
-#
-# From oslo.concurrency
-#
-
-# Enables or disables inter-process locks. (boolean value)
-#disable_process_locking = false
-
-# Directory to use for lock files.  For security, the specified directory should
-# only be writable by the user running the processes that need locking. Defaults
-# to environment variable OSLO_LOCK_PATH. If external locks are used, a lock
-# path must be set. (string value)
-#lock_path = <None>
-
+[database]
+#
+# From oslo.db
+#
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+#connection = <None>
+connection = mysql+pymysql://glance:opnfv_secret@10.167.4.23/glance?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# If True, transparently enables support for handling MySQL Cluster
+# (NDB). (boolean value)
+#mysql_enable_ndb = false
+
+# Connections which have been present in the connection pool longer
+# than this number of seconds will be replaced with a new one the next
+# time they are checked out from the pool. (integer value)
+# Deprecated group/name - [DATABASE]/idle_timeout
+# Deprecated group/name - [database]/idle_timeout
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#connection_recycle_time = 3600
+# (obryndzii) we change default connection_recycle_time to 280 in order to fix numerous
+# DBConnection errors in services until we implement this setting in reclass-system
+connection_recycle_time = 300
+
+# Minimum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a
+# value of 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
+#db_max_retries = 20
+
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
 
 [oslo_policy]
-
 #
 # From oslo.policy
 #
 
-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
+# This option controls whether or not to enforce scope when evaluating
+# policies. If ``True``, the scope of the token used in the request is
+# compared to the ``scope_types`` of the policy being enforced. If the
+# scopes do not match, an ``InvalidScope`` exception will be raised.
+# If ``False``, a message will be logged informing operators that
+# policies are being invoked with mismatching scope. (boolean value)
 #enforce_scope = false
 
 # The file that defines policies. (string value)
 #policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
+policy_file = /etc/glance/policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string
+# value)
 #policy_default_rule = default
 
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
+# Directories where policy configuration files are stored. They can be
+# relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by
+# policy_file must exist for these directories to be searched.
+# Missing or empty directories are ignored. (multi valued)
 #policy_dirs = policy.d
 
-# Content Type to send and receive data for REST based policy check (string
-# value)
+# Content Type to send and receive data for REST based policy check
+# (string value)
 # Possible values:
 # application/x-www-form-urlencoded - <No description provided>
 # application/json - <No description provided>
 #remote_content_type = application/x-www-form-urlencoded
 
-# server identity verification for REST based policy check (boolean value)
+# server identity verification for REST based policy check (boolean
+# value)
 #remote_ssl_verify_server_crt = false
 
-# Absolute path to ca cert file for REST based policy check (string value)
+# Absolute path to ca cert file for REST based policy check (string
+# value)
 #remote_ssl_ca_crt_file = <None>
 
-# Absolute path to client cert for REST based policy check (string value)
+# Absolute path to client cert for REST based policy check (string
+# value)
 #remote_ssl_client_crt_file = <None>
 
 # Absolute path client key file REST based policy check (string value)

2019-04-30 22:14:50,756 [salt.state       :1951][INFO    ][14121] Completed state [/etc/glance/glance-scrubber.conf] at time 22:14:50.756551 duration_in_ms=102.838
2019-04-30 22:14:50,757 [salt.state       :1780][INFO    ][14121] Running state [/etc/glance/glance-api.conf] at time 22:14:50.756976
2019-04-30 22:14:50,757 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/glance/glance-api.conf]
2019-04-30 22:14:50,774 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/files/rocky/glance-api.conf.Debian'
2019-04-30 22:14:50,878 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/messaging/_default.conf'
2019-04-30 22:14:50,910 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/messaging/_amqp.conf'
2019-04-30 22:14:50,923 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/messaging/_notifications.conf'
2019-04-30 22:14:50,937 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/messaging/_rabbit.conf'
2019-04-30 22:14:51,028 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/_cors.conf'
2019-04-30 22:14:51,043 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/_middleware.conf'
2019-04-30 22:14:51,056 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/castellan/_barbican.conf'
2019-04-30 22:14:51,080 [salt.state       :300 ][INFO    ][14121] File changed:
--- 
+++ 
@@ -1,16 +1,224 @@
+
+
 [DEFAULT]
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size = 30
+
+# The pool size limit for connections expiration policy (integer
+# value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer
+# value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet
+# interface, or IP. The "host" option should point or resolve to this
+# address. (string value)
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic.
+# Default is unlimited. (integer value)
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address.
+# Must match "host" option, if running Nova. (string value)
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent
+# after closing a socket. The default value of -1 specifies an
+# infinite linger period. The value of 0 specifies no linger period.
+# Pending messages shall be discarded immediately when the socket is
+# closed. Positive values specify an upper bound for the linger
+# period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
+
+
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing
+# target. (integer value)
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes
+# sense only with use_router_proxy=False which means to use direct
+# connections for direct message types (ignored otherwise). (boolean
+# value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover
+# reasons. This option is actual only in dynamic connections mode.
+# (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means
+# not keeping a queue when server side disconnects. False means to
+# keep queue and messages even if server is disconnected, when the
+# server appears we send all accumulated messages to it. (boolean
+# value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1
+# (or any other negative value) means to skip any overrides and leave
+# it to OS default; 0 and 1 (or any other positive value) mean to
+# disable and enable the option respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition.
+# The unit is platform dependent, for example, seconds in Linux,
+# milliseconds in Windows etc. The default value of -1 (or any other
+# negative value and 0) means to skip any overrides and leave it to OS
+# default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring
+# that remote end is not available. The default value of -1 (or any
+# other negative value and 0) means to skip any overrides and leave it
+# to OS default. (integer value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not
+# received. The unit is platform dependent, for example, seconds in
+# Linux, milliseconds in Windows etc. The default value of -1 (or any
+# other negative value and 0) means to skip any overrides and leave it
+# to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer
+# value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which
+# it is not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism
+# works only via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each
+# retry attempt this timeout is multiplied by some specified
+# multiplier. (integer value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt.
+# (integer value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems
+# occurred: positive value N means at most N retries, 0 means no
+# retries, None or -1 (or any other negative values) mean to retry
+# forever. This option is used only if acknowledgments are enabled.
+# (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option
+# has higher priority then the default publishers list taken from the
+# matchmaker. (list value)
+#subscribe_on =
+
+# Size of executor thread pool when executor is threading or eventlet.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+
+# The network address and optional user credentials for connecting to
+# the messaging backend, in URL format. The expected format is:
+#
+# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
+#
+# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
+#
+# For full details on the fields in the URL see the documentation of
+# oslo_messaging.TransportURL at
+# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
+# (string value)
+#transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other
+# drivers include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend = rabbit
+
+# The default exchange under which topics are scoped. May be
+# overridden by an exchange name specified in the transport_url
+# option. (string value)
+#control_exchange = openstack
+
 
 #
 # From glance.api
 #
 
-# DEPRECATED:
+#
 # Set the image owner to tenant or the authenticated user.
 #
-# Assign a boolean value to determine the owner of an image. When set to
+# Assign a boolean value to determine the owner of an image. When set
+# to
 # True, the owner of the image is the tenant. When set to False, the
-# owner of the image will be the authenticated user issuing the request.
-# Setting it to False makes the image private to the associated user and
+# owner of the image will be the authenticated user issuing the
+# request.
+# Setting it to False makes the image private to the associated user
+# and
 # sharing with other users within the same tenant (or "project")
 # requires explicit image sharing via image membership.
 #
@@ -22,15 +230,6 @@
 #     * None
 #
 #  (boolean value)
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# The non-default setting for this option misaligns Glance with other
-# OpenStack services with respect to resource ownership.  Further, surveys
-# indicate that this option is not used by operators.  The option will be
-# removed early in the 'S' development cycle following the standard OpenStack
-# deprecation policy.  As the option is not in wide use, no migration path is
-# proposed.
 #owner_is_tenant = true
 
 #
@@ -74,7 +273,8 @@
 #
 # Provide  an integer value to limit the length of the request ID to
 # the specified length. The default value is 64. Users can change this
-# to any ineteger value between 0 and 16384 however keeping in mind that
+# to any ineteger value between 0 and 16384 however keeping in mind
+# that
 # a larger value may flood the logs.
 #
 # Possible values:
@@ -132,44 +332,11 @@
 #  (boolean value)
 #allow_additional_image_properties = true
 
-# "
-# Secure hashing algorithm used for computing the 'os_hash_value' property.
-#
-# This option configures the Glance "multihash", which consists of two
-# image properties: the 'os_hash_algo' and the 'os_hash_value'.  The
-# 'os_hash_algo' will be populated by the value of this configuration
-# option, and the 'os_hash_value' will be populated by the hexdigest computed
-# when the algorithm is applied to the uploaded or imported image data.
-#
-# The value must be a valid secure hash algorithm name recognized by the
-# python 'hashlib' library.  You can determine what these are by examining
-# the 'hashlib.algorithms_available' data member of the version of the
-# library being used in your Glance installation.  For interoperability
-# purposes, however, we recommend that you use the set of secure hash
-# names supplied by the 'hashlib.algorithms_guaranteed' data member because
-# those algorithms are guaranteed to be supported by the 'hashlib' library
-# on all platforms.  Thus, any image consumer using 'hashlib' locally should
-# be able to verify the 'os_hash_value' of the image.
-#
-# The default value of 'sha512' is a performant secure hash algorithm.
-#
-# If this option is misconfigured, any attempts to store image data will fail.
-# For that reason, we recommend using the default value.
-#
-# Possible values:
-#     * Any secure hash algorithm name recognized by the Python 'hashlib'
-#       library
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#hashing_algorithm = sha512
-
 #
 # Maximum number of image members per image.
 #
-# This limits the maximum of users an image can be shared with. Any negative
+# This limits the maximum of users an image can be shared with. Any
+# negative
 # value is interpreted as unlimited.
 #
 # Related options:
@@ -181,10 +348,12 @@
 #
 # Maximum number of properties allowed on an image.
 #
-# This enforces an upper limit on the number of additional properties an image
+# This enforces an upper limit on the number of additional properties
+# an image
 # can have. Any negative value is interpreted as unlimited.
 #
-# NOTE: This won't have any impact if additional properties are disabled. Please
+# NOTE: This won't have any impact if additional properties are
+# disabled. Please
 # refer to ``allow_additional_image_properties``.
 #
 # Related options:
@@ -241,7 +410,8 @@
 #
 # Finally, when this configuration option is set to
 # ``glance.db.simple.api``, image catalog data is stored in and read
-# from an in-memory data structure. This is primarily used for testing.
+# from an in-memory data structure. This is primarily used for
+# testing.
 #
 # Related options:
 #     * enable_v2_api
@@ -254,8 +424,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #data_api = glance.db.sqlalchemy.api
 
 #
@@ -284,6 +454,7 @@
 #  (integer value)
 # Minimum value: 1
 #limit_param_default = 25
+limit_param_default = 25
 
 #
 # Maximum number of results that could be returned by a request.
@@ -309,6 +480,7 @@
 #  (integer value)
 # Minimum value: 1
 #api_limit_max = 1000
+api_limit_max = 1000
 
 #
 # Show direct image location when returning an image.
@@ -341,6 +513,7 @@
 #
 #  (boolean value)
 #show_image_direct_url = false
+show_image_direct_url = true
 
 # DEPRECATED:
 # Show all image locations when returning an image.
@@ -372,10 +545,12 @@
 #  (boolean value)
 # This option is deprecated for removal since Newton.
 # Its value may be silently ignored in the future.
-# Reason: This option will be removed in the Pike release or later because the
-# same functionality can be achieved with greater granularity by using policies.
-# Please see the Newton release notes for more information.
+# Reason: This option will be removed in the Pike release or later
+# because the same functionality can be achieved with greater
+# granularity by using policies. Please see the Newton release notes
+# for more information.
 #show_multiple_locations = false
+#show_multiple_locations = true
 
 #
 # Maximum size of image a user can upload in bytes.
@@ -406,18 +581,25 @@
 #
 # Maximum amount of image storage per tenant.
 #
-# This enforces an upper limit on the cumulative storage consumed by all images
+# This enforces an upper limit on the cumulative storage consumed by
+# all images
 # of a tenant across all stores. This is a per-tenant limit.
 #
-# The default unit for this configuration option is Bytes. However, storage
-# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
-# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
-# TeraBytes respectively. Note that there should not be any space between the
-# value and unit. Value ``0`` signifies no quota enforcement. Negative values
+# The default unit for this configuration option is Bytes. However,
+# storage
+# units can be specified using case-sensitive literals ``B``, ``KB``,
+# ``MB``,
+# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes,
+# GigaBytes and
+# TeraBytes respectively. Note that there should not be any space
+# between the
+# value and unit. Value ``0`` signifies no quota enforcement. Negative
+# values
 # are invalid and result in errors.
 #
 # Possible values:
-#     * A string that is a valid concatenation of a non-negative integer
+#     * A string that is a valid concatenation of a non-negative
+# integer
 #       representing the storage value and an optional string literal
 #       representing storage units as mentioned above.
 #
@@ -426,6 +608,41 @@
 #
 #  (string value)
 #user_storage_quota = 0
+
+#
+# Deploy the v1 OpenStack Images API.
+#
+# When this option is set to ``True``, Glance service will respond to
+# requests on registered endpoints conforming to the v1 OpenStack
+# Images API.
+#
+# NOTES:
+#     * If this option is enabled, then ``enable_v1_registry`` must
+#       also be set to ``True`` to enable mandatory usage of Registry
+#       service with v1 API.
+#
+#     * If this option is disabled, then the ``enable_v1_registry``
+#       option, which is enabled by default, is also recommended
+#       to be disabled.
+#
+#     * This option is separate from ``enable_v2_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v2 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_registry
+#     * enable_v2_api
+#
+#  (boolean value)
+#enable_v1_api = true
+enable_v1_api=False
 
 #
 # Deploy the v2 OpenStack Images API.
@@ -439,18 +656,45 @@
 #       option, which is enabled by default, is also recommended
 #       to be disabled.
 #
+#     * This option is separate from ``enable_v1_api``, both v1 and v2
+#       OpenStack Images API can be deployed independent of each
+#       other.
+#
+#     * If deploying only the v1 Images API, this option, which is
+#       enabled by default, should be disabled.
+#
 # Possible values:
 #     * True
 #     * False
 #
 # Related options:
 #     * enable_v2_registry
+#     * enable_v1_api
 #
 #  (boolean value)
 #enable_v2_api = true
-
-#
-#                     DEPRECATED FOR REMOVAL
+enable_v2_api=True
+
+#
+# Deploy the v1 API Registry service.
+#
+# When this option is set to ``True``, the Registry service
+# will be enabled in Glance for v1 API requests.
+#
+# NOTES:
+#     * Use of Registry is mandatory in v1 API, so this option must
+#       be set to ``True`` if the ``enable_v1_api`` option is enabled.
+#
+#     * If deploying only the v2 OpenStack Images API, this option,
+#       which is enabled by default, should be disabled.
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * enable_v1_api
+#
 #  (boolean value)
 #enable_v1_registry = true
 
@@ -484,8 +728,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #enable_v2_registry = true
 
 #
@@ -503,7 +747,7 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 #pydev_worker_debug_host = localhost
 
 #
@@ -590,18 +834,43 @@
 #
 # Related options:
 #     * [task]/work_dir
+#     * [DEFAULT]/enable_image_import (*deprecated*)
 #
 #  (string value)
 #node_staging_uri = file:///tmp/staging/
 
+# DEPRECATED:
+# Enables the Image Import workflow introduced in Pike
+#
+# As '[DEFAULT]/node_staging_uri' is required for the Image
+# Import, it's disabled per default in Pike, enabled per
+# default in Queens and removed in Rocky. This allows Glance to
+# operate with previous version configs upon upgrade.
+#
+# Setting this option to False will disable the endpoints related
+# to Image Import Refactoring work.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri (boolean value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is deprecated for removal in Rocky.
+#
+# It was introduced to make sure that the API is not enabled
+# before the '[DEFAULT]/node_staging_uri' is defined and is
+# long term redundant.
+#enable_image_import = true
+
 #
 # List of enabled Image Import Methods
 #
 # Both 'glance-direct' and 'web-download' are enabled by default.
 #
 # Related options:
-#     * [DEFAULT]/node_staging_uri (list value)
-#enabled_import_methods = [glance-direct,web-download]
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # Strategy to determine the preference order of image locations.
@@ -632,6 +901,9 @@
 # store_type - <No description provided>
 #location_strategy = location_order
 
+location_strategy = location_order
+
+
 #
 # The location of the property protection file.
 #
@@ -646,7 +918,8 @@
 # protections won't be enforced. If a value is specified and the file
 # is not found, the glance-api service will fail to start.
 # More information on property protections can be found at:
-# https://docs.openstack.org/glance/latest/admin/property-protections.html
+# https://docs.openstack.org/glance/latest/admin/property-
+# protections.html
 #
 # Possible values:
 #     * Empty string
@@ -726,8 +999,9 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 #bind_host = 0.0.0.0
+bind_host = 10.167.4.37
 
 #
 # Port number on which the server will listen.
@@ -747,6 +1021,7 @@
 # Minimum value: 0
 # Maximum value: 65535
 #bind_port = <None>
+bind_port = 9292
 
 #
 # Number of Glance worker processes to start.
@@ -755,7 +1030,8 @@
 # process workers to service requests. By default, the number of CPUs
 # available is set as the value for ``workers`` limited to 8. For
 # example if the processor count is 6, 6 workers will be used, if the
-# processor count is 24 only 8 workers will be used. The limit will only
+# processor count is 24 only 8 workers will be used. The limit will
+# only
 # apply to the default value, if 24 workers is configured, 24 is used.
 #
 # Each worker process is made to listen on the port set in the
@@ -774,6 +1050,7 @@
 #  (integer value)
 # Minimum value: 0
 #workers = <None>
+workers = 8
 
 #
 # Maximum line size of message headers.
@@ -943,21 +1220,25 @@
 #  (string value)
 #key_file = /etc/ssl/key/key-file.pem
 
-# DEPRECATED: The HTTP header used to determine the scheme for the original
-# request, even if it was removed by an SSL terminating proxy. Typical value is
-# "HTTP_X_FORWARDED_PROTO". (string value)
+# DEPRECATED: The HTTP header used to determine the scheme for the
+# original request, even if it was removed by an SSL terminating
+# proxy. Typical value is "HTTP_X_FORWARDED_PROTO". (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason: Use the http_proxy_to_wsgi middleware instead.
 #secure_proxy_ssl_header = <None>
 
 #
-# The relative path to sqlite file database that will be used for image cache
+# The relative path to sqlite file database that will be used for
+# image cache
 # management.
 #
-# This is a relative path to the sqlite file database that tracks the age and
-# usage statistics of image cache. The path is relative to image cache base
-# directory, specified by the configuration option ``image_cache_dir``.
+# This is a relative path to the sqlite file database that tracks the
+# age and
+# usage statistics of image cache. The path is relative to image cache
+# base
+# directory, specified by the configuration option
+# ``image_cache_dir``.
 #
 # This is a lightweight database with just one table.
 #
@@ -973,23 +1254,33 @@
 #
 # The driver to use for image cache management.
 #
-# This configuration option provides the flexibility to choose between the
-# different image-cache drivers available. An image-cache driver is responsible
-# for providing the essential functions of image-cache like write images to/read
-# images from cache, track age and usage of cached images, provide a list of
-# cached images, fetch size of the cache, queue images for caching and clean up
+# This configuration option provides the flexibility to choose between
+# the
+# different image-cache drivers available. An image-cache driver is
+# responsible
+# for providing the essential functions of image-cache like write
+# images to/read
+# images from cache, track age and usage of cached images, provide a
+# list of
+# cached images, fetch size of the cache, queue images for caching and
+# clean up
 # the cache, etc.
 #
 # The essential functions of a driver are defined in the base class
-# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers (existing
-# and prospective) must implement this interface. Currently available drivers
-# are ``sqlite`` and ``xattr``. These drivers primarily differ in the way they
+# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers
+# (existing
+# and prospective) must implement this interface. Currently available
+# drivers
+# are ``sqlite`` and ``xattr``. These drivers primarily differ in the
+# way they
 # store the information about cached images:
-#     * The ``sqlite`` driver uses a sqlite database (which sits on every glance
+#     * The ``sqlite`` driver uses a sqlite database (which sits on
+# every glance
 #     node locally) to track the usage of cached images.
-#     * The ``xattr`` driver uses the extended attributes of files to store this
-#     information. It also requires a filesystem that sets ``atime`` on the
-# files
+#     * The ``xattr`` driver uses the extended attributes of files to
+# store this
+#     information. It also requires a filesystem that sets ``atime``
+# on the files
 #     when accessed.
 #
 # Possible values:
@@ -1006,21 +1297,32 @@
 #image_cache_driver = sqlite
 
 #
-# The upper limit on cache size, in bytes, after which the cache-pruner cleans
+# The upper limit on cache size, in bytes, after which the cache-
+# pruner cleans
 # up the image cache.
 #
-# NOTE: This is just a threshold for cache-pruner to act upon. It is NOT a
-# hard limit beyond which the image cache would never grow. In fact, depending
-# on how often the cache-pruner runs and how quickly the cache fills, the image
-# cache can far exceed the size specified here very easily. Hence, care must be
-# taken to appropriately schedule the cache-pruner and in setting this limit.
-#
-# Glance caches an image when it is downloaded. Consequently, the size of the
-# image cache grows over time as the number of downloads increases. To keep the
+# NOTE: This is just a threshold for cache-pruner to act upon. It is
+# NOT a
+# hard limit beyond which the image cache would never grow. In fact,
+# depending
+# on how often the cache-pruner runs and how quickly the cache fills,
+# the image
+# cache can far exceed the size specified here very easily. Hence,
+# care must be
+# taken to appropriately schedule the cache-pruner and in setting this
+# limit.
+#
+# Glance caches an image when it is downloaded. Consequently, the size
+# of the
+# image cache grows over time as the number of downloads increases. To
+# keep the
 # cache size from becoming unmanageable, it is recommended to run the
-# cache-pruner as a periodic task. When the cache pruner is kicked off, it
-# compares the current size of image cache and triggers a cleanup if the image
-# cache grew beyond the size specified here. After the cleanup, the size of
+# cache-pruner as a periodic task. When the cache pruner is kicked
+# off, it
+# compares the current size of image cache and triggers a cleanup if
+# the image
+# cache grew beyond the size specified here. After the cleanup, the
+# size of
 # cache is less than or equal to size specified here.
 #
 # Possible values:
@@ -1033,19 +1335,29 @@
 # Minimum value: 0
 #image_cache_max_size = 10737418240
 
-#
-# The amount of time, in seconds, an incomplete image remains in the cache.
-#
-# Incomplete images are images for which download is in progress. Please see the
-# description of configuration option ``image_cache_dir`` for more detail.
-# Sometimes, due to various reasons, it is possible the download may hang and
-# the incompletely downloaded image remains in the ``incomplete`` directory.
-# This configuration option sets a time limit on how long the incomplete images
-# should remain in the ``incomplete`` directory before they are cleaned up.
-# Once an incomplete image spends more time than is specified here, it'll be
+
+#
+# The amount of time, in seconds, an incomplete image remains in the
+# cache.
+#
+# Incomplete images are images for which download is in progress.
+# Please see the
+# description of configuration option ``image_cache_dir`` for more
+# detail.
+# Sometimes, due to various reasons, it is possible the download may
+# hang and
+# the incompletely downloaded image remains in the ``incomplete``
+# directory.
+# This configuration option sets a time limit on how long the
+# incomplete images
+# should remain in the ``incomplete`` directory before they are
+# cleaned up.
+# Once an incomplete image spends more time than is specified here,
+# it'll be
 # removed by cache-cleaner on its next run.
 #
-# It is recommended to run cache-cleaner as a periodic task on the Glance API
+# It is recommended to run cache-cleaner as a periodic task on the
+# Glance API
 # nodes to keep the incomplete images from occupying disk space.
 #
 # Possible values:
@@ -1061,25 +1373,39 @@
 #
 # Base directory for image cache.
 #
-# This is the location where image data is cached and served out of. All cached
-# images are stored directly under this directory. This directory also contains
-# three subdirectories, namely, ``incomplete``, ``invalid`` and ``queue``.
-#
-# The ``incomplete`` subdirectory is the staging area for downloading images. An
-# image is first downloaded to this directory. When the image download is
-# successful it is moved to the base directory. However, if the download fails,
-# the partially downloaded image file is moved to the ``invalid`` subdirectory.
-#
-# The ``queue``subdirectory is used for queuing images for download. This is
-# used primarily by the cache-prefetcher, which can be scheduled as a periodic
-# task like cache-pruner and cache-cleaner, to cache images ahead of their
-# usage.
-# Upon receiving the request to cache an image, Glance touches a file in the
-# ``queue`` directory with the image id as the file name. The cache-prefetcher,
+# This is the location where image data is cached and served out of.
+# All cached
+# images are stored directly under this directory. This directory also
+# contains
+# three subdirectories, namely, ``incomplete``, ``invalid`` and
+# ``queue``.
+#
+# The ``incomplete`` subdirectory is the staging area for downloading
+# images. An
+# image is first downloaded to this directory. When the image download
+# is
+# successful it is moved to the base directory. However, if the
+# download fails,
+# the partially downloaded image file is moved to the ``invalid``
+# subdirectory.
+#
+# The ``queue``subdirectory is used for queuing images for download.
+# This is
+# used primarily by the cache-prefetcher, which can be scheduled as a
+# periodic
+# task like cache-pruner and cache-cleaner, to cache images ahead of
+# their usage.
+# Upon receiving the request to cache an image, Glance touches a file
+# in the
+# ``queue`` directory with the image id as the file name. The cache-
+# prefetcher,
 # when running, polls for the files in ``queue`` directory and starts
-# downloading them in the order they were created. When the download is
-# successful, the zero-sized file is deleted from the ``queue`` directory.
-# If the download fails, the zero-sized file remains and it'll be retried the
+# downloading them in the order they were created. When the download
+# is
+# successful, the zero-sized file is deleted from the ``queue``
+# directory.
+# If the download fails, the zero-sized file remains and it'll be
+# retried the
 # next time cache-prefetcher runs.
 #
 # Possible values:
@@ -1147,16 +1473,17 @@
 # Related options:
 #     * None
 #
-#  (host address value)
+#  (unknown value)
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
 # Reason:
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_host = 0.0.0.0
+registry_host = 10.167.4.35
 
 # DEPRECATED:
 # Port the registry server is listening on.
@@ -1176,83 +1503,90 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_port = 9191
-
-# DEPRECATED: Whether to pass through the user token when making requests to the
-# registry. To prevent failures with token expiration during big files upload,
-# it is recommended to set this parameter to False.If "use_user_token" is not in
-# effect, then admin credentials can be specified. (boolean value)
+registry_port = 9191
+
+# DEPRECATED: Whether to pass through the user token when making
+# requests to the registry. To prevent failures with token expiration
+# during big files upload, it is recommended to set this parameter to
+# False.If "use_user_token" is not in effect, then admin credentials
+# can be specified. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
-# DEPRECATED: The administrators user name. If "use_user_token" is not in
-# effect, then admin credentials can be specified. (string value)
+# DEPRECATED: The administrators user name. If "use_user_token" is not
+# in effect, then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_user = <None>
 
-# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
-# then admin credentials can be specified. (string value)
+# DEPRECATED: The administrators password. If "use_user_token" is not
+# in effect, then admin credentials can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_password = <None>
 
-# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
-# not in effect, then admin tenant name can be specified. (string value)
+# DEPRECATED: The tenant name of the administrative user. If
+# "use_user_token" is not in effect, then admin tenant name can be
+# specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_tenant_name = <None>
 
-# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
-# effect and using keystone auth, then URL of keystone can be specified. (string
-# value)
+# DEPRECATED: The URL to the keystone service. If "use_user_token" is
+# not in effect and using keystone auth, then URL of keystone can be
+# specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_url = <None>
 
-# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
-# in effect, then auth strategy can be specified. (string value)
+# DEPRECATED: The strategy to use for authentication. If
+# "use_user_token" is not in effect, then auth strategy can be
+# specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_strategy = noauth
 
-# DEPRECATED: The region for the authentication service. If "use_user_token" is
-# not in effect and using keystone auth, then region name can be specified.
-# (string value)
+# DEPRECATED: The region for the authentication service. If
+# "use_user_token" is not in effect and using keystone auth, then
+# region name can be specified. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
+#
+#auth_region = RegionOne
+#
 
 # DEPRECATED:
 # Protocol to use for communication with the registry server.
@@ -1287,8 +1621,9 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
+#registry_client_protocol = http
 #registry_client_protocol = http
 
 # DEPRECATED:
@@ -1316,8 +1651,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_key_file = /etc/ssl/key/key-file.pem
 
 # DEPRECATED:
@@ -1346,8 +1681,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_cert_file = /etc/ssl/certs/file.crt
 
 # DEPRECATED:
@@ -1378,9 +1713,10 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_ca_file = /etc/ssl/cafile/file.ca
+#
 
 # DEPRECATED:
 # Set verification of the registry server certificate.
@@ -1410,8 +1746,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_insecure = false
 
 # DEPRECATED:
@@ -1438,8 +1774,8 @@
 # Glance registry service is deprecated for removal.
 #
 # More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
+# http://specs.openstack.org/openstack/glance-
+# specs/specs/queens/approved/glance/deprecate-registry.html
 #registry_client_timeout = 600
 
 #
@@ -1478,15 +1814,22 @@
 #
 # The amount of time, in seconds, to delay image scrubbing.
 #
-# When delayed delete is turned on, an image is put into ``pending_delete``
-# state upon deletion until the scrubber deletes its image data. Typically, soon
-# after the image is put into ``pending_delete`` state, it is available for
-# scrubbing. However, scrubbing can be delayed until a later point using this
-# configuration option. This option denotes the time period an image spends in
+# When delayed delete is turned on, an image is put into
+# ``pending_delete``
+# state upon deletion until the scrubber deletes its image data.
+# Typically, soon
+# after the image is put into ``pending_delete`` state, it is
+# available for
+# scrubbing. However, scrubbing can be delayed until a later point
+# using this
+# configuration option. This option denotes the time period an image
+# spends in
 # ``pending_delete`` state before it is available for scrubbing.
 #
-# It is important to realize that this has storage implications. The larger the
-# ``scrub_time``, the longer the time to reclaim backend storage from deleted
+# It is important to realize that this has storage implications. The
+# larger the
+# ``scrub_time``, the longer the time to reclaim backend storage from
+# deleted
 # images.
 #
 # Possible values:
@@ -1502,11 +1845,16 @@
 #
 # The size of thread pool to be used for scrubbing images.
 #
-# When there are a large number of images to scrub, it is beneficial to scrub
-# images in parallel so that the scrub queue stays in control and the backend
-# storage is reclaimed in a timely fashion. This configuration option denotes
-# the maximum number of images to be scrubbed in parallel. The default value is
-# one, which signifies serial scrubbing. Any value above one indicates parallel
+# When there are a large number of images to scrub, it is beneficial
+# to scrub
+# images in parallel so that the scrub queue stays in control and the
+# backend
+# storage is reclaimed in a timely fashion. This configuration option
+# denotes
+# the maximum number of images to be scrubbed in parallel. The default
+# value is
+# one, which signifies serial scrubbing. Any value above one indicates
+# parallel
 # scrubbing.
 #
 # Possible values:
@@ -1522,19 +1870,28 @@
 #
 # Turn on/off delayed delete.
 #
-# Typically when an image is deleted, the ``glance-api`` service puts the image
-# into ``deleted`` state and deletes its data at the same time. Delayed delete
-# is a feature in Glance that delays the actual deletion of image data until a
+# Typically when an image is deleted, the ``glance-api`` service puts
+# the image
+# into ``deleted`` state and deletes its data at the same time.
+# Delayed delete
+# is a feature in Glance that delays the actual deletion of image data
+# until a
 # later point in time (as determined by the configuration option
 # ``scrub_time``).
-# When delayed delete is turned on, the ``glance-api`` service puts the image
-# into ``pending_delete`` state upon deletion and leaves the image data in the
-# storage backend for the image scrubber to delete at a later time. The image
-# scrubber will move the image into ``deleted`` state upon successful deletion
+# When delayed delete is turned on, the ``glance-api`` service puts
+# the image
+# into ``pending_delete`` state upon deletion and leaves the image
+# data in the
+# storage backend for the image scrubber to delete at a later time.
+# The image
+# scrubber will move the image into ``deleted`` state upon successful
+# deletion
 # of image data.
 #
-# NOTE: When delayed delete is turned on, image scrubber MUST be running as a
-# periodic task to prevent the backend storage from filling up with undesired
+# NOTE: When delayed delete is turned on, image scrubber MUST be
+# running as a
+# periodic task to prevent the backend storage from filling up with
+# undesired
 # usage.
 #
 # Possible values:
@@ -1548,462 +1905,504 @@
 #
 #  (boolean value)
 #delayed_delete = false
-
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 # Note: This option can be changed without restarting.
 #debug = false
 
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative log_file  paths. This option
-# is ignored if log_config_append is set. (string value)
+# (Optional) The base directory used for relative log_file  paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and Linux
-# platform is used. This option is ignored if log_config_append is set. (boolean
-# value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append is
-# set. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# Enable journald for logging. If running in a systemd environment you may wish
-# to enable journal support. Doing so will use the journal native protocol which
-# includes structured metadata in addition to log messages.This option is
-# ignored if log_config_append is set. (boolean value)
+# Enable journald for logging. If running in a systemd environment you
+# may wish to enable journal support. Doing so will use the journal
+# native protocol which includes structured metadata in addition to
+# log messages.This option is ignored if log_config_append is set.
+# (boolean value)
 #use_journal = false
 
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Use JSON formatting for logging. This option is ignored if log_config_append
-# is set. (boolean value)
+# Use JSON formatting for logging. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_json = false
 
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined. (string
+# Format string to use for log messages when context is undefined.
+# (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string
 # value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message is
-# DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
 # Defines the format string for %(user_identity)s that is used in
 # logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message. (string value)
+# The format for an instance that is passed with the log message.
+# (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message. (string
-# value)
+# The format for an instance UUID that is passed with the log message.
+# (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Interval, number of seconds, of log rate limiting. (integer value)
 #rate_limit_interval = 0
 
-# Maximum number of logged messages per rate_limit_interval. (integer value)
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
 #rate_limit_burst = 0
 
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
-# empty string. Logs with level greater or equal to rate_limit_except_level are
-# not filtered. An empty string means that all levels are filtered. (string
-# value)
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
 #rate_limit_except_level = CRITICAL
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
-#
-# From oslo.messaging
-#
-
-# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size = 30
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger period.
-# The value of 0 specifies no linger period. Pending messages shall be discarded
-# immediately when the socket is closed. Positive values specify an upper bound
-# for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target (
-# < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+[image_format]
+
+#
+# From glance.api
+#
+
+# Supported values for the 'container_format' image attribute (list
 # value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
+# Deprecated group/name - [DEFAULT]/container_formats
+#container_formats = ami,ari,aki,bare,ovf,ova,docker
+
+# Supported values for the 'disk_format' image attribute (list value)
+# Deprecated group/name - [DEFAULT]/disk_formats
+#disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop,root-tar
+
+
+[paste_deploy]
+
+#
+# From glance.api
+#
+
+#
+# Deployment flavor to use in the server application pipeline.
+#
+# Provide a string value representing the appropriate deployment
+# flavor used in the server application pipleline. This is typically
+# the partial name of a pipeline in the paste configuration file with
+# the service name removed.
+#
+# For example, if your paste section name in the paste configuration
+# file is [pipeline:glance-api-keystone], set ``flavor`` to
+# ``keystone``.
+#
+# Possible values:
+#     * String value representing a partial pipeline name.
+#
+# Related Options:
+#     * config_file
+#
+#  (string value)
+#flavor = keystone
+flavor = keystone
+
+#
+# Name of the paste configuration file.
+#
+# Provide a string value representing the name of the paste
+# configuration file to use for configuring piplelines for
+# server application deployments.
+#
+# NOTES:
+#     * Provide the name or the path relative to the glance directory
+#       for the paste configuration file and not the absolute path.
+#     * The sample paste configuration file shipped with Glance need
+#       not be edited in most cases as it comes with ready-made
+#       pipelines for all common deployment flavors.
+#
+# If no value is specified for this option, the ``paste.ini`` file
+# with the prefix of the corresponding Glance service's configuration
+# file name will be searched for in the known configuration
+# directories. (For example, if this option is missing from or has no
+# value set in ``glance-api.conf``, the service will look for a file
+# named ``glance-api-paste.ini``.) If the paste configuration file is
+# not found, the service will not start.
+#
+# Possible values:
+#     * A string value representing the name of the paste
+# configuration
+#       file.
+#
+# Related Options:
+#     * flavor
+#
+#  (string value)
+#config_file = glance-api-paste.ini
+
+
+[profiler]
+
+#
+# From glance.api
+#
+
+#
+# Enables the profiling for all services on this node. Default value
+# is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via
+# this project
+# operations. If the profiling is triggered by another project, this
+# project part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
+#enabled = false
+
+#
+# Enables SQL requests profiling in services. Default value is False
+# (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part
+# of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only
+# shown on a
+# higher level of operations. Single SQL queries cannot be analyzed
+# this
+# way.
+#  (boolean value)
+#trace_sqlalchemy = false
+
+#
+# Secret key(s) to use for encrypting context data for performance
+# profiling.
+# This string value should have the following format:
+# <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the
+# profiling via
+# the REST API has to set one of these keys in the headers of the REST
+# API call
+# to include profiling results of this node for this particular
+# project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to
+# enable
+# profiling. Also, to generate correct profiling information across
+# all services
+# at least one key needs to be consistent between OpenStack projects.
+# This
+# ensures it can be used from client side to generate the trace,
+# containing
+# information from all possible resources. (string value)
+#hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is
+# messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+# * mongodb://127.0.0.1:27017 : use mongodb driver for sending
+# notifications.
+# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for
+# sending
+# notifications.
+#  (string value)
+#connection_string = messaging://
+
+#
+# Document type for notification indexing in elasticsearch.
+#  (string value)
+#es_doc_type = notification
+
+#
+# This parameter is a time value parameter (for example:
+# es_scroll_time=2m),
+# indicating for how long the nodes that participate in the search
+# will maintain
+# relevant resources in order to continue and support it.
+#  (string value)
+#es_scroll_time = 2m
+
+#
+# Elasticsearch splits large requests in batches. This parameter
+# defines
+# maximum size of each batch (for example: es_scroll_size=10000).
+#  (integer value)
+#es_scroll_size = 10000
+
+#
+# Redissentinel provides a timeout option on the connections.
+# This parameter defines that timeout (for example:
+# socket_timeout=0.1).
+#  (floating point value)
+#socket_timeout = 0.1
+
+#
+# Redissentinel uses a service name to identify a master redis
+# service.
+# This parameter defines the name (for example:
+# sentinal_service_name=mymaster).
+#  (string value)
+#sentinel_service_name = mymaster
+
+
+[store_type_location_strategy]
+
+#
+# From glance.api
+#
+
+#
+# Preference order of storage backends.
+#
+# Provide a comma separated list of store names in the order in
+# which images should be retrieved from storage backends.
+# These store names must be registered with the ``stores``
+# configuration option.
+#
+# NOTE: The ``store_type_preference`` configuration option is applied
+# only if ``store_type`` is chosen as a value for the
+# ``location_strategy`` configuration option. An empty list will not
+# change the location order.
+#
+# Possible values:
+#     * Empty list
+#     * Comma separated list of registered store names. Legal values
+# are:
+#         * file
+#         * http
+#         * rbd
+#         * swift
+#         * sheepdog
+#         * cinder
+#         * vmware
+#
+# Related options:
+#     * location_strategy
+#     * stores
+#
+#  (list value)
+#store_type_preference =
+
+
+[task]
+
+#
+# From glance.api
+#
+
+# Time in hours for which a task lives after, either succeeding or
+# failing (integer value)
+# Deprecated group/name - [DEFAULT]/task_time_to_live
+#task_time_to_live = 48
+
+#
+# Task executor to be used to run task scripts.
+#
+# Provide a string value representing the executor to use for task
+# executions. By default, ``TaskFlow`` executor is used.
+#
+# ``TaskFlow`` helps make task executions easy, consistent, scalable
+# and reliable. It also enables creation of lightweight task objects
+# and/or functions that are combined together into flows in a
+# declarative manner.
+#
+# Possible values:
+#     * taskflow
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#task_executor = taskflow
+
+#
+# Absolute path to the work directory to use for asynchronous
+# task operations.
+#
+# The directory set here will be used to operate over images -
+# normally before they are imported in the destination store.
+#
+# NOTE: When providing a value for ``work_dir``, please make sure
+# that enough space is provided for concurrent tasks to run
+# efficiently without running out of space.
+#
+# A rough estimation can be done by multiplying the number of
+# ``max_workers`` with an average image size (e.g 500MB). The image
+# size estimation should be done based on the average size in your
+# deployment. Note that depending on the tasks running you may need
+# to multiply this number by some factor depending on what the task
+# does. For example, you may want to double the available size if
+# image conversion is enabled. All this being said, remember these
+# are just estimations and you should do them based on the worst
+# case scenario and be prepared to act in case they were wrong.
+#
+# Possible values:
+#     * String value representing the absolute path to the working
+#       directory
+#
+# Related Options:
+#     * None
+#
+#  (string value)
+#work_dir = /work_dir
+
+
+[taskflow_executor]
+
+#
+# From glance.api
+#
+
+#
+# Set the taskflow engine mode.
+#
+# Provide a string type value to set the mode in which the taskflow
+# engine would schedule tasks to the workers on the hosts. Based on
+# this mode, the engine executes tasks either in single or multiple
+# threads. The possible values for this configuration option are:
+# ``serial`` and ``parallel``. When set to ``serial``, the engine runs
+# all the tasks in a single thread which results in serial execution
+# of tasks. Setting this to ``parallel`` makes the engine run tasks in
+# multiple threads. This results in parallel execution of tasks.
+#
+# Possible values:
+#     * serial
+#     * parallel
+#
+# Related options:
+#     * max_workers
+#
+#  (string value)
+# Possible values:
+# serial - <No description provided>
+# parallel - <No description provided>
+#engine_mode = parallel
+
+#
+# Set the number of engine executable tasks.
+#
+# Provide an integer value to limit the number of workers that can be
+# instantiated on the hosts. In other words, this number defines the
+# number of parallel tasks that can be executed at the same time by
+# the taskflow engine. This value can be greater than one when the
+# engine mode is set to parallel.
+#
+# Possible values:
+#     * Integer value greater than or equal to 1
+#
+# Related options:
+#     * engine_mode
+#
+#  (integer value)
 # Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to skip
-# any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value and
-# 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0) means
-# to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not
-# tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-# Size of executor thread pool when executor is threading or eventlet. (integer
-# value)
-# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
-#executor_thread_pool_size = 64
-
-# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout = 60
-
-# The network address and optional user credentials for connecting to the
-# messaging backend, in URL format. The expected format is:
-#
-# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
-#
-# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
-#
-# For full details on the fields in the URL see the documentation of
-# oslo_messaging.TransportURL at
-# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
-# (string value)
-#transport_url = <None>
-
-# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
-# include amqp and zmq. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rpc_backend = rabbit
-
-# The default exchange under which topics are scoped. May be overridden by an
-# exchange name specified in the transport_url option. (string value)
-#control_exchange = openstack
-
-
-[cors]
-
-#
-# From oslo.middleware.cors
-#
-
-# Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
-# slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
-# Headers. (list value)
-#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual request. (list
-# value)
-#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
-
-
-[database]
-connection = sqlite:////var/lib/glance/glance.sqlite
-backend = sqlalchemy
-
-#
-# From oslo.db
-#
-
-# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = true
-
-# The back end to use for the database. (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-#backend = sqlalchemy
-
-# The SQLAlchemy connection string to use to connect to the database. (string
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
-# the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# If True, transparently enables support for handling MySQL Cluster (NDB).
-# (boolean value)
-#mysql_enable_ndb = false
-
-# Connections which have been present in the connection pool longer than this
-# number of seconds will be replaced with a new one the next time they are
-# checked out from the pool. (integer value)
-# Deprecated group/name - [DATABASE]/idle_timeout
-# Deprecated group/name - [database]/idle_timeout
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#connection_recycle_time = 3600
-
-# DEPRECATED: Minimum number of SQL connections to keep open in a pool. (integer
-# value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to set the minimum pool size is not supported by
-# sqlalchemy.
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
-# indicates no limit. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
-# Minimum value: 0
-# Maximum value: 100
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout = <None>
-
-# Enable the experimental use of database reconnect on connection lost. (boolean
-# value)
-#use_db_reconnect = false
-
-# Seconds between retries of a database transaction. (integer value)
-#db_retry_interval = 1
-
-# If True, increases the interval between retries of a database operation up to
-# db_max_retry_interval. (boolean value)
-#db_inc_retry_interval = true
-
-# If db_inc_retry_interval is set, the maximum seconds between retries of a
-# database operation. (integer value)
-#db_max_retry_interval = 10
-
-# Maximum retries in case of connection error or deadlock error before error is
-# raised. Set to -1 to specify an infinite retry count. (integer value)
-#db_max_retries = 20
-
-# Optional URL parameters to append onto the connection URL at connect time;
-# specify as param1=value1&param2=value2&... (string value)
-#connection_parameters =
-
-#
-# From oslo.db.concurrency
-#
-
-# Enable the experimental use of thread pooling for all DB API calls (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
-#use_tpool = false
-
+# Deprecated group/name - [task]/eventlet_executor_pool_size
+#max_workers = 10
+
+#
+# Set the desired image conversion format.
+#
+# Provide a valid image format to which you want images to be
+# converted before they are stored for consumption by Glance.
+# Appropriate image format conversions are desirable for specific
+# storage backends in order to facilitate efficient handling of
+# bandwidth and usage of the storage infrastructure.
+#
+# By default, ``conversion_format`` is not set and must be set
+# explicitly in the configuration file.
+#
+# The allowed values for this option are ``raw``, ``qcow2`` and
+# ``vmdk``. The  ``raw`` format is the unstructured disk format and
+# should be chosen when RBD or Ceph storage backends are used for
+# image storage. ``qcow2`` is supported by the QEMU emulator that
+# expands dynamically and supports Copy on Write. The ``vmdk`` is
+# another common disk format supported by many common virtual machine
+# monitors like VMWare Workstation.
+#
+# Possible values:
+#     * qcow2
+#     * raw
+#     * vmdk
+#
+# Related options:
+#     * disk_formats
+#
+#  (string value)
+# Possible values:
+# qcow2 - <No description provided>
+# raw - <No description provided>
+# vmdk - <No description provided>
+#conversion_format = raw
 
 [glance_store]
 
@@ -2011,7 +2410,7 @@
 # From glance.store
 #
 
-# DEPRECATED:
+#
 # List of enabled Glance stores.
 #
 # Register the storage backends to use for storing disk images
@@ -2032,18 +2431,9 @@
 #     * default_store
 #
 #  (list value)
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option is deprecated against new config option
-# ``enabled_backends`` which helps to configure multiple backend stores
-# of different schemes.
-#
-# This option is scheduled for removal in the Stein development
-# cycle.
 #stores = file,http
 
-# DEPRECATED:
+#
 # The default scheme to use for storing images.
 #
 # Provide a string value representing the default scheme to use for
@@ -2085,18 +2475,11 @@
 # sheepdog - <No description provided>
 # cinder - <No description provided>
 # vsphere - <No description provided>
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option is deprecated against new config option
-# ``default_backend`` which acts similar to ``default_store`` config
-# option.
-#
-# This option is scheduled for removal in the Stein development
-# cycle.
 #default_store = file
-
-# DEPRECATED:
+default_store = file
+stores = file,http
+
+#
 # Minimum interval in seconds to execute updating dynamic storage
 # capabilities based on current backend status.
 #
@@ -2111,19 +2494,14 @@
 # By default, this option is set to zero and is disabled. Provide an
 # integer value greater than zero to enable this option.
 #
-# NOTE 1: For more information on store capabilities and their updates,
-# please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo
-# /store-capabilities.html
+# NOTE: For more information on store capabilities and their updates,
+# please visit: https://specs.openstack.org/openstack/glance-
+# specs/specs/kilo/store-capabilities.html
 #
 # For more information on setting up a particular store in your
 # deployment and help with the usage of this feature, please contact
 # the storage driver maintainers listed here:
-# https://docs.openstack.org/glance_store/latest/user/drivers.html
-#
-# NOTE 2: The dynamic store update capability described above is not
-# implemented by any current store drivers.  Thus, this option DOES
-# NOT DO ANYTHING (and it never has).  It is DEPRECATED and scheduled
-# for removal early in the Stein development cycle.
+# http://docs.openstack.org/developer/glance_store/drivers/index.html
 #
 # Possible values:
 #     * Zero
@@ -2134,15 +2512,6 @@
 #
 #  (integer value)
 # Minimum value: 0
-# This option is deprecated for removal since Rocky.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option configures a stub method that has not been implemented
-# for any existing store drivers.  Hence it is non-operational, and
-# giving it a value does absolutely nothing.
-#
-# This option is scheduled for removal early in the Stein development
-# cycle.
 #store_capabilities_update_min_interval = 0
 
 #
@@ -2151,16 +2520,20 @@
 # When the ``cinder_endpoint_template`` is not set and any of
 # ``cinder_store_auth_address``, ``cinder_store_user_name``,
 # ``cinder_store_project_name``, ``cinder_store_password`` is not set,
-# cinder store uses this information to lookup cinder endpoint from the service
-# catalog in the current context. ``cinder_os_region_name``, if set, is taken
+# cinder store uses this information to lookup cinder endpoint from
+# the service
+# catalog in the current context. ``cinder_os_region_name``, if set,
+# is taken
 # into consideration to fetch the appropriate endpoint.
 #
-# The service catalog can be listed by the ``openstack catalog list`` command.
+# The service catalog can be listed by the ``openstack catalog list``
+# command.
 #
 # Possible values:
 #     * A string of of the following form:
 #       ``<service_type>:<service_name>:<interface>``
-#       At least ``service_type`` and ``interface`` should be specified.
+#       At least ``service_type`` and ``interface`` should be
+# specified.
 #       ``service_name`` can be omitted.
 #
 # Related options:
@@ -2173,22 +2546,27 @@
 #
 #  (string value)
 #cinder_catalog_info = volumev2::publicURL
+cinder_catalog_info = volumev2::internalURL
 
 #
 # Override service catalog lookup with template for cinder endpoint.
 #
-# When this option is set, this value is used to generate cinder endpoint,
+# When this option is set, this value is used to generate cinder
+# endpoint,
 # instead of looking up from the service catalog.
 # This value is ignored if ``cinder_store_auth_address``,
 # ``cinder_store_user_name``, ``cinder_store_project_name``, and
 # ``cinder_store_password`` are specified.
 #
-# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
-#
-# Possible values:
-#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
+# If this configuration option is set, ``cinder_catalog_info`` will be
+# ignored.
+#
+# Possible values:
+#     * URL template string for cinder endpoint, where ``%%(tenant)s``
+# is
 #       replaced with the current tenant (project) name.
-#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
+#       For example:
+# ``http://cinder.openstack.example.org/v2/%%(tenant)s``
 #
 # Related options:
 #     * cinder_store_auth_address
@@ -2203,10 +2581,14 @@
 #
 # Region name to lookup cinder service from the service catalog.
 #
-# This is used only when ``cinder_catalog_info`` is used for determining the
-# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
-# the specified region. It is useful when multiple regions are listed in the
-# catalog. If this is not set, the endpoint is looked up from every region.
+# This is used only when ``cinder_catalog_info`` is used for
+# determining the
+# endpoint. If set, the lookup for cinder endpoint by this node is
+# filtered to
+# the specified region. It is useful when multiple regions are listed
+# in the
+# catalog. If this is not set, the endpoint is looked up from every
+# region.
 #
 # Possible values:
 #     * A string that is a valid region name.
@@ -2218,13 +2600,17 @@
 # Deprecated group/name - [glance_store]/os_region_name
 #cinder_os_region_name = <None>
 
+cinder_os_region_name = RegionOne
+
+
 #
 # Location of a CA certificates file used for cinder client requests.
 #
 # The specified CA certificates file, if set, is used to verify cinder
-# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
-# ignored.
-# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
+# connections via HTTPS endpoint. If the endpoint is HTTP, this value
+# is ignored.
+# ``cinder_api_insecure`` must be set to ``True`` to enable the
+# verification.
 #
 # Possible values:
 #     * Path to a ca certificates file
@@ -2238,7 +2624,8 @@
 #
 # Number of cinderclient retries on failed http calls.
 #
-# When a call failed by any errors, cinderclient will retry the call up to the
+# When a call failed by any errors, cinderclient will retry the call
+# up to the
 # specified times after sleeping a few seconds.
 #
 # Possible values:
@@ -2255,11 +2642,16 @@
 # Time period, in seconds, to wait for a cinder volume transition to
 # complete.
 #
-# When the cinder volume is created, deleted, or attached to the glance node to
-# read/write the volume data, the volume's state is changed. For example, the
-# newly created volume status changes from ``creating`` to ``available`` after
-# the creation process is completed. This specifies the maximum time to wait for
-# the status change. If a timeout occurs while waiting, or the status is changed
+# When the cinder volume is created, deleted, or attached to the
+# glance node to
+# read/write the volume data, the volume's state is changed. For
+# example, the
+# newly created volume status changes from ``creating`` to
+# ``available`` after
+# the creation process is completed. This specifies the maximum time
+# to wait for
+# the status change. If a timeout occurs while waiting, or the status
+# is changed
 # to an unexpected value (e.g. `error``), the image creation fails.
 #
 # Possible values:
@@ -2275,8 +2667,10 @@
 #
 # Allow to perform insecure SSL requests to cinder.
 #
-# If this option is set to True, HTTPS endpoint connection is verified using the
-# CA certificates file specified by ``cinder_ca_certificates_file`` option.
+# If this option is set to True, HTTPS endpoint connection is verified
+# using the
+# CA certificates file specified by ``cinder_ca_certificates_file``
+# option.
 #
 # Possible values:
 #     * True
@@ -2291,15 +2685,23 @@
 #
 # The address where the cinder authentication service is listening.
 #
-# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
-# ``cinder_store_project_name``, and ``cinder_store_password`` options are
-# specified, the specified values are always used for the authentication.
-# This is useful to hide the image volumes from users by storing them in a
-# project/tenant specific to the image service. It also enables users to share
-# the image volume among other projects under the control of glance's ACL.
-#
-# If either of these options are not set, the cinder endpoint is looked up
-# from the service catalog, and current context's user and project are used.
+# When all of ``cinder_store_auth_address``,
+# ``cinder_store_user_name``,
+# ``cinder_store_project_name``, and ``cinder_store_password`` options
+# are
+# specified, the specified values are always used for the
+# authentication.
+# This is useful to hide the image volumes from users by storing them
+# in a
+# project/tenant specific to the image service. It also enables users
+# to share
+# the image volume among other projects under the control of glance's
+# ACL.
+#
+# If either of these options are not set, the cinder endpoint is
+# looked up
+# from the service catalog, and current context's user and project are
+# used.
 #
 # Possible values:
 #     * A valid authentication service address, for example:
@@ -2316,7 +2718,8 @@
 #
 # User name to authenticate against cinder.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the user of the current context is used.
 #
 # Possible values:
@@ -2333,11 +2736,13 @@
 #
 # Password for the user authenticating against cinder.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the user of the current context is used.
 #
 # Possible values:
-#     * A valid password for the user specified by ``cinder_store_user_name``
+#     * A valid password for the user specified by
+# ``cinder_store_user_name``
 #
 # Related options:
 #     * cinder_store_auth_address
@@ -2350,10 +2755,12 @@
 #
 # Project name where the image volume is stored in cinder.
 #
-# If this configuration option is not set, the project in current context is
+# If this configuration option is not set, the project in current
+# context is
 # used.
 #
-# This must be used with all the following related options. If any of these are
+# This must be used with all the following related options. If any of
+# these are
 # not specified, the project of the current context is used.
 #
 # Possible values:
@@ -2368,11 +2775,15 @@
 #cinder_store_project_name = <None>
 
 #
-# Path to the rootwrap configuration file to use for running commands as root.
-#
-# The cinder store requires root privileges to operate the image volumes (for
-# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
-# The configuration file should allow the required commands by cinder store and
+# Path to the rootwrap configuration file to use for running commands
+# as root.
+#
+# The cinder store requires root privileges to operate the image
+# volumes (for
+# connecting to iSCSI/FC volumes and reading/writing the volume data,
+# etc.).
+# The configuration file should allow the required commands by cinder
+# store and
 # os-brick library.
 #
 # Possible values:
@@ -2387,11 +2798,14 @@
 #
 # Volume type that will be used for volume creation in cinder.
 #
-# Some cinder backends can have several volume types to optimize storage usage.
-# Adding this option allows an operator to choose a specific volume type
+# Some cinder backends can have several volume types to optimize
+# storage usage.
+# Adding this option allows an operator to choose a specific volume
+# type
 # in cinder that can be optimized for images.
 #
-# If this is not set, then the default volume type specified in the cinder
+# If this is not set, then the default volume type specified in the
+# cinder
 # configuration will be used for volume creation.
 #
 # Possible values:
@@ -2428,6 +2842,7 @@
 #
 #  (string value)
 #filesystem_store_datadir = /var/lib/glance/images
+filesystem_store_datadir = /var/lib/glance/images/
 
 #
 # List of directories and their priorities to which the filesystem
@@ -2446,7 +2861,7 @@
 #
 # More information on configuring filesystem store with multiple store
 # directories can be found at
-# https://docs.openstack.org/glance/latest/configuration/configuring.html
+# http://docs.openstack.org/developer/glance/configuring.html
 #
 # NOTE: This directory is used only when filesystem store is used as a
 # storage backend. Either ``filesystem_store_datadir`` or
@@ -2487,8 +2902,10 @@
 #
 # File access permissions for the image files.
 #
-# Set the intended file access permissions for image data. This provides
-# a way to enable other services, e.g. Nova, to consume images directly
+# Set the intended file access permissions for image data. This
+# provides
+# a way to enable other services, e.g. Nova, to consume images
+# directly
 # from the filesystem store. The users running the services that are
 # intended to be given access to could be made a member of the group
 # that owns the files created. Assigning a value less then or equal to
@@ -2497,7 +2914,7 @@
 # digit.
 #
 # For more information, please refer the documentation at
-# https://docs.openstack.org/glance/latest/configuration/configuring.html
+# http://docs.openstack.org/developer/glance/configuring.html
 #
 # Possible values:
 #     * A valid file access permission
@@ -2514,8 +2931,10 @@
 # Path to the CA bundle file.
 #
 # This configuration option enables the operator to use a custom
-# Certificate Authority file to verify the remote server certificate. If
-# this option is set, the ``https_insecure`` option will be ignored and
+# Certificate Authority file to verify the remote server certificate.
+# If
+# this option is set, the ``https_insecure`` option will be ignored
+# and
 # the CA file specified will be used to authenticate the server
 # certificate and establish a secure connection to the server.
 #
@@ -2533,8 +2952,10 @@
 #
 # This configuration option takes in a boolean value to determine
 # whether or not to verify the remote server certificate. If set to
-# True, the remote server certificate is not verified. If the option is
-# set to False, then the default CA truststore is used for verification.
+# True, the remote server certificate is not verified. If the option
+# is
+# set to False, then the default CA truststore is used for
+# verification.
 #
 # This option is ignored if ``https_ca_certificates_file`` is set.
 # The remote server certificate will then be verified using the file
@@ -2557,12 +2978,14 @@
 # This configuration option specifies the http/https proxy information
 # that should be used to connect to the remote server. The proxy
 # information should be a key value pair of the scheme and proxy, for
-# example, http:10.0.0.1:3128. You can also specify proxies for multiple
+# example, http:10.0.0.1:3128. You can also specify proxies for
+# multiple
 # schemes by separating the key value pairs with a comma, for example,
 # http:10.0.0.1:3128, https:10.0.0.1:1080.
 #
 # Possible values:
-#     * A comma separated list of scheme:proxy pairs as described above
+#     * A comma separated list of scheme:proxy pairs as described
+# above
 #
 # Related options:
 #     * None
@@ -2574,11 +2997,13 @@
 # Size, in megabytes, to chunk RADOS images into.
 #
 # Provide an integer value representing the size in megabytes to chunk
-# Glance images into. The default chunk size is 8 megabytes. For optimal
+# Glance images into. The default chunk size is 8 megabytes. For
+# optimal
 # performance, the value should be a power of two.
 #
 # When Ceph's RBD object storage system is used as the storage backend
-# for storing Glance images, the images are chunked into objects of the
+# for storing Glance images, the images are chunked into objects of
+# the
 # size set using this option. These chunked objects are then stored
 # across the distributed block data store to use for Glance.
 #
@@ -2591,84 +3016,6 @@
 #  (integer value)
 # Minimum value: 1
 #rbd_store_chunk_size = 8
-
-#
-# RADOS pool in which images are stored.
-#
-# When RBD is used as the storage backend for storing Glance images, the
-# images are stored by means of logical grouping of the objects (chunks
-# of images) into a ``pool``. Each pool is defined with the number of
-# placement groups it can contain. The default pool that is used is
-# 'images'.
-#
-# More information on the RBD storage backend can be found here:
-# http://ceph.com/planet/how-data-is-stored-in-ceph-cluster/
-#
-# Possible Values:
-#     * A valid pool name
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#rbd_store_pool = images
-
-#
-# RADOS user to authenticate as.
-#
-# This configuration option takes in the RADOS user to authenticate as.
-# This is only needed when RADOS authentication is enabled and is
-# applicable only if the user is using Cephx authentication. If the
-# value for this option is not set by the user or is set to None, a
-# default value will be chosen, which will be based on the client.
-# section in rbd_store_ceph_conf.
-#
-# Possible Values:
-#     * A valid RADOS user
-#
-# Related options:
-#     * rbd_store_ceph_conf
-#
-#  (string value)
-#rbd_store_user = <None>
-
-#
-# Ceph configuration file path.
-#
-# This configuration option takes in the path to the Ceph configuration
-# file to be used. If the value for this option is not set by the user
-# or is set to None, librados will locate the default configuration file
-# which is located at /etc/ceph/ceph.conf. If using Cephx
-# authentication, this file should include a reference to the right
-# keyring in a client.<USER> section
-#
-# Possible Values:
-#     * A valid path to a configuration file
-#
-# Related options:
-#     * rbd_store_user
-#
-#  (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-#
-# Timeout value for connecting to Ceph cluster.
-#
-# This configuration option takes in the timeout value in seconds used
-# when connecting to the Ceph cluster i.e. it sets the time to wait for
-# glance-api before closing the connection. This prevents glance-api
-# hangups during the connection to RBD. If the value for this option
-# is set to less than or equal to 0, no timeout is set and the default
-# librados value is used.
-#
-# Possible Values:
-#     * Any integer value
-#
-# Related options:
-#     * None
-#
-#  (integer value)
-#rados_connect_timeout = 0
 
 #
 # Chunk size for images to be stored in Sheepdog data store.
@@ -2739,7 +3086,7 @@
 # Related Options:
 #     * sheepdog_store_port
 #
-#  (host address value)
+#  (unknown value)
 #sheepdog_store_address = 127.0.0.1
 
 #
@@ -2747,7 +3094,8 @@
 #
 # This boolean determines whether or not to verify the server
 # certificate. If this option is set to True, swiftclient won't check
-# for a valid SSL certificate when authenticating. If the option is set
+# for a valid SSL certificate when authenticating. If the option is
+# set
 # to False, then the default CA truststore is used for verification.
 #
 # Possible values:
@@ -2759,497 +3107,6 @@
 #
 #  (boolean value)
 #swift_store_auth_insecure = false
-
-#
-# Path to the CA bundle file.
-#
-# This configuration option enables the operator to specify the path to
-# a custom Certificate Authority file for SSL verification when
-# connecting to Swift.
-#
-# Possible values:
-#     * A valid path to a CA file
-#
-# Related options:
-#     * swift_store_auth_insecure
-#
-#  (string value)
-#swift_store_cacert = /etc/ssl/certs/ca-certificates.crt
-
-#
-# The region of Swift endpoint to use by Glance.
-#
-# Provide a string value representing a Swift region where Glance
-# can connect to for image storage. By default, there is no region
-# set.
-#
-# When Glance uses Swift as the storage backend to store images
-# for a specific tenant that has multiple endpoints, setting of a
-# Swift region with ``swift_store_region`` allows Glance to connect
-# to Swift in the specified region as opposed to a single region
-# connectivity.
-#
-# This option can be configured for both single-tenant and
-# multi-tenant storage.
-#
-# NOTE: Setting the region with ``swift_store_region`` is
-# tenant-specific and is necessary ``only if`` the tenant has
-# multiple endpoints across different regions.
-#
-# Possible values:
-#     * A string value representing a valid Swift region.
-#
-# Related Options:
-#     * None
-#
-#  (string value)
-#swift_store_region = RegionTwo
-
-#
-# The URL endpoint to use for Swift backend storage.
-#
-# Provide a string value representing the URL endpoint to use for
-# storing Glance images in Swift store. By default, an endpoint
-# is not set and the storage URL returned by ``auth`` is used.
-# Setting an endpoint with ``swift_store_endpoint`` overrides the
-# storage URL and is used for Glance image storage.
-#
-# NOTE: The URL should include the path up to, but excluding the
-# container. The location of an object is obtained by appending
-# the container and object to the configured URL.
-#
-# Possible values:
-#     * String value representing a valid URL path up to a Swift container
-#
-# Related Options:
-#     * None
-#
-#  (string value)
-#swift_store_endpoint = https://swift.openstack.example.org/v1/path_not_including_container_name
-
-#
-# Endpoint Type of Swift service.
-#
-# This string value indicates the endpoint type to use to fetch the
-# Swift endpoint. The endpoint type determines the actions the user will
-# be allowed to perform, for instance, reading and writing to the Store.
-# This setting is only used if swift_store_auth_version is greater than
-# 1.
-#
-# Possible values:
-#     * publicURL
-#     * adminURL
-#     * internalURL
-#
-# Related options:
-#     * swift_store_endpoint
-#
-#  (string value)
-# Possible values:
-# publicURL - <No description provided>
-# adminURL - <No description provided>
-# internalURL - <No description provided>
-#swift_store_endpoint_type = publicURL
-
-#
-# Type of Swift service to use.
-#
-# Provide a string value representing the service type to use for
-# storing images while using Swift backend storage. The default
-# service type is set to ``object-store``.
-#
-# NOTE: If ``swift_store_auth_version`` is set to 2, the value for
-# this configuration option needs to be ``object-store``. If using
-# a higher version of Keystone or a different auth scheme, this
-# option may be modified.
-#
-# Possible values:
-#     * A string representing a valid service type for Swift storage.
-#
-# Related Options:
-#     * None
-#
-#  (string value)
-#swift_store_service_type = object-store
-
-#
-# Name of single container to store images/name prefix for multiple containers
-#
-# When a single container is being used to store images, this configuration
-# option indicates the container within the Glance account to be used for
-# storing all images. When multiple containers are used to store images, this
-# will be the name prefix for all containers. Usage of single/multiple
-# containers can be controlled using the configuration option
-# ``swift_store_multiple_containers_seed``.
-#
-# When using multiple containers, the containers will be named after the value
-# set for this configuration option with the first N chars of the image UUID
-# as the suffix delimited by an underscore (where N is specified by
-# ``swift_store_multiple_containers_seed``).
-#
-# Example: if the seed is set to 3 and swift_store_container = ``glance``, then
-# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed in
-# the container ``glance_fda``. All dashes in the UUID are included when
-# creating the container name but do not count toward the character limit, so
-# when N=10 the container name would be ``glance_fdae39a1-ba.``
-#
-# Possible values:
-#     * If using single container, this configuration option can be any string
-#       that is a valid swift container name in Glance's Swift account
-#     * If using multiple containers, this configuration option can be any
-#       string as long as it satisfies the container naming rules enforced by
-#       Swift. The value of ``swift_store_multiple_containers_seed`` should be
-#       taken into account as well.
-#
-# Related options:
-#     * ``swift_store_multiple_containers_seed``
-#     * ``swift_store_multi_tenant``
-#     * ``swift_store_create_container_on_put``
-#
-#  (string value)
-#swift_store_container = glance
-
-#
-# The size threshold, in MB, after which Glance will start segmenting image
-# data.
-#
-# Swift has an upper limit on the size of a single uploaded object. By default,
-# this is 5GB. To upload objects bigger than this limit, objects are segmented
-# into multiple smaller objects that are tied together with a manifest file.
-# For more detail, refer to
-# https://docs.openstack.org/swift/latest/overview_large_objects.html
-#
-# This configuration option specifies the size threshold over which the Swift
-# driver will start segmenting image data into multiple smaller files.
-# Currently, the Swift driver only supports creating Dynamic Large Objects.
-#
-# NOTE: This should be set by taking into account the large object limit
-# enforced by the Swift cluster in consideration.
-#
-# Possible values:
-#     * A positive integer that is less than or equal to the large object limit
-#       enforced by the Swift cluster in consideration.
-#
-# Related options:
-#     * ``swift_store_large_object_chunk_size``
-#
-#  (integer value)
-# Minimum value: 1
-#swift_store_large_object_size = 5120
-
-#
-# The maximum size, in MB, of the segments when image data is segmented.
-#
-# When image data is segmented to upload images that are larger than the limit
-# enforced by the Swift cluster, image data is broken into segments that are no
-# bigger than the size specified by this configuration option.
-# Refer to ``swift_store_large_object_size`` for more detail.
-#
-# For example: if ``swift_store_large_object_size`` is 5GB and
-# ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will be
-# segmented into 7 segments where the first six segments will be 1GB in size and
-# the seventh segment will be 0.2GB.
-#
-# Possible values:
-#     * A positive integer that is less than or equal to the large object limit
-#       enforced by Swift cluster in consideration.
-#
-# Related options:
-#     * ``swift_store_large_object_size``
-#
-#  (integer value)
-# Minimum value: 1
-#swift_store_large_object_chunk_size = 200
-
-#
-# Create container, if it doesn't already exist, when uploading image.
-#
-# At the time of uploading an image, if the corresponding container doesn't
-# exist, it will be created provided this configuration option is set to True.
-# By default, it won't be created. This behavior is applicable for both single
-# and multiple containers mode.
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related options:
-#     * None
-#
-#  (boolean value)
-#swift_store_create_container_on_put = false
-
-#
-# Store images in tenant's Swift account.
-#
-# This enables multi-tenant storage mode which causes Glance images to be stored
-# in tenant specific Swift accounts. If this is disabled, Glance stores all
-# images in its own account. More details multi-tenant store can be found at
-# https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage
-#
-# NOTE: If using multi-tenant swift store, please make sure
-# that you do not set a swift configuration file with the
-# 'swift_store_config_file' option.
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related options:
-#     * swift_store_config_file
-#
-#  (boolean value)
-#swift_store_multi_tenant = false
-
-#
-# Seed indicating the number of containers to use for storing images.
-#
-# When using a single-tenant store, images can be stored in one or more than one
-# containers. When set to 0, all images will be stored in one single container.
-# When set to an integer value between 1 and 32, multiple containers will be
-# used to store images. This configuration option will determine how many
-# containers are created. The total number of containers that will be used is
-# equal to 16^N, so if this config option is set to 2, then 16^2=256 containers
-# will be used to store images.
-#
-# Please refer to ``swift_store_container`` for more detail on the naming
-# convention. More detail about using multiple containers can be found at
-# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-
-# multiple-containers.html
-#
-# NOTE: This is used only when swift_store_multi_tenant is disabled.
-#
-# Possible values:
-#     * A non-negative integer less than or equal to 32
-#
-# Related options:
-#     * ``swift_store_container``
-#     * ``swift_store_multi_tenant``
-#     * ``swift_store_create_container_on_put``
-#
-#  (integer value)
-# Minimum value: 0
-# Maximum value: 32
-#swift_store_multiple_containers_seed = 0
-
-#
-# List of tenants that will be granted admin access.
-#
-# This is a list of tenants that will be granted read/write access on
-# all Swift containers created by Glance in multi-tenant mode. The
-# default value is an empty list.
-#
-# Possible values:
-#     * A comma separated list of strings representing UUIDs of Keystone
-#       projects/tenants
-#
-# Related options:
-#     * None
-#
-#  (list value)
-#swift_store_admin_tenants =
-
-#
-# SSL layer compression for HTTPS Swift requests.
-#
-# Provide a boolean value to determine whether or not to compress
-# HTTPS Swift requests for images at the SSL layer. By default,
-# compression is enabled.
-#
-# When using Swift as the backend store for Glance image storage,
-# SSL layer compression of HTTPS Swift requests can be set using
-# this option. If set to False, SSL layer compression of HTTPS
-# Swift requests is disabled. Disabling this option may improve
-# performance for images which are already in a compressed format,
-# for example, qcow2.
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related Options:
-#     * None
-#
-#  (boolean value)
-#swift_store_ssl_compression = true
-
-#
-# The number of times a Swift download will be retried before the
-# request fails.
-#
-# Provide an integer value representing the number of times an image
-# download must be retried before erroring out. The default value is
-# zero (no retry on a failed image download). When set to a positive
-# integer value, ``swift_store_retry_get_count`` ensures that the
-# download is attempted this many more times upon a download failure
-# before sending an error message.
-#
-# Possible values:
-#     * Zero
-#     * Positive integer value
-#
-# Related Options:
-#     * None
-#
-#  (integer value)
-# Minimum value: 0
-#swift_store_retry_get_count = 0
-
-#
-# Time in seconds defining the size of the window in which a new
-# token may be requested before the current token is due to expire.
-#
-# Typically, the Swift storage driver fetches a new token upon the
-# expiration of the current token to ensure continued access to
-# Swift. However, some Swift transactions (like uploading image
-# segments) may not recover well if the token expires on the fly.
-#
-# Hence, by fetching a new token before the current token expiration,
-# we make sure that the token does not expire or is close to expiry
-# before a transaction is attempted. By default, the Swift storage
-# driver requests for a new token 60 seconds or less before the
-# current token expiration.
-#
-# Possible values:
-#     * Zero
-#     * Positive integer value
-#
-# Related Options:
-#     * None
-#
-#  (integer value)
-# Minimum value: 0
-#swift_store_expire_soon_interval = 60
-
-#
-# Use trusts for multi-tenant Swift store.
-#
-# This option instructs the Swift store to create a trust for each
-# add/get request when the multi-tenant store is in use. Using trusts
-# allows the Swift store to avoid problems that can be caused by an
-# authentication token expiring during the upload or download of data.
-#
-# By default, ``swift_store_use_trusts`` is set to ``True``(use of
-# trusts is enabled). If set to ``False``, a user token is used for
-# the Swift connection instead, eliminating the overhead of trust
-# creation.
-#
-# NOTE: This option is considered only when
-# ``swift_store_multi_tenant`` is set to ``True``
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related options:
-#     * swift_store_multi_tenant
-#
-#  (boolean value)
-#swift_store_use_trusts = true
-
-#
-# Buffer image segments before upload to Swift.
-#
-# Provide a boolean value to indicate whether or not Glance should
-# buffer image data to disk while uploading to swift. This enables
-# Glance to resume uploads on error.
-#
-# NOTES:
-# When enabling this option, one should take great care as this
-# increases disk usage on the API node. Be aware that depending
-# upon how the file system is configured, the disk space used
-# for buffering may decrease the actual disk space available for
-# the glance image cache.  Disk utilization will cap according to
-# the following equation:
-# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000)
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related options:
-#     * swift_upload_buffer_dir
-#
-#  (boolean value)
-#swift_buffer_on_upload = false
-
-#
-# Reference to default Swift account/backing store parameters.
-#
-# Provide a string value representing a reference to the default set
-# of parameters required for using swift account/backing store for
-# image storage. The default reference value for this configuration
-# option is 'ref1'. This configuration option dereferences the
-# parameters and facilitates image storage in Swift storage backend
-# every time a new image is added.
-#
-# Possible values:
-#     * A valid string value
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#default_swift_reference = ref1
-
-# DEPRECATED: Version of the authentication service to use. Valid versions are 2
-# and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason:
-# The option 'auth_version' in the Swift back-end configuration file is
-# used instead.
-#swift_store_auth_version = 2
-
-# DEPRECATED: The address where the Swift authentication service is listening.
-# (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason:
-# The option 'auth_address' in the Swift back-end configuration file is
-# used instead.
-#swift_store_auth_address = <None>
-
-# DEPRECATED: The user to authenticate against the Swift authentication service.
-# (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason:
-# The option 'user' in the Swift back-end configuration file is set instead.
-#swift_store_user = <None>
-
-# DEPRECATED: Auth key for the user authenticating against the Swift
-# authentication service. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason:
-# The option 'key' in the Swift back-end configuration file is used
-# to set the authentication key instead.
-#swift_store_key = <None>
-
-#
-# Absolute path to the file containing the swift account(s)
-# configurations.
-#
-# Include a string value representing the path to a configuration
-# file that has references for each of the configured Swift
-# account(s)/backing stores. By default, no file path is specified
-# and customized Swift referencing is disabled. Configuring this
-# option is highly recommended while using Swift storage backend for
-# image storage as it avoids storage of credentials in the database.
-#
-# NOTE: Please do not configure this option if you have set
-# ``swift_store_multi_tenant`` to ``True``.
-#
-# Possible values:
-#     * String value representing an absolute path on the glance-api
-#       node
-#
-# Related options:
-#     * swift_store_multi_tenant
-#
-#  (string value)
-#swift_store_config_file = <None>
 
 #
 # Directory to buffer image segments before upload to Swift.
@@ -3276,215 +3133,699 @@
 #  (string value)
 #swift_upload_buffer_dir = <None>
 
-#
-# Address of the ESX/ESXi or vCenter Server target system.
-#
-# This configuration option sets the address of the ESX/ESXi or vCenter
-# Server target system. This option is required when using the VMware
-# storage backend. The address can contain an IP address (127.0.0.1) or
-# a DNS name (www.my-domain.com).
-#
-# Possible Values:
-#     * A valid IPv4 or IPv6 address
-#     * A valid DNS name
-#
-# Related options:
-#     * vmware_server_username
-#     * vmware_server_password
-#
-#  (host address value)
-#vmware_server_host = 127.0.0.1
-
-#
-# Server username.
-#
-# This configuration option takes the username for authenticating with
-# the VMware ESX/ESXi or vCenter Server. This option is required when
-# using the VMware storage backend.
-#
-# Possible Values:
-#     * Any string that is the username for a user with appropriate
-#       privileges
-#
-# Related options:
-#     * vmware_server_host
-#     * vmware_server_password
-#
-#  (string value)
-#vmware_server_username = root
-
-#
-# Server password.
-#
-# This configuration option takes the password for authenticating with
-# the VMware ESX/ESXi or vCenter Server. This option is required when
-# using the VMware storage backend.
-#
-# Possible Values:
-#     * Any string that is a password corresponding to the username
-#       specified using the "vmware_server_username" option
-#
-# Related options:
-#     * vmware_server_host
-#     * vmware_server_username
-#
-#  (string value)
-#vmware_server_password = vmware
-
-#
-# The number of VMware API retries.
-#
-# This configuration option specifies the number of times the VMware
-# ESX/VC server API must be retried upon connection related issues or
-# server API call overload. It is not possible to specify 'retry
-# forever'.
-#
-# Possible Values:
-#     * Any positive integer value
-#
-# Related options:
-#     * None
-#
-#  (integer value)
+[oslo_concurrency]
+
+[matchmaker_redis]
+
+[oslo_messaging_amqp]
+#
+# From oslo.messaging
+#
+
+# Name for the AMQP container. must be globally unique. Defaults to a
+# generated UUID (string value)
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+#trace = false
+
+# Attempt to connect via SSL. If no other ssl-related parameters are
+# given, it will use the system's CA-bundle to verify the server's
+# certificate. (boolean value)
+#ssl = false
+
+# CA certificate PEM file used to verify the server's certificate
+# (string value)
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication
+# (string value)
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate
+# (optional) (string value)
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+#ssl_key_password = <None>
+
+# By default SSL checks that the name in the server's certificate
+# matches the hostname in the transport_url. In some configurations it
+# may be preferable to use the virtual hostname instead, for example
+# if the server uses the Server Name Indication TLS extension
+# (rfc6066) to provide a certificate per virtual host. Set
+# ssl_verify_vhost to True if the server's SSL certificate uses the
+# virtual host name instead of the DNS name. (boolean value)
+#ssl_verify_vhost = false
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string
+# value)
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+#sasl_config_name =
+
+# SASL realm to use if no realm present in username (string value)
+#sasl_default_realm =
+
+# DEPRECATED: User name for message broker authentication (string
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use configuration option transport_url to provide the
+# username.
+#username =
+
+# DEPRECATED: Password for message broker authentication (string
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use configuration option transport_url to provide the
+# password.
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
 # Minimum value: 1
-#vmware_api_retry_count = 10
-
-#
-# Interval in seconds used for polling remote tasks invoked on VMware
-# ESX/VC server.
-#
-# This configuration option takes in the sleep time in seconds for polling an
-# on-going async task as part of the VMWare ESX/VC server API call.
-#
-# Possible Values:
-#     * Any positive integer value
-#
-# Related options:
-#     * None
-#
-#  (integer value)
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after
+# each unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval +
+# connection_retry_backoff (integer value)
 # Minimum value: 1
-#vmware_task_poll_interval = 5
-
-#
-# The directory where the glance images will be stored in the datastore.
-#
-# This configuration option specifies the path to the directory where the
-# glance images will be stored in the VMware datastore. If this option
-# is not set,  the default directory where the glance images are stored
-# is openstack_glance.
-#
-# Possible Values:
-#     * Any string that is a valid path to a directory
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#vmware_store_image_dir = /openstack_glance
-
-#
-# Set verification of the ESX/vCenter server certificate.
-#
-# This configuration option takes a boolean value to determine
-# whether or not to verify the ESX/vCenter server certificate. If this
-# option is set to True, the ESX/vCenter server certificate is not
-# verified. If this option is set to False, then the default CA
-# truststore is used for verification.
-#
-# This option is ignored if the "vmware_ca_file" option is set. In that
-# case, the ESX/vCenter server certificate will then be verified using
-# the file specified using the "vmware_ca_file" option .
-#
-# Possible Values:
-#     * True
-#     * False
-#
-# Related options:
-#     * vmware_ca_file
-#
-#  (boolean value)
-# Deprecated group/name - [glance_store]/vmware_api_insecure
-#vmware_insecure = false
-
-#
-# Absolute path to the CA bundle file.
-#
-# This configuration option enables the operator to use a custom
-# Cerificate Authority File to verify the ESX/vCenter certificate.
-#
-# If this option is set, the "vmware_insecure" option will be ignored
-# and the CA file specified will be used to authenticate the ESX/vCenter
-# server certificate and establish a secure connection to the server.
-#
-# Possible Values:
-#     * Any string that is a valid absolute path to a CA file
-#
-# Related options:
-#     * vmware_insecure
-#
-#  (string value)
-#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt
-
-#
-# The datastores where the image can be stored.
-#
-# This configuration option specifies the datastores where the image can
-# be stored in the VMWare store backend. This option may be specified
-# multiple times for specifying multiple datastores. The datastore name
-# should be specified after its datacenter path, separated by ":". An
-# optional weight may be given after the datastore name, separated again
-# by ":" to specify the priority. Thus, the required format becomes
-# <datacenter_path>:<datastore_name>:<optional_weight>.
-#
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for selection
-# last. If multiple datastores have the same weight, then the one with
-# the most free space available is selected.
-#
-# Possible Values:
-#     * Any string of the format:
-#       <datacenter_path>:<datastore_name>:<optional_weight>
-#
-# Related options:
-#    * None
-#
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due
+# to a recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The maximum number of attempts to re-send a reply message which
+# failed due to a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry = 0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used
+# when caller does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used
+# when caller does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# The duration to schedule a purge of idle sender links. Detach link
+# after expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy'   - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic'  - use legacy addresses if the message bus does not
+# support routing otherwise use routable addressing (string value)
+#addressing_mode = dynamic
+
+# Enable virtual host support for those message buses that do not
+# natively support virtual hosting (such as qpidd). When set to true
+# the virtual host name will be added to all message bus addresses,
+# effectively creating a private 'subnet' per virtual host. Set to
+# False if the message bus supports virtual hosting using the
+# 'hostname' field in the AMQP 1.0 Open performative as the name of
+# the virtual host. (boolean value)
+#pseudo_vhost = true
+
+# address prefix used when sending to a specific server (string value)
+#server_request_prefix = exclusive
+
+# address prefix used when broadcasting to all servers (string value)
+#broadcast_prefix = broadcast
+
+# address prefix when sending to any server in group (string value)
+#group_request_prefix = unicast
+
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string
+# value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used
+# by the message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular
+# RPC/Notification server. Used by the message bus to identify
+# messages sent to a single destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers.
+# Used by the message bus to identify messages that should be
+# delivered in a round-robin fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+default_notification_exchange = glance
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify'   - Send Notifications pre-settled
 #  (multi valued)
-#vmware_datastores =
-
-
-[image_format]
-
-#
-# From glance.api
-#
-
-# Supported values for the 'container_format' image attribute (list value)
-# Deprecated group/name - [DEFAULT]/container_formats
-#container_formats = ami,ari,aki,bare,ovf,ova,docker
-
-# Supported values for the 'disk_format' image attribute (list value)
-# Deprecated group/name - [DEFAULT]/disk_formats
-#disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop
-
+#pre_settled = rpc-cast
+#pre_settled = rpc-reply
+
+
+[oslo_messaging_notifications]
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+driver=messagingv2
+
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+# The maximum number of attempts to re-send a notification message
+# which failed to be delivered due to a recoverable error. 0 - No
+# retry, -1 - indefinite (integer value)
+#retry = -1
+[oslo_messaging_rabbit]
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete = false
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+
+# How long to wait before reconnecting in response to an AMQP consumer
+# cancel notification. (floating point value)
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may not be available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client before abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Possible values:
+# round-robin - <No description provided>
+# shuffle - <No description provided>
+#kombu_failover_strategy = round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host = localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port = 5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid = guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Possible values:
+# PLAIN - <No description provided>
+# AMQPLAIN - <No description provided>
+# RABBIT-CR-DEMO - <No description provided>
+#rabbit_login_method = AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ.
+# (integer value)
+#rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default
+# is 0 (infinite retry count). (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+
+# NOTE(dmescheryakov) hardcoding to >0 by default
+# Having no prefetch limit makes oslo.messaging consume all available
+# messages from the queue. That can lead to a situation when several
+# server processes hog all the messages leaving others out of business.
+# That leads to artificial high message processing latency and at the
+# extrime to MessagingTimeout errors.
+rabbit_qos_prefetch_count = 64
+
+# Number of seconds after which the Rabbit broker is considered down
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 3
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Connection factory implementation (string value)
+# Possible values:
+# new - <No description provided>
+# single - <No description provided>
+# read_write - <No description provided>
+#connection_factory = single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
+#default_serializer_type = json
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more than one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+[database]
+#
+# From oslo.db
+#
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+#connection = <None>
+connection = mysql+pymysql://glance:opnfv_secret@10.167.4.23/glance?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# If True, transparently enables support for handling MySQL Cluster
+# (NDB). (boolean value)
+#mysql_enable_ndb = false
+
+# Connections which have been present in the connection pool longer
+# than this number of seconds will be replaced with a new one the next
+# time they are checked out from the pool. (integer value)
+# Deprecated group/name - [DATABASE]/idle_timeout
+# Deprecated group/name - [database]/idle_timeout
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#connection_recycle_time = 3600
+# (obryndzii) we change default connection_recycle_time to 280 in order to fix numerous
+# DBConnection errors in services until we implement this setting in reclass-system
+connection_recycle_time = 300
+
+# Minimum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a
+# value of 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
+#db_max_retries = 20
+
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
+[oslo_policy]
+#
+# From oslo.policy
+#
+
+# This option controls whether or not to enforce scope when evaluating
+# policies. If ``True``, the scope of the token used in the request is
+# compared to the ``scope_types`` of the policy being enforced. If the
+# scopes do not match, an ``InvalidScope`` exception will be raised.
+# If ``False``, a message will be logged informing operators that
+# policies are being invoked with mismatching scope. (boolean value)
+#enforce_scope = false
+
+# The file that defines policies. (string value)
+#policy_file = policy.json
+policy_file = /etc/glance/policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string
+# value)
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored. They can be
+# relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by
+# policy_file must exist for these directories to be searched.
+# Missing or empty directories are ignored. (multi valued)
+#policy_dirs = policy.d
+
+# Content Type to send and receive data for REST based policy check
+# (string value)
+# Possible values:
+# application/x-www-form-urlencoded - <No description provided>
+# application/json - <No description provided>
+#remote_content_type = application/x-www-form-urlencoded
+
+# server identity verification for REST based policy check (boolean
+# value)
+#remote_ssl_verify_server_crt = false
+
+# Absolute path to ca cert file for REST based policy check (string
+# value)
+#remote_ssl_ca_crt_file = <None>
+
+# Absolute path to client cert for REST based policy check (string
+# value)
+#remote_ssl_client_crt_file = <None>
+
+# Absolute path client key file REST based policy check (string value)
+#remote_ssl_client_key_file = <None>
 
 [keystone_authtoken]
-
 #
 # From keystonemiddleware.auth_token
 #
 
 # Complete "public" Identity API endpoint. This endpoint should not be an
-# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
-# clients are redirected to this endpoint to authenticate. Although this
-# endpoint should ideally be unversioned, client support in the wild varies. If
-# you're using a versioned v2 endpoint here, then this should *not* be the same
-# endpoint the service user utilizes for validating tokens, because normal end
-# users may not be able to reach that endpoint. (string value)
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
 # Deprecated group/name - [keystone_authtoken]/auth_uri
 #www_authenticate_uri = <None>
+www_authenticate_uri = http://10.167.4.35:5000
 
 # DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
 # be an "admin" endpoint, as it should be accessible by all end users.
@@ -3497,9 +3838,10 @@
 # release. (string value)
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
-# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and
-# will be removed in the S  release.
+# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
+# and will be removed in the S  release.
 #auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
@@ -3512,8 +3854,8 @@
 # value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with Identity API
-# Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
 #http_request_max_retries = 3
 
 # Request environment key where the Swift cache object is stored. When
@@ -3537,10 +3879,11 @@
 
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
+region_name = RegionOne
 
 # DEPRECATED: Directory used to cache files related to PKI tokens. This option
-# has been deprecated in the Ocata release and will be removed in the P release.
-# (string value)
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
@@ -3551,42 +3894,12 @@
 # Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating tokens, the middleware
-# caches previously-seen tokens for a configurable duration (in seconds). Set to
-# -1 to disable caching completely. (integer value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of revocation
-# events combined with a low cache duration may significantly reduce
-# performance. Only valid for PKI tokens. This option has been deprecated in the
-# Ocata release and will be removed in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
-# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-# cache. If the value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-# Possible values:
-# None - <No description provided>
-# MAC - <No description provided>
-# ENCRYPT - <No description provided>
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is
-# used for key derivation. (string value)
-#memcache_secret_key = <None>
-
 # (Optional) Number of seconds memcached server is considered dead before it is
 # tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every memcached server.
-# (integer value)
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
 #memcache_pool_maxsize = 10
 
 # (Optional) Socket timeout in seconds for communicating with a memcached
@@ -3612,11 +3925,11 @@
 
 # Used to control the use and type of token binding. Can be set to: "disabled"
 # to not check token binding. "permissive" (default) to validate binding
-# information if the bind type is of a form known to the server and ignore it if
-# not. "strict" like "permissive" but if the bind type is unknown the token will
-# be rejected. "required" any form of token binding is needed to be allowed.
-# Finally the name of a binding method that must be present in tokens. (string
-# value)
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
 #enforce_token_bind = permissive
 
 # DEPRECATED: If true, the revocation list will be checked for cached tokens.
@@ -3643,1106 +3956,210 @@
 # A choice of roles that must be present in a service token. Service tokens are
 # allowed to request that an expired token can be used and so this check should
 # tightly control that only actual services should be sending this token. Roles
-# here are applied as an ANY check so any role in this list must be present. For
-# backwards compatibility reasons this currently only affects the allow_expired
-# check. (list value)
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
 #service_token_roles = service
 
-# For backwards compatibility reasons we must let valid service tokens pass that
-# don't pass the service_token_roles check as valid. Setting this true will
-# become the default in a future release and should be enabled if possible.
-# (boolean value)
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
 #service_token_roles_required = false
 
 # Authentication type to load (string value)
 # Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
+auth_type = password
 
 # Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internalURL
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = glance
+
+[cors]
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. Format:
+# "<protocol>://<host>[:<port>]", no trailing slash. Example:
+# https://horizon.example.com (list value)
+allowed_origin = https://172.30.10.101
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+
+# Maximum cache age of CORS preflight requests. (integer value)
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+
+
+[oslo_middleware]
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the
+# original request protocol scheme was, even if it was hidden by a SSL
+# termination proxy. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
-# [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
-[oslo_concurrency]
-
-#
-# From oslo.concurrency
-#
-
-# Enables or disables inter-process locks. (boolean value)
-#disable_process_locking = false
-
-# Directory to use for lock files.  For security, the specified directory should
-# only be writable by the user running the processes that need locking. Defaults
-# to environment variable OSLO_LOCK_PATH. If external locks are used, a lock
-# path must be set. (string value)
-#lock_path = <None>
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it
-# will use the system's CA-bundle to verify the server's certificate. (boolean
-# value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
-# value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the
-# hostname in the transport_url. In some configurations it may be preferable to
-# use the virtual hostname instead, for example if the server uses the Server
-# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
-# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+# Whether the application is behind a proxy or not. This determines if
+# the middleware should parse the headers or not. (boolean value)
+enable_proxy_headers_parsing = True
+[barbican]
+#
+# From castellan.config
+#
+
+# Use this endpoint to connect to Barbican, for example:
+# "http://localhost:9311/" (string value)
+#barbican_endpoint = <None>
+barbican_endpoint = http://10.167.4.35:9311
+
+# Version of the Barbican API, for example: "v1" (string value)
+#barbican_api_version = <None>
+
+# Use this endpoint to connect to Keystone (string value)
+# Deprecated group/name - [key_manager]/auth_url
+#auth_endpoint = http://localhost/identity/v3
+auth_endpoint = http://10.167.4.35:35357/v3
+
+# Number of seconds to wait before retrying poll for key creation completion
 # (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively
-# support virtual hosting (such as qpidd). When set to true the virtual host
-# name will be added to all message bus addresses, effectively creating a
-# private 'subnet' per virtual host. Set to False if the message bus supports
-# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
-# as the name of the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-robin
-# fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating point
-# value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
-# Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are messaging,
-# messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set,
-# we fall back to the same configuration used for RPC. (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
-
-# The maximum number of attempts to re-send a notification message which failed
-# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
-# (integer value)
-#retry = -1
-
-
-[oslo_messaging_rabbit]
-
-#
-# From oslo.messaging
-#
-
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_durable_queues
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-#amqp_auto_delete = false
-
-# Connect over SSL. (boolean value)
-# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
-#ssl = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
-
-# How long to wait before reconnecting in response to an AMQP consumer cancel
-# notification. (floating point value)
-#kombu_reconnect_delay = 1.0
-
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may not be available in future versions. (string value)
-#kombu_compression = <None>
-
-# How long to wait a missing client before abandoning to send it its replies.
-# This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
-#kombu_missing_consumer_retry_timeout = 60
-
-# Determines how the next RabbitMQ node is chosen in case the one we are
-# currently connected to becomes unavailable. Takes effect only if more than one
-# RabbitMQ node is provided in config. (string value)
-# Possible values:
-# round-robin - <No description provided>
-# shuffle - <No description provided>
-#kombu_failover_strategy = round-robin
-
-# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_host = localhost
-
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_port = 5672
-
-# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_hosts = $rabbit_host:$rabbit_port
-
-# DEPRECATED: The RabbitMQ userid. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_userid = guest
-
-# DEPRECATED: The RabbitMQ password. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_password = guest
-
-# The RabbitMQ login method. (string value)
-# Possible values:
-# PLAIN - <No description provided>
-# AMQPLAIN - <No description provided>
-# RABBIT-CR-DEMO - <No description provided>
-#rabbit_login_method = AMQPLAIN
-
-# DEPRECATED: The RabbitMQ virtual host. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_virtual_host = /
-
-# How frequently to retry connecting with RabbitMQ. (integer value)
-#rabbit_retry_interval = 1
-
-# How long to backoff for between retries when connecting to RabbitMQ. (integer
-# value)
-#rabbit_retry_backoff = 2
-
-# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-# (integer value)
-#rabbit_interval_max = 30
-
-# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#rabbit_max_retries = 0
-
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
-# is no longer controlled by the x-ha-policy argument when declaring a queue. If
-# you just want to make sure that all queues (except those with auto-generated
-# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
-# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
-#rabbit_ha_queues = false
-
-# Positive integer representing duration in seconds for queue TTL (x-expires).
-# Queues which are unused for the duration of the TTL are automatically deleted.
-# The parameter affects only reply and fanout queues. (integer value)
-# Minimum value: 1
-#rabbit_transient_queues_ttl = 1800
-
-# Specifies the number of messages to prefetch. Setting to zero allows unlimited
-# messages. (integer value)
-#rabbit_qos_prefetch_count = 0
-
-# Number of seconds after which the Rabbit broker is considered down if
-# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
-# value)
-#heartbeat_timeout_threshold = 60
-
-# How often times during the heartbeat_timeout_threshold we check the heartbeat.
-# (integer value)
-#heartbeat_rate = 2
-
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger period.
-# The value of 0 specifies no linger period. Pending messages shall be discarded
-# immediately when the socket is closed. Positive values specify an upper bound
-# for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target (
-# < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to skip
-# any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value and
-# 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0) means
-# to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not
-# tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-
-[oslo_middleware]
-
-#
-# From oslo.middleware.http_proxy_to_wsgi
-#
-
-# Whether the application is behind a proxy or not. This determines if the
-# middleware should parse the headers or not. (boolean value)
-#enable_proxy_headers_parsing = false
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check (string
-# value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
-
-
-[paste_deploy]
-
-#
-# From glance.api
-#
-
-#
-# Deployment flavor to use in the server application pipeline.
-#
-# Provide a string value representing the appropriate deployment
-# flavor used in the server application pipleline. This is typically
-# the partial name of a pipeline in the paste configuration file with
-# the service name removed.
-#
-# For example, if your paste section name in the paste configuration
-# file is [pipeline:glance-api-keystone], set ``flavor`` to
-# ``keystone``.
-#
-# Possible values:
-#     * String value representing a partial pipeline name.
-#
-# Related Options:
-#     * config_file
-#
-#  (string value)
-#flavor = keystone
-
-#
-# Name of the paste configuration file.
-#
-# Provide a string value representing the name of the paste
-# configuration file to use for configuring piplelines for
-# server application deployments.
-#
-# NOTES:
-#     * Provide the name or the path relative to the glance directory
-#       for the paste configuration file and not the absolute path.
-#     * The sample paste configuration file shipped with Glance need
-#       not be edited in most cases as it comes with ready-made
-#       pipelines for all common deployment flavors.
-#
-# If no value is specified for this option, the ``paste.ini`` file
-# with the prefix of the corresponding Glance service's configuration
-# file name will be searched for in the known configuration
-# directories. (For example, if this option is missing from or has no
-# value set in ``glance-api.conf``, the service will look for a file
-# named ``glance-api-paste.ini``.) If the paste configuration file is
-# not found, the service will not start.
-#
-# Possible values:
-#     * A string value representing the name of the paste configuration
-#       file.
-#
-# Related Options:
-#     * flavor
-#
-#  (string value)
-#config_file = glance-api-paste.ini
-
-
-[profiler]
-
-#
-# From glance.api
-#
-
-#
-# Enable the profiling for all services on this node.
-#
-# Default value is False (fully disable the profiling feature).
-#
-# Possible values:
-#
-# * True: Enables the feature
-# * False: Disables the feature. The profiling cannot be started via this
-# project
-#   operations. If the profiling is triggered by another project, this project
-#   part will be empty.
-#  (boolean value)
-# Deprecated group/name - [profiler]/profiler_enabled
-#enabled = false
-
-#
-# Enable SQL requests profiling in services.
-#
-# Default value is False (SQL requests won't be traced).
-#
-# Possible values:
-#
-# * True: Enables SQL requests profiling. Each SQL query will be part of the
-#   trace and can the be analyzed by how much time was spent for that.
-# * False: Disables SQL requests profiling. The spent time is only shown on a
-#   higher level of operations. Single SQL queries cannot be analyzed this way.
-#  (boolean value)
-#trace_sqlalchemy = false
-
-#
-# Secret key(s) to use for encrypting context data for performance profiling.
-#
-# This string value should have the following format: <key1>[,<key2>,...<keyn>],
-# where each key is some random string. A user who triggers the profiling via
-# the REST API has to set one of these keys in the headers of the REST API call
-# to include profiling results of this node for this particular project.
-#
-# Both "enabled" flag and "hmac_keys" config options should be set to enable
-# profiling. Also, to generate correct profiling information across all services
-# at least one key needs to be consistent between OpenStack projects. This
-# ensures it can be used from client side to generate the trace, containing
-# information from all possible resources.
-#  (string value)
-#hmac_keys = SECRET_KEY
-
-#
-# Connection string for a notifier backend.
-#
-# Default value is ``messaging://`` which sets the notifier to oslo_messaging.
-#
-# Examples of possible values:
-#
-# * ``messaging://`` - use oslo_messaging driver for sending spans.
-# * ``redis://127.0.0.1:6379`` - use redis driver for sending spans.
-# * ``mongodb://127.0.0.1:27017`` - use mongodb driver for sending spans.
-# * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch driver for sending
-#   spans.
-# * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver for sending
-# spans.
-#  (string value)
-#connection_string = messaging://
-
-#
-# Document type for notification indexing in elasticsearch.
-#  (string value)
-#es_doc_type = notification
-
-#
-# This parameter is a time value parameter (for example: es_scroll_time=2m),
-# indicating for how long the nodes that participate in the search will maintain
-# relevant resources in order to continue and support it.
-#  (string value)
-#es_scroll_time = 2m
-
-#
-# Elasticsearch splits large requests in batches. This parameter defines
-# maximum size of each batch (for example: es_scroll_size=10000).
-#  (integer value)
-#es_scroll_size = 10000
-
-#
-# Redissentinel provides a timeout option on the connections.
-# This parameter defines that timeout (for example: socket_timeout=0.1).
-#  (floating point value)
-#socket_timeout = 0.1
-
-#
-# Redissentinel uses a service name to identify a master redis service.
-# This parameter defines the name (for example:
-# ``sentinal_service_name=mymaster``).
-#  (string value)
-#sentinel_service_name = mymaster
-
-#
-# Enable filter traces that contain error/exception to a separated place.
-#
-# Default value is set to False.
-#
-# Possible values:
-#
-# * True: Enable filter traces that contain error/exception.
-# * False: Disable the filter.
-#  (boolean value)
-#filter_error_trace = false
-
-
-[store_type_location_strategy]
-
-#
-# From glance.api
-#
-
-#
-# Preference order of storage backends.
-#
-# Provide a comma separated list of store names in the order in
-# which images should be retrieved from storage backends.
-# These store names must be registered with the ``stores``
-# configuration option.
-#
-# NOTE: The ``store_type_preference`` configuration option is applied
-# only if ``store_type`` is chosen as a value for the
-# ``location_strategy`` configuration option. An empty list will not
-# change the location order.
-#
-# Possible values:
-#     * Empty list
-#     * Comma separated list of registered store names. Legal values are:
-#         * file
-#         * http
-#         * rbd
-#         * swift
-#         * sheepdog
-#         * cinder
-#         * vmware
-#
-# Related options:
-#     * location_strategy
-#     * stores
-#
-#  (list value)
-#store_type_preference =
-
-
-[task]
-
-#
-# From glance.api
-#
-
-# Time in hours for which a task lives after, either succeeding or failing
-# (integer value)
-# Deprecated group/name - [DEFAULT]/task_time_to_live
-#task_time_to_live = 48
-
-#
-# Task executor to be used to run task scripts.
-#
-# Provide a string value representing the executor to use for task
-# executions. By default, ``TaskFlow`` executor is used.
-#
-# ``TaskFlow`` helps make task executions easy, consistent, scalable
-# and reliable. It also enables creation of lightweight task objects
-# and/or functions that are combined together into flows in a
-# declarative manner.
-#
-# Possible values:
-#     * taskflow
-#
-# Related Options:
-#     * None
-#
-#  (string value)
-#task_executor = taskflow
-
-#
-# Absolute path to the work directory to use for asynchronous
-# task operations.
-#
-# The directory set here will be used to operate over images -
-# normally before they are imported in the destination store.
-#
-# NOTE: When providing a value for ``work_dir``, please make sure
-# that enough space is provided for concurrent tasks to run
-# efficiently without running out of space.
-#
-# A rough estimation can be done by multiplying the number of
-# ``max_workers`` with an average image size (e.g 500MB). The image
-# size estimation should be done based on the average size in your
-# deployment. Note that depending on the tasks running you may need
-# to multiply this number by some factor depending on what the task
-# does. For example, you may want to double the available size if
-# image conversion is enabled. All this being said, remember these
-# are just estimations and you should do them based on the worst
-# case scenario and be prepared to act in case they were wrong.
-#
-# Possible values:
-#     * String value representing the absolute path to the working
-#       directory
-#
-# Related Options:
-#     * None
-#
-#  (string value)
-#work_dir = /work_dir
-
-
-[taskflow_executor]
-
-#
-# From glance.api
-#
-
-#
-# Set the taskflow engine mode.
-#
-# Provide a string type value to set the mode in which the taskflow
-# engine would schedule tasks to the workers on the hosts. Based on
-# this mode, the engine executes tasks either in single or multiple
-# threads. The possible values for this configuration option are:
-# ``serial`` and ``parallel``. When set to ``serial``, the engine runs
-# all the tasks in a single thread which results in serial execution
-# of tasks. Setting this to ``parallel`` makes the engine run tasks in
-# multiple threads. This results in parallel execution of tasks.
-#
-# Possible values:
-#     * serial
-#     * parallel
-#
-# Related options:
-#     * max_workers
-#
-#  (string value)
-# Possible values:
-# serial - <No description provided>
-# parallel - <No description provided>
-#engine_mode = parallel
-
-#
-# Set the number of engine executable tasks.
-#
-# Provide an integer value to limit the number of workers that can be
-# instantiated on the hosts. In other words, this number defines the
-# number of parallel tasks that can be executed at the same time by
-# the taskflow engine. This value can be greater than one when the
-# engine mode is set to parallel.
-#
-# Possible values:
-#     * Integer value greater than or equal to 1
-#
-# Related options:
-#     * engine_mode
-#
-#  (integer value)
-# Minimum value: 1
-# Deprecated group/name - [task]/eventlet_executor_pool_size
-#max_workers = 10
-
-#
-# Set the desired image conversion format.
-#
-# Provide a valid image format to which you want images to be
-# converted before they are stored for consumption by Glance.
-# Appropriate image format conversions are desirable for specific
-# storage backends in order to facilitate efficient handling of
-# bandwidth and usage of the storage infrastructure.
-#
-# By default, ``conversion_format`` is not set and must be set
-# explicitly in the configuration file.
-#
-# The allowed values for this option are ``raw``, ``qcow2`` and
-# ``vmdk``. The  ``raw`` format is the unstructured disk format and
-# should be chosen when RBD or Ceph storage backends are used for
-# image storage. ``qcow2`` is supported by the QEMU emulator that
-# expands dynamically and supports Copy on Write. The ``vmdk`` is
-# another common disk format supported by many common virtual machine
-# monitors like VMWare Workstation.
-#
-# Possible values:
-#     * qcow2
-#     * raw
-#     * vmdk
-#
-# Related options:
-#     * disk_formats
-#
-#  (string value)
-# Possible values:
-# qcow2 - <No description provided>
-# raw - <No description provided>
-# vmdk - <No description provided>
-#conversion_format = raw
+#retry_delay = 1
+
+# Number of times to retry poll for key creation completion (integer value)
+#number_of_retries = 60
+
+# Specifies if insecure TLS (https) requests. If False, the server's
+# certificate will not be validated (boolean value)
+#verify_ssl = true
+
+# Specifies the type of endpoint.  Allowed values are: public, internal, and
+# admin (string value)
+# Possible values:
+# public - <No description provided>
+# internal - <No description provided>
+# admin - <No description provided>
+#barbican_endpoint_type = public
+barbican_endpoint_type = internal

2019-04-30 22:14:51,082 [salt.state       :1951][INFO    ][14121] Completed state [/etc/glance/glance-api.conf] at time 22:14:51.082744 duration_in_ms=325.766
2019-04-30 22:14:51,083 [salt.state       :1780][INFO    ][14121] Running state [/etc/glance/glance-api-paste.ini] at time 22:14:51.083278
2019-04-30 22:14:51,083 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/glance/glance-api-paste.ini]
2019-04-30 22:14:51,097 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/files/rocky/glance-api-paste.ini'
2019-04-30 22:14:51,127 [salt.state       :300 ][INFO    ][14121] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
+
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
 pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
@@ -12,7 +13,7 @@
 
 # Use this pipeline for keystone auth
 [pipeline:glance-api-keystone]
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context  rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
 
 # Use this pipeline for keystone auth with image caching
 [pipeline:glance-api-keystone+caching]

2019-04-30 22:14:51,127 [salt.state       :1951][INFO    ][14121] Completed state [/etc/glance/glance-api-paste.ini] at time 22:14:51.127594 duration_in_ms=44.317
2019-04-30 22:14:51,128 [salt.state       :1780][INFO    ][14121] Running state [glance-manage db_sync] at time 22:14:51.128622
2019-04-30 22:14:51,128 [salt.state       :1813][INFO    ][14121] Executing state cmd.run for [glance-manage db_sync]
2019-04-30 22:14:51,129 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command '/bin/false' in directory '/root'
2019-04-30 22:14:51,139 [salt.state       :300 ][INFO    ][14121] onlyif execution failed
2019-04-30 22:14:51,139 [salt.state       :1951][INFO    ][14121] Completed state [glance-manage db_sync] at time 22:14:51.139828 duration_in_ms=11.206
2019-04-30 22:14:51,142 [salt.state       :1780][INFO    ][14121] Running state [glance-manage db_load_metadefs] at time 22:14:51.142748
2019-04-30 22:14:51,143 [salt.state       :1813][INFO    ][14121] Executing state cmd.run for [glance-manage db_load_metadefs]
2019-04-30 22:14:51,144 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command '/bin/false' in directory '/root'
2019-04-30 22:14:51,155 [salt.state       :300 ][INFO    ][14121] onlyif execution failed
2019-04-30 22:14:51,155 [salt.state       :1951][INFO    ][14121] Completed state [glance-manage db_load_metadefs] at time 22:14:51.155726 duration_in_ms=12.978
2019-04-30 22:14:51,157 [salt.state       :1780][INFO    ][14121] Running state [/etc/default/glance-api] at time 22:14:51.157028
2019-04-30 22:14:51,157 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/default/glance-api]
2019-04-30 22:14:51,180 [salt.fileclient  :1219][INFO    ][14121] Fetching file from saltenv 'base', ** done ** 'glance/files/default'
2019-04-30 22:14:51,190 [salt.state       :300 ][INFO    ][14121] File changed:
New file
2019-04-30 22:14:51,190 [salt.state       :1951][INFO    ][14121] Completed state [/etc/default/glance-api] at time 22:14:51.190837 duration_in_ms=33.809
2019-04-30 22:14:51,191 [salt.state       :1780][INFO    ][14121] Running state [/etc/default/glance-registry] at time 22:14:51.191146
2019-04-30 22:14:51,191 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/default/glance-registry]
2019-04-30 22:14:51,205 [salt.state       :300 ][INFO    ][14121] File changed:
New file
2019-04-30 22:14:51,205 [salt.state       :1951][INFO    ][14121] Completed state [/etc/default/glance-registry] at time 22:14:51.205296 duration_in_ms=14.15
2019-04-30 22:14:51,205 [salt.state       :1780][INFO    ][14121] Running state [/etc/default/glance-glare] at time 22:14:51.205623
2019-04-30 22:14:51,205 [salt.state       :1813][INFO    ][14121] Executing state file.managed for [/etc/default/glance-glare]
2019-04-30 22:14:51,218 [salt.state       :300 ][INFO    ][14121] File changed:
New file
2019-04-30 22:14:51,219 [salt.state       :1951][INFO    ][14121] Completed state [/etc/default/glance-glare] at time 22:14:51.219125 duration_in_ms=13.502
2019-04-30 22:14:51,220 [salt.state       :1780][INFO    ][14121] Running state [glance-api] at time 22:14:51.220809
2019-04-30 22:14:51,221 [salt.state       :1813][INFO    ][14121] Executing state service.running for [glance-api]
2019-04-30 22:14:51,221 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'status', 'glance-api.service', '-n', '0'] in directory '/root'
2019-04-30 22:14:51,234 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'is-active', 'glance-api.service'] in directory '/root'
2019-04-30 22:14:51,246 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'is-enabled', 'glance-api.service'] in directory '/root'
2019-04-30 22:14:51,257 [salt.state       :300 ][INFO    ][14121] The service glance-api is already running
2019-04-30 22:14:51,257 [salt.state       :1951][INFO    ][14121] Completed state [glance-api] at time 22:14:51.257301 duration_in_ms=36.491
2019-04-30 22:14:51,257 [salt.state       :1780][INFO    ][14121] Running state [glance-api] at time 22:14:51.257519
2019-04-30 22:14:51,257 [salt.state       :1813][INFO    ][14121] Executing state service.mod_watch for [glance-api]
2019-04-30 22:14:51,258 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'is-active', 'glance-api.service'] in directory '/root'
2019-04-30 22:14:51,268 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'glance-api.service'] in directory '/root'
2019-04-30 22:14:51,305 [salt.state       :300 ][INFO    ][14121] {'glance-api': True}
2019-04-30 22:14:51,306 [salt.state       :1951][INFO    ][14121] Completed state [glance-api] at time 22:14:51.306303 duration_in_ms=48.782
2019-04-30 22:14:51,307 [salt.state       :1780][INFO    ][14121] Running state [glance-registry] at time 22:14:51.307886
2019-04-30 22:14:51,308 [salt.state       :1813][INFO    ][14121] Executing state service.running for [glance-registry]
2019-04-30 22:14:51,309 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'status', 'glance-registry.service', '-n', '0'] in directory '/root'
2019-04-30 22:14:51,321 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'is-active', 'glance-registry.service'] in directory '/root'
2019-04-30 22:14:51,330 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'is-enabled', 'glance-registry.service'] in directory '/root'
2019-04-30 22:14:51,340 [salt.state       :300 ][INFO    ][14121] The service glance-registry is already running
2019-04-30 22:14:51,340 [salt.state       :1951][INFO    ][14121] Completed state [glance-registry] at time 22:14:51.340279 duration_in_ms=32.393
2019-04-30 22:14:51,340 [salt.state       :1780][INFO    ][14121] Running state [glance-registry] at time 22:14:51.340485
2019-04-30 22:14:51,340 [salt.state       :1813][INFO    ][14121] Executing state service.mod_watch for [glance-registry]
2019-04-30 22:14:51,341 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemctl', 'is-active', 'glance-registry.service'] in directory '/root'
2019-04-30 22:14:51,351 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'glance-registry.service'] in directory '/root'
2019-04-30 22:14:51,369 [salt.state       :300 ][INFO    ][14121] {'glance-registry': True}
2019-04-30 22:14:51,369 [salt.state       :1951][INFO    ][14121] Completed state [glance-registry] at time 22:14:51.369770 duration_in_ms=29.284
2019-04-30 22:14:51,375 [salt.state       :1780][INFO    ][14121] Running state [glance-cache-pruner] at time 22:14:51.375302
2019-04-30 22:14:51,375 [salt.state       :1813][INFO    ][14121] Executing state cron.present for [glance-cache-pruner]
2019-04-30 22:14:51,376 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command 'crontab -u glance -l' in directory '/root'
2019-04-30 22:14:51,400 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command 'crontab -u glance /tmp/__salt.tmp.v27ocW' in directory '/root'
2019-04-30 22:14:51,471 [salt.state       :300 ][INFO    ][14121] {'glance': 'glance-cache-pruner'}
2019-04-30 22:14:51,471 [salt.state       :1951][INFO    ][14121] Completed state [glance-cache-pruner] at time 22:14:51.471695 duration_in_ms=96.392
2019-04-30 22:14:51,472 [salt.state       :1780][INFO    ][14121] Running state [glance-cache-cleaner] at time 22:14:51.472366
2019-04-30 22:14:51,472 [salt.state       :1813][INFO    ][14121] Executing state cron.present for [glance-cache-cleaner]
2019-04-30 22:14:51,473 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command 'crontab -u glance -l' in directory '/root'
2019-04-30 22:14:51,484 [salt.loaded.int.module.cmdmod:395 ][INFO    ][14121] Executing command 'crontab -u glance /tmp/__salt.tmp.8eihML' in directory '/root'
2019-04-30 22:14:51,506 [salt.state       :300 ][INFO    ][14121] {'glance': 'glance-cache-cleaner'}
2019-04-30 22:14:51,506 [salt.state       :1951][INFO    ][14121] Completed state [glance-cache-cleaner] at time 22:14:51.506616 duration_in_ms=34.25
2019-04-30 22:14:51,507 [salt.state       :1780][INFO    ][14121] Running state [/srv/glance] at time 22:14:51.507596
2019-04-30 22:14:51,508 [salt.state       :1813][INFO    ][14121] Executing state file.directory for [/srv/glance]
2019-04-30 22:14:51,514 [salt.state       :300 ][INFO    ][14121] {'/srv/glance': 'New Dir'}
2019-04-30 22:14:51,514 [salt.state       :1951][INFO    ][14121] Completed state [/srv/glance] at time 22:14:51.514548 duration_in_ms=6.952
2019-04-30 22:14:51,515 [salt.state       :1780][INFO    ][14121] Running state [/var/lib/glance/images] at time 22:14:51.515123
2019-04-30 22:14:51,515 [salt.state       :1813][INFO    ][14121] Executing state file.directory for [/var/lib/glance/images]
2019-04-30 22:14:51,517 [salt.state       :300 ][INFO    ][14121] Directory /var/lib/glance/images is in the correct state
Directory /var/lib/glance/images updated
2019-04-30 22:14:51,517 [salt.state       :1951][INFO    ][14121] Completed state [/var/lib/glance/images] at time 22:14:51.517236 duration_in_ms=2.113
2019-04-30 22:14:51,521 [salt.minion      :1711][INFO    ][14121] Returning information for job: 20190430221416422459
2019-04-30 22:19:17,385 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430221917374729
2019-04-30 22:19:17,395 [salt.minion      :1432][INFO    ][15828] Starting a new job with PID 15828
2019-04-30 22:19:24,017 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:19:24,055 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/init.sls'
2019-04-30 22:19:24,076 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/controller.sls'
2019-04-30 22:19:24,669 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/db/offline_sync.sls'
2019-04-30 22:19:24,799 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/db/online_sync.sls'
2019-04-30 22:19:24,888 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/_ssl/mysql.sls'
2019-04-30 22:19:24,983 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/_ssl/rabbitmq.sls'
2019-04-30 22:19:25,880 [salt.state       :1780][INFO    ][15828] Running state [apache2] at time 22:19:25.880579
2019-04-30 22:19:25,880 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [apache2]
2019-04-30 22:19:25,881 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:19:26,158 [salt.state       :300 ][INFO    ][15828] All specified packages are already installed
2019-04-30 22:19:26,158 [salt.state       :1951][INFO    ][15828] Completed state [apache2] at time 22:19:26.158586 duration_in_ms=278.007
2019-04-30 22:19:26,158 [salt.state       :1780][INFO    ][15828] Running state [openssl] at time 22:19:26.158832
2019-04-30 22:19:26,159 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [openssl]
2019-04-30 22:19:26,163 [salt.state       :300 ][INFO    ][15828] All specified packages are already installed
2019-04-30 22:19:26,163 [salt.state       :1951][INFO    ][15828] Completed state [openssl] at time 22:19:26.163917 duration_in_ms=5.085
2019-04-30 22:19:26,164 [salt.state       :1780][INFO    ][15828] Running state [a2enmod ssl] at time 22:19:26.164544
2019-04-30 22:19:26,164 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [a2enmod ssl]
2019-04-30 22:19:26,165 [salt.state       :300 ][INFO    ][15828] /etc/apache2/mods-enabled/ssl.load exists
2019-04-30 22:19:26,165 [salt.state       :1951][INFO    ][15828] Completed state [a2enmod ssl] at time 22:19:26.165120 duration_in_ms=0.576
2019-04-30 22:19:26,165 [salt.state       :1780][INFO    ][15828] Running state [a2enmod rewrite] at time 22:19:26.165491
2019-04-30 22:19:26,165 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [a2enmod rewrite]
2019-04-30 22:19:26,165 [salt.state       :300 ][INFO    ][15828] /etc/apache2/mods-enabled/rewrite.load exists
2019-04-30 22:19:26,166 [salt.state       :1951][INFO    ][15828] Completed state [a2enmod rewrite] at time 22:19:26.166015 duration_in_ms=0.524
2019-04-30 22:19:26,166 [salt.state       :1780][INFO    ][15828] Running state [libapache2-mod-wsgi] at time 22:19:26.166415
2019-04-30 22:19:26,166 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [libapache2-mod-wsgi]
2019-04-30 22:19:26,171 [salt.state       :300 ][INFO    ][15828] All specified packages are already installed
2019-04-30 22:19:26,171 [salt.state       :1951][INFO    ][15828] Completed state [libapache2-mod-wsgi] at time 22:19:26.171354 duration_in_ms=4.939
2019-04-30 22:19:26,171 [salt.state       :1780][INFO    ][15828] Running state [a2enmod wsgi] at time 22:19:26.171714
2019-04-30 22:19:26,171 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [a2enmod wsgi]
2019-04-30 22:19:26,172 [salt.state       :300 ][INFO    ][15828] /etc/apache2/mods-enabled/wsgi.load exists
2019-04-30 22:19:26,172 [salt.state       :1951][INFO    ][15828] Completed state [a2enmod wsgi] at time 22:19:26.172243 duration_in_ms=0.528
2019-04-30 22:19:26,172 [salt.state       :1780][INFO    ][15828] Running state [a2enmod status -q] at time 22:19:26.172604
2019-04-30 22:19:26,172 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [a2enmod status -q]
2019-04-30 22:19:26,173 [salt.state       :300 ][INFO    ][15828] /etc/apache2/mods-enabled/status.load exists
2019-04-30 22:19:26,173 [salt.state       :1951][INFO    ][15828] Completed state [a2enmod status -q] at time 22:19:26.173150 duration_in_ms=0.545
2019-04-30 22:19:26,176 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:19:26.175972
2019-04-30 22:19:26,176 [salt.state       :1813][INFO    ][15828] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.load]
2019-04-30 22:19:26,176 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2019-04-30 22:19:26,176 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:19:26.176551 duration_in_ms=0.579
2019-04-30 22:19:26,176 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:19:26.176719
2019-04-30 22:19:26,176 [salt.state       :1813][INFO    ][15828] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.conf]
2019-04-30 22:19:26,177 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2019-04-30 22:19:26,177 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:19:26.177213 duration_in_ms=0.493
2019-04-30 22:19:26,177 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:19:26.177365
2019-04-30 22:19:26,177 [salt.state       :1813][INFO    ][15828] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.load]
2019-04-30 22:19:26,177 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2019-04-30 22:19:26,177 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:19:26.177847 duration_in_ms=0.483
2019-04-30 22:19:26,178 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:19:26.177996
2019-04-30 22:19:26,178 [salt.state       :1813][INFO    ][15828] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.conf]
2019-04-30 22:19:26,178 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2019-04-30 22:19:26,178 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:19:26.178491 duration_in_ms=0.494
2019-04-30 22:19:26,180 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 22:19:26.180163
2019-04-30 22:19:26,180 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/mods-available/mpm_event.conf]
2019-04-30 22:19:26,228 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/mods-available/mpm_event.conf is in the correct state
2019-04-30 22:19:26,228 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 22:19:26.228170 duration_in_ms=48.007
2019-04-30 22:19:26,228 [salt.state       :1780][INFO    ][15828] Running state [a2enmod mpm_event] at time 22:19:26.228874
2019-04-30 22:19:26,229 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [a2enmod mpm_event]
2019-04-30 22:19:26,229 [salt.state       :300 ][INFO    ][15828] /etc/apache2/mods-enabled/mpm_event.load exists
2019-04-30 22:19:26,229 [salt.state       :1951][INFO    ][15828] Completed state [a2enmod mpm_event] at time 22:19:26.229408 duration_in_ms=0.535
2019-04-30 22:19:26,229 [salt.state       :1780][INFO    ][15828] Running state [apache_server_service_task] at time 22:19:26.229923
2019-04-30 22:19:26,230 [salt.state       :1813][INFO    ][15828] Executing state test.show_notification for [apache_server_service_task]
2019-04-30 22:19:26,230 [salt.state       :300 ][INFO    ][15828] Running apache.server.service
2019-04-30 22:19:26,230 [salt.state       :1951][INFO    ][15828] Completed state [apache_server_service_task] at time 22:19:26.230412 duration_in_ms=0.489
2019-04-30 22:19:26,230 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/ports.conf] at time 22:19:26.230782
2019-04-30 22:19:26,230 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/ports.conf]
2019-04-30 22:19:26,335 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/ports.conf is in the correct state
2019-04-30 22:19:26,336 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/ports.conf] at time 22:19:26.336149 duration_in_ms=105.366
2019-04-30 22:19:26,336 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/conf-available/security.conf] at time 22:19:26.336588
2019-04-30 22:19:26,336 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/conf-available/security.conf]
2019-04-30 22:19:26,377 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/conf-available/security.conf is in the correct state
2019-04-30 22:19:26,377 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/conf-available/security.conf] at time 22:19:26.377674 duration_in_ms=41.086
2019-04-30 22:19:26,385 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 22:19:26.385587
2019-04-30 22:19:26,385 [salt.state       :1813][INFO    ][15828] Executing state file.absent for [/etc/apache2/sites-enabled/000-default.conf]
2019-04-30 22:19:26,386 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/sites-enabled/000-default.conf is not present
2019-04-30 22:19:26,386 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 22:19:26.386146 duration_in_ms=0.559
2019-04-30 22:19:26,386 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:19:26.386526
2019-04-30 22:19:26,386 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:19:26,521 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/sites-available/wsgi_barbican_admin.conf is in the correct state
2019-04-30 22:19:26,521 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:19:26.521430 duration_in_ms=134.903
2019-04-30 22:19:26,521 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:19:26.521798
2019-04-30 22:19:26,521 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:19:26,656 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/sites-available/wsgi_barbican.conf is in the correct state
2019-04-30 22:19:26,656 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:19:26.656470 duration_in_ms=134.671
2019-04-30 22:19:26,656 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:19:26.656888
2019-04-30 22:19:26,657 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/sites-available/keystone_wsgi.conf]
2019-04-30 22:19:26,838 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/sites-available/keystone_wsgi.conf is in the correct state
2019-04-30 22:19:26,838 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:19:26.838861 duration_in_ms=181.973
2019-04-30 22:19:26,839 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:19:26.839251
2019-04-30 22:19:26,839 [salt.state       :1813][INFO    ][15828] Executing state file.symlink for [/etc/apache2/sites-enabled/keystone_wsgi.conf]
2019-04-30 22:19:26,840 [salt.state       :300 ][INFO    ][15828] Symlink /etc/apache2/sites-enabled/keystone_wsgi.conf is present and owned by root:root
2019-04-30 22:19:26,840 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:19:26.840675 duration_in_ms=1.424
2019-04-30 22:19:26,843 [salt.state       :1780][INFO    ][15828] Running state [apache2] at time 22:19:26.843326
2019-04-30 22:19:26,843 [salt.state       :1813][INFO    ][15828] Executing state service.running for [apache2]
2019-04-30 22:19:26,843 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:19:26,863 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:19:26,873 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:19:26,884 [salt.state       :300 ][INFO    ][15828] The service apache2 is already running
2019-04-30 22:19:26,884 [salt.state       :1951][INFO    ][15828] Completed state [apache2] at time 22:19:26.884860 duration_in_ms=41.534
2019-04-30 22:19:26,885 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/conf-enabled/security.conf] at time 22:19:26.885825
2019-04-30 22:19:26,886 [salt.state       :1813][INFO    ][15828] Executing state file.symlink for [/etc/apache2/conf-enabled/security.conf]
2019-04-30 22:19:26,887 [salt.state       :300 ][INFO    ][15828] Symlink /etc/apache2/conf-enabled/security.conf is present and owned by root:root
2019-04-30 22:19:26,887 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/conf-enabled/security.conf] at time 22:19:26.887719 duration_in_ms=1.894
2019-04-30 22:19:26,887 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:19:26.887923
2019-04-30 22:19:26,888 [salt.state       :1813][INFO    ][15828] Executing state file.absent for [/etc/apache2/sites-enabled/keystone_wsgi]
2019-04-30 22:19:26,888 [salt.state       :300 ][INFO    ][15828] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2019-04-30 22:19:26,888 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:19:26.888506 duration_in_ms=0.583
2019-04-30 22:19:26,899 [salt.state       :1780][INFO    ][15828] Running state [debconf-utils] at time 22:19:26.899926
2019-04-30 22:19:26,900 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [debconf-utils]
2019-04-30 22:19:26,905 [salt.state       :300 ][INFO    ][15828] All specified packages are already installed
2019-04-30 22:19:26,905 [salt.state       :1951][INFO    ][15828] Completed state [debconf-utils] at time 22:19:26.905873 duration_in_ms=5.948
2019-04-30 22:19:26,906 [salt.state       :1780][INFO    ][15828] Running state [nova-consoleproxy] at time 22:19:26.906234
2019-04-30 22:19:26,906 [salt.state       :1813][INFO    ][15828] Executing state debconf.set for [nova-consoleproxy]
2019-04-30 22:19:26,906 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'debconf-get-selections' in directory '/root'
2019-04-30 22:19:27,029 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'debconf-set-selections /tmp/salt-WUX17N' in directory '/root'
2019-04-30 22:19:27,215 [salt.state       :300 ][INFO    ][15828] {'nova-consoleproxy/daemon_type': 'novnc'}
2019-04-30 22:19:27,215 [salt.state       :1951][INFO    ][15828] Completed state [nova-consoleproxy] at time 22:19:27.215858 duration_in_ms=309.624
2019-04-30 22:19:27,227 [salt.state       :1780][INFO    ][15828] Running state [nova] at time 22:19:27.227490
2019-04-30 22:19:27,227 [salt.state       :1813][INFO    ][15828] Executing state group.present for [nova]
2019-04-30 22:19:27,228 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['groupadd', '-g 303', '-r', 'nova'] in directory '/root'
2019-04-30 22:19:27,301 [salt.state       :300 ][INFO    ][15828] {'passwd': 'x', 'gid': 303, 'name': 'nova', 'members': []}
2019-04-30 22:19:27,301 [salt.state       :1951][INFO    ][15828] Completed state [nova] at time 22:19:27.301420 duration_in_ms=73.929
2019-04-30 22:19:27,302 [salt.state       :1780][INFO    ][15828] Running state [nova] at time 22:19:27.302138
2019-04-30 22:19:27,302 [salt.state       :1813][INFO    ][15828] Executing state user.present for [nova]
2019-04-30 22:19:27,303 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['useradd', '-s', '/bin/false', '-u', '303', '-g', '303', '-m', '-d', '/var/lib/nova', '-r', 'nova'] in directory '/root'
2019-04-30 22:19:27,423 [salt.state       :300 ][INFO    ][15828] {'shell': '/bin/false', 'workphone': '', 'uid': 303, 'passwd': 'x', 'roomnumber': '', 'groups': ['nova'], 'home': '/var/lib/nova', 'name': 'nova', 'gid': 303, 'fullname': '', 'homephone': ''}
2019-04-30 22:19:27,423 [salt.state       :1951][INFO    ][15828] Completed state [nova] at time 22:19:27.423343 duration_in_ms=121.205
2019-04-30 22:19:27,424 [salt.state       :1780][INFO    ][15828] Running state [nova-api] at time 22:19:27.424263
2019-04-30 22:19:27,424 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [nova-api]
2019-04-30 22:19:27,440 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['apt-cache', '-q', 'policy', 'nova-api'] in directory '/root'
2019-04-30 22:19:27,483 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:19:28,973 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:19:28,993 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-api'] in directory '/root'
2019-04-30 22:19:32,408 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430221932395545
2019-04-30 22:19:32,421 [salt.minion      :1432][INFO    ][16413] Starting a new job with PID 16413
2019-04-30 22:19:32,435 [salt.minion      :1711][INFO    ][16413] Returning information for job: 20190430221932395545
2019-04-30 22:20:02,457 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430222002445769
2019-04-30 22:20:02,470 [salt.minion      :1432][INFO    ][17824] Starting a new job with PID 17824
2019-04-30 22:20:02,484 [salt.minion      :1711][INFO    ][17824] Returning information for job: 20190430222002445769
2019-04-30 22:20:14,666 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:20:14,699 [salt.state       :300 ][INFO    ][15828] Made the following changes:
'libbluetooth3' changed from 'absent' to '5.37-0ubuntu5.1'
'python-pypowervm' changed from 'absent' to '1.1.16-1~u16.04+mcp'
'libiscsi2' changed from 'absent' to '1.12.0-2'
'zvmcloudconnector-common' changed from 'absent' to '1.2.3-0ubuntu3~u16.04+mcp'
'libavahi-common3' changed from 'absent' to '0.6.32~rc+dfsg-1ubuntu2.3'
'libboost-thread1.58.0' changed from 'absent' to '1.58.0+dfsg-5ubuntu3.1'
'qemu-keymaps' changed from 'absent' to '1'
'qemu-kvm-spice' changed from 'absent' to '1'
'python-microversion-parse' changed from 'absent' to '0.2.1-0.1~u16.04+mcp'
'libyajl2' changed from 'absent' to '2.1.0-2'
'libnss3' changed from 'absent' to '2:3.28.4-0ubuntu0.16.04.5'
'python-paramiko' changed from 'absent' to '2.0.0-1.1~u16.04+mcp2'
'libasyncns0' changed from 'absent' to '0.8-5build1'
'libaugeas0' changed from 'absent' to '1.4.0-0ubuntu1.1'
'libpciaccess0' changed from 'absent' to '0.13.4-1'
'libfdt1' changed from 'absent' to '1.4.2-1.2~u16.04+mcp2'
'python-nova' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'
'libpixman-1-0' changed from 'absent' to '0.33.6-1'
'augeas-lenses' changed from 'absent' to '1.4.0-0ubuntu1.1'
'nova-api' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'
'qemu-system-x86' changed from 'absent' to '1:2.11+dfsg-1.7.12~u16.04+mcp'
'ipxe-qemu' changed from 'absent' to '1.0.0+git-20180124.fbe8c52d-0.2.1~u16.04+mcp1'
'libboost-random1.58.0' changed from 'absent' to '1.58.0+dfsg-5ubuntu3.1'
'python-pymemcache' changed from 'absent' to '1.3.2-2ubuntu1'
'python-oslo.versionedobjects' changed from 'absent' to '1.33.3-1~u16.04+mcp9'
'libsndfile1' changed from 'absent' to '1.0.25-10ubuntu0.16.04.1'
'nova-common' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'
'libxml2-utils' changed from 'absent' to '2.9.3+dfsg1-1ubuntu0.6'
'libvorbis0a' changed from 'absent' to '1.3.5-3ubuntu0.2'
'libspice-server1' changed from 'absent' to '0.12.6-4ubuntu0.4'
'libboost-iostreams1.58.0' changed from 'absent' to '1.58.0+dfsg-5ubuntu3.1'
'python-tooz' changed from 'absent' to '1.60.1-1.0~u16.04+mcp2'
'libboost-system1.58.0' changed from 'absent' to '1.58.0+dfsg-5ubuntu3.1'
'libcaca0' changed from 'absent' to '0.99.beta19-2ubuntu0.16.04.1'
'libnss3-nssdb' changed from 'absent' to '2:3.28.4-0ubuntu0.16.04.5'
'qemu-system-i386' changed from 'absent' to '1'
'libvirt0' changed from 'absent' to '4.0.0-1.8.5~u16.04+mcp1'
'qemu-system-common' changed from 'absent' to '1:2.11+dfsg-1.7.12~u16.04+mcp'
'libvirt-daemon-driver-storage-rbd' changed from 'absent' to '4.0.0-1.8.5~u16.04+mcp1'
'libopus0' changed from 'absent' to '1.1.2-1ubuntu1'
'python2.7-paramiko' changed from 'absent' to '1'
'python-libvirt' changed from 'absent' to '3.5.0-1.1~u16.04+mcp3'
'libusbredirparser1' changed from 'absent' to '0.7.1-1'
'ipxe-qemu-256k-compat-efi-roms' changed from 'absent' to '1.0.0+git-20150424.a25a16d-0.2~u16.04+mcp1'
'python-redis' changed from 'absent' to '2.10.5-1ubuntu1'
'python-os-traits' changed from 'absent' to '0.5.0-1.0~u16.04+mcp5'
'python-os-vif' changed from 'absent' to '1.9.1-1.0~u16.04+mcp6'
'qemu-system-x86-64' changed from 'absent' to '1'
'libnspr4' changed from 'absent' to '2:4.13.1-0ubuntu0.16.04.1'
'seabios' changed from 'absent' to '1.10.2-1.1~u16.04+mcp2'
'libavahi-client3' changed from 'absent' to '0.6.32~rc+dfsg-1ubuntu2.3'
'python-oslo.reports' changed from 'absent' to '1.28.0-2~u16.04+mcp6'
'python-os-xenapi' changed from 'absent' to '0.3.3-1~u16.04+mcp'
'libasound2' changed from 'absent' to '1.1.0-0ubuntu1'
'libxen-4.6' changed from 'absent' to '4.6.5-0ubuntu1.4'
'libxenstore3.0' changed from 'absent' to '4.6.5-0ubuntu1.4'
'python-zvmcloudconnector' changed from 'absent' to '1.2.3-0ubuntu3~u16.04+mcp'
'libcacard0' changed from 'absent' to '1:2.5.0-2'
'libsdl1.2debian' changed from 'absent' to '1.2.15+dfsg1-3'
'libvirt-daemon' changed from 'absent' to '4.0.0-1.8.5~u16.04+mcp1'
'libvorbisenc2' changed from 'absent' to '1.3.5-3ubuntu0.2'
'librados2' changed from 'absent' to '10.2.11-0ubuntu0.16.04.1'
'msr-tools' changed from 'absent' to '1.3-2'
'libogg0' changed from 'absent' to '1.3.2-1'
'libasound2-data' changed from 'absent' to '1.1.0-0ubuntu1'
'librbd1' changed from 'absent' to '10.2.11-0ubuntu0.16.04.1'
'qemu-block-extra' changed from 'absent' to '1:2.11+dfsg-1.7.12~u16.04+mcp'
'sharutils' changed from 'absent' to '1:4.15.2-1ubuntu0.1'
'kvm' changed from 'absent' to '1'
'qemu-utils' changed from 'absent' to '1:2.11+dfsg-1.7.12~u16.04+mcp'
'python-zake' changed from 'absent' to '0.1.6-1'
'python2.7-nova' changed from 'absent' to '1'
'qemu-kvm' changed from 'absent' to '1:2.11+dfsg-1.7.12~u16.04+mcp'
'python-pyroute2' changed from 'absent' to '0.4.21-0.1~u16.04+mcp1'
'libbrlapi0.6' changed from 'absent' to '5.3.1-2ubuntu2.1'
'libpulse0' changed from 'absent' to '1:8.0-0ubuntu3.10'
'libnetcf1' changed from 'absent' to '1:0.2.8-1ubuntu1'
'python-voluptuous' changed from 'absent' to '0.9.3-1.1~u16.04+mcp2'
'python2.7-pyroute2' changed from 'absent' to '1'
'libavahi-common-data' changed from 'absent' to '0.6.32~rc+dfsg-1ubuntu2.3'
'libflac8' changed from 'absent' to '1.3.1-4'
'cpu-checker' changed from 'absent' to '0.7-0ubuntu7'

2019-04-30 22:20:14,729 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:20:14,752 [salt.state       :1951][INFO    ][15828] Completed state [nova-api] at time 22:20:14.752310 duration_in_ms=47328.047
2019-04-30 22:20:14,756 [salt.state       :1780][INFO    ][15828] Running state [nova-conductor] at time 22:20:14.756795
2019-04-30 22:20:14,757 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [nova-conductor]
2019-04-30 22:20:15,251 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:20:15,272 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-conductor'] in directory '/root'
2019-04-30 22:20:18,213 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:20:18,250 [salt.state       :300 ][INFO    ][15828] Made the following changes:
'nova-conductor' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'

2019-04-30 22:20:18,269 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:20:18,293 [salt.state       :1951][INFO    ][15828] Completed state [nova-conductor] at time 22:20:18.293351 duration_in_ms=3536.555
2019-04-30 22:20:18,297 [salt.state       :1780][INFO    ][15828] Running state [nova-consoleauth] at time 22:20:18.297707
2019-04-30 22:20:18,297 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [nova-consoleauth]
2019-04-30 22:20:18,782 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:20:18,804 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-consoleauth'] in directory '/root'
2019-04-30 22:20:21,765 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:20:21,797 [salt.state       :300 ][INFO    ][15828] Made the following changes:
'nova-consoleauth' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'

2019-04-30 22:20:21,819 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:20:21,855 [salt.state       :1951][INFO    ][15828] Completed state [nova-consoleauth] at time 22:20:21.855310 duration_in_ms=3557.603
2019-04-30 22:20:21,861 [salt.state       :1780][INFO    ][15828] Running state [nova-scheduler] at time 22:20:21.861838
2019-04-30 22:20:21,862 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [nova-scheduler]
2019-04-30 22:20:22,478 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:20:22,500 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-scheduler'] in directory '/root'
2019-04-30 22:20:25,567 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:20:25,605 [salt.state       :300 ][INFO    ][15828] Made the following changes:
'nova-scheduler' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'

2019-04-30 22:20:25,627 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:20:25,651 [salt.state       :1951][INFO    ][15828] Completed state [nova-scheduler] at time 22:20:25.651419 duration_in_ms=3789.581
2019-04-30 22:20:25,656 [salt.state       :1780][INFO    ][15828] Running state [python-novaclient] at time 22:20:25.656017
2019-04-30 22:20:25,656 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [python-novaclient]
2019-04-30 22:20:26,321 [salt.state       :300 ][INFO    ][15828] All specified packages are already installed
2019-04-30 22:20:26,322 [salt.state       :1951][INFO    ][15828] Completed state [python-novaclient] at time 22:20:26.322406 duration_in_ms=666.387
2019-04-30 22:20:26,323 [salt.state       :1780][INFO    ][15828] Running state [nova-novncproxy] at time 22:20:26.323393
2019-04-30 22:20:26,323 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [nova-novncproxy]
2019-04-30 22:20:26,340 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:20:26,362 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-novncproxy'] in directory '/root'
2019-04-30 22:20:32,302 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:20:32,336 [salt.state       :300 ][INFO    ][15828] Made the following changes:
'nova-novncproxy' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'
'python-novnc' changed from 'absent' to '1:0.6.1-1.1~u16.04+mcp3'
'websockify' changed from 'absent' to '0.8.0+dfsg1-7~u16.04+mcp3'
'websockify-common' changed from 'absent' to '0.8.0+dfsg1-7~u16.04+mcp3'
'libjs-swfobject' changed from 'absent' to '2.2+dfsg-1'
'novnc' changed from 'absent' to '1:0.6.1-1.1~u16.04+mcp3'
'python-websockify' changed from 'absent' to '0.8.0+dfsg1-7~u16.04+mcp3'

2019-04-30 22:20:32,360 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:20:32,382 [salt.state       :1951][INFO    ][15828] Completed state [nova-novncproxy] at time 22:20:32.382822 duration_in_ms=6059.427
2019-04-30 22:20:32,386 [salt.state       :1780][INFO    ][15828] Running state [nova_ssl_mysql] at time 22:20:32.385071
2019-04-30 22:20:32,386 [salt.state       :1813][INFO    ][15828] Executing state test.show_notification for [nova_ssl_mysql]
2019-04-30 22:20:32,386 [salt.state       :300 ][INFO    ][15828] Running nova._ssl.mysql
2019-04-30 22:20:32,387 [salt.state       :1951][INFO    ][15828] Completed state [nova_ssl_mysql] at time 22:20:32.387230 duration_in_ms=2.159
2019-04-30 22:20:32,387 [salt.state       :1780][INFO    ][15828] Running state [nova_controller_ssl_rabbitmq] at time 22:20:32.387906
2019-04-30 22:20:32,388 [salt.state       :1813][INFO    ][15828] Executing state test.show_notification for [nova_controller_ssl_rabbitmq]
2019-04-30 22:20:32,388 [salt.state       :300 ][INFO    ][15828] Running nova._ssl.rabbitmq
2019-04-30 22:20:32,388 [salt.state       :1951][INFO    ][15828] Completed state [nova_controller_ssl_rabbitmq] at time 22:20:32.388910 duration_in_ms=1.004
2019-04-30 22:20:32,390 [salt.state       :1780][INFO    ][15828] Running state [/etc/nova/nova.conf] at time 22:20:32.390911
2019-04-30 22:20:32,391 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/nova/nova.conf]
2019-04-30 22:20:32,431 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/files/rocky/nova-controller.conf.Debian'
2019-04-30 22:20:32,890 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/castellan/_barbican.conf'
2019-04-30 22:20:32,927 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/keystoneauth/_type_password.conf'
2019-04-30 22:20:33,004 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/keystonemiddleware/_auth_token.conf'
2019-04-30 22:20:33,098 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430222032526806
2019-04-30 22:20:33,120 [salt.minion      :1432][INFO    ][19940] Starting a new job with PID 19940
2019-04-30 22:20:33,123 [salt.state       :300 ][INFO    ][15828] File changed:
--- 
+++ 
@@ -1,7 +1,5 @@
+
 [DEFAULT]
-log_dir = /var/log/nova
-lock_path = /var/lock/nova
-state_path = /var/lib/nova
 
 #
 # From nova.conf
@@ -63,7 +61,7 @@
 # *  period with offset, example: ``month@15`` will result in monthly audits
 #    starting on 15th day of month.
 #  (string value)
-#instance_usage_audit_period = month
+instance_usage_audit_period = hour
 
 #
 # Start and use a daemon that can run the commands that need to be run with
@@ -99,7 +97,7 @@
 # * ``powervm.PowerVMDriver``
 # * ``zvm.ZVMDriver``
 #  (string value)
-#compute_driver = <None>
+compute_driver = libvirt.LibvirtDriver
 
 #
 # Allow destination machine to match source for resize. Useful when
@@ -108,7 +106,7 @@
 # the same host to the destination options. Also set to true
 # if you allow the ServerGroupAffinityFilter and need to resize.
 #  (boolean value)
-#allow_resize_to_same_host = false
+allow_resize_to_same_host = true
 
 #
 # Image properties that should not be inherited from the instance
@@ -204,7 +202,7 @@
 # * True: Instances should fail after VIF plugging timeout
 # * False: Instances should continue booting after VIF plugging timeout
 #  (boolean value)
-#vif_plugging_is_fatal = true
+vif_plugging_is_fatal = true
 
 #
 # Timeout for Neutron VIF plugging event message arrival.
@@ -223,7 +221,7 @@
 #   arrive at all.
 #  (integer value)
 # Minimum value: 0
-#vif_plugging_timeout = 300
+vif_plugging_timeout = 300
 
 # Path to '/etc/network/interfaces' template.
 #
@@ -277,14 +275,7 @@
 # Enable use of copy-on-write (cow) images.
 #
 # QEMU/KVM allow the use of qcow2 as backing files. By disabling this,
-# backing files will not be used. This option is also used by image backends.
-# If the value is False, images are flattened after fetching or cloning.
-# This makes instance images completely independent from parent images.
-#
-# Related options:
-#
-# * ``images_type``: setting ``use_cow_images`` option to False is not supported
-#   when ``images_type=qcow2`` is being used.
+# backing files will not be used.
 #  (boolean value)
 #use_cow_images = true
 
@@ -468,7 +459,7 @@
 # * Any valid positive integer or float value
 #  (floating point value)
 # Minimum value: 0
-#cpu_allocation_ratio = 0.0
+cpu_allocation_ratio = 16.0
 
 #
 # This option helps you specify virtual RAM to physical RAM
@@ -497,7 +488,7 @@
 # * Any valid positive integer or float value
 #  (floating point value)
 # Minimum value: 0
-#ram_allocation_ratio = 0.0
+ram_allocation_ratio = 1.5
 
 #
 # This option helps you specify virtual disk to physical disk
@@ -530,7 +521,7 @@
 # * Any valid positive integer or float value
 #  (floating point value)
 # Minimum value: 0
-#disk_allocation_ratio = 0.0
+disk_allocation_ratio = 1.0
 
 #
 # Console proxy host to be used to connect to instances on this host. It is the
@@ -568,10 +559,6 @@
 # * $state_path/instances where state_path is a config option that specifies
 #   the top-level directory for maintaining nova's state. (default) or
 #   Any string representing directory path.
-#
-# Related options:
-#
-# * ``[workarounds]/ensure_libvirt_rbd_instance_dir_cleanup``
 #  (string value)
 #instances_path = $state_path/instances
 
@@ -582,6 +569,7 @@
 #  (boolean value)
 #instance_usage_audit = false
 
+
 #
 # Maximum number of 1 second retries in live_migration. It specifies number
 # of retries to iptables when it complains. It happens when an user continuously
@@ -656,7 +644,7 @@
 # * Any negative value is treated as 0.
 # * For any value > 0, total attempts are (value + 1)
 #  (integer value)
-#block_device_allocate_retries = 60
+block_device_allocate_retries = 600
 
 #
 # Number of greenthreads available for use to sync power states.
@@ -1250,7 +1238,7 @@
 # * routing_source_ip
 # * vpn_ip
 #  (string value)
-#my_ip = <host_ipv4>
+my_ip = 10.167.4.37
 
 #
 # The IP address which is used to connect to the block storage network.
@@ -2097,7 +2085,7 @@
 # Its value may be silently ignored in the future.
 # Reason:
 # nova-network is deprecated, as are any related configuration options.
-#force_dhcp_release = true
+force_dhcp_release = true
 
 # DEPRECATED:
 # When this option is True, whenever a DNS entry must be updated, a fanout cast
@@ -2149,7 +2137,7 @@
 # Its value may be silently ignored in the future.
 # Reason:
 # nova-network is deprecated, as are any related configuration options.
-#dhcp_domain = novalocal
+dhcp_domain = novalocal
 
 # DEPRECATED:
 # This option allows you to specify the L3 management library to be used.
@@ -2603,17 +2591,8 @@
 # Run as a background process. (boolean value)
 #daemon = false
 
-# Disallow non-encrypted connections. (boolean value)
-#ssl_only = false
-
 # Set to True if source host is addressed with IPv6. (boolean value)
 #source_is_ipv6 = false
-
-# Path to SSL certificate file. (string value)
-#cert = self.pem
-
-# SSL key file (if separate from cert). (string value)
-#key = <None>
 
 #
 # Path to directory with content which will be served by a web server.
@@ -2650,7 +2629,7 @@
 #
 # * The full path to a directory.
 #  (string value)
-#bindir = /usr/local/bin
+#bindir = /tmp/nova/.tox/shared/local/bin
 
 #
 # The top-level directory for maintaining Nova's state.
@@ -2667,6 +2646,7 @@
 # * The full path to a directory. Defaults to value provided in ``pybasedir``.
 #  (string value)
 #state_path = $pybasedir
+state_path = /var/lib/nova
 
 #
 # This option allows setting an alternate timeout value for RPC calls
@@ -2677,7 +2657,6 @@
 # Operations with RPC calls that utilize this value:
 #
 # * live migration
-# * scheduling
 #
 # Related options:
 #
@@ -2697,7 +2676,7 @@
 #   is less than report_interval, services will routinely be considered down,
 #   because they report in too rarely.
 #  (integer value)
-#report_interval = 10
+report_interval = 60
 
 #
 # Maximum time in seconds since last check-in for up service
@@ -2711,7 +2690,7 @@
 # * report_interval (service_down_time should not be less than report_interval)
 # * scheduler.periodic_task_interval
 #  (integer value)
-#service_down_time = 60
+service_down_time = 180
 
 #
 # Enable periodic tasks.
@@ -2760,7 +2739,7 @@
 # The OpenStack API service listens on this IP address for incoming
 # requests.
 #  (string value)
-#osapi_compute_listen = 0.0.0.0
+osapi_compute_listen = 10.167.4.37
 
 #
 # Port on which the OpenStack API will listen.
@@ -2795,7 +2774,7 @@
 # The metadata API service listens on this IP address for incoming
 # requests.
 #  (string value)
-#metadata_listen = 0.0.0.0
+metadata_listen = 10.167.4.37
 
 #
 # Port on which the metadata API will listen.
@@ -2822,7 +2801,7 @@
 # * None (default value)
 #  (integer value)
 # Minimum value: 1
-#metadata_workers = <None>
+metadata_workers = 8
 
 #
 # This option specifies the driver to be used for the servicegroup service.
@@ -2849,7 +2828,6 @@
 # db - <No description provided>
 # mc - <No description provided>
 #servicegroup_driver = db
-
 #
 # From oslo.log
 #
@@ -2887,19 +2865,19 @@
 
 # Uses logging handler designed to watch file system. When log file is moved or
 # removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and Linux
-# platform is used. This option is ignored if log_config_append is set. (boolean
-# value)
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
 #watch_log_file = false
 
 # Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append is
-# set. (boolean value)
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
 #use_syslog = false
 
 # Enable journald for logging. If running in a systemd environment you may wish
-# to enable journal support. Doing so will use the journal native protocol which
-# includes structured metadata in addition to log messages.This option is
+# to enable journal support. Doing so will use the journal native protocol
+# which includes structured metadata in addition to log messages.This option is
 # ignored if log_config_append is set. (boolean value)
 #use_journal = false
 
@@ -2922,8 +2900,8 @@
 # value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the message is
-# DEBUG. (string value)
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string value)
@@ -2940,7 +2918,8 @@
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message. (string value)
+# The format for an instance that is passed with the log message. (string
+# value)
 #instance_format = "[instance: %(uuid)s] "
 
 # The format for an instance UUID that is passed with the log message. (string
@@ -2953,9 +2932,9 @@
 # Maximum number of logged messages per rate_limit_interval. (integer value)
 #rate_limit_burst = 0
 
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
-# empty string. Logs with level greater or equal to rate_limit_except_level are
-# not filtered. An empty string means that all levels are filtered. (string
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
 # value)
 #rate_limit_except_level = CRITICAL
 
@@ -3001,10 +2980,10 @@
 #rpc_zmq_host = localhost
 
 # Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger period.
-# The value of 0 specifies no linger period. Pending messages shall be discarded
-# immediately when the socket is closed. Positive values specify an upper bound
-# for the linger period. (integer value)
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
 # Deprecated group/name - [DEFAULT]/rpc_cast_timeout
 #zmq_linger = -1
 
@@ -3012,8 +2991,9 @@
 # exception when timeout expired. (integer value)
 #rpc_poll_timeout = 1
 
-# Expiration timeout in seconds of a name service record about existing target (
-# < 0 means no timeout). (integer value)
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
 #zmq_target_expire = 300
 
 # Update period in seconds of a name service record about existing target.
@@ -3071,27 +3051,28 @@
 
 # The duration between two keepalive transmissions in idle condition. The unit
 # is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to skip
-# any overrides and leave it to OS default. (integer value)
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
 #zmq_tcp_keepalive_idle = -1
 
 # The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value and
-# 0) means to skip any overrides and leave it to OS default. (integer value)
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
 #zmq_tcp_keepalive_cnt = -1
 
 # The duration between two successive keepalive retransmissions, if
 # acknowledgement to the previous keepalive transmission is not received. The
 # unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0) means
-# to skip any overrides and leave it to OS default. (integer value)
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
 #zmq_tcp_keepalive_intvl = -1
 
 # Maximum number of (green) threads to work concurrently. (integer value)
 #rpc_thread_pool_size = 100
 
-# Expiration timeout in seconds of a sent/received message after which it is not
-# tracked anymore by a client/server. (integer value)
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
 #rpc_message_ttl = 300
 
 # Wait for message acknowledgements from receivers. This mechanism works only
@@ -3125,6 +3106,7 @@
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
+rpc_response_timeout = 30
 
 # The network address and optional user credentials for connecting to the
 # messaging backend, in URL format. The expected format is:
@@ -3138,6 +3120,7 @@
 # https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
 # (string value)
 #transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
 
 # DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
 # include amqp and zmq. (string value)
@@ -3148,7 +3131,8 @@
 
 # The default exchange under which topics are scoped. May be overridden by an
 # exchange name specified in the transport_url option. (string value)
-#control_exchange = openstack
+#control_exchange = keystone
+
 
 #
 # From oslo.service.periodic_task
@@ -3380,7 +3364,7 @@
 #  (integer value)
 # Minimum value: 0
 # Deprecated group/name - [DEFAULT]/osapi_max_limit
-#max_limit = 1000
+max_limit = 1000
 
 #
 # This string is prepended to the normal URL that is returned in links to the
@@ -3479,72 +3463,127 @@
 
 
 [api_database]
-connection = sqlite:////var/lib/nova/nova_api.sqlite
-#
-# The *Nova API Database* is a separate database which is used for information
-# which is used across *cells*. This database is mandatory since the Mitaka
-# release (13.0.0).
-
-#
-# From nova.conf
-#
+#
+# From oslo.db
+#
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
 
 # The SQLAlchemy connection string to use to connect to the database. (string
 # value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
 #connection = <None>
+connection = mysql+pymysql://nova:opnfv_secret@10.167.4.23/nova_api?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set
+# by the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# If True, transparently enables support for handling MySQL Cluster (NDB).
+# (boolean value)
+#mysql_enable_ndb = false
+
+# Connections which have been present in the connection pool longer than this
+# number of seconds will be replaced with a new one the next time they are
+# checked out from the pool. (integer value)
+# Deprecated group/name - [DATABASE]/idle_timeout
+# Deprecated group/name - [database]/idle_timeout
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#connection_recycle_time = 3600
+connection_recycle_time = 300
+
+# DEPRECATED: Minimum number of SQL connections to keep open in a pool.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: The option to set the minimum pool size is not supported by
+# sqlalchemy.
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection lost.
+# (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
+#db_max_retries = 20
 
 # Optional URL parameters to append onto the connection URL at connect time;
 # specify as param1=value1&param2=value2&... (string value)
 #connection_parameters =
 
-# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = true
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
-# the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# Connections which have been present in the connection pool longer than this
-# number of seconds will be replaced with a new one the next time they are
-# checked out from the pool. (integer value)
-# Deprecated group/name - [api_database]/idle_timeout
-#connection_recycle_time = 3600
-
-# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
-# indicates no limit. (integer value)
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
-#max_overflow = <None>
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
-#pool_timeout = <None>
 
 
 [barbican]
-
-#
-# From nova.conf
+#
+# From castellan.config
 #
 
 # Use this endpoint to connect to Barbican, for example:
@@ -3557,6 +3596,7 @@
 # Use this endpoint to connect to Keystone (string value)
 # Deprecated group/name - [key_manager]/auth_url
 #auth_endpoint = http://localhost/identity/v3
+auth_endpoint = http://10.167.4.35:35357/v3
 
 # Number of seconds to wait before retrying poll for key creation completion
 # (integer value)
@@ -3565,23 +3605,23 @@
 # Number of times to retry poll for key creation completion (integer value)
 #number_of_retries = 60
 
-# Specifies if insecure TLS (https) requests. If False, the server's certificate
-# will not be validated (boolean value)
+# Specifies if insecure TLS (https) requests. If False, the server's
+# certificate will not be validated (boolean value)
 #verify_ssl = true
 
-# Specifies the type of endpoint.  Allowed values are: public, private, and
+# Specifies the type of endpoint.  Allowed values are: public, internal, and
 # admin (string value)
 # Possible values:
 # public - <No description provided>
 # internal - <No description provided>
 # admin - <No description provided>
 #barbican_endpoint_type = public
+barbican_endpoint_type = internal
 
 
 [cache]
-
-#
-# From nova.conf
+#
+# From oslo.cache
 #
 
 # Prefix for building the configuration dictionary for the cache region. This
@@ -3589,9 +3629,9 @@
 # with the same configuration name. (string value)
 #config_prefix = cache.oslo
 
-# Default TTL, in seconds, for any cached item in the dogpile.cache region. This
-# applies to any cached method that doesn't have an explicit cache expiration
-# time defined for it. (integer value)
+# Default TTL, in seconds, for any cached item in the dogpile.cache region.
+# This applies to any cached method that doesn't have an explicit cache
+# expiration time defined for it. (integer value)
 #expiration_time = 600
 
 # Cache backend module. For eventlet-based or environments with hundreds of
@@ -3614,6 +3654,7 @@
 # dogpile.cache.memory_pickle - <No description provided>
 # dogpile.cache.null - <No description provided>
 #backend = dogpile.cache.null
+backend = oslo_cache.memcache_pool
 
 # Arguments supplied to the backend module. Specify this option once per
 # argument to be passed to the dogpile.cache backend. Example format:
@@ -3626,17 +3667,19 @@
 #proxies =
 
 # Global toggle for caching. (boolean value)
-#enabled = false
-
-# Extra debugging from the cache backend (cache keys, get/set/delete/etc calls).
-# This is only really useful if you need to see the specific cache-backend
-# get/set/delete calls with the keys/values.  Typically this should be left set
-# to false. (boolean value)
+#enabled = true
+enabled = True
+
+# Extra debugging from the cache backend (cache keys, get/set/delete/etc
+# calls). This is only really useful if you need to see the specific cache-
+# backend get/set/delete calls with the keys/values.  Typically this should be
+# left set to false. (boolean value)
 #debug_cache_backend = false
 
 # Memcache servers in the format of "host:port". (dogpile.cache.memcache and
 # oslo_cache.memcache_pool backends only). (list value)
 #memcache_servers = localhost:11211
+memcache_servers =10.167.4.36:11211,10.167.4.37:11211,10.167.4.38:11211
 
 # Number of seconds memcached server is considered dead before it is tried
 # again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
@@ -3660,8 +3703,8 @@
 #memcache_pool_connection_get_timeout = 10
 
 
+
 [cells]
-enable = False
 #
 # DEPRECATED: Cells options allow you to use cells v1 functionality in an
 # OpenStack deployment.
@@ -4199,7 +4242,7 @@
 #
 # * endpoint_template - Setting this option will override catalog_info
 #  (string value)
-#catalog_info = volumev3:cinderv3:publicURL
+catalog_info = volumev3:cinderv3:internalURL
 
 #
 # If this option is set then it will override service catalog lookup with
@@ -4227,7 +4270,7 @@
 #
 # * Any string representing region name
 #  (string value)
-#os_region_name = <None>
+os_region_name = RegionOne
 
 #
 # Number of times cinderclient should retry on any failed http call.
@@ -4257,62 +4300,40 @@
 # By default there is no availability zone restriction on volume attach.
 #  (boolean value)
 #cross_az_attach = true
-
-# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Name of nova region to use. Useful if keystone manages more than one region.
 # (string value)
-#cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# PEM encoded client certificate key file (string value)
-#keyfile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# Timeout value for http requests (integer value)
-#timeout = <None>
-
-# Collect per-API call timing information. (boolean value)
-#collect_timing = false
-
-# Log requests to multiple loggers. (boolean value)
-#split_loggers = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [cinder]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
 
 # Authentication URL (string value)
 #auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-#project_id = <None>
-
-# Project name to scope to (string value)
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
 
 # Optional domain ID to use with v3 and v2 parameters. It will be used for both
 # the user and project domain in v3 and ignored in v2 authentication. (string
@@ -4324,148 +4345,65 @@
 # (string value)
 #default_domain_name = <None>
 
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
 # User ID (string value)
 #user_id = <None>
 
 # Username (string value)
-# Deprecated group/name - [cinder]/user_name
+# Deprecated group/name - [neutron]/user_name
 #username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Tenant ID (string value)
-#tenant_id = <None>
-
-# Tenant Name (string value)
-#tenant_name = <None>
-
-
-[compute]
-
-#
-# From nova.conf
-#
-
-#
-# Enables reporting of build failures to the scheduler.
-#
-# Any nonzero value will enable sending build failure statistics to the
-# scheduler for use by the BuildFailureWeigher.
-#
-# Possible values:
-#
-# * Any positive integer enables reporting build failures.
-# * Zero to disable reporting build failures.
-#
-# Related options:
-#
-# * [filter_scheduler]/build_failure_weight_multiplier
-#
-#  (integer value)
-#consecutive_build_service_disable_threshold = 10
-
-#
-# Time to wait in seconds before resending an ACPI shutdown signal to
-# instances.
-#
-# The overall time to wait is set by ``shutdown_timeout``.
-#
-# Possible values:
-#
-# * Any integer greater than 0 in seconds
-#
-# Related options:
-#
-# * ``shutdown_timeout``
-#  (integer value)
-# Minimum value: 1
-#shutdown_retry_interval = 10
-
-#
-# Interval for updating nova-compute-side cache of the compute node resource
-# provider's aggregates and traits info.
-#
-# This option specifies the number of seconds between attempts to update a
-# provider's aggregates and traits information in the local cache of the compute
-# node.
-#
-# Possible values:
-#
-# * Any positive integer in seconds.
-#  (integer value)
-# Minimum value: 1
-#resource_provider_association_refresh = 300
-
-#
-# Defines which physical CPUs (pCPUs) will be used for best-effort guest vCPU
-# resources.
-#
-# Currently only used by libvirt driver to place guest emulator threads when
-# hw:emulator_threads_policy:share.
-#
-# ::
-#     cpu_shared_set = "4-12,^8,15"
-#  (string value)
-#cpu_shared_set = <None>
-
-#
-# Determine if the source compute host should wait for a ``network-vif-plugged``
-# event from the (neutron) networking service before starting the actual
-# transfer
-# of the guest to the destination compute host.
-#
-# Note that this option is read on the destination host of a live migration.
-# If you set this option the same on all of your compute hosts, which you should
-# do if you use the same networking backend universally, you do not have to
-# worry about this.
-#
-# Before starting the transfer of the guest, some setup occurs on the
-# destination
-# compute host, including plugging virtual interfaces. Depending on the
-# networking backend **on the destination host**, a ``network-vif-plugged``
-# event may be triggered and then received on the source compute host and the
-# source compute can wait for that event to ensure networking is set up on the
-# destination host before starting the guest transfer in the hypervisor.
-#
-# By default, this is False for two reasons:
-#
-# 1. Backward compatibility: deployments should test this out and ensure it
-# works
-#    for them before enabling it.
-#
-# 2. The compute service cannot reliably determine which types of virtual
-#    interfaces (``port.binding:vif_type``) will send ``network-vif-plugged``
-#    events without an accompanying port ``binding:host_id`` change.
-#    Open vSwitch and linuxbridge should be OK, but OpenDaylight is at least
-#    one known backend that will not currently work in this case, see bug
-#    https://launchpad.net/bugs/1755890 for more details.
-#
-# Possible values:
-#
-# * True: wait for ``network-vif-plugged`` events before starting guest transfer
-# * False: do not wait for ``network-vif-plugged`` events before starting guest
-#   transfer (this is how things have always worked before this option
-#   was introduced)
-#
-# Related options:
-#
-# * [DEFAULT]/vif_plugging_is_fatal: if ``live_migration_wait_for_vif_plug`` is
-#   True and ``vif_plugging_timeout`` is greater than 0, and a timeout is
-#   reached, the live migration process will fail with an error but the guest
-#   transfer will not have started to the destination host
-# * [DEFAULT]/vif_plugging_timeout: if ``live_migration_wait_for_vif_plug`` is
-#   True, this controls the amount of time to wait before timing out and either
-#   failing if ``vif_plugging_is_fatal`` is True, or simply continuing with the
-#   live migration
-#  (boolean value)
-#live_migration_wait_for_vif_plug = false
+username = nova
 
 
 [conductor]
@@ -4482,7 +4420,7 @@
 # Number of workers for OpenStack Conductor service. The default will be the
 # number of CPUs available.
 #  (integer value)
-#workers = <None>
+workers = 8
 
 
 [console]
@@ -4534,8 +4472,8 @@
 #token_ttl = 600
 
 
+
 [cors]
-
 #
 # From oslo.middleware
 #
@@ -4550,7 +4488,7 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Service-Token
+#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
@@ -4558,14 +4496,13 @@
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
 
-# Indicate which header field names may be used during the actual request. (list
-# value)
-#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
+
 
 
 [database]
-connection = sqlite:////var/lib/nova/nova.sqlite
-
 #
 # From oslo.db
 #
@@ -4583,14 +4520,14 @@
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
+connection = mysql+pymysql://nova:opnfv_secret@10.167.4.23/nova?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
 #slave_connection = <None>
 
 # The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
-# the server configuration, set this to no value. Example: mysql_sql_mode=
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set
+# by the server configuration, set this to no value. Example: mysql_sql_mode=
 # (string value)
 #mysql_sql_mode = TRADITIONAL
 
@@ -4607,9 +4544,10 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #connection_recycle_time = 3600
-
-# DEPRECATED: Minimum number of SQL connections to keep open in a pool. (integer
-# value)
+connection_recycle_time = 300
+
+# DEPRECATED: Minimum number of SQL connections to keep open in a pool.
+# (integer value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 # This option is deprecated for removal.
@@ -4618,17 +4556,19 @@
 # sqlalchemy.
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
-# indicates no limit. (integer value)
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
 #max_pool_size = 5
+max_pool_size = 10
 
 # Maximum number of database connection retries during startup. Set to -1 to
 # specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
+max_retries = -1
 
 # Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
@@ -4639,6 +4579,7 @@
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
+max_overflow = 30
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
 # value)
@@ -4655,8 +4596,8 @@
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection lost. (boolean
-# value)
+# Enable the experimental use of database reconnect on connection lost.
+# (boolean value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
@@ -4678,14 +4619,6 @@
 # specify as param1=value1&param2=value2&... (string value)
 #connection_parameters =
 
-#
-# From oslo.db.concurrency
-#
-
-# Enable the experimental use of thread pooling for all DB API calls (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
-#use_tpool = false
 
 
 [devices]
@@ -4773,7 +4706,7 @@
 #  (integer value)
 # Minimum value: 1
 # Deprecated group/name - [DEFAULT]/scheduler_host_subset_size
-#host_subset_size = 1
+host_subset_size = 30
 
 #
 # The number of instances that can be actively performing IO on a host.
@@ -4863,7 +4796,8 @@
 # * enabled_filters
 #  (multi valued)
 # Deprecated group/name - [DEFAULT]/scheduler_available_filters
-#available_filters = nova.scheduler.filters.all_filters
+available_filters = nova.scheduler.filters.all_filters
+available_filters = nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter
 
 #
 # Filters that the scheduler will use.
@@ -4888,7 +4822,7 @@
 #   exception will be raised.
 #  (list value)
 # Deprecated group/name - [DEFAULT]/scheduler_default_filters
-#enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
+enabled_filters = DifferentHostFilter,SameHostFilter,RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,PciPassthroughFilter,NUMATopologyFilter,AggregateInstanceExtraSpecsFilter
 
 #
 # Weighers that the scheduler will use.
@@ -5266,7 +5200,7 @@
 # "scheme://hostname:port[/path]"
 #   (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
 #  (list value)
-#api_servers = <None>
+api_servers = http://10.167.4.35:9292
 
 #
 # Enable glance operation retries.
@@ -5316,7 +5250,7 @@
 # * Both enable_certificate_validation and default_trusted_certificate_ids
 #   below depend on this option being enabled.
 #  (boolean value)
-#verify_glance_signatures = false
+verify_glance_signatures = true
 
 # DEPRECATED:
 # Enable certificate validation for image signature verification.
@@ -5788,147 +5722,6 @@
 #iscsi_initiator_list =
 
 
-[ironic]
-#
-# Configuration options for Ironic driver (Bare Metal).
-# If using the Ironic driver following options must be set:
-# * auth_type
-# * auth_url
-# * project_name
-# * username
-# * password
-# * project_domain_id or project_domain_name
-# * user_domain_id or user_domain_name
-
-#
-# From nova.conf
-#
-
-# DEPRECATED: URL override for the Ironic API endpoint. (uri value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Endpoint lookup uses the service catalog via common keystoneauth1
-# Adapter configuration options. In the current release, api_endpoint will
-# override this behavior, but will be ignored and/or removed in a future
-# release. To achieve the same result, use the endpoint_override option instead.
-#api_endpoint = http://ironic.example.org:6385/
-
-#
-# The number of times to retry when a request conflicts.
-# If set to 0, only try once, no retries.
-#
-# Related options:
-#
-# * api_retry_interval
-#  (integer value)
-# Minimum value: 0
-#api_max_retries = 60
-
-#
-# The number of seconds to wait before retrying the request.
-#
-# Related options:
-#
-# * api_max_retries
-#  (integer value)
-# Minimum value: 0
-#api_retry_interval = 2
-
-# Timeout (seconds) to wait for node serial console state changed. Set to 0 to
-# disable timeout. (integer value)
-# Minimum value: 0
-#serial_console_state_timeout = 10
-
-# PEM encoded Certificate Authority to use when verifying HTTPs connections.
-# (string value)
-#cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# PEM encoded client certificate key file (string value)
-#keyfile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# Timeout value for http requests (integer value)
-#timeout = <None>
-
-# Collect per-API call timing information. (boolean value)
-#collect_timing = false
-
-# Log requests to multiple loggers. (boolean value)
-#split_loggers = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [ironic]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-# Authentication URL (string value)
-#auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-#project_id = <None>
-
-# Project name to scope to (string value)
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
-
-# User ID (string value)
-#user_id = <None>
-
-# Username (string value)
-# Deprecated group/name - [ironic]/user_name
-#username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# The default service_type for endpoint URL discovery. (string value)
-#service_type = baremetal
-
-# The default service_name for endpoint URL discovery. (string value)
-#service_name = <None>
-
-# List of interfaces, in order of preference, for endpoint URL. (list value)
-#valid_interfaces = internal,public
-
-# The default region_name for endpoint URL discovery. (string value)
-#region_name = <None>
-
-# Always use this endpoint URL for requests for this client. NOTE: The
-# unversioned endpoint should be specified here; to request a particular API
-# version, use the `version`, `min-version`, and/or `max-version` options.
-# (string value)
-# Deprecated group/name - [ironic]/api_endpoint
-#endpoint_override = <None>
 
 
 [key_manager]
@@ -6072,14 +5865,16 @@
 #
 
 # Complete "public" Identity API endpoint. This endpoint should not be an
-# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
-# clients are redirected to this endpoint to authenticate. Although this
-# endpoint should ideally be unversioned, client support in the wild varies. If
-# you're using a versioned v2 endpoint here, then this should *not* be the same
-# endpoint the service user utilizes for validating tokens, because normal end
-# users may not be able to reach that endpoint. (string value)
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
 # Deprecated group/name - [keystone_authtoken]/auth_uri
 #www_authenticate_uri = <None>
+www_authenticate_uri = http://10.167.4.35:5000
 
 # DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
 # be an "admin" endpoint, as it should be accessible by all end users.
@@ -6092,9 +5887,10 @@
 # release. (string value)
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
-# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and
-# will be removed in the S  release.
+# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
+# and will be removed in the S  release.
 #auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
@@ -6107,8 +5903,8 @@
 # value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with Identity API
-# Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
 #http_request_max_retries = 3
 
 # Request environment key where the Swift cache object is stored. When
@@ -6132,10 +5928,11 @@
 
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
+region_name = RegionOne
 
 # DEPRECATED: Directory used to cache files related to PKI tokens. This option
-# has been deprecated in the Ocata release and will be removed in the P release.
-# (string value)
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
@@ -6145,43 +5942,29 @@
 # undefined, tokens will instead be cached in-process. (list value)
 # Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
+memcached_servers=10.167.4.36:11211,10.167.4.37:11211,10.167.4.38:11211
 
 # In order to prevent excessive effort spent validating tokens, the middleware
-# caches previously-seen tokens for a configurable duration (in seconds). Set to
-# -1 to disable caching completely. (integer value)
+# caches previously-seen tokens for a configurable duration (in seconds). Set
+# to -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 
 # DEPRECATED: Determines the frequency at which the list of revoked tokens is
 # retrieved from the Identity service (in seconds). A high number of revocation
 # events combined with a low cache duration may significantly reduce
-# performance. Only valid for PKI tokens. This option has been deprecated in the
-# Ocata release and will be removed in the P release. (integer value)
+# performance. Only valid for PKI tokens. This option has been deprecated in
+# the Ocata release and will be removed in the P release. (integer value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
 #revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
-# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-# cache. If the value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-# Possible values:
-# None - <No description provided>
-# MAC - <No description provided>
-# ENCRYPT - <No description provided>
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is
-# used for key derivation. (string value)
-#memcache_secret_key = <None>
 
 # (Optional) Number of seconds memcached server is considered dead before it is
 # tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every memcached server.
-# (integer value)
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
 #memcache_pool_maxsize = 10
 
 # (Optional) Socket timeout in seconds for communicating with a memcached
@@ -6207,11 +5990,11 @@
 
 # Used to control the use and type of token binding. Can be set to: "disabled"
 # to not check token binding. "permissive" (default) to validate binding
-# information if the bind type is of a form known to the server and ignore it if
-# not. "strict" like "permissive" but if the bind type is unknown the token will
-# be rejected. "required" any form of token binding is needed to be allowed.
-# Finally the name of a binding method that must be present in tokens. (string
-# value)
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
 #enforce_token_bind = permissive
 
 # DEPRECATED: If true, the revocation list will be checked for cached tokens.
@@ -6238,23 +6021,129 @@
 # A choice of roles that must be present in a service token. Service tokens are
 # allowed to request that an expired token can be used and so this check should
 # tightly control that only actual services should be sending this token. Roles
-# here are applied as an ANY check so any role in this list must be present. For
-# backwards compatibility reasons this currently only affects the allow_expired
-# check. (list value)
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
 #service_token_roles = service
 
-# For backwards compatibility reasons we must let valid service tokens pass that
-# don't pass the service_token_roles check as valid. Setting this true will
-# become the default in a future release and should be enabled if possible.
-# (boolean value)
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
 #service_token_roles_required = false
 
 # Authentication type to load (string value)
 # Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
+auth_type = password
 
 # Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = nova
 
 
 [libvirt]
@@ -6378,25 +6267,6 @@
 # * ``virt_type``: Influences what is used as default value here.
 #  (string value)
 #connection_uri =
-
-#
-# Algorithm used to hash the injected password.
-# Note that it must be supported by libc on the compute host
-# _and_ by libc inside *any guest image* that will be booted by this compute
-# host whith requested password injection.
-# In case the specified algorithm is not supported by libc on the compute host,
-# a fallback to DES algorithm will be performed.
-#
-# Related options:
-#
-# * ``inject_password``
-# * ``inject_partition``
-#  (string value)
-# Possible values:
-# SHA-512 - <No description provided>
-# SHA-256 - <No description provided>
-# MD5 - <No description provided>
-#inject_password_algorithm = MD5
 
 #
 # Allow the injection of an admin password for instance only at ``create`` and
@@ -6480,7 +6350,7 @@
 #   single partition image
 #  (integer value)
 # Minimum value: -2
-#inject_partition = -2
+inject_partition = -1
 
 # DEPRECATED:
 # Enable a mouse cursor within a graphical VNC or SPICE sessions.
@@ -7061,7 +6931,6 @@
 #
 # * virt.use_cow_images
 # * images_volume_group
-# * [workarounds]/ensure_libvirt_rbd_instance_dir_cleanup
 #  (string value)
 # Possible values:
 # raw - <No description provided>
@@ -7771,7 +7640,7 @@
 #
 # * metadata_proxy_shared_secret
 #  (boolean value)
-#service_metadata_proxy = false
+service_metadata_proxy = true
 
 #
 # This option holds the shared secret string used to validate proxy requests to
@@ -7782,7 +7651,7 @@
 #
 # * service_metadata_proxy
 #  (string value)
-#metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = opnfv_secret
 
 # PEM encoded Certificate Authority to use when verifying HTTPs connections.
 # (string value)
@@ -7798,7 +7667,7 @@
 #insecure = false
 
 # Timeout value for http requests (integer value)
-#timeout = <None>
+timeout = 300
 
 # Collect per-API call timing information. (boolean value)
 #collect_timing = false
@@ -7808,13 +7677,13 @@
 
 # Authentication type to load (string value)
 # Deprecated group/name - [neutron]/auth_plugin
-#auth_type = <None>
+auth_type = v3password
 
 # Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
 # Authentication URL (string value)
-#auth_url = <None>
+auth_url = http://10.167.4.35:35357/v3
 
 # Scope for system operations (string value)
 #system_scope = <None>
@@ -7835,7 +7704,7 @@
 #project_domain_id = <None>
 
 # Domain name containing project (string value)
-#project_domain_name = <None>
+project_domain_name = Default
 
 # Trust ID (string value)
 #trust_id = <None>
@@ -7861,7 +7730,7 @@
 #user_domain_id = <None>
 
 # User's domain name (string value)
-#user_domain_name = <None>
+user_domain_name = Default
 
 # User's password (string value)
 #password = <None>
@@ -7889,6 +7758,11 @@
 # version, use the `version`, `min-version`, and/or `max-version` options.
 # (string value)
 #endpoint_override = <None>
+
+password = opnfv_secret
+project_name = service
+username = neutron
+region_name = RegionOne
 
 
 [notifications]
@@ -7925,6 +7799,7 @@
 # vm_state - <No description provided>
 # vm_and_task_state - <No description provided>
 #notify_on_state_change = <None>
+notify_on_state_change = vm_and_task_state
 
 # Default notification level for outgoing notifications. (string value)
 # Possible values:
@@ -8027,296 +7902,16 @@
 #lock_path = <None>
 
 
-[oslo_messaging_amqp]
-
+[oslo_messaging_notifications]
 #
 # From oslo.messaging
 #
 
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it
-# will use the system's CA-bundle to verify the server's certificate. (boolean
-# value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
-# value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the
-# hostname in the transport_url. In some configurations it may be preferable to
-# use the virtual hostname instead, for example if the server uses the Server
-# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
-# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively
-# support virtual hosting (such as qpidd). When set to true the virtual host
-# name will be added to all message bus addresses, effectively creating a
-# private 'subnet' per virtual host. Set to False if the message bus supports
-# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
-# as the name of the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-robin
-# fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating point
-# value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
-# Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are messaging,
-# messagingv2, routing, log, test, noop (multi valued)
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
 # Deprecated group/name - [DEFAULT]/notification_driver
 #driver =
+driver = messagingv2
 
 # A URL representing the messaging driver to use for notifications. If not set,
 # we fall back to the same configuration used for RPC. (string value)
@@ -8332,10 +7927,7 @@
 # to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
 # (integer value)
 #retry = -1
-
-
 [oslo_messaging_rabbit]
-
 #
 # From oslo.messaging
 #
@@ -8352,24 +7944,6 @@
 # Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
 #ssl = false
 
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
-
 # How long to wait before reconnecting in response to an AMQP consumer cancel
 # notification. (floating point value)
 #kombu_reconnect_delay = 1.0
@@ -8384,8 +7958,8 @@
 #kombu_missing_consumer_retry_timeout = 60
 
 # Determines how the next RabbitMQ node is chosen in case the one we are
-# currently connected to becomes unavailable. Takes effect only if more than one
-# RabbitMQ node is provided in config. (string value)
+# currently connected to becomes unavailable. Takes effect only if more than
+# one RabbitMQ node is provided in config. (string value)
 # Possible values:
 # round-robin - <No description provided>
 # shuffle - <No description provided>
@@ -8398,7 +7972,8 @@
 # Reason: Replaced by [DEFAULT]/transport_url
 #rabbit_host = localhost
 
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
 # Minimum value: 0
 # Maximum value: 65535
 # This option is deprecated for removal.
@@ -8456,20 +8031,20 @@
 
 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
 # option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
-# is no longer controlled by the x-ha-policy argument when declaring a queue. If
-# you just want to make sure that all queues (except those with auto-generated
-# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
-# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
+# is no longer controlled by the x-ha-policy argument when declaring a queue.
+# If you just want to make sure that all queues (except those with auto-
+# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
+# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
 #rabbit_ha_queues = false
 
 # Positive integer representing duration in seconds for queue TTL (x-expires).
-# Queues which are unused for the duration of the TTL are automatically deleted.
-# The parameter affects only reply and fanout queues. (integer value)
+# Queues which are unused for the duration of the TTL are automatically
+# deleted. The parameter affects only reply and fanout queues. (integer value)
 # Minimum value: 1
 #rabbit_transient_queues_ttl = 1800
 
-# Specifies the number of messages to prefetch. Setting to zero allows unlimited
-# messages. (integer value)
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
 #rabbit_qos_prefetch_count = 0
 
 # Number of seconds after which the Rabbit broker is considered down if
@@ -8477,163 +8052,16 @@
 # value)
 #heartbeat_timeout_threshold = 60
 
-# How often times during the heartbeat_timeout_threshold we check the heartbeat.
-# (integer value)
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
 #heartbeat_rate = 2
 
 
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger period.
-# The value of 0 specifies no linger period. Pending messages shall be discarded
-# immediately when the socket is closed. Positive values specify an upper bound
-# for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target (
-# < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to skip
-# any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value and
-# 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0) means
-# to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not
-# tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
+
+[oslo_policy]
 
 
 [oslo_middleware]
-
 #
 # From oslo.middleware
 #
@@ -8644,8 +8072,8 @@
 #max_request_body_size = 114688
 
 # DEPRECATED: The HTTP Header that will be used to determine what the original
-# request protocol scheme was, even if it was hidden by a SSL termination proxy.
-# (string value)
+# request protocol scheme was, even if it was hidden by a SSL termination
+# proxy. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #secure_proxy_ssl_header = X-Forwarded-Proto
@@ -8653,53 +8081,8 @@
 # Whether the application is behind a proxy or not. This determines if the
 # middleware should parse the headers or not. (boolean value)
 #enable_proxy_headers_parsing = false
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check (string
-# value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
+enable_proxy_headers_parsing = True
+
 
 
 [pci]
@@ -8831,7 +8214,6 @@
 
 
 [placement]
-os_region_name = openstack
 
 #
 # From nova.conf
@@ -8869,61 +8251,42 @@
 #  (string value)
 #incomplete_consumer_user_id = 00000000-0000-0000-0000-000000000000
 
-# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# List of interfaces, in order of preference, for endpoint URL. (list value)
+valid_interfaces = internal
+# Name of nova region to use. Useful if keystone manages more than one region.
 # (string value)
-#cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# PEM encoded client certificate key file (string value)
-#keyfile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# Timeout value for http requests (integer value)
-#timeout = <None>
-
-# Collect per-API call timing information. (boolean value)
-#collect_timing = false
-
-# Log requests to multiple loggers. (boolean value)
-#split_loggers = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [placement]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
 
 # Authentication URL (string value)
 #auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-#project_id = <None>
-
-# Project name to scope to (string value)
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
 
 # Optional domain ID to use with v3 and v2 parameters. It will be used for both
 # the user and project domain in v3 and ignored in v2 authentication. (string
@@ -8935,45 +8298,65 @@
 # (string value)
 #default_domain_name = <None>
 
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
 # User ID (string value)
 #user_id = <None>
 
 # Username (string value)
-# Deprecated group/name - [placement]/user_name
+# Deprecated group/name - [neutron]/user_name
 #username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Tenant ID (string value)
-#tenant_id = <None>
-
-# Tenant Name (string value)
-#tenant_name = <None>
-
-# The default service_type for endpoint URL discovery. (string value)
-#service_type = placement
-
-# The default service_name for endpoint URL discovery. (string value)
-#service_name = <None>
-
-# List of interfaces, in order of preference, for endpoint URL. (list value)
-#valid_interfaces = internal,public
-
-# The default region_name for endpoint URL discovery. (string value)
-#region_name = <None>
-
-# Always use this endpoint URL for requests for this client. NOTE: The
-# unversioned endpoint should be specified here; to request a particular API
-# version, use the `version`, `min-version`, and/or `max-version` options.
-# (string value)
-#endpoint_override = <None>
+username = nova
 
 
 [placement_database]
@@ -9891,62 +9274,41 @@
 # middleware.
 #  (boolean value)
 #send_service_user_token = false
-
-# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+send_service_user_token = True
+# Name of nova region to use. Useful if keystone manages more than one region.
 # (string value)
-#cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# PEM encoded client certificate key file (string value)
-#keyfile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# Timeout value for http requests (integer value)
-#timeout = <None>
-
-# Collect per-API call timing information. (boolean value)
-#collect_timing = false
-
-# Log requests to multiple loggers. (boolean value)
-#split_loggers = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [service_user]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
 
 # Authentication URL (string value)
 #auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-#project_id = <None>
-
-# Project name to scope to (string value)
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
+auth_url = http://10.167.4.35:5000
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
 
 # Optional domain ID to use with v3 and v2 parameters. It will be used for both
 # the user and project domain in v3 and ignored in v2 authentication. (string
@@ -9958,27 +9320,65 @@
 # (string value)
 #default_domain_name = <None>
 
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
 # User ID (string value)
 #user_id = <None>
 
 # Username (string value)
-# Deprecated group/name - [service_user]/user_name
+# Deprecated group/name - [neutron]/user_name
 #username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Tenant ID (string value)
-#tenant_id = <None>
-
-# Tenant Name (string value)
-#tenant_name = <None>
+username = nova
 
 
 [spice]
@@ -10049,6 +9449,7 @@
 #   and port where the ``nova-spicehtml5proxy`` service is listening.
 #  (uri value)
 #html5proxy_base_url = http://127.0.0.1:6082/spice_auto.html
+html5proxy_base_url = https://172.30.10.101:6080/spice_auto.html
 
 #
 # The  address where the SPICE server running on the instances should listen.
@@ -10317,15 +9718,6 @@
 # root token for vault (string value)
 #root_token_id = <None>
 
-# AppRole role_id for authentication with vault (string value)
-#approle_role_id = <None>
-
-# AppRole secret_id for authentication with vault (string value)
-#approle_secret_id = <None>
-
-# Mountpoint of KV store in Vault to use, for example: secret (string value)
-#kv_mountpoint = secret
-
 # Use this endpoint to connect to Vault, for example: "http://127.0.0.1:8200"
 # (string value)
 #vault_url = http://127.0.0.1:8200
@@ -10433,287 +9825,6 @@
 
 # Tenant Name (string value)
 #tenant_name = <None>
-
-
-[vmware]
-#
-# Related options:
-# Following options must be set in order to launch VMware-based
-# virtual machines.
-#
-# * compute_driver: Must use vmwareapi.VMwareVCDriver.
-# * vmware.host_username
-# * vmware.host_password
-# * vmware.cluster_name
-
-#
-# From nova.conf
-#
-
-#
-# This option specifies the physical ethernet adapter name for VLAN
-# networking.
-#
-# Set the vlan_interface configuration option to match the ESX host
-# interface that handles VLAN-tagged VM traffic.
-#
-# Possible values:
-#
-# * Any valid string representing VLAN interface name
-#  (string value)
-#vlan_interface = vmnic0
-
-#
-# This option should be configured only when using the NSX-MH Neutron
-# plugin. This is the name of the integration bridge on the ESXi server
-# or host. This should not be set for any other Neutron plugin. Hence
-# the default value is not set.
-#
-# Possible values:
-#
-# * Any valid string representing the name of the integration bridge
-#  (string value)
-#integration_bridge = <None>
-
-#
-# Set this value if affected by an increased network latency causing
-# repeated characters when typing in a remote console.
-#  (integer value)
-# Minimum value: 0
-#console_delay_seconds = <None>
-
-#
-# Identifies the remote system where the serial port traffic will
-# be sent.
-#
-# This option adds a virtual serial port which sends console output to
-# a configurable service URI. At the service URI address there will be
-# virtual serial port concentrator that will collect console logs.
-# If this is not set, no serial ports will be added to the created VMs.
-#
-# Possible values:
-#
-# * Any valid URI
-#  (string value)
-#serial_port_service_uri = <None>
-
-#
-# Identifies a proxy service that provides network access to the
-# serial_port_service_uri.
-#
-# Possible values:
-#
-# * Any valid URI (The scheme is 'telnet' or 'telnets'.)
-#
-# Related options:
-# This option is ignored if serial_port_service_uri is not specified.
-# * serial_port_service_uri
-#  (uri value)
-#serial_port_proxy_uri = <None>
-
-#
-# Specifies the directory where the Virtual Serial Port Concentrator is
-# storing console log files. It should match the 'serial_log_dir' config
-# value of VSPC.
-#  (string value)
-#serial_log_dir = /opt/vmware/vspc
-
-#
-# Hostname or IP address for connection to VMware vCenter host. (host address
-# value)
-#host_ip = <None>
-
-# Port for connection to VMware vCenter host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#host_port = 443
-
-# Username for connection to VMware vCenter host. (string value)
-#host_username = <None>
-
-# Password for connection to VMware vCenter host. (string value)
-#host_password = <None>
-
-#
-# Specifies the CA bundle file to be used in verifying the vCenter
-# server certificate.
-#  (string value)
-#ca_file = <None>
-
-#
-# If true, the vCenter server certificate is not verified. If false,
-# then the default CA truststore is used for verification.
-#
-# Related options:
-# * ca_file: This option is ignored if "ca_file" is set.
-#  (boolean value)
-#insecure = false
-
-# Name of a VMware Cluster ComputeResource. (string value)
-#cluster_name = <None>
-
-#
-# Regular expression pattern to match the name of datastore.
-#
-# The datastore_regex setting specifies the datastores to use with
-# Compute. For example, datastore_regex="nas.*" selects all the data
-# stores that have a name starting with "nas".
-#
-# NOTE: If no regex is given, it just picks the datastore with the
-# most freespace.
-#
-# Possible values:
-#
-# * Any matching regular expression to a datastore must be given
-#  (string value)
-#datastore_regex = <None>
-
-#
-# Time interval in seconds to poll remote tasks invoked on
-# VMware VC server.
-#  (floating point value)
-#task_poll_interval = 0.5
-
-#
-# Number of times VMware vCenter server API must be retried on connection
-# failures, e.g. socket error, etc.
-#  (integer value)
-# Minimum value: 0
-#api_retry_count = 10
-
-#
-# This option specifies VNC starting port.
-#
-# Every VM created by ESX host has an option of enabling VNC client
-# for remote connection. Above option 'vnc_port' helps you to set
-# default starting port for the VNC client.
-#
-# Possible values:
-#
-# * Any valid port number within 5900 -(5900 + vnc_port_total)
-#
-# Related options:
-# Below options should be set to enable VNC client.
-# * vnc.enabled = True
-# * vnc_port_total
-#  (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#vnc_port = 5900
-
-#
-# Total number of VNC ports.
-#  (integer value)
-# Minimum value: 0
-#vnc_port_total = 10000
-
-#
-# Keymap for VNC.
-#
-# The keyboard mapping (keymap) determines which keyboard layout a VNC
-# session should use by default.
-#
-# Possible values:
-#
-# * A keyboard layout which is supported by the underlying hypervisor on
-#   this node. This is usually an 'IETF language tag' (for example
-#   'en-us').
-#  (string value)
-#vnc_keymap = en-us
-
-#
-# This option enables/disables the use of linked clone.
-#
-# The ESX hypervisor requires a copy of the VMDK file in order to boot
-# up a virtual machine. The compute driver must download the VMDK via
-# HTTP from the OpenStack Image service to a datastore that is visible
-# to the hypervisor and cache it. Subsequent virtual machines that need
-# the VMDK use the cached version and don't have to copy the file again
-# from the OpenStack Image service.
-#
-# If set to false, even with a cached VMDK, there is still a copy
-# operation from the cache location to the hypervisor file directory
-# in the shared datastore. If set to true, the above copy operation
-# is avoided as it creates copy of the virtual machine that shares
-# virtual disks with its parent VM.
-#  (boolean value)
-#use_linked_clone = true
-
-#
-# This option sets the http connection pool size
-#
-# The connection pool size is the maximum number of connections from nova to
-# vSphere.  It should only be increased if there are warnings indicating that
-# the connection pool is full, otherwise, the default should suffice.
-#  (integer value)
-# Minimum value: 10
-#connection_pool_size = 10
-
-#
-# This option enables or disables storage policy based placement
-# of instances.
-#
-# Related options:
-#
-# * pbm_default_policy
-#  (boolean value)
-#pbm_enabled = false
-
-#
-# This option specifies the PBM service WSDL file location URL.
-#
-# Setting this will disable storage policy based placement
-# of instances.
-#
-# Possible values:
-#
-# * Any valid file path
-#   e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
-#  (string value)
-#pbm_wsdl_location = <None>
-
-#
-# This option specifies the default policy to be used.
-#
-# If pbm_enabled is set and there is no defined storage policy for the
-# specific request, then this policy will be used.
-#
-# Possible values:
-#
-# * Any valid storage policy such as VSAN default storage policy
-#
-# Related options:
-#
-# * pbm_enabled
-#  (string value)
-#pbm_default_policy = <None>
-
-#
-# This option specifies the limit on the maximum number of objects to
-# return in a single result.
-#
-# A positive value will cause the operation to suspend the retrieval
-# when the count of objects reaches the specified limit. The server may
-# still limit the count to something less than the configured value.
-# Any remaining objects may be retrieved with additional requests.
-#  (integer value)
-# Minimum value: 0
-#maximum_objects = 100
-
-#
-# This option adds a prefix to the folder where cached images are stored
-#
-# This is not the full path - just a folder prefix. This should only be
-# used when a datastore cache is shared between compute nodes.
-#
-# Note: This should only be used when the compute nodes are running on same
-# host or they have a shared file system.
-#
-# Possible values:
-#
-# * Any string representing the cache prefix to the folder
-#  (string value)
-#cache_prefix = <None>
 
 
 [vnc]
@@ -10757,7 +9868,7 @@
 # keyboards. You should instead use a VNC client that supports Extended Key
 # Event
 # messages, such as noVNC 1.0.0. Refer to bug #1682020 for more information.
-#keymap = <None>
+keymap = en-us
 
 #
 # The IP address or hostname on which an instance should listen to for
@@ -10765,20 +9876,7 @@
 #  (host address value)
 # Deprecated group/name - [DEFAULT]/vncserver_listen
 # Deprecated group/name - [vnc]/vncserver_listen
-#server_listen = 127.0.0.1
-
-#
-# Private, internal IP address or hostname of VNC console proxy.
-#
-# The VNC proxy is an OpenStack component that enables compute service
-# users to access their instances through VNC clients.
-#
-# This option sets the private address to which proxy clients, such as
-# ``nova-xvpvncproxy``, should connect to.
-#  (host address value)
-# Deprecated group/name - [DEFAULT]/vncserver_proxyclient_address
-# Deprecated group/name - [vnc]/vncserver_proxyclient_address
-#server_proxyclient_address = 127.0.0.1
+server_listen = 10.167.4.37
 
 #
 # Public address of noVNC VNC console proxy.
@@ -10799,7 +9897,7 @@
 # * novncproxy_host
 # * novncproxy_port
 #  (uri value)
-#novncproxy_base_url = http://127.0.0.1:6080/vnc_auto.html
+novncproxy_base_url = https://172.30.10.101:6080/vnc_auto.html
 
 #
 # IP address or hostname that the XVP VNC console proxy should bind to.
@@ -10876,7 +9974,7 @@
 # * novncproxy_port
 # * novncproxy_base_url
 #  (string value)
-#novncproxy_host = 0.0.0.0
+novncproxy_host = 10.167.4.37
 
 #
 # Port that the noVNC console proxy should bind to.
@@ -10895,64 +9993,7 @@
 #  (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#novncproxy_port = 6080
-
-#
-# The authentication schemes to use with the compute node.
-#
-# Control what RFB authentication schemes are permitted for connections between
-# the proxy and the compute host. If multiple schemes are enabled, the first
-# matching scheme will be used, thus the strongest schemes should be listed
-# first.
-#
-# Possible values:
-#
-# * ``none``: allow connection without authentication
-# * ``vencrypt``: use VeNCrypt authentication scheme
-#
-# Related options:
-#
-# * ``[vnc]vencrypt_client_key``, ``[vnc]vencrypt_client_cert``: must also be
-# set
-#  (list value)
-#auth_schemes = none
-
-# The path to the client certificate PEM file (for x509)
-#
-# The fully qualified path to a PEM file containing the private key which the
-# VNC
-# proxy server presents to the compute node during VNC authentication.
-#
-# Related options:
-#
-# * ``vnc.auth_schemes``: must include ``vencrypt``
-# * ``vnc.vencrypt_client_cert``: must also be set
-#  (string value)
-#vencrypt_client_key = <None>
-
-# The path to the client key file (for x509)
-#
-# The fully qualified path to a PEM file containing the x509 certificate which
-# the VNC proxy server presents to the compute node during VNC authentication.
-#
-# Realted options:
-#
-# * ``vnc.auth_schemes``: must include ``vencrypt``
-# * ``vnc.vencrypt_client_key``: must also be set
-#  (string value)
-#vencrypt_client_cert = <None>
-
-# The path to the CA certificate PEM file
-#
-# The fully qualified path to a PEM file containing one or more x509
-# certificates
-# for the certificate authorities used by the compute node VNC server.
-#
-# Related options:
-#
-# * ``vnc.auth_schemes``: must include ``vencrypt``
-#  (string value)
-#vencrypt_ca_certs = <None>
+novncproxy_port = 6080
 
 
 [workarounds]
@@ -11009,7 +10050,7 @@
 # * False: Live snapshots are always used when snapshotting (as long as
 #   there is a new enough libvirt and the backend storage supports it)
 #  (boolean value)
-#disable_libvirt_livesnapshot = false
+disable_libvirt_livesnapshot = true
 
 #
 # Enable handling of events emitted from compute drivers.
@@ -11135,60 +10176,6 @@
 # See related bug https://bugs.launchpad.net/nova/+bug/1796920 for more details.
 #  (boolean value)
 #report_ironic_standard_resource_class_inventory = true
-
-#
-# Enable live migration of instances with NUMA topologies.
-#
-# Live migration of instances with NUMA topologies is disabled by default
-# when using the libvirt driver. This includes live migration of instances with
-# CPU pinning or hugepages. CPU pinning and huge page information for such
-# instances is not currently re-calculated, as noted in `bug #1289064`_.  This
-# means that if instances were already present on the destination host, the
-# migrated instance could be placed on the same dedicated cores as these
-# instances or use hugepages allocated for another instance. Alternately, if the
-# host platforms were not homogeneous, the instance could be assigned to
-# non-existent cores or be inadvertently split across host NUMA nodes.
-#
-# Despite these known issues, there may be cases where live migration is
-# necessary. By enabling this option, operators that are aware of the issues and
-# are willing to manually work around them can enable live migration support for
-# these instances.
-#
-# Related options:
-#
-# * ``compute_driver``: Only the libvirt driver is affected.
-#
-# .. _bug #1289064: https://bugs.launchpad.net/nova/+bug/1289064
-#  (boolean value)
-#enable_numa_live_migration = false
-
-#
-# Ensure the instance directory is removed during clean up when using rbd.
-#
-# When enabled this workaround will ensure that the instance directory is always
-# removed during cleanup on hosts using ``[libvirt]/images_type=rbd``. This
-# avoids the following bugs with evacuation and revert resize clean up that lead
-# to the instance directory remaining on the host:
-#
-# https://bugs.launchpad.net/nova/+bug/1414895
-#
-# https://bugs.launchpad.net/nova/+bug/1761062
-#
-# Both of these bugs can then result in ``DestinationDiskExists`` errors being
-# raised if the instances ever attempt to return to the host.
-#
-# .. warning:: Operators will need to ensure that the instance directory itself,
-#   specified by ``[DEFAULT]/instances_path``, is not shared between computes
-#   before enabling this workaround otherwise the console.log, kernels, ramdisks
-#   and any additional files being used by the running instance will be lost.
-#
-# Related options:
-#
-# * ``compute_driver`` (libvirt)
-# * ``[libvirt]/images_type`` (rbd)
-# * ``instances_path``
-#  (boolean value)
-#ensure_libvirt_rbd_instance_dir_cleanup = false
 
 
 [wsgi]

2019-04-30 22:20:33,124 [salt.state       :1951][INFO    ][15828] Completed state [/etc/nova/nova.conf] at time 22:20:33.124564 duration_in_ms=733.652
2019-04-30 22:20:33,125 [salt.state       :1780][INFO    ][15828] Running state [nova-manage api_db sync] at time 22:20:33.125415
2019-04-30 22:20:33,125 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [nova-manage api_db sync]
2019-04-30 22:20:33,127 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command '/bin/false' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:33,131 [salt.minion      :1711][INFO    ][19940] Returning information for job: 20190430222032526806
2019-04-30 22:20:33,243 [salt.state       :300 ][INFO    ][15828] onlyif execution failed
2019-04-30 22:20:33,244 [salt.state       :1951][INFO    ][15828] Completed state [nova-manage api_db sync] at time 22:20:33.243954 duration_in_ms=118.538
2019-04-30 22:20:33,245 [salt.state       :1780][INFO    ][15828] Running state [nova-manage cell_v2 map_cell0] at time 22:20:33.245178
2019-04-30 22:20:33,245 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [nova-manage cell_v2 map_cell0]
2019-04-30 22:20:33,245 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'nova-manage cell_v2 map_cell0' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:36,318 [salt.state       :300 ][INFO    ][15828] {'pid': 19999, 'retcode': 0, 'stderr': '', 'stdout': 'Cell0 is already setup'}
2019-04-30 22:20:36,319 [salt.state       :1951][INFO    ][15828] Completed state [nova-manage cell_v2 map_cell0] at time 22:20:36.319304 duration_in_ms=3074.125
2019-04-30 22:20:36,320 [salt.state       :1780][INFO    ][15828] Running state [nova-manage cell_v2 create_cell --name=cell1 --verbose] at time 22:20:36.320580
2019-04-30 22:20:36,320 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [nova-manage cell_v2 create_cell --name=cell1 --verbose]
2019-04-30 22:20:36,321 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'nova-manage cell_v2 list_cells | grep cell1' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:39,316 [salt.state       :300 ][INFO    ][15828] unless execution succeeded
2019-04-30 22:20:39,316 [salt.state       :1951][INFO    ][15828] Completed state [nova-manage cell_v2 create_cell --name=cell1 --verbose] at time 22:20:39.316826 duration_in_ms=2996.246
2019-04-30 22:20:39,317 [salt.state       :1780][INFO    ][15828] Running state [nova-manage db sync] at time 22:20:39.317676
2019-04-30 22:20:39,317 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [nova-manage db sync]
2019-04-30 22:20:39,318 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command '/bin/false' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:39,375 [salt.state       :300 ][INFO    ][15828] onlyif execution failed
2019-04-30 22:20:39,376 [salt.state       :1951][INFO    ][15828] Completed state [nova-manage db sync] at time 22:20:39.376071 duration_in_ms=58.395
2019-04-30 22:20:39,746 [salt.state       :1780][INFO    ][15828] Running state [/etc/nova/api-paste.ini] at time 22:20:39.746400
2019-04-30 22:20:39,746 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/nova/api-paste.ini]
2019-04-30 22:20:39,764 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/files/rocky/api-paste.ini.Debian'
2019-04-30 22:20:39,853 [salt.state       :300 ][INFO    ][15828] File changed:
--- 
+++ 
@@ -68,7 +68,6 @@
 
 [app:oscomputeversionapp]
 paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
-
 ##########
 # Shared #
 ##########

2019-04-30 22:20:39,853 [salt.state       :1951][INFO    ][15828] Completed state [/etc/nova/api-paste.ini] at time 22:20:39.853510 duration_in_ms=107.109
2019-04-30 22:20:39,854 [salt.state       :1780][INFO    ][15828] Running state [/etc/default/nova-conductor] at time 22:20:39.854060
2019-04-30 22:20:39,854 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/default/nova-conductor]
2019-04-30 22:20:39,868 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/files/default'
2019-04-30 22:20:39,874 [salt.state       :300 ][INFO    ][15828] File changed:
New file
2019-04-30 22:20:39,874 [salt.state       :1951][INFO    ][15828] Completed state [/etc/default/nova-conductor] at time 22:20:39.874625 duration_in_ms=20.565
2019-04-30 22:20:39,875 [salt.state       :1780][INFO    ][15828] Running state [/etc/default/nova-api] at time 22:20:39.875160
2019-04-30 22:20:39,875 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/default/nova-api]
2019-04-30 22:20:39,889 [salt.state       :300 ][INFO    ][15828] File changed:
New file
2019-04-30 22:20:39,889 [salt.state       :1951][INFO    ][15828] Completed state [/etc/default/nova-api] at time 22:20:39.889951 duration_in_ms=14.789
2019-04-30 22:20:39,890 [salt.state       :1780][INFO    ][15828] Running state [/etc/default/nova-consoleauth] at time 22:20:39.890494
2019-04-30 22:20:39,890 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/default/nova-consoleauth]
2019-04-30 22:20:39,904 [salt.state       :300 ][INFO    ][15828] File changed:
New file
2019-04-30 22:20:39,904 [salt.state       :1951][INFO    ][15828] Completed state [/etc/default/nova-consoleauth] at time 22:20:39.904861 duration_in_ms=14.367
2019-04-30 22:20:39,905 [salt.state       :1780][INFO    ][15828] Running state [/etc/default/nova-scheduler] at time 22:20:39.905381
2019-04-30 22:20:39,905 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/default/nova-scheduler]
2019-04-30 22:20:39,919 [salt.state       :300 ][INFO    ][15828] File changed:
New file
2019-04-30 22:20:39,919 [salt.state       :1951][INFO    ][15828] Completed state [/etc/default/nova-scheduler] at time 22:20:39.919489 duration_in_ms=14.108
2019-04-30 22:20:39,920 [salt.state       :1780][INFO    ][15828] Running state [/etc/default/nova-novncproxy] at time 22:20:39.919998
2019-04-30 22:20:39,920 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/default/nova-novncproxy]
2019-04-30 22:20:39,934 [salt.state       :300 ][INFO    ][15828] File changed:
New file
2019-04-30 22:20:39,934 [salt.state       :1951][INFO    ][15828] Completed state [/etc/default/nova-novncproxy] at time 22:20:39.934507 duration_in_ms=14.509
2019-04-30 22:20:39,936 [salt.state       :1780][INFO    ][15828] Running state [nova-conductor] at time 22:20:39.936246
2019-04-30 22:20:39,936 [salt.state       :1813][INFO    ][15828] Executing state service.running for [nova-conductor]
2019-04-30 22:20:39,937 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'status', 'nova-conductor.service', '-n', '0'] in directory '/root'
2019-04-30 22:20:39,950 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-conductor.service'] in directory '/root'
2019-04-30 22:20:39,963 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-conductor.service'] in directory '/root'
2019-04-30 22:20:39,976 [salt.state       :300 ][INFO    ][15828] The service nova-conductor is already running
2019-04-30 22:20:39,977 [salt.state       :1951][INFO    ][15828] Completed state [nova-conductor] at time 22:20:39.976955 duration_in_ms=40.709
2019-04-30 22:20:39,977 [salt.state       :1780][INFO    ][15828] Running state [nova-conductor] at time 22:20:39.977219
2019-04-30 22:20:39,977 [salt.state       :1813][INFO    ][15828] Executing state service.mod_watch for [nova-conductor]
2019-04-30 22:20:39,978 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-conductor.service'] in directory '/root'
2019-04-30 22:20:39,988 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'nova-conductor.service'] in directory '/root'
2019-04-30 22:20:40,985 [salt.state       :300 ][INFO    ][15828] {'nova-conductor': True}
2019-04-30 22:20:40,985 [salt.state       :1951][INFO    ][15828] Completed state [nova-conductor] at time 22:20:40.985863 duration_in_ms=1008.644
2019-04-30 22:20:40,988 [salt.state       :1780][INFO    ][15828] Running state [nova-api] at time 22:20:40.988289
2019-04-30 22:20:40,988 [salt.state       :1813][INFO    ][15828] Executing state service.running for [nova-api]
2019-04-30 22:20:40,989 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'status', 'nova-api.service', '-n', '0'] in directory '/root'
2019-04-30 22:20:41,005 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-api.service'] in directory '/root'
2019-04-30 22:20:41,019 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-api.service'] in directory '/root'
2019-04-30 22:20:41,032 [salt.state       :300 ][INFO    ][15828] The service nova-api is already running
2019-04-30 22:20:41,032 [salt.state       :1951][INFO    ][15828] Completed state [nova-api] at time 22:20:41.032680 duration_in_ms=44.39
2019-04-30 22:20:41,033 [salt.state       :1780][INFO    ][15828] Running state [nova-api] at time 22:20:41.033054
2019-04-30 22:20:41,033 [salt.state       :1813][INFO    ][15828] Executing state service.mod_watch for [nova-api]
2019-04-30 22:20:41,034 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-api.service'] in directory '/root'
2019-04-30 22:20:41,047 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'nova-api.service'] in directory '/root'
2019-04-30 22:20:41,301 [salt.state       :300 ][INFO    ][15828] {'nova-api': True}
2019-04-30 22:20:41,303 [salt.state       :1951][INFO    ][15828] Completed state [nova-api] at time 22:20:41.303495 duration_in_ms=270.441
2019-04-30 22:20:41,305 [salt.state       :1780][INFO    ][15828] Running state [nova-consoleauth] at time 22:20:41.305740
2019-04-30 22:20:41,306 [salt.state       :1813][INFO    ][15828] Executing state service.running for [nova-consoleauth]
2019-04-30 22:20:41,306 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'status', 'nova-consoleauth.service', '-n', '0'] in directory '/root'
2019-04-30 22:20:41,319 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-consoleauth.service'] in directory '/root'
2019-04-30 22:20:41,331 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-consoleauth.service'] in directory '/root'
2019-04-30 22:20:41,343 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'nova-consoleauth.service'] in directory '/root'
2019-04-30 22:20:41,359 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-consoleauth.service'] in directory '/root'
2019-04-30 22:20:41,377 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-consoleauth.service'] in directory '/root'
2019-04-30 22:20:41,389 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-consoleauth.service'] in directory '/root'
2019-04-30 22:20:41,402 [salt.state       :300 ][INFO    ][15828] {'nova-consoleauth': True}
2019-04-30 22:20:41,404 [salt.state       :1951][INFO    ][15828] Completed state [nova-consoleauth] at time 22:20:41.402977 duration_in_ms=97.236
2019-04-30 22:20:41,406 [salt.state       :1780][INFO    ][15828] Running state [nova-scheduler] at time 22:20:41.406638
2019-04-30 22:20:41,407 [salt.state       :1813][INFO    ][15828] Executing state service.running for [nova-scheduler]
2019-04-30 22:20:41,407 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'status', 'nova-scheduler.service', '-n', '0'] in directory '/root'
2019-04-30 22:20:41,423 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-scheduler.service'] in directory '/root'
2019-04-30 22:20:41,435 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-scheduler.service'] in directory '/root'
2019-04-30 22:20:41,448 [salt.state       :300 ][INFO    ][15828] The service nova-scheduler is already running
2019-04-30 22:20:41,448 [salt.state       :1951][INFO    ][15828] Completed state [nova-scheduler] at time 22:20:41.448435 duration_in_ms=41.797
2019-04-30 22:20:41,448 [salt.state       :1780][INFO    ][15828] Running state [nova-scheduler] at time 22:20:41.448661
2019-04-30 22:20:41,448 [salt.state       :1813][INFO    ][15828] Executing state service.mod_watch for [nova-scheduler]
2019-04-30 22:20:41,449 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-scheduler.service'] in directory '/root'
2019-04-30 22:20:41,461 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'nova-scheduler.service'] in directory '/root'
2019-04-30 22:20:41,636 [salt.state       :300 ][INFO    ][15828] {'nova-scheduler': True}
2019-04-30 22:20:41,636 [salt.state       :1951][INFO    ][15828] Completed state [nova-scheduler] at time 22:20:41.636793 duration_in_ms=188.132
2019-04-30 22:20:41,639 [salt.state       :1780][INFO    ][15828] Running state [nova-novncproxy] at time 22:20:41.638989
2019-04-30 22:20:41,639 [salt.state       :1813][INFO    ][15828] Executing state service.running for [nova-novncproxy]
2019-04-30 22:20:41,639 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'status', 'nova-novncproxy.service', '-n', '0'] in directory '/root'
2019-04-30 22:20:41,656 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-novncproxy.service'] in directory '/root'
2019-04-30 22:20:41,677 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'nova-novncproxy.service'] in directory '/root'
2019-04-30 22:20:41,692 [salt.state       :300 ][INFO    ][15828] The service nova-novncproxy is already running
2019-04-30 22:20:41,693 [salt.state       :1951][INFO    ][15828] Completed state [nova-novncproxy] at time 22:20:41.693025 duration_in_ms=54.036
2019-04-30 22:20:41,693 [salt.state       :1780][INFO    ][15828] Running state [nova-novncproxy] at time 22:20:41.693237
2019-04-30 22:20:41,693 [salt.state       :1813][INFO    ][15828] Executing state service.mod_watch for [nova-novncproxy]
2019-04-30 22:20:41,694 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'nova-novncproxy.service'] in directory '/root'
2019-04-30 22:20:41,704 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'nova-novncproxy.service'] in directory '/root'
2019-04-30 22:20:41,839 [salt.state       :300 ][INFO    ][15828] {'nova-novncproxy': True}
2019-04-30 22:20:41,839 [salt.state       :1951][INFO    ][15828] Completed state [nova-novncproxy] at time 22:20:41.839630 duration_in_ms=146.392
2019-04-30 22:20:41,840 [salt.state       :1780][INFO    ][15828] Running state [nova-manage db online_data_migrations] at time 22:20:41.840608
2019-04-30 22:20:41,840 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [nova-manage db online_data_migrations]
2019-04-30 22:20:41,841 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command '/bin/false' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:41,945 [salt.state       :300 ][INFO    ][15828] onlyif execution failed
2019-04-30 22:20:41,945 [salt.state       :1951][INFO    ][15828] Completed state [nova-manage db online_data_migrations] at time 22:20:41.945615 duration_in_ms=105.007
2019-04-30 22:20:41,946 [salt.state       :1780][INFO    ][15828] Running state [/etc/systemd/system/nova-placement-api.service] at time 22:20:41.946037
2019-04-30 22:20:41,946 [salt.state       :1813][INFO    ][15828] Executing state file.symlink for [/etc/systemd/system/nova-placement-api.service]
2019-04-30 22:20:41,960 [salt.state       :300 ][INFO    ][15828] {'new': '/etc/systemd/system/nova-placement-api.service'}
2019-04-30 22:20:41,960 [salt.state       :1951][INFO    ][15828] Completed state [/etc/systemd/system/nova-placement-api.service] at time 22:20:41.960949 duration_in_ms=14.912
2019-04-30 22:20:41,968 [salt.state       :1780][INFO    ][15828] Running state [nova-placement-api] at time 22:20:41.968462
2019-04-30 22:20:41,968 [salt.state       :1813][INFO    ][15828] Executing state pkg.installed for [nova-placement-api]
2019-04-30 22:20:42,206 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:20:42,273 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nova-placement-api'] in directory '/root'
2019-04-30 22:20:46,653 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:20:46,713 [salt.state       :300 ][INFO    ][15828] Made the following changes:
'nova-placement-api' changed from 'absent' to '2:18.2.0-2~u16.04+mcp110'

2019-04-30 22:20:46,741 [salt.state       :915 ][INFO    ][15828] Loading fresh modules for state activity
2019-04-30 22:20:46,916 [salt.state       :1951][INFO    ][15828] Completed state [nova-placement-api] at time 22:20:46.916917 duration_in_ms=4948.455
2019-04-30 22:20:46,920 [salt.state       :1780][INFO    ][15828] Running state [/etc/apache2/sites-available/nova-placement-api.conf] at time 22:20:46.920437
2019-04-30 22:20:46,920 [salt.state       :1813][INFO    ][15828] Executing state file.managed for [/etc/apache2/sites-available/nova-placement-api.conf]
2019-04-30 22:20:46,963 [salt.fileclient  :1219][INFO    ][15828] Fetching file from saltenv 'base', ** done ** 'nova/files/rocky/nova-placement-api.conf'
2019-04-30 22:20:47,163 [salt.state       :300 ][INFO    ][15828] File changed:
--- 
+++ 
@@ -1,6 +1,7 @@
-Listen 8778
 
-<VirtualHost *:8778>
+Listen 10.167.4.37:8778
+
+<VirtualHost 10.167.4.37:8778>
     WSGIScriptAlias / /usr/bin/nova-placement-api
     WSGIDaemonProcess nova-placement processes=5 threads=1 user=nova group=nova display-name=%{GROUP}
     WSGIProcessGroup nova-placement
@@ -13,7 +14,7 @@
     </IfVersion>
 
     ErrorLog /var/log/apache2/nova_placement_error.log
-    CustomLog /var/log/apache2/nova_placement_access.log combined
+    CustomLog /var/log/apache2/nova_placement_access.log "%v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\""
 
     <Directory /usr/bin>
         <IfVersion >= 2.4>
@@ -25,13 +26,3 @@
         </IfVersion>
     </Directory>
 </VirtualHost>
-
-Alias /placement /usr/bin/nova-placement-api
-<Location /placement>
-  SetHandler wsgi-script
-  Options +ExecCGI
-
-  WSGIProcessGroup nova-placement
-  WSGIApplicationGroup %{GLOBAL}
-  WSGIPassAuthorization On
-</Location>

2019-04-30 22:20:47,163 [salt.state       :1951][INFO    ][15828] Completed state [/etc/apache2/sites-available/nova-placement-api.conf] at time 22:20:47.163298 duration_in_ms=242.861
2019-04-30 22:20:47,169 [salt.state       :1780][INFO    ][15828] Running state [nova-placement-api] at time 22:20:47.169325
2019-04-30 22:20:47,174 [salt.state       :1813][INFO    ][15828] Executing state apache_site.enabled for [nova-placement-api]
2019-04-30 22:20:47,174 [salt.state       :300 ][INFO    ][15828] nova-placement-api already enabled.
2019-04-30 22:20:47,174 [salt.state       :1951][INFO    ][15828] Completed state [nova-placement-api] at time 22:20:47.174755 duration_in_ms=5.43
2019-04-30 22:20:47,175 [salt.state       :1780][INFO    ][15828] Running state [nova-manage cell_v2 discover_hosts --verbose] at time 22:20:47.175592
2019-04-30 22:20:47,175 [salt.state       :1813][INFO    ][15828] Executing state cmd.run for [nova-manage cell_v2 discover_hosts --verbose]
2019-04-30 22:20:47,177 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'nova-manage cell_v2 discover_hosts --verbose' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:50,339 [salt.state       :300 ][INFO    ][15828] {'pid': 20756, 'retcode': 0, 'stderr': '', 'stdout': "Found 2 cell mappings.\nSkipping cell0 since it does not contain hosts.\nGetting computes from cell 'cell1': dfcfd778-fdd0-40a9-acd9-e9f796d52218\nFound 0 unmapped computes in cell: dfcfd778-fdd0-40a9-acd9-e9f796d52218"}
2019-04-30 22:20:50,339 [salt.state       :1951][INFO    ][15828] Completed state [nova-manage cell_v2 discover_hosts --verbose] at time 22:20:50.339809 duration_in_ms=3164.217
2019-04-30 22:20:50,353 [salt.state       :1780][INFO    ][15828] Running state [cell1] at time 22:20:50.353172
2019-04-30 22:20:50,353 [salt.state       :1813][INFO    ][15828] Executing state novav21.instances_mapped_to_cell for [cell1]
2019-04-30 22:20:50,353 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'nova-manage cell_v2 list_cells 2>/dev/null | awk '/cell1/ {print $4}'' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:53,242 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command 'nova-manage cell_v2 map_instances --cell_uuid dfcfd778-fdd0-40a9-acd9-e9f796d52218' as user 'nova' in directory '/var/lib/nova'
2019-04-30 22:20:56,307 [salt.state       :300 ][INFO    ][15828] All instances mapped in cell cell1
2019-04-30 22:20:56,308 [salt.state       :1951][INFO    ][15828] Completed state [cell1] at time 22:20:56.308016 duration_in_ms=5954.844
2019-04-30 22:20:56,660 [salt.state       :1780][INFO    ][15828] Running state [apache2] at time 22:20:56.660246
2019-04-30 22:20:56,660 [salt.state       :1813][INFO    ][15828] Executing state service.running for [apache2]
2019-04-30 22:20:56,661 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:20:56,672 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:20:56,684 [salt.state       :300 ][INFO    ][15828] The service apache2 is already running
2019-04-30 22:20:56,685 [salt.state       :1951][INFO    ][15828] Completed state [apache2] at time 22:20:56.685143 duration_in_ms=24.898
2019-04-30 22:20:56,685 [salt.state       :1780][INFO    ][15828] Running state [apache2] at time 22:20:56.685414
2019-04-30 22:20:56,685 [salt.state       :1813][INFO    ][15828] Executing state service.mod_watch for [apache2]
2019-04-30 22:20:56,686 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:20:56,696 [salt.loaded.int.module.cmdmod:395 ][INFO    ][15828] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service'] in directory '/root'
2019-04-30 22:20:58,897 [salt.state       :300 ][INFO    ][15828] {'apache2': True}
2019-04-30 22:20:58,898 [salt.state       :1951][INFO    ][15828] Completed state [apache2] at time 22:20:58.898098 duration_in_ms=2212.683
2019-04-30 22:20:58,903 [salt.minion      :1711][INFO    ][15828] Returning information for job: 20190430221917374729
2019-04-30 22:22:02,282 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430222202271695
2019-04-30 22:22:02,293 [salt.minion      :1432][INFO    ][21299] Starting a new job with PID 21299
2019-04-30 22:22:05,989 [salt.state       :915 ][INFO    ][21299] Loading fresh modules for state activity
2019-04-30 22:22:06,026 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/init.sls'
2019-04-30 22:22:06,049 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/server.sls'
2019-04-30 22:22:06,158 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/db/offline_sync.sls'
2019-04-30 22:22:06,193 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/_ssl/mysql.sls'
2019-04-30 22:22:06,234 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/_ssl/rabbitmq.sls'
2019-04-30 22:22:07,180 [salt.state       :1780][INFO    ][21299] Running state [heat-api] at time 22:22:07.180733
2019-04-30 22:22:07,181 [salt.state       :1813][INFO    ][21299] Executing state pkg.installed for [heat-api]
2019-04-30 22:22:07,182 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:22:07,509 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['apt-cache', '-q', 'policy', 'heat-api'] in directory '/root'
2019-04-30 22:22:07,567 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:22:09,175 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:22:09,196 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-api'] in directory '/root'
2019-04-30 22:22:17,309 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430222217296543
2019-04-30 22:22:17,320 [salt.minion      :1432][INFO    ][21941] Starting a new job with PID 21941
2019-04-30 22:22:17,340 [salt.minion      :1711][INFO    ][21941] Returning information for job: 20190430222217296543
2019-04-30 22:22:35,555 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:22:35,588 [salt.state       :300 ][INFO    ][21299] Made the following changes:
'python-magnumclient' changed from 'absent' to '2.8.0-1.0~u16.04+mcp1'
'python-zunclient' changed from 'absent' to '2.1.0-1~u16.04+mcp'
'python-heatclient' changed from 'absent' to '1.16.2-2~u16.04+mcp6'
'python-webtest' changed from 'absent' to '2.0.28-1.0~u16.04+mcp1'
'python-websocket' changed from 'absent' to '0.48.0-1~u16.04+mcp'
'python-senlinclient' changed from 'absent' to '1.7.0-1.0~u16.04+mcp2'
'python-waitress' changed from 'absent' to '0.8.10-1'
'python-logutils' changed from 'absent' to '0.3.3-5'
'python-monascaclient' changed from 'absent' to '1.12.1-1~u16.04+mcp0'
'python-mistralclient' changed from 'absent' to '1:3.3.0-1.0~u16.04+mcp1'
'heat-common' changed from 'absent' to '1:11.0.0-5~u16.04+mcp1'
'python-docker' changed from 'absent' to '3.2.1-1~u16.04+mcp'
'python-designateclient' changed from 'absent' to '2.10.0-2~u16.04+mcp'
'golang-docker-credential-helpers' changed from 'absent' to '0.6.1-1~u16.04+mcp'
'sqlite3' changed from 'absent' to '3.11.0-1ubuntu1.1'
'python-troveclient' changed from 'absent' to '1:2.14.0-1.0~u16.04+mcp2'
'python2.7-waitress' changed from 'absent' to '1'
'python-saharaclient' changed from 'absent' to '1.5.0-1.0~u16.04+mcp1'
'heat-api' changed from 'absent' to '1:11.0.0-5~u16.04+mcp1'
'dbconfig-common' changed from 'absent' to '2.0.4ubuntu1'
'python-blazarclient' changed from 'absent' to '2.0.0-1~u16.04+mcp'
'python-octaviaclient' changed from 'absent' to '1.6.0-2~u16.04+mcp7'
'libsecret-1-0' changed from 'absent' to '0.18.4-1ubuntu2'
'python-manilaclient' changed from 'absent' to '1.24.2-1~u16.04+mcp6'
'python-neutron-lib' changed from 'absent' to '1.18.0-1~u16.04+mcp5'
'python-weakrefmethod' changed from 'absent' to '1.0.3-2~u16.04+mcp1'
'python-q-text-as-data' changed from 'absent' to '1.4.0-1'
'python-pecan' changed from 'absent' to '1.3.2-2~u16.04+mcp'
'python-aodhclient' changed from 'absent' to '1.1.1-2~u16.04+mcp5'
'python-croniter' changed from 'absent' to '0.3.8-1'
'python-backports.ssl-match-hostname' changed from 'absent' to '3.5.0.1-1~u16.04+mcp'
'python-dockerpycreds' changed from 'absent' to '0.2.2-1~u16.04+mcp'
'libsecret-common' changed from 'absent' to '0.18.4-1ubuntu2'
'python-heat' changed from 'absent' to '1:11.0.0-5~u16.04+mcp1'
'python-zaqarclient' changed from 'absent' to '1.9.0-1.0~u16.04+mcp2'
'python-yaql' changed from 'absent' to '1.1.3-2~u16.04+mcp1'
'q-text-as-data' changed from 'absent' to '1'

2019-04-30 22:22:35,610 [salt.state       :915 ][INFO    ][21299] Loading fresh modules for state activity
2019-04-30 22:22:35,646 [salt.state       :1951][INFO    ][21299] Completed state [heat-api] at time 22:22:35.646335 duration_in_ms=28465.602
2019-04-30 22:22:35,649 [salt.state       :1780][INFO    ][21299] Running state [heat-api-cfn] at time 22:22:35.649876
2019-04-30 22:22:35,650 [salt.state       :1813][INFO    ][21299] Executing state pkg.installed for [heat-api-cfn]
2019-04-30 22:22:36,272 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:22:36,296 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-api-cfn'] in directory '/root'
2019-04-30 22:22:39,880 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:22:39,916 [salt.state       :300 ][INFO    ][21299] Made the following changes:
'heat-api-cfn' changed from 'absent' to '1:11.0.0-5~u16.04+mcp1'

2019-04-30 22:22:39,936 [salt.state       :915 ][INFO    ][21299] Loading fresh modules for state activity
2019-04-30 22:22:39,974 [salt.state       :1951][INFO    ][21299] Completed state [heat-api-cfn] at time 22:22:39.974325 duration_in_ms=4324.448
2019-04-30 22:22:39,978 [salt.state       :1780][INFO    ][21299] Running state [heat-engine] at time 22:22:39.978232
2019-04-30 22:22:39,978 [salt.state       :1813][INFO    ][21299] Executing state pkg.installed for [heat-engine]
2019-04-30 22:22:40,458 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:22:40,479 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'heat-engine'] in directory '/root'
2019-04-30 22:22:43,671 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:22:43,706 [salt.state       :300 ][INFO    ][21299] Made the following changes:
'heat-engine' changed from 'absent' to '1:11.0.0-5~u16.04+mcp1'

2019-04-30 22:22:43,726 [salt.state       :915 ][INFO    ][21299] Loading fresh modules for state activity
2019-04-30 22:22:43,750 [salt.state       :1951][INFO    ][21299] Completed state [heat-engine] at time 22:22:43.750812 duration_in_ms=3772.579
2019-04-30 22:22:43,754 [salt.state       :1780][INFO    ][21299] Running state [heat-common] at time 22:22:43.754745
2019-04-30 22:22:43,755 [salt.state       :1813][INFO    ][21299] Executing state pkg.installed for [heat-common]
2019-04-30 22:22:44,248 [salt.state       :300 ][INFO    ][21299] All specified packages are already installed
2019-04-30 22:22:44,248 [salt.state       :1951][INFO    ][21299] Completed state [heat-common] at time 22:22:44.248416 duration_in_ms=493.669
2019-04-30 22:22:44,248 [salt.state       :1780][INFO    ][21299] Running state [python-heatclient] at time 22:22:44.248684
2019-04-30 22:22:44,248 [salt.state       :1813][INFO    ][21299] Executing state pkg.installed for [python-heatclient]
2019-04-30 22:22:44,254 [salt.state       :300 ][INFO    ][21299] All specified packages are already installed
2019-04-30 22:22:44,254 [salt.state       :1951][INFO    ][21299] Completed state [python-heatclient] at time 22:22:44.254271 duration_in_ms=5.587
2019-04-30 22:22:44,254 [salt.state       :1780][INFO    ][21299] Running state [gettext-base] at time 22:22:44.254536
2019-04-30 22:22:44,254 [salt.state       :1813][INFO    ][21299] Executing state pkg.installed for [gettext-base]
2019-04-30 22:22:44,259 [salt.state       :300 ][INFO    ][21299] All specified packages are already installed
2019-04-30 22:22:44,260 [salt.state       :1951][INFO    ][21299] Completed state [gettext-base] at time 22:22:44.260002 duration_in_ms=5.467
2019-04-30 22:22:44,263 [salt.state       :1780][INFO    ][21299] Running state [heat_ssl_mysql] at time 22:22:44.263220
2019-04-30 22:22:44,263 [salt.state       :1813][INFO    ][21299] Executing state test.show_notification for [heat_ssl_mysql]
2019-04-30 22:22:44,263 [salt.state       :300 ][INFO    ][21299] Running heat._ssl.mysql
2019-04-30 22:22:44,264 [salt.state       :1951][INFO    ][21299] Completed state [heat_ssl_mysql] at time 22:22:44.264059 duration_in_ms=0.839
2019-04-30 22:22:44,264 [salt.state       :1780][INFO    ][21299] Running state [heat_ssl_rabbitmq] at time 22:22:44.264313
2019-04-30 22:22:44,264 [salt.state       :1813][INFO    ][21299] Executing state test.show_notification for [heat_ssl_rabbitmq]
2019-04-30 22:22:44,264 [salt.state       :300 ][INFO    ][21299] Running heat._ssl.rabbitmq
2019-04-30 22:22:44,264 [salt.state       :1951][INFO    ][21299] Completed state [heat_ssl_rabbitmq] at time 22:22:44.264911 duration_in_ms=0.597
2019-04-30 22:22:44,265 [salt.state       :1780][INFO    ][21299] Running state [/etc/heat/heat.conf] at time 22:22:44.265213
2019-04-30 22:22:44,265 [salt.state       :1813][INFO    ][21299] Executing state file.managed for [/etc/heat/heat.conf]
2019-04-30 22:22:44,286 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/files/rocky/heat.conf.Debian'
2019-04-30 22:22:44,488 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/service/_ssl.conf'
2019-04-30 22:22:44,503 [salt.state       :300 ][INFO    ][21299] File changed:
--- 
+++ 
@@ -1,10 +1,217 @@
+
+
 [DEFAULT]
-
-#
-# From heat.common.config
-#
-
-# Name of the engine node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. (string value)
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size = 30
+
+# The pool size limit for connections expiration policy (integer
+# value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer
+# value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet
+# interface, or IP. The "host" option should point or resolve to this
+# address. (string value)
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic.
+# Default is unlimited. (integer value)
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address.
+# Must match "host" option, if running Nova. (string value)
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent
+# after closing a socket. The default value of -1 specifies an
+# infinite linger period. The value of 0 specifies no linger period.
+# Pending messages shall be discarded immediately when the socket is
+# closed. Positive values specify an upper bound for the linger
+# period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
+
+
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing
+# target. (integer value)
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes
+# sense only with use_router_proxy=False which means to use direct
+# connections for direct message types (ignored otherwise). (boolean
+# value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover
+# reasons. This option is actual only in dynamic connections mode.
+# (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means
+# not keeping a queue when server side disconnects. False means to
+# keep queue and messages even if server is disconnected, when the
+# server appears we send all accumulated messages to it. (boolean
+# value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1
+# (or any other negative value) means to skip any overrides and leave
+# it to OS default; 0 and 1 (or any other positive value) mean to
+# disable and enable the option respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition.
+# The unit is platform dependent, for example, seconds in Linux,
+# milliseconds in Windows etc. The default value of -1 (or any other
+# negative value and 0) means to skip any overrides and leave it to OS
+# default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring
+# that remote end is not available. The default value of -1 (or any
+# other negative value and 0) means to skip any overrides and leave it
+# to OS default. (integer value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not
+# received. The unit is platform dependent, for example, seconds in
+# Linux, milliseconds in Windows etc. The default value of -1 (or any
+# other negative value and 0) means to skip any overrides and leave it
+# to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer
+# value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which
+# it is not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism
+# works only via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each
+# retry attempt this timeout is multiplied by some specified
+# multiplier. (integer value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt.
+# (integer value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems
+# occurred: positive value N means at most N retries, 0 means no
+# retries, None or -1 (or any other negative values) mean to retry
+# forever. This option is used only if acknowledgments are enabled.
+# (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option
+# has higher priority then the default publishers list taken from the
+# matchmaker. (list value)
+#subscribe_on =
+
+# Size of executor thread pool when executor is threading or eventlet.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+rpc_response_timeout = 600
+
+# The network address and optional user credentials for connecting to
+# the messaging backend, in URL format. The expected format is:
+#
+# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
+#
+# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
+#
+# For full details on the fields in the URL see the documentation of
+# oslo_messaging.TransportURL at
+# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
+# (string value)
+#transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other
+# drivers include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend = rabbit
+
+# The default exchange under which topics are scoped. May be
+# overridden by an exchange name specified in the transport_url
+# option. (string value)
+#control_exchange = openstack
+
+
+#
+# From heat.common.config
+#
+
+# Name of the engine node. This can be an opaque identifier. It is not
+# necessarily a hostname, FQDN, or IP address. (string value)
 #host = <Hostname>
 
 # List of directories to search for plug-ins. (list value)
@@ -16,63 +223,74 @@
 # The directory to search for template files. (string value)
 #template_dir = /etc/heat/templates
 
-# DEPRECATED: Select deferred auth method, stored password or trusts. (string value)
+# DEPRECATED: Select deferred auth method, stored password or trusts. (string
+# value)
 # Possible values:
 # password - <No description provided>
 # trusts - <No description provided>
 # This option is deprecated for removal since 9.0.0.
 # Its value may be silently ignored in the future.
-# Reason: Stored password based deferred auth is broken when used with keystone v3 and is not supported.
+# Reason: Stored password based deferred auth is broken when used with keystone
+# v3 and is not supported.
 #deferred_auth_method = trusts
 
-# Allow reauthentication on token expiry, such that long-running tasks may complete. Note this defeats the expiry of any provided user
-# tokens. (string value)
+# Allow reauthentication on token expiry, such that long-running tasks may
+# complete. Note this defeats the expiry of any provided user tokens. (string
+# value)
 # Possible values:
 # '' - <No description provided>
 # trusts - <No description provided>
 #reauthentication_auth_method =
 
-# Subset of trustor roles to be delegated to heat. If left unset, all roles of a user will be delegated to heat when creating a stack. (list
-# value)
+# Subset of trustor roles to be delegated to heat. If left unset, all roles of
+# a user will be delegated to heat when creating a stack. (list value)
 #trusts_delegated_roles =
 
-# Maximum resources allowed per top-level stack. -1 stands for unlimited. (integer value)
-#max_resources_per_stack = 1000
-
-# Maximum number of stacks any one tenant may have active at one time. (integer value)
+# Maximum resources allowed per top-level stack. -1 stands for unlimited.
+# (integer value)
+max_resources_per_stack = 20000
+
+# Maximum number of stacks any one tenant may have active at one time. (integer
+# value)
 #max_stacks_per_tenant = 100
 
-# Number of times to retry to bring a resource to a non-error state. Set to 0 to disable retries. (integer value)
+# Number of times to retry to bring a resource to a non-error state. Set to 0
+# to disable retries. (integer value)
 #action_retry_limit = 5
 
-# Number of times to retry when a client encounters an expected intermittent error. Set to 0 to disable retries. (integer value)
+# Number of times to retry when a client encounters an expected intermittent
+# error. Set to 0 to disable retries. (integer value)
 #client_retry_limit = 2
 
 # Maximum length of a server name to be used in nova. (integer value)
 # Maximum value: 53
 #max_server_name_length = 53
 
-# Number of times to check whether an interface has been attached or detached. (integer value)
+# Number of times to check whether an interface has been attached or detached.
+# (integer value)
 # Minimum value: 1
 #max_interface_check_attempts = 10
 
-# Controls how many events will be pruned whenever a stack's events are purged. Set this lower to keep more events at the expense of more
-# frequent purges. (integer value)
+# Controls how many events will be pruned whenever a stack's events are purged.
+# Set this lower to keep more events at the expense of more frequent purges.
+# (integer value)
 # Minimum value: 1
 #event_purge_batch_size = 200
 
-# Rough number of maximum events that will be available per stack. Actual number of events can be a bit higher since purge checks take place
-# randomly 200/event_purge_batch_size percent of the time. Older events are deleted when events are purged. Set to 0 for unlimited events
-# per stack. (integer value)
+# Rough number of maximum events that will be available per stack. Actual
+# number of events can be a bit higher since purge checks take place randomly
+# 200/event_purge_batch_size percent of the time. Older events are deleted when
+# events are purged. Set to 0 for unlimited events per stack. (integer value)
 #max_events_per_stack = 1000
 
 # Timeout in seconds for stack action (ie. create or update). (integer value)
 #stack_action_timeout = 3600
-
-# The amount of time in seconds after an error has occurred that tasks may continue to run before being cancelled. (integer value)
+# The amount of time in seconds after an error has occurred that tasks may
+# continue to run before being cancelled. (integer value)
 #error_wait_time = 240
 
-# RPC timeout for the engine liveness check that is used for stack locking. (integer value)
+# RPC timeout for the engine liveness check that is used for stack locking.
+# (integer value)
 #engine_life_check_timeout = 2
 
 # DEPRECATED: Enable the legacy OS::Heat::CWLiteAlarm resource. (boolean value)
@@ -87,17 +305,23 @@
 # Enable the preview Stack Adopt feature. (boolean value)
 #enable_stack_adopt = false
 
-# Enables engine with convergence architecture. All stacks with this option will be created using convergence engine. (boolean value)
+# Enables engine with convergence architecture. All stacks with this option
+# will be created using convergence engine. (boolean value)
 #convergence_engine = true
 
-# On update, enables heat to collect existing resource properties from reality and converge to updated template. (boolean value)
+# On update, enables heat to collect existing resource properties from reality
+# and converge to updated template. (boolean value)
 #observe_on_update = false
 
-# Template default for how the server should receive the metadata required for software configuration. POLL_SERVER_CFN will allow calls to
-# the cfn API action DescribeStackResource authenticated with the provided keypair (requires enabled heat-api-cfn). POLL_SERVER_HEAT will
-# allow calls to the Heat API resource-show using the provided keystone credentials (requires keystone v3 API, and configured stack_user_*
-# config options). POLL_TEMP_URL will create and populate a Swift TempURL with metadata for polling (requires object-store endpoint which
-# supports TempURL).ZAQAR_MESSAGE will create a dedicated zaqar queue and post the metadata for polling. (string value)
+# Template default for how the server should receive the metadata required for
+# software configuration. POLL_SERVER_CFN will allow calls to the cfn API
+# action DescribeStackResource authenticated with the provided keypair
+# (requires enabled heat-api-cfn). POLL_SERVER_HEAT will allow calls to the
+# Heat API resource-show using the provided keystone credentials (requires
+# keystone v3 API, and configured stack_user_* config options). POLL_TEMP_URL
+# will create and populate a Swift TempURL with metadata for polling (requires
+# object-store endpoint which supports TempURL).ZAQAR_MESSAGE will create a
+# dedicated zaqar queue and post the metadata for polling. (string value)
 # Possible values:
 # POLL_SERVER_CFN - <No description provided>
 # POLL_SERVER_HEAT - <No description provided>
@@ -105,10 +329,13 @@
 # ZAQAR_MESSAGE - <No description provided>
 #default_software_config_transport = POLL_SERVER_CFN
 
-# Template default for how the server should signal to heat with the deployment output values. CFN_SIGNAL will allow an HTTP POST to a CFN
-# keypair signed URL (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will create a Swift TempURL to be signaled via HTTP PUT (requires
-# object-store endpoint which supports TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using the provided keystone
-# credentials. ZAQAR_SIGNAL will create a dedicated zaqar queue to be signaled using the provided keystone credentials. (string value)
+# Template default for how the server should signal to heat with the deployment
+# output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL
+# (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will create a Swift TempURL
+# to be signaled via HTTP PUT (requires object-store endpoint which supports
+# TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using
+# the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar
+# queue to be signaled using the provided keystone credentials. (string value)
 # Possible values:
 # CFN_SIGNAL - <No description provided>
 # TEMP_URL_SIGNAL - <No description provided>
@@ -116,100 +343,118 @@
 # ZAQAR_SIGNAL - <No description provided>
 #default_deployment_signal_transport = CFN_SIGNAL
 
-# Template default for how the user_data should be formatted for the server. For HEAT_CFNTOOLS, the user_data is bundled as part of the
-# heat-cfntools cloud-init boot configuration data. For RAW the user_data is passed to Nova unmodified. For SOFTWARE_CONFIG user_data is
-# bundled as part of the software config data, and metadata is derived from any associated SoftwareDeployment resources. (string value)
+# Template default for how the user_data should be formatted for the server.
+# For HEAT_CFNTOOLS, the user_data is bundled as part of the heat-cfntools
+# cloud-init boot configuration data. For RAW the user_data is passed to Nova
+# unmodified. For SOFTWARE_CONFIG user_data is bundled as part of the software
+# config data, and metadata is derived from any associated SoftwareDeployment
+# resources. (string value)
 # Possible values:
 # HEAT_CFNTOOLS - <No description provided>
 # RAW - <No description provided>
 # SOFTWARE_CONFIG - <No description provided>
 #default_user_data_format = HEAT_CFNTOOLS
 
-# Stacks containing these tag names will be hidden. Multiple tags should be given in a comma-delimited list (eg.
-# hidden_stack_tags=hide_me,me_too). (list value)
+# Stacks containing these tag names will be hidden. Multiple tags should be
+# given in a comma-delimited list (eg. hidden_stack_tags=hide_me,me_too). (list
+# value)
 #hidden_stack_tags = data-processing-cluster
 
 # Deprecated. (string value)
 #onready = <None>
 
-# When this feature is enabled, scheduler hints identifying the heat stack context of a server or volume resource are passed to the
-# configured schedulers in nova and cinder, for creates done using heat resource types OS::Cinder::Volume, OS::Nova::Server, and
-# AWS::EC2::Instance. heat_root_stack_id will be set to the id of the root stack of the resource, heat_stack_id will be set to the id of the
-# resource's parent stack, heat_stack_name will be set to the name of the resource's parent stack, heat_path_in_stack will be set to a list
-# of comma delimited strings of stackresourcename and stackname with list[0] being 'rootstackname', heat_resource_name will be set to the
-# resource's name, and heat_resource_uuid will be set to the resource's orchestration id. (boolean value)
+# When this feature is enabled, scheduler hints identifying the heat stack
+# context of a server or volume resource are passed to the configured
+# schedulers in nova and cinder, for creates done using heat resource types
+# OS::Cinder::Volume, OS::Nova::Server, and AWS::EC2::Instance.
+# heat_root_stack_id will be set to the id of the root stack of the resource,
+# heat_stack_id will be set to the id of the resource's parent stack,
+# heat_stack_name will be set to the name of the resource's parent stack,
+# heat_path_in_stack will be set to a list of comma delimited strings of
+# stackresourcename and stackname with list[0] being 'rootstackname',
+# heat_resource_name will be set to the resource's name, and heat_resource_uuid
+# will be set to the resource's orchestration id. (boolean value)
 #stack_scheduler_hints = false
 
-# Encrypt template parameters that were marked as hidden and also all the resource properties before storing them in database. (boolean
-# value)
+# Encrypt template parameters that were marked as hidden and also all the
+# resource properties before storing them in database. (boolean value)
 #encrypt_parameters_and_properties = false
 
 # Seconds between running periodic tasks. (integer value)
 #periodic_interval = 60
 
-# URL of the Heat metadata server. NOTE: Setting this is only needed if you require instances to use a different endpoint than in the
-# keystone catalog (string value)
+# URL of the Heat metadata server. NOTE: Setting this is only needed if you
+# require instances to use a different endpoint than in the keystone catalog
+# (string value)
 #heat_metadata_server_url = <None>
+heat_metadata_server_url = http://10.167.4.13:8000
 
 # URL of the Heat waitcondition server. (string value)
 #heat_waitcondition_server_url = <None>
+heat_waitcondition_server_url = http://10.167.4.13:8000/v1/waitcondition
 
 # DEPRECATED: URL of the Heat CloudWatch server. (string value)
 # This option is deprecated for removal since 10.0.0.
 # Its value may be silently ignored in the future.
 # Reason: Heat CloudWatch Service has been removed.
-#heat_watch_server_url =
+#heat_watch_server_url = http://10.167.4.13:8003
 
 # Instance connection to CFN/CW API via https. (string value)
-#instance_connection_is_secure = 0
-
-# Instance connection to CFN/CW API validate certs if SSL is used. (string value)
+instance_connection_is_secure = 0
+
+# Instance connection to CFN/CW API validate certs if SSL is used. (string
+# value)
 #instance_connection_https_validate_certificates = 1
 
 # Default region name used to get services endpoints. (string value)
 #region_name_for_services = <None>
+region_name_for_services = RegionOne
 
 # Keystone role for heat template-defined users. (string value)
 #heat_stack_user_role = heat_stack_user
 
-# Keystone domain ID which contains heat template-defined users. If this option is set, stack_user_domain_name option will be ignored.
-# (string value)
+# Keystone domain ID which contains heat template-defined users. If this option
+# is set, stack_user_domain_name option will be ignored. (string value)
 # Deprecated group/name - [DEFAULT]/stack_user_domain
 #stack_user_domain_id = <None>
 
-# Keystone domain name which contains heat template-defined users. If `stack_user_domain_id` option is set, this option is ignored. (string
-# value)
+# Keystone domain name which contains heat template-defined users. If
+# `stack_user_domain_id` option is set, this option is ignored. (string value)
 stack_user_domain_name = heat
 
-# Keystone username, a user with roles sufficient to manage users and projects in the stack_user_domain. (string value)
+# Keystone username, a user with roles sufficient to manage users and projects
+# in the stack_user_domain. (string value)
+#stack_domain_admin = <None>
 stack_domain_admin = heat_domain_admin
 
 # Keystone password for stack_domain_admin user. (string value)
-stack_domain_admin_password = 
+#stack_domain_admin_password = <None>
+stack_domain_admin_password = opnfv_secret
 
 # Maximum raw byte size of any template. (integer value)
-#max_template_size = 524288
+max_template_size = 5440000
 
 # Maximum depth allowed when using nested stacks. (integer value)
 #max_nested_stack_depth = 5
 
-# Number of heat-engine processes to fork and run. Will default to either to 4 or number of CPUs on the host, whichever is greater. (integer
-# value)
+# Number of heat-engine processes to fork and run. Will default to either to 4
+# or number of CPUs on the host, whichever is greater. (integer value)
 #num_engine_workers = <None>
 
 #
 # From heat.common.crypt
 #
 
-# Key used to encrypt authentication info in the database. Length of this key must be 32 characters. (string value)
-#auth_encryption_key = notgood but just long enough i t
+# Key used to encrypt authentication info in the database. Length of this key
+# must be 32 characters. (string value)
 
 #
 # From heat.common.wsgi
 #
 
-# Maximum raw byte size of JSON request body. Should be larger than max_template_size. (integer value)
-#max_json_body_size = 1048576
+# Maximum raw byte size of JSON request body. Should be larger than
+# max_template_size. (integer value)
+max_json_body_size = 10880000
 
 #
 # From heat.engine.clients
@@ -241,778 +486,1645 @@
 
 # Custom template for the built-in loadbalancer nested stack. (string value)
 #loadbalancer_template = <None>
-
 #
 # From oslo.log
 #
 
-# If set to true, the logging level will be set to DEBUG instead of the default INFO level. (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 # Note: This option can be changed without restarting.
 #debug = false
 
-# The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging
-# configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging
-# configuration is set in the configuration file and other logging configuration options are ignored (for example,
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
 # logging_context_format_string). (string value)
 # Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
-
-# Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
 # (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
 # option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths. This option is ignored if log_config_append is set. (string value)
+log_file = /var/log/heat/heat.log
+
+# (Optional) The base directory used for relative log_file  paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified
-# path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if
-# log_config_append is set. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
 #watch_log_file = false
 
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
 # log_config_append is set. (boolean value)
 #use_syslog = false
 
-# Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal
-# native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
+# Enable journald for logging. If running in a systemd environment you
+# may wish to enable journal support. Doing so will use the journal
+# native protocol which includes structured metadata in addition to
+# log messages.This option is ignored if log_config_append is set.
 # (boolean value)
 #use_journal = false
 
-# Syslog facility to receive log lines. This option is ignored if log_config_append is set. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Use JSON formatting for logging. This option is ignored if log_config_append is set. (boolean value)
+# Use JSON formatting for logging. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_json = false
 
-# Log output to standard error. This option is ignored if log_config_append is set. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages when context is undefined. (string value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Additional data to append to log message when logging level for the message is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
-# Prefix each line of exception output with this format. (string value)
+# Prefix each line of exception output with this format. (string
+# value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# Defines the format string for %(user_identity)s that is used in logging_context_format_string. (string value)
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
 #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
 
-# List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set. (list value)
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# The format for an instance that is passed with the log message. (string value)
+# The format for an instance that is passed with the log message.
+# (string value)
 #instance_format = "[instance: %(uuid)s] "
 
-# The format for an instance UUID that is passed with the log message. (string value)
+# The format for an instance UUID that is passed with the log message.
+# (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
 # Interval, number of seconds, of log rate limiting. (integer value)
 #rate_limit_interval = 0
 
-# Maximum number of logged messages per rate_limit_interval. (integer value)
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
 #rate_limit_burst = 0
 
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to
-# rate_limit_except_level are not filtered. An empty string means that all levels are filtered. (string value)
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
 #rate_limit_except_level = CRITICAL
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
-#
-# From oslo.messaging
-#
-
-# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size = 30
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. The "host" option should point or resolve to this address.
+[auth_password]
+
+#
+# From heat.common.config
+#
+
+# Allow orchestration of multiple clouds. (boolean value)
+#multi_cloud = false
+
+# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least
+# one endpoint needs to be specified. (list value)
+#allowed_auth_uris =
+
+
+[clients]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = publicURL
+endpoint_type = internalURL
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+
+[clients_aodh]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_barbican]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_ceilometer]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_cinder]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+# Allow client's debug log output. (boolean value)
+#http_log_debug = false
+
+
+[clients_designate]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_glance]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_heat]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+endpoint_type = publicURL
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# Optional heat url in format like http://0.0.0.0:8004/v1/%(tenant_id)s.
 # (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after closing a socket. The default value of -1 specifies an infinite
-# linger period. The value of 0 specifies no linger period. Pending messages shall be discarded immediately when the socket is closed.
-# Positive values specify an upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target. (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only with use_router_proxy=False which means to use direct
-# connections for direct message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons. This option is actual only in dynamic connections mode.
-# (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
+#url =
+
+
+[clients_keystone]
+
+#
+# From heat.common.config
+#
+# Unversioned keystone url in format like http://0.0.0.0:5000. (string value)
+#auth_uri =
+auth_uri=http://10.167.4.35:35357
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+[clients_magnum]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_manila]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_mistral]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_monasca]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_neutron]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_nova]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+# Allow client's debug log output. (boolean value)
+#http_log_debug = false
+
+
+[clients_octavia]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_sahara]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_senlin]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_swift]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_trove]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[clients_zaqar]
+
+#
+# From heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for communication with
+# the OpenStack service. (string value)
+#endpoint_type = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = <None>
+
+
+[ec2authtoken]
+
+#
+# From heat.api.aws.ec2token
+#
+
+# Authentication Endpoint URI. (string value)
+#auth_uri = <None>
+# NOTE(vsaienko) autodiscovery doesn't work here. Set version explicitly
+auth_uri = http://10.167.4.35:5000/v3
+
+# Allow orchestration of multiple clouds. (boolean value)
+#multi_cloud = false
+
+# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least
+# one endpoint needs to be specified. (list value)
+#allowed_auth_uris =
+
+# Optional PEM-formatted certificate chain file. (string value)
+#cert_file = <None>
+
+# Optional PEM-formatted file that contains the private key. (string value)
+#key_file = <None>
+
+# Optional CA cert file to use in SSL connections. (string value)
+#ca_file = <None>
+
+# If set, then the server's certificate will not be verified. (boolean value)
+#insecure = false
+
+
+[eventlet_opts]
+
+#
+# From heat.common.wsgi
+#
+
+# If False, closes the client socket connection explicitly. (boolean value)
+#wsgi_keep_alive = true
+
+# Timeout for client connections' socket operations. If an incoming connection
+# is idle for this number of seconds it will be closed. A value of '0' means
+# wait forever. (integer value)
+#client_socket_timeout = 900
+
+
+[heat_api]
+
+#
+# From heat.common.wsgi
+#
+
+# Address to bind the server. Useful when selecting a particular network
+# interface. (IP address value)
+#bind_host = 0.0.0.0
+bind_host = 10.167.4.37
+
+# The port on which the server will listen. (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
+#bind_port = 8004
+
+# Number of backlog requests to configure the socket with. (integer value)
+#backlog = 4096
+
+# Location of the SSL certificate file to use for SSL mode. (string value)
+#cert_file = <None>
+
+# Location of the SSL key file to use for enabling SSL mode. (string value)
+#key_file = <None>
+
+# Number of workers for Heat service. Default value 0 means, that service will
+# start number of workers equal number of cores on server. (integer value)
+# Minimum value: 0
+#workers = 0
+workers = 4
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated by the
+# Keystone v3 API with big service catalogs). (integer value)
+#max_header_line = 16384
+
+# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds
+# that the connection must be idle before TCP starts sending keepalive probes.
+# (integer value)
+#tcp_keepidle = 600
+
+
+[heat_api_cfn]
+
+#
+# From heat.common.wsgi
+#
+
+# Address to bind the server. Useful when selecting a particular network
+# interface. (IP address value)
+bind_host = 10.167.4.37
+
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#bind_port = 8000
+
+# Number of backlog requests to configure the socket with. (integer value)
+#backlog = 4096
+
+# Location of the SSL certificate file to use for SSL mode. (string value)
+#cert_file = <None>
+
+# Location of the SSL key file to use for enabling SSL mode. (string value)
+#key_file = <None>
+
+# Number of workers for Heat service. (integer value)
+# Minimum value: 0
+#workers = 1
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated by the
+# Keystone v3 API with big service catalogs). (integer value)
+#max_header_line = 16384
+
+# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds
+# that the connection must be idle before TCP starts sending keepalive probes.
+# (integer value)
+#tcp_keepidle = 600
+
+
+[heat_api_cloudwatch]
+
+#
+# From heat.common.wsgi
+#
+
+# DEPRECATED: Address to bind the server. Useful when selecting a particular
+# network interface. (IP address value)
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been removed.
+#bind_host = 10.167.4.37
+
+# DEPRECATED: The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been removed.
+#bind_port = 8003
+
+# DEPRECATED: Number of backlog requests to configure the socket with. (integer
+# value)
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been removed.
+#backlog = 4096
+
+# DEPRECATED: Location of the SSL certificate file to use for SSL mode. (string
+# value)
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been Removed.
+#cert_file = <None>
+
+# DEPRECATED: Location of the SSL key file to use for enabling SSL mode.
+# (string value)
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been Removed.
+#key_file = <None>
+
+# DEPRECATED: Number of workers for Heat service. (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been Removed.
+#workers = 1
+
+# DEPRECATED: Maximum line size of message headers to be accepted.
+# max_header_line may need to be increased when using large tokens (typically
+# those generated by the Keystone v3 API with big service catalogs.) (integer
+# value)
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been Removed.
+#max_header_line = 16384
+
+# DEPRECATED: The value for the socket option TCP_KEEPIDLE.  This is the time
+# in seconds that the connection must be idle before TCP starts sending
+# keepalive probes. (integer value)
+# This option is deprecated for removal since 10.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Heat CloudWatch API has been Removed.
+#tcp_keepidle = 600
+
+
+[noauth]
+
+#
+# From heat.common.config
+#
+
+# JSON file containing the content returned by the noauth middleware. (string
+# value)
+#token_response =
+
+
+[paste_deploy]
+
+#
+# From heat.common.config
+#
+
+# The flavor to use. (string value)
+#flavor = <None>
+
+# The API paste config file to use. (string value)
+#api_paste_config = api-paste.ini
+
+
+[profiler]
+
+#
+# From heat.common.config
+#
+
+#
+# Enables the profiling for all services on this node. Default value is False
+# (fully disable the profiling feature).
+#
+# Possible values:
+#
+# * True: Enables the feature
+# * False: Disables the feature. The profiling cannot be started via this
+# project
+# operations. If the profiling is triggered by another project, this project
+# part
+# will be empty.
+#  (boolean value)
+# Deprecated group/name - [profiler]/profiler_enabled
+#enabled = false
+
+#
+# Enables SQL requests profiling in services. Default value is False (SQL
+# requests won't be traced).
+#
+# Possible values:
+#
+# * True: Enables SQL requests profiling. Each SQL query will be part of the
+# trace and can the be analyzed by how much time was spent for that.
+# * False: Disables SQL requests profiling. The spent time is only shown on a
+# higher level of operations. Single SQL queries cannot be analyzed this
+# way.
+#  (boolean value)
+#trace_sqlalchemy = false
+
+#
+# Secret key(s) to use for encrypting context data for performance profiling.
+# This string value should have the following format:
+# <key1>[,<key2>,...<keyn>],
+# where each key is some random string. A user who triggers the profiling via
+# the REST API has to set one of these keys in the headers of the REST API call
+# to include profiling results of this node for this particular project.
+#
+# Both "enabled" flag and "hmac_keys" config options should be set to enable
+# profiling. Also, to generate correct profiling information across all
+# services
+# at least one key needs to be consistent between OpenStack projects. This
+# ensures it can be used from client side to generate the trace, containing
+# information from all possible resources. (string value)
+#hmac_keys = SECRET_KEY
+
+#
+# Connection string for a notifier backend. Default value is messaging:// which
+# sets the notifier to oslo_messaging.
+#
+# Examples of possible values:
+#
+# * messaging://: use oslo_messaging driver for sending notifications.
+# * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications.
+# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending
+# notifications.
+#  (string value)
+#connection_string = messaging://
+
+#
+# Document type for notification indexing in elasticsearch.
+#  (string value)
+#es_doc_type = notification
+
+#
+# This parameter is a time value parameter (for example: es_scroll_time=2m),
+# indicating for how long the nodes that participate in the search will
+# maintain
+# relevant resources in order to continue and support it.
+#  (string value)
+#es_scroll_time = 2m
+
+#
+# Elasticsearch splits large requests in batches. This parameter defines
+# maximum size of each batch (for example: es_scroll_size=10000).
+#  (integer value)
+#es_scroll_size = 10000
+
+#
+# Redissentinel provides a timeout option on the connections.
+# This parameter defines that timeout (for example: socket_timeout=0.1).
+#  (floating point value)
+#socket_timeout = 0.1
+
+#
+# Redissentinel uses a service name to identify a master redis service.
+# This parameter defines the name (for example:
+# sentinal_service_name=mymaster).
+#  (string value)
+#sentinel_service_name = mymaster
+
+#
+# Enable filter traces that contain error/exception to a separated place.
+# Default value is set to False.
+#
+# Possible values:
+#
+# * True: Enable filter traces that contain error/exception.
+# * False: Disable the filter.
+#  (boolean value)
+#filter_error_trace = false
+
+
+[revision]
+
+#
+# From heat.common.config
+#
+
+# Heat build revision. If you would prefer to manage your build revision
+# separately, you can move this section to a different file and add it as
+# another config option. (string value)
+#heat_revision = unknown
+
+
+[trustee]
+
+#
+# From heat.common.context
+#
+
+# Authentication type to load (string value)
+# Deprecated group/name - [trustee]/auth_plugin
+auth_type = password
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+# Deprecated group/name - [trustee]/tenant_id
+#project_id = <None>
+
+# Project name to scope to (string value)
+# Deprecated group/name - [trustee]/tenant_name
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# User id (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [trustee]/user_name
+#username = <None>
+username = heat
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+user_domain_name = default
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+
+[volumes]
+
+#
+# From heat.common.config
+#
+
+# Indicate if cinder-backup service is enabled. This is a temporary workaround
+# until cinder-backup service becomes discoverable, see LP#1334856. (boolean
+# value)
+#backups_enabled = true
+
+[keystone_authtoken]
+#
+# From keystonemiddleware.auth_token
+#
+
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
+# Deprecated group/name - [keystone_authtoken]/auth_uri
+#www_authenticate_uri = <None>
+www_authenticate_uri = http://10.167.4.35:5000
+
+# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
+# be an "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. This option
+# is deprecated in favor of www_authenticate_uri and will be removed in the S
+# release. (string value)
+# This option is deprecated for removal since Queens.
+# Its value may be silently ignored in the future.
+# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
+# and will be removed in the S  release.
+#auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision = false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout = <None>
+
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
+#http_request_max_retries = 3
+
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
+#cache = <None>
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#signing_dir = <None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
+#memcached_servers = <None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry = 300
+
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
+#enforce_token_bind = permissive
+
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#check_revocations_for_cached = false
+
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#hash_algorithms = md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
+#service_token_roles = service
+
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
+#service_token_roles_required = false
+
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = heat
+
+[oslo_messaging_notifications]
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+driver=messagingv2
+
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+# The maximum number of attempts to re-send a notification message
+# which failed to be delivered due to a recoverable error. 0 - No
+# retry, -1 - indefinite (integer value)
+#retry = -1
+[oslo_messaging_rabbit]
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete = false
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+
+# How long to wait before reconnecting in response to an AMQP consumer
+# cancel notification. (floating point value)
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may not be available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client before abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Possible values:
+# round-robin - <No description provided>
+# shuffle - <No description provided>
+#kombu_failover_strategy = round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host = localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port = 5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid = guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Possible values:
+# PLAIN - <No description provided>
+# AMQPLAIN - <No description provided>
+# RABBIT-CR-DEMO - <No description provided>
+#rabbit_login_method = AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ.
+# (integer value)
+#rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default
+# is 0 (infinite retry count). (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
 # Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError. (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing outgoing/incoming messages (string value)
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+
+# NOTE(dmescheryakov) hardcoding to >0 by default
+# Having no prefetch limit makes oslo.messaging consume all available
+# messages from the queue. That can lead to a situation when several
+# server processes hog all the messages leaving others out of business.
+# That leads to artificial high message processing latency and at the
+# extrime to MessagingTimeout errors.
+rabbit_qos_prefetch_count = 64
+
+# Number of seconds after which the Rabbit broker is considered down
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 3
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Connection factory implementation (string value)
+# Possible values:
+# new - <No description provided>
+# single - <No description provided>
+# read_write - <No description provided>
+#connection_factory = single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
 # Possible values:
 # json - <No description provided>
 # msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping a queue when server side disconnects. False means to keep
-# queue and messages even if server is disconnected, when the server appears we send all accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any other negative value) means to skip any overrides and leave
-# it to OS default; 0 and 1 (or any other positive value) mean to disable and enable the option respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit is platform dependent, for example, seconds in Linux,
-# milliseconds in Windows etc. The default value of -1 (or any other negative value and 0) means to skip any overrides and leave it to OS
-# default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote end is not available. The default value of -1 (or any other
-# negative value and 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if acknowledgement to the previous keepalive transmission is not received.
-# The unit is platform dependent, for example, seconds in Linux, milliseconds in Windows etc. The default value of -1 (or any other negative
-# value and 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry attempt this timeout is multiplied by some specified multiplier.
-# (integer value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred: positive value N means at most N retries, 0 means no retries,
-# None or -1 (or any other negative values) mean to retry forever. This option is used only if acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher priority then the default publishers list taken from the
-# matchmaker. (list value)
-#subscribe_on =
-
-# Size of executor thread pool when executor is threading or eventlet. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
-#executor_thread_pool_size = 64
-
-# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout = 60
-
-# The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:
-#
-# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
-#
-# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
-#
-# For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at
-# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html (string value)
-#transport_url = <None>
-
-# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers include amqp and zmq. (string value)
+#default_serializer_type = json
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more than one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+[cors]
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. Format:
+# "<protocol>://<host>[:<port>]", no trailing slash. Example:
+# https://horizon.example.com (list value)
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+
+# Maximum cache age of CORS preflight requests. (integer value)
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+
+
+[oslo_middleware]
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the
+# original request protocol scheme was, even if it was hidden by a SSL
+# termination proxy. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rpc_backend = rabbit
-
-# The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option. (string
-# value)
-#control_exchange = openstack
-
-#
-# From oslo.service.periodic_task
-#
-
-# Some periodic tasks can be run in a separate process. Should we run them here? (boolean value)
-#run_external_periodic_tasks = true
-
-#
-# From oslo.service.service
-#
-
-# Enable eventlet backdoor.  Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number;
-# <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in
-# listening on the smallest unused port number within the specified range of port numbers.  The chosen port is displayed in the service's
-# log file. (string value)
-#backdoor_port = <None>
-
-# Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with
-# 'backdoor_port' in that only one should be provided. If both are provided then the existence of this option overrides the usage of that
-# option. (string value)
-#backdoor_socket = <None>
-
-# Enables or disables logging values of all registered options when starting a service (at DEBUG level). (boolean value)
-#log_options = true
-
-# Specify a timeout after which a gracefully shutdown server will exit. Zero value means endless wait. (integer value)
-#graceful_shutdown_timeout = 60
-
-
-[auth_password]
-
-#
-# From heat.common.config
-#
-
-# Allow orchestration of multiple clouds. (boolean value)
-#multi_cloud = false
-
-# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least one endpoint needs to be specified. (list value)
-#allowed_auth_uris =
-
-
-[clients]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = publicURL
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = false
-
-
-[clients_aodh]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_barbican]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_cinder]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-# Allow client's debug log output. (boolean value)
-#http_log_debug = false
-
-
-[clients_designate]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_glance]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_heat]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-# Optional heat url in format like http://0.0.0.0:8004/v1/%(tenant_id)s. (string value)
-#url =
-
-
-[clients_keystone]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-# Unversioned keystone url in format like http://0.0.0.0:5000. (string value)
-#auth_uri =
-
-
-[clients_magnum]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_manila]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_mistral]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_monasca]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_neutron]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_nova]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-# Allow client's debug log output. (boolean value)
-#http_log_debug = false
-
-
-[clients_octavia]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_sahara]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_senlin]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_swift]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_trove]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[clients_zaqar]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-
-
-[cors]
-
-#
-# From oslo.middleware
-#
-
-# Indicate whether this resource may be shared with the domain received in the requests "origin" header. Format:
-# "<protocol>://<host>[:<port>]", no trailing slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers. (list value)
-#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual request. (list value)
-#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
-
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+# Whether the application is behind a proxy or not. This determines if
+# the middleware should parse the headers or not. (boolean value)
+enable_proxy_headers_parsing = True
 
 [database]
-
 #
 # From oslo.db
 #
@@ -1024,23 +2136,29 @@
 # Deprecated group/name - [DEFAULT]/db_backend
 #backend = sqlalchemy
 
-# The SQLAlchemy connection string to use to connect to the database. (string value)
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
-connection=sqlite:////var/lib/heat/heatdb
-
-# The SQLAlchemy connection string to use to connect to the slave database. (string value)
+#connection = <None>
+connection = mysql+pymysql://heat:opnfv_secret@10.167.4.23/heat?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
 #slave_connection = <None>
 
-# The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value. Example: mysql_sql_mode= (string value)
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
 #mysql_sql_mode = TRADITIONAL
 
-# If True, transparently enables support for handling MySQL Cluster (NDB). (boolean value)
+# If True, transparently enables support for handling MySQL Cluster
+# (NDB). (boolean value)
 #mysql_enable_ndb = false
 
-# Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next
+# Connections which have been present in the connection pool longer
+# than this number of seconds will be replaced with a new one the next
 # time they are checked out from the pool. (integer value)
 # Deprecated group/name - [DATABASE]/idle_timeout
 # Deprecated group/name - [database]/idle_timeout
@@ -1048,36 +2166,45 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #connection_recycle_time = 3600
-
-# DEPRECATED: Minimum number of SQL connections to keep open in a pool. (integer value)
+# (obryndzii) we change default connection_recycle_time to 280 in order to fix numerous
+# DBConnection errors in services until we implement this setting in reclass-system
+connection_recycle_time = 300
+
+# Minimum number of SQL connections to keep open in a pool. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: The option to set the minimum pool size is not supported by sqlalchemy.
 #min_pool_size = 1
 
-# Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit. (integer value)
+# Maximum number of SQL connections to keep open in a pool. Setting a
+# value of 0 indicates no limit. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
 #max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count. (integer value)
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
 
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer value)
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
 # Minimum value: 0
 # Maximum value: 100
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
@@ -1087,1272 +2214,64 @@
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
 #connection_trace = false
 
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
 
-# Enable the experimental use of database reconnect on connection lost. (boolean value)
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
 #use_db_reconnect = false
 
 # Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
 
-# If True, increases the interval between retries of a database operation up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
 #db_inc_retry_interval = true
 
-# If db_inc_retry_interval is set, the maximum seconds between retries of a database operation. (integer value)
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
 #db_max_retry_interval = 10
 
-# Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
 # (integer value)
 #db_max_retries = 20
 
-# Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1&param2=value2&... (string value)
-#connection_parameters =
-
-
-[ec2authtoken]
-
-#
-# From heat.api.aws.ec2token
-#
-
-# Authentication Endpoint URI. (string value)
-#auth_uri = <None>
-
-# Allow orchestration of multiple clouds. (boolean value)
-#multi_cloud = false
-
-# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least one endpoint needs to be specified. (list value)
-#allowed_auth_uris =
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
+[oslo_policy]
+
+[ssl]
+#
+# From oslo.service.sslutils
+#
+
+# CA certificate file to use to verify connecting clients. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
 #ca_file = <None>
 
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = false
-
-
-[eventlet_opts]
-
-#
-# From heat.common.wsgi
-#
-
-# If False, closes the client socket connection explicitly. (boolean value)
-#wsgi_keep_alive = true
-
-# Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value
-# of '0' means wait forever. (integer value)
-#client_socket_timeout = 900
-
-
-[healthcheck]
-
-#
-# From oslo.middleware
-#
-
-# DEPRECATED: The path to respond to healtcheck requests on. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#path = /healthcheck
-
-# Show more detailed information as part of the response (boolean value)
-#detailed = false
-
-# Additional backends that can perform health checks and report that information back as part of a request. (list value)
-#backends =
-
-# Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin. (string value)
-#disable_by_file_path = <None>
-
-# Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings.
-# Used by DisableByFilesPortsHealthcheck plugin. (list value)
-#disable_by_file_paths =
-
-
-[heat_api]
-
-#
-# From heat.common.wsgi
-#
-
-# Address to bind the server. Useful when selecting a particular network interface. (IP address value)
-#bind_host = 0.0.0.0
-
-# The port on which the server will listen. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#bind_port = 8004
-
-# Number of backlog requests to configure the socket with. (integer value)
-#backlog = 4096
-
-# Location of the SSL certificate file to use for SSL mode. (string value)
-#cert_file = <None>
-
-# Location of the SSL key file to use for enabling SSL mode. (string value)
-#key_file = <None>
-
-# Number of workers for Heat service. Default value 0 means, that service will start number of workers equal number of cores on server.
-# (integer value)
-# Minimum value: 0
-#workers = 0
-
-# Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those
-# generated by the Keystone v3 API with big service catalogs). (integer value)
-#max_header_line = 16384
-
-# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds that the connection must be idle before TCP starts sending
-# keepalive probes. (integer value)
-#tcp_keepidle = 600
-
-
-[heat_api_cfn]
-
-#
-# From heat.common.wsgi
-#
-
-# Address to bind the server. Useful when selecting a particular network interface. (IP address value)
-#bind_host = 0.0.0.0
-
-# The port on which the server will listen. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#bind_port = 8000
-
-# Number of backlog requests to configure the socket with. (integer value)
-#backlog = 4096
-
-# Location of the SSL certificate file to use for SSL mode. (string value)
-#cert_file = <None>
-
-# Location of the SSL key file to use for enabling SSL mode. (string value)
-#key_file = <None>
-
-# Number of workers for Heat service. (integer value)
-# Minimum value: 0
-#workers = 1
-
-# Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those
-# generated by the Keystone v3 API with big service catalogs). (integer value)
-#max_header_line = 16384
-
-# The value for the socket option TCP_KEEPIDLE.  This is the time in seconds that the connection must be idle before TCP starts sending
-# keepalive probes. (integer value)
-#tcp_keepidle = 600
-
-
-[heat_api_cloudwatch]
-
-#
-# From heat.common.wsgi
-#
-
-# DEPRECATED: Address to bind the server. Useful when selecting a particular network interface. (IP address value)
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been removed.
-#bind_host = 0.0.0.0
-
-# DEPRECATED: The port on which the server will listen. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been removed.
-#bind_port = 8003
-
-# DEPRECATED: Number of backlog requests to configure the socket with. (integer value)
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been removed.
-#backlog = 4096
-
-# DEPRECATED: Location of the SSL certificate file to use for SSL mode. (string value)
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been Removed.
-#cert_file = <None>
-
-# DEPRECATED: Location of the SSL key file to use for enabling SSL mode. (string value)
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been Removed.
-#key_file = <None>
-
-# DEPRECATED: Number of workers for Heat service. (integer value)
-# Minimum value: 0
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been Removed.
-#workers = 1
-
-# DEPRECATED: Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens
-# (typically those generated by the Keystone v3 API with big service catalogs.) (integer value)
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been Removed.
-#max_header_line = 16384
-
-# DEPRECATED: The value for the socket option TCP_KEEPIDLE.  This is the time in seconds that the connection must be idle before TCP starts
-# sending keepalive probes. (integer value)
-# This option is deprecated for removal since 10.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Heat CloudWatch API has been Removed.
-#tcp_keepidle = 600
-
-
-[keystone_authtoken]
-#
-# Re-added by openstack-pkg-tools
-#
-
-
-# Complete "admin" Identity API endpoint.
-auth_url = http://localhost:35357
-
-# Project name for auth.
-project_name = service
-
-# Project's domain name for auth.
-project_domain_name = default
-
-# Username for auth.
-username = heat
-
-# User's domain name for auth
-user_domain_name = default
-
-# Password for auth
-#password =
-
-#
-# From keystonemiddleware.auth_token
-#
-
-# Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users.
-# Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client
-# support in the wild varies. If you're using a versioned v2 endpoint here, then this should *not* be the same endpoint the service user
-# utilizes for validating tokens, because normal end users may not be able to reach that endpoint. (string value)
-# Deprecated group/name - [keystone_authtoken]/auth_uri
-www_authenticate_uri = http://localhost:5000
-
-# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all
-# end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned,
-# client support in the wild varies. If you're using a versioned v2 endpoint here, then this should *not* be the same endpoint the service
-# user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor
-# of www_authenticate_uri and will be removed in the S release. (string value)
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S  release.
-#auth_uri = <None>
-
-# API version of the admin Identity API endpoint. (string value)
-#auth_version = <None>
-
-# Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
-# (boolean value)
-#delay_auth_decision = false
-
-# Request timeout value for communicating with Identity API server. (integer value)
-#http_connect_timeout = <None>
-
-# How many times are we trying to reconnect when communicating with Identity API Server. (integer value)
-#http_request_max_retries = 3
-
-# Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option
-# to have the middleware share a caching backend with swift. Otherwise, use the ``memcached_servers`` option instead. (string value)
-#cache = <None>
-
-# Required if identity server requires client certificate (string value)
-#certfile = <None>
-
-# Required if identity server requires client certificate (string value)
-#keyfile = <None>
-
-# A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. (string value)
-#cafile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# The region in which the identity server can be found. (string value)
-region_name = regionOne
-
-# DEPRECATED: Directory used to cache files related to PKI tokens. This option has been deprecated in the Ocata release and will be removed
-# in the P release. (string value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#signing_dir = <None>
-
-# Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. (list
-# value)
-# Deprecated group/name - [keystone_authtoken]/memcache_servers
-#memcached_servers = <None>
-
-# In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in
-# seconds). Set to -1 to disable caching completely. (integer value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high
-# number of revocation events combined with a low cache duration may significantly reduce performance. Only valid for PKI tokens. This
-# option has been deprecated in the Ocata release and will be removed in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is
-# authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of
-# these options or empty, auth_token will raise an exception on initialization. (string value)
-# Possible values:
-# None - <No description provided>
-# MAC - <No description provided>
-# ENCRYPT - <No description provided>
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. (string value)
-#memcache_secret_key = <None>
-
-# (Optional) Number of seconds memcached server is considered dead before it is tried again. (integer value)
-#memcache_pool_dead_retry = 300
-
-# (Optional) Maximum total number of open connections to every memcached server. (integer value)
-#memcache_pool_maxsize = 10
-
-# (Optional) Socket timeout in seconds for communicating with a memcached server. (integer value)
-#memcache_pool_socket_timeout = 3
-
-# (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. (integer value)
-#memcache_pool_unused_timeout = 60
-
-# (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. (integer value)
-#memcache_pool_conn_get_timeout = 10
-
-# (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. (boolean value)
-#memcache_use_advanced_pool = false
-
-# (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation
-# and will not set the X-Service-Catalog header. (boolean value)
-#include_service_catalog = true
-
-# Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to
-# validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the
-# bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a
-# binding method that must be present in tokens. (string value)
-#enforce_token_bind = permissive
-
-# DEPRECATED: If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity
-# server. (boolean value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#check_revocations_for_cached = false
-
-# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported
-# by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result
-# of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure
-# algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-# (list value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#hash_algorithms = md5
-
-# A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so
-# this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any
-# role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check. (list value)
-#service_token_roles = service
-
-# For backwards compatibility reasons we must let valid service tokens pass that don't pass the service_token_roles check as valid. Setting
-# this true will become the default in a future release and should be enabled if possible. (boolean value)
-#service_token_roles_required = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [keystone_authtoken]/auth_plugin
-auth_type = password
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
-[noauth]
-
-#
-# From heat.common.config
-#
-
-# JSON file containing the content returned by the noauth middleware. (string value)
-#token_response =
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system's CA-bundle to verify the server's
-# certificate. (boolean value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional) (string value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the hostname in the transport_url. In some configurations it may
-# be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to
-# provide a certificate per virtual host. Set ssl_verify_vhost to True if the server's SSL certificate uses the virtual host name instead of
-# the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the
-# virtual host name will be added to all message bus addresses, effectively creating a private 'subnet' per virtual host. Set to False if
-# the message bus supports virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative as the name of the virtual host.
-# (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to
-# a single destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered
-# in a round-robin fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating point value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
-# Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC. (string
-# value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
-
-# The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1
-# - indefinite (integer value)
-#retry = -1
-
-
-[oslo_messaging_rabbit]
-
-#
-# From oslo.messaging
-#
-
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_durable_queues
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-#amqp_auto_delete = false
-
-# Connect over SSL. (boolean value)
-# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
-#ssl = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on
-# some distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
-
-# How long to wait before reconnecting in response to an AMQP consumer cancel notification. (floating point value)
-#kombu_reconnect_delay = 1.0
-
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future
-# versions. (string value)
-#kombu_compression = <None>
-
-# How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.
-# (integer value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
-#kombu_missing_consumer_retry_timeout = 60
-
-# Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if
-# more than one RabbitMQ node is provided in config. (string value)
-# Possible values:
-# round-robin - <No description provided>
-# shuffle - <No description provided>
-#kombu_failover_strategy = round-robin
-
-# DEPRECATED: The RabbitMQ broker address where a single node is used. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_host = localhost
-
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_port = 5672
-
-# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_hosts = $rabbit_host:$rabbit_port
-
-# DEPRECATED: The RabbitMQ userid. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_userid = guest
-
-# DEPRECATED: The RabbitMQ password. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_password = guest
-
-# The RabbitMQ login method. (string value)
-# Possible values:
-# PLAIN - <No description provided>
-# AMQPLAIN - <No description provided>
-# RABBIT-CR-DEMO - <No description provided>
-#rabbit_login_method = AMQPLAIN
-
-# DEPRECATED: The RabbitMQ virtual host. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_virtual_host = /
-
-# How frequently to retry connecting with RabbitMQ. (integer value)
-#rabbit_retry_interval = 1
-
-# How long to backoff for between retries when connecting to RabbitMQ. (integer value)
-#rabbit_retry_backoff = 2
-
-# Maximum interval of RabbitMQ connection retries. Default is 30 seconds. (integer value)
-#rabbit_interval_max = 30
-
-# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry count). (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#rabbit_max_retries = 0
-
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
-# queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues
-# (except those with auto-generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode":
-# "all"}' " (boolean value)
-#rabbit_ha_queues = false
-
-# Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are
-# automatically deleted. The parameter affects only reply and fanout queues. (integer value)
-# Minimum value: 1
-#rabbit_transient_queues_ttl = 1800
-
-# Specifies the number of messages to prefetch. Setting to zero allows unlimited messages. (integer value)
-#rabbit_qos_prefetch_count = 0
-
-# Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
-# (integer value)
-#heartbeat_timeout_threshold = 60
-
-# How often times during the heartbeat_timeout_threshold we check the heartbeat. (integer value)
-#heartbeat_rate = 2
-
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. The "host" option should point or resolve to this address.
-# (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after closing a socket. The default value of -1 specifies an infinite
-# linger period. The value of 0 specifies no linger period. Pending messages shall be discarded immediately when the socket is closed.
-# Positive values specify an upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target. (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only with use_router_proxy=False which means to use direct
-# connections for direct message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons. This option is actual only in dynamic connections mode.
-# (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError. (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping a queue when server side disconnects. False means to keep
-# queue and messages even if server is disconnected, when the server appears we send all accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any other negative value) means to skip any overrides and leave
-# it to OS default; 0 and 1 (or any other positive value) mean to disable and enable the option respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit is platform dependent, for example, seconds in Linux,
-# milliseconds in Windows etc. The default value of -1 (or any other negative value and 0) means to skip any overrides and leave it to OS
-# default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote end is not available. The default value of -1 (or any other
-# negative value and 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if acknowledgement to the previous keepalive transmission is not received.
-# The unit is platform dependent, for example, seconds in Linux, milliseconds in Windows etc. The default value of -1 (or any other negative
-# value and 0) means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry attempt this timeout is multiplied by some specified multiplier.
-# (integer value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred: positive value N means at most N retries, 0 means no retries,
-# None or -1 (or any other negative values) mean to retry forever. This option is used only if acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher priority then the default publishers list taken from the
-# matchmaker. (list value)
-#subscribe_on =
-
-
-[oslo_middleware]
-
-#
-# From oslo.middleware
-#
-
-# The maximum body size for each  request, in bytes. (integer value)
-# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
-# Deprecated group/name - [DEFAULT]/max_request_body_size
-#max_request_body_size = 114688
-
-# DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL
-# termination proxy. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#secure_proxy_ssl_header = X-Forwarded-Proto
-
-# Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not. (boolean value)
-#enable_proxy_headers_parsing = false
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating policies. If ``True``, the scope of the token used in the request is
-# compared to the ``scope_types`` of the policy being enforced. If the scopes do not match, an ``InvalidScope`` exception will be raised. If
-# ``False``, a message will be logged informing operators that policies are being invoked with mismatching scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched.  Missing or empty
-# directories are ignored. (multi valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check (string value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
-
-
-[paste_deploy]
-
-#
-# From heat.common.config
-#
-
-# The flavor to use. (string value)
-#flavor = <None>
-
-# The API paste config file to use. (string value)
-#api_paste_config = api-paste.ini
-
-
-[profiler]
-
-#
-# From heat.common.config
-#
-
-#
-# Enable the profiling for all services on this node.
-#
-# Default value is False (fully disable the profiling feature).
-#
-# Possible values:
-#
-# * True: Enables the feature
-# * False: Disables the feature. The profiling cannot be started via this project
-#   operations. If the profiling is triggered by another project, this project
-#   part will be empty.
-#  (boolean value)
-# Deprecated group/name - [profiler]/profiler_enabled
-#enabled = false
-
-#
-# Enable SQL requests profiling in services.
-#
-# Default value is False (SQL requests won't be traced).
-#
-# Possible values:
-#
-# * True: Enables SQL requests profiling. Each SQL query will be part of the
-#   trace and can the be analyzed by how much time was spent for that.
-# * False: Disables SQL requests profiling. The spent time is only shown on a
-#   higher level of operations. Single SQL queries cannot be analyzed this way.
-#  (boolean value)
-#trace_sqlalchemy = false
-
-#
-# Secret key(s) to use for encrypting context data for performance profiling.
-#
-# This string value should have the following format: <key1>[,<key2>,...<keyn>],
-# where each key is some random string. A user who triggers the profiling via
-# the REST API has to set one of these keys in the headers of the REST API call
-# to include profiling results of this node for this particular project.
-#
-# Both "enabled" flag and "hmac_keys" config options should be set to enable
-# profiling. Also, to generate correct profiling information across all services
-# at least one key needs to be consistent between OpenStack projects. This
-# ensures it can be used from client side to generate the trace, containing
-# information from all possible resources.
-#  (string value)
-#hmac_keys = SECRET_KEY
-
-#
-# Connection string for a notifier backend.
-#
-# Default value is ``messaging://`` which sets the notifier to oslo_messaging.
-#
-# Examples of possible values:
-#
-# * ``messaging://`` - use oslo_messaging driver for sending spans.
-# * ``redis://127.0.0.1:6379`` - use redis driver for sending spans.
-# * ``mongodb://127.0.0.1:27017`` - use mongodb driver for sending spans.
-# * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch driver for sending
-#   spans.
-# * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver for sending spans.
-#  (string value)
-#connection_string = messaging://
-
-#
-# Document type for notification indexing in elasticsearch.
-#  (string value)
-#es_doc_type = notification
-
-#
-# This parameter is a time value parameter (for example: es_scroll_time=2m),
-# indicating for how long the nodes that participate in the search will maintain
-# relevant resources in order to continue and support it.
-#  (string value)
-#es_scroll_time = 2m
-
-#
-# Elasticsearch splits large requests in batches. This parameter defines
-# maximum size of each batch (for example: es_scroll_size=10000).
-#  (integer value)
-#es_scroll_size = 10000
-
-#
-# Redissentinel provides a timeout option on the connections.
-# This parameter defines that timeout (for example: socket_timeout=0.1).
-#  (floating point value)
-#socket_timeout = 0.1
-
-#
-# Redissentinel uses a service name to identify a master redis service.
-# This parameter defines the name (for example:
-# ``sentinal_service_name=mymaster``).
-#  (string value)
-#sentinel_service_name = mymaster
-
-#
-# Enable filter traces that contain error/exception to a separated place.
-#
-# Default value is set to False.
-#
-# Possible values:
-#
-# * True: Enable filter traces that contain error/exception.
-# * False: Disable the filter.
-#  (boolean value)
-#filter_error_trace = false
-
-
-[revision]
-
-#
-# From heat.common.config
-#
-
-# Heat build revision. If you would prefer to manage your build revision separately, you can move this section to a different file and add
-# it as another config option. (string value)
-#heat_revision = unknown
-
-
-[trustee]
-
-#
-# From heat.common.context
-#
-
-# Authentication type to load (string value)
-# Deprecated group/name - [trustee]/auth_plugin
-auth_type = password
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-# Authentication URL (string value)
-#auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-# Deprecated group/name - [trustee]/tenant_id
-#project_id = <None>
-
-# Project name to scope to (string value)
-# Deprecated group/name - [trustee]/tenant_name
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
-
-# Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2
-# authentication. (string value)
-#default_domain_id = <None>
-
-# Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2
-# authentication. (string value)
-#default_domain_name = <None>
-
-# User id (string value)
-#user_id = <None>
-
-# Username (string value)
-# Deprecated group/name - [trustee]/user_name
-#username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-user_domain_name = default
-
-# User's password (string value)
-#password = <None>
-
-
-[volumes]
-
-#
-# From heat.common.config
-#
-
-# Indicate if cinder-backup service is enabled. This is a temporary workaround until cinder-backup service becomes discoverable, see
-# LP#1334856. (boolean value)
-#backups_enabled = true
+# Certificate file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#cert_file = <None>
+
+# Private key file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#key_file = <None>
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+#version = <None>
+
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
+#ciphers = <None>

2019-04-30 22:22:44,505 [salt.state       :1951][INFO    ][21299] Completed state [/etc/heat/heat.conf] at time 22:22:44.505647 duration_in_ms=240.434
2019-04-30 22:22:44,506 [salt.state       :1780][INFO    ][21299] Running state [heat-manage db_sync] at time 22:22:44.506415
2019-04-30 22:22:44,506 [salt.state       :1813][INFO    ][21299] Executing state cmd.run for [heat-manage db_sync]
2019-04-30 22:22:44,507 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command '/bin/false' in directory '/root'
2019-04-30 22:22:44,516 [salt.state       :300 ][INFO    ][21299] onlyif execution failed
2019-04-30 22:22:44,516 [salt.state       :1951][INFO    ][21299] Completed state [heat-manage db_sync] at time 22:22:44.516773 duration_in_ms=10.358
2019-04-30 22:22:44,517 [salt.state       :1780][INFO    ][21299] Running state [/etc/heat/api-paste.ini] at time 22:22:44.517338
2019-04-30 22:22:44,517 [salt.state       :1813][INFO    ][21299] Executing state file.managed for [/etc/heat/api-paste.ini]
2019-04-30 22:22:44,533 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/files/rocky/api-paste.ini'
2019-04-30 22:22:44,541 [salt.state       :300 ][INFO    ][21299] File changed:
--- 
+++ 
@@ -1,7 +1,7 @@
 
 # heat-api pipeline
 [pipeline:heat-api]
-pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authtoken context osprofiler apiv1app
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app
 
 # heat-api pipeline for standalone heat
 # ie. uses alternative auth backend that authenticates users against keystone
@@ -20,23 +20,23 @@
 #   flavor = custombackend
 #
 [pipeline:heat-api-custombackend]
-pipeline = cors request_id context faultwrap versionnegotiation custombackendauth apiv1app
+pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
 
 # To enable, in heat.conf:
 #   [paste_deploy]
 #   flavor = noauth
 #
 [pipeline:heat-api-noauth]
-pipeline = cors request_id faultwrap noauth context http_proxy_to_wsgi versionnegotiation apiv1app
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation noauth context apiv1app
 
 # heat-api-cfn pipeline
 [pipeline:heat-api-cfn]
-pipeline = cors request_id http_proxy_to_wsgi cfnversionnegotiation ec2authtoken authtoken context osprofiler apicfnv1app
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
 
 # heat-api-cfn pipeline for standalone heat
 # relies exclusively on authenticating with ec2 signed requests
 [pipeline:heat-api-cfn-standalone]
-pipeline = cors request_id http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
 
 [app:apiv1app]
 paste.app_factory = heat.common.wsgi:app_factory

2019-04-30 22:22:44,541 [salt.state       :1951][INFO    ][21299] Completed state [/etc/heat/api-paste.ini] at time 22:22:44.541367 duration_in_ms=24.028
2019-04-30 22:22:44,541 [salt.state       :1780][INFO    ][21299] Running state [/etc/default/heat-api] at time 22:22:44.541631
2019-04-30 22:22:44,541 [salt.state       :1813][INFO    ][21299] Executing state file.managed for [/etc/default/heat-api]
2019-04-30 22:22:44,555 [salt.fileclient  :1219][INFO    ][21299] Fetching file from saltenv 'base', ** done ** 'heat/files/default'
2019-04-30 22:22:44,560 [salt.state       :300 ][INFO    ][21299] File changed:
New file
2019-04-30 22:22:44,560 [salt.state       :1951][INFO    ][21299] Completed state [/etc/default/heat-api] at time 22:22:44.560920 duration_in_ms=19.288
2019-04-30 22:22:44,561 [salt.state       :1780][INFO    ][21299] Running state [/etc/default/heat-api-cfn] at time 22:22:44.561179
2019-04-30 22:22:44,561 [salt.state       :1813][INFO    ][21299] Executing state file.managed for [/etc/default/heat-api-cfn]
2019-04-30 22:22:44,573 [salt.state       :300 ][INFO    ][21299] File changed:
New file
2019-04-30 22:22:44,573 [salt.state       :1951][INFO    ][21299] Completed state [/etc/default/heat-api-cfn] at time 22:22:44.573505 duration_in_ms=12.326
2019-04-30 22:22:44,573 [salt.state       :1780][INFO    ][21299] Running state [/etc/default/heat-engine] at time 22:22:44.573761
2019-04-30 22:22:44,573 [salt.state       :1813][INFO    ][21299] Executing state file.managed for [/etc/default/heat-engine]
2019-04-30 22:22:44,587 [salt.state       :300 ][INFO    ][21299] File changed:
New file
2019-04-30 22:22:44,587 [salt.state       :1951][INFO    ][21299] Completed state [/etc/default/heat-engine] at time 22:22:44.587479 duration_in_ms=13.717
2019-04-30 22:22:44,587 [salt.state       :1780][INFO    ][21299] Running state [chown heat:heat /var/log/heat/ -R] at time 22:22:44.587827
2019-04-30 22:22:44,588 [salt.state       :1813][INFO    ][21299] Executing state cmd.run for [chown heat:heat /var/log/heat/ -R]
2019-04-30 22:22:44,588 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command 'chown heat:heat /var/log/heat/ -R' in directory '/root'
2019-04-30 22:22:44,597 [salt.state       :300 ][INFO    ][21299] {'pid': 23553, 'retcode': 0, 'stderr': '', 'stdout': ''}
2019-04-30 22:22:44,598 [salt.state       :1951][INFO    ][21299] Completed state [chown heat:heat /var/log/heat/ -R] at time 22:22:44.598291 duration_in_ms=10.464
2019-04-30 22:22:44,600 [salt.state       :1780][INFO    ][21299] Running state [heat-api] at time 22:22:44.600542
2019-04-30 22:22:44,600 [salt.state       :1813][INFO    ][21299] Executing state service.running for [heat-api]
2019-04-30 22:22:44,601 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'status', 'heat-api.service', '-n', '0'] in directory '/root'
2019-04-30 22:22:44,613 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-active', 'heat-api.service'] in directory '/root'
2019-04-30 22:22:44,625 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-enabled', 'heat-api.service'] in directory '/root'
2019-04-30 22:22:44,637 [salt.state       :300 ][INFO    ][21299] The service heat-api is already running
2019-04-30 22:22:44,638 [salt.state       :1951][INFO    ][21299] Completed state [heat-api] at time 22:22:44.638245 duration_in_ms=37.703
2019-04-30 22:22:44,638 [salt.state       :1780][INFO    ][21299] Running state [heat-api] at time 22:22:44.638560
2019-04-30 22:22:44,639 [salt.state       :1813][INFO    ][21299] Executing state service.mod_watch for [heat-api]
2019-04-30 22:22:44,639 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-active', 'heat-api.service'] in directory '/root'
2019-04-30 22:22:44,653 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'heat-api.service'] in directory '/root'
2019-04-30 22:22:44,680 [salt.state       :300 ][INFO    ][21299] {'heat-api': True}
2019-04-30 22:22:44,680 [salt.state       :1951][INFO    ][21299] Completed state [heat-api] at time 22:22:44.680792 duration_in_ms=42.231
2019-04-30 22:22:44,686 [salt.state       :1780][INFO    ][21299] Running state [heat-api-cfn] at time 22:22:44.686483
2019-04-30 22:22:44,687 [salt.state       :1813][INFO    ][21299] Executing state service.running for [heat-api-cfn]
2019-04-30 22:22:44,689 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'status', 'heat-api-cfn.service', '-n', '0'] in directory '/root'
2019-04-30 22:22:44,717 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-active', 'heat-api-cfn.service'] in directory '/root'
2019-04-30 22:22:44,747 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-enabled', 'heat-api-cfn.service'] in directory '/root'
2019-04-30 22:22:44,759 [salt.state       :300 ][INFO    ][21299] The service heat-api-cfn is already running
2019-04-30 22:22:44,760 [salt.state       :1951][INFO    ][21299] Completed state [heat-api-cfn] at time 22:22:44.760085 duration_in_ms=73.601
2019-04-30 22:22:44,760 [salt.state       :1780][INFO    ][21299] Running state [heat-api-cfn] at time 22:22:44.760304
2019-04-30 22:22:44,760 [salt.state       :1813][INFO    ][21299] Executing state service.mod_watch for [heat-api-cfn]
2019-04-30 22:22:44,761 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-active', 'heat-api-cfn.service'] in directory '/root'
2019-04-30 22:22:44,772 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'heat-api-cfn.service'] in directory '/root'
2019-04-30 22:22:44,799 [salt.state       :300 ][INFO    ][21299] {'heat-api-cfn': True}
2019-04-30 22:22:44,799 [salt.state       :1951][INFO    ][21299] Completed state [heat-api-cfn] at time 22:22:44.799672 duration_in_ms=39.368
2019-04-30 22:22:44,800 [salt.state       :1780][INFO    ][21299] Running state [heat-engine] at time 22:22:44.800593
2019-04-30 22:22:44,800 [salt.state       :1813][INFO    ][21299] Executing state service.running for [heat-engine]
2019-04-30 22:22:44,801 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'status', 'heat-engine.service', '-n', '0'] in directory '/root'
2019-04-30 22:22:44,816 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-active', 'heat-engine.service'] in directory '/root'
2019-04-30 22:22:44,834 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-enabled', 'heat-engine.service'] in directory '/root'
2019-04-30 22:22:44,851 [salt.state       :300 ][INFO    ][21299] The service heat-engine is already running
2019-04-30 22:22:44,851 [salt.state       :1951][INFO    ][21299] Completed state [heat-engine] at time 22:22:44.851728 duration_in_ms=51.135
2019-04-30 22:22:44,851 [salt.state       :1780][INFO    ][21299] Running state [heat-engine] at time 22:22:44.851939
2019-04-30 22:22:44,852 [salt.state       :1813][INFO    ][21299] Executing state service.mod_watch for [heat-engine]
2019-04-30 22:22:44,852 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemctl', 'is-active', 'heat-engine.service'] in directory '/root'
2019-04-30 22:22:44,865 [salt.loaded.int.module.cmdmod:395 ][INFO    ][21299] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'heat-engine.service'] in directory '/root'
2019-04-30 22:22:44,885 [salt.state       :300 ][INFO    ][21299] {'heat-engine': True}
2019-04-30 22:22:44,885 [salt.state       :1951][INFO    ][21299] Completed state [heat-engine] at time 22:22:44.885806 duration_in_ms=33.865
2019-04-30 22:22:44,888 [salt.minion      :1711][INFO    ][21299] Returning information for job: 20190430222202271695
2019-04-30 22:23:45,778 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430222345767621
2019-04-30 22:23:45,789 [salt.minion      :1432][INFO    ][23736] Starting a new job with PID 23736
2019-04-30 22:23:49,629 [salt.state       :915 ][INFO    ][23736] Loading fresh modules for state activity
2019-04-30 22:23:49,667 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/init.sls'
2019-04-30 22:23:49,693 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/controller.sls'
2019-04-30 22:23:49,808 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/user.sls'
2019-04-30 22:23:50,203 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/db/offline_sync.sls'
2019-04-30 22:23:50,252 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/_ssl/controller_mysql.sls'
2019-04-30 22:23:50,305 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/_ssl/rabbitmq.sls'
2019-04-30 22:23:50,361 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/volume.sls'
2019-04-30 22:23:51,471 [salt.state       :1780][INFO    ][23736] Running state [apache2] at time 22:23:51.471868
2019-04-30 22:23:51,472 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [apache2]
2019-04-30 22:23:51,472 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:23:51,769 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:23:51,770 [salt.state       :1951][INFO    ][23736] Completed state [apache2] at time 22:23:51.769987 duration_in_ms=298.12
2019-04-30 22:23:51,770 [salt.state       :1780][INFO    ][23736] Running state [openssl] at time 22:23:51.770320
2019-04-30 22:23:51,770 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [openssl]
2019-04-30 22:23:51,775 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:23:51,775 [salt.state       :1951][INFO    ][23736] Completed state [openssl] at time 22:23:51.775510 duration_in_ms=5.19
2019-04-30 22:23:51,776 [salt.state       :1780][INFO    ][23736] Running state [a2enmod ssl] at time 22:23:51.776015
2019-04-30 22:23:51,776 [salt.state       :1813][INFO    ][23736] Executing state cmd.run for [a2enmod ssl]
2019-04-30 22:23:51,776 [salt.state       :300 ][INFO    ][23736] /etc/apache2/mods-enabled/ssl.load exists
2019-04-30 22:23:51,776 [salt.state       :1951][INFO    ][23736] Completed state [a2enmod ssl] at time 22:23:51.776597 duration_in_ms=0.582
2019-04-30 22:23:51,776 [salt.state       :1780][INFO    ][23736] Running state [a2enmod rewrite] at time 22:23:51.776925
2019-04-30 22:23:51,777 [salt.state       :1813][INFO    ][23736] Executing state cmd.run for [a2enmod rewrite]
2019-04-30 22:23:51,777 [salt.state       :300 ][INFO    ][23736] /etc/apache2/mods-enabled/rewrite.load exists
2019-04-30 22:23:51,777 [salt.state       :1951][INFO    ][23736] Completed state [a2enmod rewrite] at time 22:23:51.777452 duration_in_ms=0.528
2019-04-30 22:23:51,777 [salt.state       :1780][INFO    ][23736] Running state [libapache2-mod-wsgi] at time 22:23:51.777770
2019-04-30 22:23:51,777 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [libapache2-mod-wsgi]
2019-04-30 22:23:51,782 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:23:51,782 [salt.state       :1951][INFO    ][23736] Completed state [libapache2-mod-wsgi] at time 22:23:51.782764 duration_in_ms=4.993
2019-04-30 22:23:51,783 [salt.state       :1780][INFO    ][23736] Running state [a2enmod wsgi] at time 22:23:51.783081
2019-04-30 22:23:51,783 [salt.state       :1813][INFO    ][23736] Executing state cmd.run for [a2enmod wsgi]
2019-04-30 22:23:51,783 [salt.state       :300 ][INFO    ][23736] /etc/apache2/mods-enabled/wsgi.load exists
2019-04-30 22:23:51,783 [salt.state       :1951][INFO    ][23736] Completed state [a2enmod wsgi] at time 22:23:51.783607 duration_in_ms=0.527
2019-04-30 22:23:51,783 [salt.state       :1780][INFO    ][23736] Running state [a2enmod status -q] at time 22:23:51.783918
2019-04-30 22:23:51,784 [salt.state       :1813][INFO    ][23736] Executing state cmd.run for [a2enmod status -q]
2019-04-30 22:23:51,784 [salt.state       :300 ][INFO    ][23736] /etc/apache2/mods-enabled/status.load exists
2019-04-30 22:23:51,784 [salt.state       :1951][INFO    ][23736] Completed state [a2enmod status -q] at time 22:23:51.784449 duration_in_ms=0.531
2019-04-30 22:23:51,787 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:23:51.787564
2019-04-30 22:23:51,787 [salt.state       :1813][INFO    ][23736] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.load]
2019-04-30 22:23:51,788 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2019-04-30 22:23:51,788 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:23:51.788133 duration_in_ms=0.57
2019-04-30 22:23:51,788 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:23:51.788281
2019-04-30 22:23:51,788 [salt.state       :1813][INFO    ][23736] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.conf]
2019-04-30 22:23:51,788 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2019-04-30 22:23:51,788 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:23:51.788769 duration_in_ms=0.487
2019-04-30 22:23:51,788 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:23:51.788917
2019-04-30 22:23:51,789 [salt.state       :1813][INFO    ][23736] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.load]
2019-04-30 22:23:51,789 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2019-04-30 22:23:51,789 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:23:51.789389 duration_in_ms=0.472
2019-04-30 22:23:51,789 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:23:51.789533
2019-04-30 22:23:51,789 [salt.state       :1813][INFO    ][23736] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.conf]
2019-04-30 22:23:51,789 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2019-04-30 22:23:51,790 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:23:51.789999 duration_in_ms=0.466
2019-04-30 22:23:51,791 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 22:23:51.791505
2019-04-30 22:23:51,791 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/mods-available/mpm_event.conf]
2019-04-30 22:23:51,837 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/mods-available/mpm_event.conf is in the correct state
2019-04-30 22:23:51,837 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 22:23:51.837780 duration_in_ms=46.276
2019-04-30 22:23:51,838 [salt.state       :1780][INFO    ][23736] Running state [a2enmod mpm_event] at time 22:23:51.838365
2019-04-30 22:23:51,838 [salt.state       :1813][INFO    ][23736] Executing state cmd.run for [a2enmod mpm_event]
2019-04-30 22:23:51,838 [salt.state       :300 ][INFO    ][23736] /etc/apache2/mods-enabled/mpm_event.load exists
2019-04-30 22:23:51,838 [salt.state       :1951][INFO    ][23736] Completed state [a2enmod mpm_event] at time 22:23:51.838896 duration_in_ms=0.531
2019-04-30 22:23:51,839 [salt.state       :1780][INFO    ][23736] Running state [apache_server_service_task] at time 22:23:51.839411
2019-04-30 22:23:51,839 [salt.state       :1813][INFO    ][23736] Executing state test.show_notification for [apache_server_service_task]
2019-04-30 22:23:51,839 [salt.state       :300 ][INFO    ][23736] Running apache.server.service
2019-04-30 22:23:51,839 [salt.state       :1951][INFO    ][23736] Completed state [apache_server_service_task] at time 22:23:51.839879 duration_in_ms=0.468
2019-04-30 22:23:51,840 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/ports.conf] at time 22:23:51.840193
2019-04-30 22:23:51,840 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/ports.conf]
2019-04-30 22:23:51,880 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/ports.conf is in the correct state
2019-04-30 22:23:51,880 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/ports.conf] at time 22:23:51.880900 duration_in_ms=40.707
2019-04-30 22:23:51,881 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/conf-available/security.conf] at time 22:23:51.881296
2019-04-30 22:23:51,881 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/conf-available/security.conf]
2019-04-30 22:23:51,921 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/conf-available/security.conf is in the correct state
2019-04-30 22:23:51,921 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/conf-available/security.conf] at time 22:23:51.921608 duration_in_ms=40.312
2019-04-30 22:23:51,928 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 22:23:51.928360
2019-04-30 22:23:51,928 [salt.state       :1813][INFO    ][23736] Executing state file.absent for [/etc/apache2/sites-enabled/000-default.conf]
2019-04-30 22:23:51,928 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/sites-enabled/000-default.conf is not present
2019-04-30 22:23:51,928 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 22:23:51.928891 duration_in_ms=0.531
2019-04-30 22:23:51,929 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:23:51.929215
2019-04-30 22:23:51,929 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:23:52,065 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/sites-available/wsgi_barbican_admin.conf is in the correct state
2019-04-30 22:23:52,065 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:23:52.065414 duration_in_ms=136.198
2019-04-30 22:23:52,065 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:23:52.065765
2019-04-30 22:23:52,065 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:23:52,201 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/sites-available/wsgi_barbican.conf is in the correct state
2019-04-30 22:23:52,201 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:23:52.201529 duration_in_ms=135.764
2019-04-30 22:23:52,201 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:23:52.201869
2019-04-30 22:23:52,202 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/sites-available/keystone_wsgi.conf]
2019-04-30 22:23:52,386 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/sites-available/keystone_wsgi.conf is in the correct state
2019-04-30 22:23:52,386 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:23:52.386910 duration_in_ms=185.041
2019-04-30 22:23:52,387 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:23:52.387249
2019-04-30 22:23:52,387 [salt.state       :1813][INFO    ][23736] Executing state file.symlink for [/etc/apache2/sites-enabled/keystone_wsgi.conf]
2019-04-30 22:23:52,388 [salt.state       :300 ][INFO    ][23736] Symlink /etc/apache2/sites-enabled/keystone_wsgi.conf is present and owned by root:root
2019-04-30 22:23:52,388 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:23:52.388748 duration_in_ms=1.5
2019-04-30 22:23:52,390 [salt.state       :1780][INFO    ][23736] Running state [apache2] at time 22:23:52.390872
2019-04-30 22:23:52,391 [salt.state       :1813][INFO    ][23736] Executing state service.running for [apache2]
2019-04-30 22:23:52,391 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:23:52,415 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:23:52,427 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:23:52,441 [salt.state       :300 ][INFO    ][23736] The service apache2 is already running
2019-04-30 22:23:52,441 [salt.state       :1951][INFO    ][23736] Completed state [apache2] at time 22:23:52.441283 duration_in_ms=50.411
2019-04-30 22:23:52,442 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/conf-enabled/security.conf] at time 22:23:52.442193
2019-04-30 22:23:52,442 [salt.state       :1813][INFO    ][23736] Executing state file.symlink for [/etc/apache2/conf-enabled/security.conf]
2019-04-30 22:23:52,443 [salt.state       :300 ][INFO    ][23736] Symlink /etc/apache2/conf-enabled/security.conf is present and owned by root:root
2019-04-30 22:23:52,444 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/conf-enabled/security.conf] at time 22:23:52.444065 duration_in_ms=1.872
2019-04-30 22:23:52,444 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:23:52.444262
2019-04-30 22:23:52,444 [salt.state       :1813][INFO    ][23736] Executing state file.absent for [/etc/apache2/sites-enabled/keystone_wsgi]
2019-04-30 22:23:52,444 [salt.state       :300 ][INFO    ][23736] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2019-04-30 22:23:52,444 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:23:52.444932 duration_in_ms=0.67
2019-04-30 22:23:52,448 [salt.state       :1780][INFO    ][23736] Running state [cinder] at time 22:23:52.448524
2019-04-30 22:23:52,448 [salt.state       :1813][INFO    ][23736] Executing state group.present for [cinder]
2019-04-30 22:23:52,449 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['groupadd', '-g 304', '-r', 'cinder'] in directory '/root'
2019-04-30 22:23:52,570 [salt.state       :300 ][INFO    ][23736] {'passwd': 'x', 'gid': 304, 'name': 'cinder', 'members': []}
2019-04-30 22:23:52,570 [salt.state       :1951][INFO    ][23736] Completed state [cinder] at time 22:23:52.570820 duration_in_ms=122.296
2019-04-30 22:23:52,571 [salt.state       :1780][INFO    ][23736] Running state [cinder] at time 22:23:52.571431
2019-04-30 22:23:52,571 [salt.state       :1813][INFO    ][23736] Executing state user.present for [cinder]
2019-04-30 22:23:52,572 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['useradd', '-s', '/bin/false', '-u', '304', '-g', '304', '-m', '-d', '/var/lib/cinder', '-r', 'cinder'] in directory '/root'
2019-04-30 22:23:52,682 [salt.state       :300 ][INFO    ][23736] {'shell': '/bin/false', 'workphone': '', 'uid': 304, 'passwd': 'x', 'roomnumber': '', 'groups': ['cinder'], 'home': '/var/lib/cinder', 'name': 'cinder', 'gid': 304, 'fullname': '', 'homephone': ''}
2019-04-30 22:23:52,683 [salt.state       :1951][INFO    ][23736] Completed state [cinder] at time 22:23:52.682971 duration_in_ms=111.54
2019-04-30 22:23:52,683 [salt.state       :1780][INFO    ][23736] Running state [cinder-scheduler] at time 22:23:52.683736
2019-04-30 22:23:52,684 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [cinder-scheduler]
2019-04-30 22:23:52,707 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['apt-cache', '-q', 'policy', 'cinder-scheduler'] in directory '/root'
2019-04-30 22:23:52,756 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:23:54,309 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:23:54,331 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cinder-scheduler'] in directory '/root'
2019-04-30 22:24:00,817 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430222400804615
2019-04-30 22:24:00,831 [salt.minion      :1432][INFO    ][24668] Starting a new job with PID 24668
2019-04-30 22:24:00,846 [salt.minion      :1711][INFO    ][24668] Returning information for job: 20190430222400804615
2019-04-30 22:24:02,070 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:24:02,104 [salt.state       :300 ][INFO    ][23736] Made the following changes:
'python-cinder' changed from 'absent' to '2:13.0.4-0ubuntu3~u16.04+mcp65'
'cinder-common' changed from 'absent' to '2:13.0.4-0ubuntu3~u16.04+mcp65'
'cinder-scheduler' changed from 'absent' to '2:13.0.4-0ubuntu3~u16.04+mcp65'

2019-04-30 22:24:02,126 [salt.state       :915 ][INFO    ][23736] Loading fresh modules for state activity
2019-04-30 22:24:02,166 [salt.state       :1951][INFO    ][23736] Completed state [cinder-scheduler] at time 22:24:02.165986 duration_in_ms=9482.249
2019-04-30 22:24:02,170 [salt.state       :1780][INFO    ][23736] Running state [lvm2] at time 22:24:02.170050
2019-04-30 22:24:02,170 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [lvm2]
2019-04-30 22:24:02,635 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:24:02,636 [salt.state       :1951][INFO    ][23736] Completed state [lvm2] at time 22:24:02.635962 duration_in_ms=465.912
2019-04-30 22:24:02,636 [salt.state       :1780][INFO    ][23736] Running state [python-cinder] at time 22:24:02.636551
2019-04-30 22:24:02,636 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [python-cinder]
2019-04-30 22:24:02,642 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:24:02,642 [salt.state       :1951][INFO    ][23736] Completed state [python-cinder] at time 22:24:02.642477 duration_in_ms=5.926
2019-04-30 22:24:02,642 [salt.state       :1780][INFO    ][23736] Running state [gettext-base] at time 22:24:02.642880
2019-04-30 22:24:02,643 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [gettext-base]
2019-04-30 22:24:02,648 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:24:02,648 [salt.state       :1951][INFO    ][23736] Completed state [gettext-base] at time 22:24:02.648308 duration_in_ms=5.428
2019-04-30 22:24:02,648 [salt.state       :1780][INFO    ][23736] Running state [python-memcache] at time 22:24:02.648639
2019-04-30 22:24:02,648 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [python-memcache]
2019-04-30 22:24:02,653 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:24:02,653 [salt.state       :1951][INFO    ][23736] Completed state [python-memcache] at time 22:24:02.653719 duration_in_ms=5.08
2019-04-30 22:24:02,654 [salt.state       :1780][INFO    ][23736] Running state [python-pycadf] at time 22:24:02.654046
2019-04-30 22:24:02,654 [salt.state       :1813][INFO    ][23736] Executing state pkg.installed for [python-pycadf]
2019-04-30 22:24:02,659 [salt.state       :300 ][INFO    ][23736] All specified packages are already installed
2019-04-30 22:24:02,659 [salt.state       :1951][INFO    ][23736] Completed state [python-pycadf] at time 22:24:02.659174 duration_in_ms=5.129
2019-04-30 22:24:02,661 [salt.state       :1780][INFO    ][23736] Running state [cinder_controller_ssl_mysql] at time 22:24:02.661874
2019-04-30 22:24:02,662 [salt.state       :1813][INFO    ][23736] Executing state test.show_notification for [cinder_controller_ssl_mysql]
2019-04-30 22:24:02,662 [salt.state       :300 ][INFO    ][23736] Running cinder._ssl.controller_mysql
2019-04-30 22:24:02,662 [salt.state       :1951][INFO    ][23736] Completed state [cinder_controller_ssl_mysql] at time 22:24:02.662463 duration_in_ms=0.589
2019-04-30 22:24:02,662 [salt.state       :1780][INFO    ][23736] Running state [cinder_controller_ssl_rabbitmq] at time 22:24:02.662798
2019-04-30 22:24:02,662 [salt.state       :1813][INFO    ][23736] Executing state test.show_notification for [cinder_controller_ssl_rabbitmq]
2019-04-30 22:24:02,663 [salt.state       :300 ][INFO    ][23736] Running cinder._ssl.rabbitmq
2019-04-30 22:24:02,663 [salt.state       :1951][INFO    ][23736] Completed state [cinder_controller_ssl_rabbitmq] at time 22:24:02.663310 duration_in_ms=0.511
2019-04-30 22:24:02,663 [salt.state       :1780][INFO    ][23736] Running state [/etc/cinder/cinder.conf] at time 22:24:02.663813
2019-04-30 22:24:02,664 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/cinder/cinder.conf]
2019-04-30 22:24:02,686 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/files/rocky/cinder.conf.controller.Debian'
2019-04-30 22:24:02,812 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/files/backend/_lvm.conf'
2019-04-30 22:24:03,001 [salt.state       :300 ][INFO    ][23736] File changed:
--- 
+++ 
@@ -1,15 +1,4401 @@
+
 [DEFAULT]
+
+#
+# From cinder
+#
+
 rootwrap_config = /etc/cinder/rootwrap.conf
 api_paste_confg = /etc/cinder/api-paste.ini
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size = 30
+
+# The pool size limit for connections expiration policy (integer
+# value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer
+# value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet
+# interface, or IP. The "host" option should point or resolve to this
+# address. (string value)
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic.
+# Default is unlimited. (integer value)
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address.
+# Must match "host" option, if running Nova. (string value)
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent
+# after closing a socket. The default value of -1 specifies an
+# infinite linger period. The value of 0 specifies no linger period.
+# Pending messages shall be discarded immediately when the socket is
+# closed. Positive values specify an upper bound for the linger
+# period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
+
+
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing
+# target. (integer value)
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes
+# sense only with use_router_proxy=False which means to use direct
+# connections for direct message types (ignored otherwise). (boolean
+# value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover
+# reasons. This option is actual only in dynamic connections mode.
+# (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means
+# not keeping a queue when server side disconnects. False means to
+# keep queue and messages even if server is disconnected, when the
+# server appears we send all accumulated messages to it. (boolean
+# value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1
+# (or any other negative value) means to skip any overrides and leave
+# it to OS default; 0 and 1 (or any other positive value) mean to
+# disable and enable the option respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition.
+# The unit is platform dependent, for example, seconds in Linux,
+# milliseconds in Windows etc. The default value of -1 (or any other
+# negative value and 0) means to skip any overrides and leave it to OS
+# default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring
+# that remote end is not available. The default value of -1 (or any
+# other negative value and 0) means to skip any overrides and leave it
+# to OS default. (integer value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not
+# received. The unit is platform dependent, for example, seconds in
+# Linux, milliseconds in Windows etc. The default value of -1 (or any
+# other negative value and 0) means to skip any overrides and leave it
+# to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer
+# value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which
+# it is not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism
+# works only via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each
+# retry attempt this timeout is multiplied by some specified
+# multiplier. (integer value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt.
+# (integer value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems
+# occurred: positive value N means at most N retries, 0 means no
+# retries, None or -1 (or any other negative values) mean to retry
+# forever. This option is used only if acknowledgments are enabled.
+# (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option
+# has higher priority then the default publishers list taken from the
+# matchmaker. (list value)
+#subscribe_on =
+
+# Size of executor thread pool when executor is threading or eventlet.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+rpc_response_timeout = 3600
+
+# The network address and optional user credentials for connecting to
+# the messaging backend, in URL format. The expected format is:
+#
+# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
+#
+# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
+#
+# For full details on the fields in the URL see the documentation of
+# oslo_messaging.TransportURL at
+# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
+# (string value)
+#transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other
+# drivers include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend = rabbit
+
+# The default exchange under which topics are scoped. May be
+# overridden by an exchange name specified in the transport_url
+# option. (string value)
+#control_exchange = openstack
+control_exchange = cinder
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file  paths.
+# This option is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
+#use_syslog = false
+
+# Enable journald for logging. If running in a systemd environment you
+# may wish to enable journal support. Doing so will use the journal
+# native protocol which includes structured metadata in addition to
+# log messages.This option is ignored if log_config_append is set.
+# (boolean value)
+#use_journal = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Use JSON formatting for logging. This option is ignored if
+# log_config_append is set. (boolean value)
+#use_json = false
+
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined.
+# (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string
+# value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message.
+# (string value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message.
+# (string value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+# The maximum number of items that a collection resource returns in a single
+# response (integer value)
+#osapi_max_limit = 1000
+
+# Json file indicating user visible filter parameters for list queries. (string
+# value)
+# Deprecated group/name - [DEFAULT]/query_volume_filters
+#resource_query_filters_file = /etc/cinder/resource_filters.json
+
+# DEPRECATED: Volume filter options which non-admin user could use to query
+# volumes. Default values are: ['name', 'status', 'metadata',
+# 'availability_zone' ,'bootable', 'group_id'] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#query_volume_filters = name,status,metadata,availability_zone,bootable,group_id
+
+# DEPRECATED: Allow the ability to modify the extra-spec settings of an in-use
+# volume-type. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#allow_inuse_volume_type_modification = false
+
+# Treat X-Forwarded-For as the canonical remote address. Only enable this if
+# you have a sanitizing proxy. (boolean value)
+#use_forwarded_for = false
+
+# Public url to use for versions endpoint. The default is None, which will use
+# the request's host_url attribute to populate the URL base. If Cinder is
+# operating behind a proxy, you will want to change this to represent the
+# proxy's URL. (string value)
+#public_endpoint = <None>
+
+# Backup services use same backend. (boolean value)
+#backup_use_same_host = false
+
+# Compression algorithm (None to disable) (string value)
+# Possible values:
+# none - <No description provided>
+# off - <No description provided>
+# no - <No description provided>
+# zlib - <No description provided>
+# gzip - <No description provided>
+# bz2 - <No description provided>
+# bzip2 - <No description provided>
+#backup_compression_algorithm = zlib
+
+# Backup metadata version to be used when backing up volume metadata. If this
+# number is bumped, make sure the service doing the restore supports the new
+# version. (integer value)
+#backup_metadata_version = 2
+
+# The number of chunks or objects, for which one Ceilometer notification will
+# be sent (integer value)
+#backup_object_number_per_notification = 10
+
+# Interval, in seconds, between two progress notifications reporting the backup
+# status (integer value)
+#backup_timer_interval = 120
+
+# Ceph configuration file to use. (string value)
+#backup_ceph_conf = /etc/ceph/ceph.conf
+
+
+# The Ceph user to connect with. Default here is to use the same user as for
+# Cinder volumes. If not using cephx this should be set to None. (string value)
+#backup_ceph_user = cinder
+
+# The chunk size, in bytes, that a backup is broken into before transfer to the
+# Ceph object store. (integer value)
+#backup_ceph_chunk_size = 134217728
+
+# The Ceph pool where volume backups are stored. (string value)
+#backup_ceph_pool = backups
+
+# RBD stripe unit to use when creating a backup image. (integer value)
+#backup_ceph_stripe_unit = 0
+
+# RBD stripe count to use when creating a backup image. (integer value)
+#backup_ceph_stripe_count = 0
+
+# If True, apply JOURNALING and EXCLUSIVE_LOCK feature bits to the backup RBD
+# objects to allow mirroring (boolean value)
+#backup_ceph_image_journals = false
+
+# If True, always discard excess bytes when restoring volumes i.e. pad with
+# zeroes. (boolean value)
+#restore_discard_excess_bytes = true
+
+# The GCS bucket to use. (string value)
+#backup_gcs_bucket = <None>
+
+# The size in bytes of GCS backup objects. (integer value)
+#backup_gcs_object_size = 52428800
+
+# The size in bytes that changes are tracked for incremental backups.
+# backup_gcs_object_size has to be multiple of backup_gcs_block_size. (integer
+# value)
+#backup_gcs_block_size = 32768
+
+# GCS object will be downloaded in chunks of bytes. (integer value)
+#backup_gcs_reader_chunk_size = 2097152
+
+# GCS object will be uploaded in chunks of bytes. Pass in a value of -1 if the
+# file is to be uploaded as a single chunk. (integer value)
+#backup_gcs_writer_chunk_size = 2097152
+
+# Number of times to retry. (integer value)
+#backup_gcs_num_retries = 3
+
+# List of GCS error codes. (list value)
+#backup_gcs_retry_error_codes = 429
+
+# Location of GCS bucket. (string value)
+#backup_gcs_bucket_location = US
+
+# Storage class of GCS bucket. (string value)
+#backup_gcs_storage_class = NEARLINE
+
+# Absolute path of GCS service account credential file. (string value)
+#backup_gcs_credential_file = <None>
+
+# Owner project id for GCS bucket. (string value)
+#backup_gcs_project_id = <None>
+
+# Http user-agent string for gcs api. (string value)
+#backup_gcs_user_agent = gcscinder
+
+# Enable or Disable the timer to send the periodic progress notifications to
+# Ceilometer when backing up the volume to the GCS backend storage. The default
+# value is True to enable the timer. (boolean value)
+#backup_gcs_enable_progress_timer = true
+
+# URL for http proxy access. (uri value)
+#backup_gcs_proxy_url = <None>
+
+# Base dir containing mount point for gluster share. (string value)
+#glusterfs_backup_mount_point = $state_path/backup_mount
+
+# GlusterFS share in <hostname|ipv4addr|ipv6addr>:<gluster_vol_name> format.
+# Eg: 1.2.3.4:backup_vol (string value)
+#glusterfs_backup_share = <None>
+
+# Base dir containing mount point for NFS share. (string value)
+#backup_mount_point_base = $state_path/backup_mount
+
+# NFS share in hostname:path, ipv4addr:path, or "[ipv6addr]:path" format.
+# (string value)
+#backup_share = <None>
+
+# Mount options passed to the NFS client. See NFS man page for details. (string
+# value)
+#backup_mount_options = <None>
+
+# The maximum size in bytes of the files used to hold backups. If the volume
+# being backed up exceeds this size, then it will be backed up into multiple
+# files.backup_file_size must be a multiple of backup_sha_block_size_bytes.
+# (integer value)
+#backup_file_size = 1999994880
+
+# The size in bytes that changes are tracked for incremental backups.
+# backup_file_size has to be multiple of backup_sha_block_size_bytes. (integer
+# value)
+#backup_sha_block_size_bytes = 32768
+
+# Enable or Disable the timer to send the periodic progress notifications to
+# Ceilometer when backing up the volume to the backend storage. The default
+# value is True to enable the timer. (boolean value)
+#backup_enable_progress_timer = true
+
+# Path specifying where to store backups. (string value)
+#backup_posix_path = $state_path/backup
+
+# Custom directory to use for backups. (string value)
+#backup_container = <None>
+
+# The URL of the Swift endpoint (uri value)
+#backup_swift_url = <None>
+
+# The URL of the Keystone endpoint (uri value)
+#backup_swift_auth_url = <None>
+
+# Info to match when looking for swift in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if backup_swift_url is unset (string value)
+#swift_catalog_info = object-store:swift:publicURL
+
+# Info to match when looking for keystone in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if backup_swift_auth_url is unset (string value)
+#keystone_catalog_info = identity:Identity Service:publicURL
+
+# Swift authentication mechanism (per_user or single_user). (string value)
+# Possible values:
+# per_user - <No description provided>
+# single_user - <No description provided>
+#backup_swift_auth = per_user
+
+# Swift authentication version. Specify "1" for auth 1.0, or "2" for auth 2.0
+# or "3" for auth 3.0 (string value)
+#backup_swift_auth_version = 1
+
+# Swift tenant/account name. Required when connecting to an auth 2.0 system
+# (string value)
+#backup_swift_tenant = <None>
+
+# Swift user domain name. Required when connecting to an auth 3.0 system
+# (string value)
+#backup_swift_user_domain = <None>
+
+# Swift project domain name. Required when connecting to an auth 3.0 system
+# (string value)
+#backup_swift_project_domain = <None>
+
+# Swift project/account name. Required when connecting to an auth 3.0 system
+# (string value)
+#backup_swift_project = <None>
+
+# Swift user name (string value)
+#backup_swift_user = <None>
+
+# Swift key for authentication (string value)
+#backup_swift_key = <None>
+
+# The default Swift container to use (string value)
+#backup_swift_container = volumebackups
+
+# The size in bytes of Swift backup objects (integer value)
+#backup_swift_object_size = 52428800
+
+# The size in bytes that changes are tracked for incremental backups.
+# backup_swift_object_size has to be multiple of backup_swift_block_size.
+# (integer value)
+#backup_swift_block_size = 32768
+
+# The number of retries to make for Swift operations (integer value)
+#backup_swift_retry_attempts = 3
+
+# The backoff time in seconds between Swift retries (integer value)
+#backup_swift_retry_backoff = 2
+
+# Enable or Disable the timer to send the periodic progress notifications to
+# Ceilometer when backing up the volume to the Swift backend storage. The
+# default value is True to enable the timer. (boolean value)
+#backup_swift_enable_progress_timer = true
+
+# Location of the CA certificate file to use for swift client requests. (string
+# value)
+#backup_swift_ca_cert_file = <None>
+
+# Bypass verification of server certificate when making SSL connection to
+# Swift. (boolean value)
+#backup_swift_auth_insecure = false
+
+# Volume prefix for the backup id when backing up to TSM (string value)
+#backup_tsm_volume_prefix = backup
+
+# TSM password for the running username (string value)
+#backup_tsm_password = password
+
+# Enable or Disable compression for backups (boolean value)
+#backup_tsm_compression = true
+
+# Driver to use for backups. (string value)
+#backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
+
+# Offload pending backup delete during backup service startup. If false, the
+# backup service will remain down until all pending backups are deleted.
+# (boolean value)
+#backup_service_inithost_offload = true
+
+# Size of the native threads pool for the backups.  Most backup drivers rely
+# heavily on this, it can be decreased for specific drivers that don't.
+# (integer value)
+# Minimum value: 20
+#backup_native_threads_pool_size = 60
+
+# Number of backup processes to launch. Improves performance with concurrent
+# backups. (integer value)
+# Minimum value: 1
+# Maximum value: 4
+#backup_workers = 1
+
+# Name of this cluster. Used to group volume hosts that share the same backend
+# configurations to work in HA Active-Active mode.  Active-Active is not yet
+# supported. (string value)
+#cluster = <None>
+
+# Top-level directory for maintaining cinder's state (string value)
+state_path = /var/lib/cinder
+
+# IP address of this host (host address value)
+#my_ip = <HOST_IP_ADDRESS>
+
+# A list of the URLs of glance API servers available to cinder
+# ([http[s]://][hostname|ip]:port). If protocol is not specified it defaults to
+# http. (list value)
+glance_api_servers = http://10.167.4.35:9292
+
+# Number retries when downloading an image from glance (integer value)
+# Minimum value: 0
+glance_num_retries = 0
+
+# Allow to perform insecure SSL (https) requests to glance (https will be used
+# but cert validation will not be performed). (boolean value)
+#glance_api_insecure = false
+
+# Enables or disables negotiation of SSL layer compression. In some cases
+# disabling compression can improve data throughput, such as when high network
+# bandwidth is available and you use compressed image formats like qcow2.
+# (boolean value)
+#glance_api_ssl_compression = false
+
+# Location of ca certificates file to use for glance client requests. (string
+# value)
+
+# http/https timeout value for glance operations. If no value (None) is
+# supplied here, the glanceclient default value is used. (integer value)
+#glance_request_timeout = <None>
+
+# DEPRECATED: Deploy v2 of the Cinder API. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#enable_v2_api = true
+
+# Deploy v3 of the Cinder API. (boolean value)
+enable_v3_api = true
+
+# Enables or disables rate limit of the API. (boolean value)
+#api_rate_limit = true
+
+# Specify list of extensions to load when using osapi_volume_extension option
+# with cinder.api.contrib.select_extensions (list value)
+#osapi_volume_ext_list =
+
+# osapi volume extension to load (multi valued)
+osapi_volume_extension = cinder.api.contrib.standard_extensions
+
+# Full class name for the Manager for volume (string value)
+#volume_manager = cinder.volume.manager.VolumeManager
+
+# Full class name for the Manager for volume backup (string value)
+#backup_manager = cinder.backup.manager.BackupManager
+
+# Full class name for the Manager for scheduler (string value)
+#scheduler_manager = cinder.scheduler.manager.SchedulerManager
+
+# Name of this node.  This can be an opaque identifier. It is not necessarily a
+# host name, FQDN, or IP address. (host address value)
+#host = localhost
+
+# Availability zone of this node. Can be overridden per volume backend with the
+# option "backend_availability_zone". (string value)
+#storage_availability_zone = nova
+
+# Default availability zone for new volumes. If not set, the
+# storage_availability_zone option value is used as the default for new
+# volumes. (string value)
+#default_availability_zone = <None>
+
+# If the requested Cinder availability zone is unavailable, fall back to the
+# value of default_availability_zone, then storage_availability_zone, instead
+# of failing. (boolean value)
+allow_availability_zone_fallback = True
+
+# Default volume type to use (string value)
+#default_volume_type = <None>
+
+# Default group type to use (string value)
+#default_group_type = <None>
+
+# Time period for which to generate volume usages. The options are hour, day,
+# month, or year. (string value)
+#volume_usage_audit_period = month
+
+# Path to the rootwrap configuration file to use for running commands as root
+# (string value)
+#rootwrap_config = /etc/cinder/rootwrap.conf
+
+# Enable monkey patching (boolean value)
+#monkey_patch = false
+
+# List of modules/decorators to monkey patch (list value)
+#monkey_patch_modules =
+
+# Maximum time since last check-in for a service to be considered up (integer
+# value)
+#service_down_time = 60
+
+# The full class name of the volume API class to use (string value)
+#volume_api_class = cinder.volume.api.API
+
+# The full class name of the volume backup API class (string value)
+#backup_api_class = cinder.backup.api.API
+
+# The strategy to use for auth. Supports noauth or keystone. (string value)
+# Possible values:
+# noauth - <No description provided>
+# keystone - <No description provided>
+auth_strategy = keystone
+
+# A list of backend names to use. These backend names should be backed by a
+# unique [CONFIG] group with its options (list value)
+#enabled_backends = <None>
+default_volume_type=lvm-driver
+
+enabled_backends=lvm-driver
+
+
+# Whether snapshots count against gigabyte quota (boolean value)
+#no_snapshot_gb_quota = false
+
+# The full class name of the volume transfer API class (string value)
+#transfer_api_class = cinder.transfer.api.API
+
+# The full class name of the consistencygroup API class (string value)
+#consistencygroup_api_class = cinder.consistencygroup.api.API
+
+# The full class name of the group API class (string value)
+#group_api_class = cinder.group.api.API
+
+# The full class name of the compute API class to use (string value)
+#compute_api_class = cinder.compute.nova.API
+
+# ID of the project which will be used as the Cinder internal tenant. (string
+# value)
+#cinder_internal_tenant_project_id = <None>
+
+# ID of the user to be used in volume operations as the Cinder internal tenant.
+# (string value)
+#cinder_internal_tenant_user_id = <None>
+
+# Services to be added to the available pool on create (boolean value)
+#enable_new_services = true
+
+# Template string to be used to generate volume names (string value)
+volume_name_template = volume-%s
+
+# Template string to be used to generate snapshot names (string value)
+#snapshot_name_template = snapshot-%s
+
+# Template string to be used to generate backup names (string value)
+#backup_name_template = backup-%s
+
+# Driver to use for database access (string value)
+#db_driver = cinder.db
+
+# A list of url schemes that can be downloaded directly via the direct_url.
+# Currently supported schemes: [file, cinder]. (list value)
+#allowed_direct_url_schemes =
+
+# Info to match when looking for glance in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if glance_api_servers are not provided. (string value)
+#glance_catalog_info = image:glance:publicURL
+
+# Default core properties of image (list value)
+#glance_core_properties = checksum,container_format,disk_format,image_name,image_id,min_disk,min_ram,name,size
+
+# Directory used for temporary storage during image conversion (string value)
+#image_conversion_dir = $state_path/conversion
+
+# message minimum life in seconds. (integer value)
+#message_ttl = 2592000
+
+# interval between periodic task runs to clean expired messages in seconds.
+# (integer value)
+#message_reap_interval = 86400
+
+# Number of volumes allowed per project (integer value)
+#quota_volumes = 10
+
+# Number of volume snapshots allowed per project (integer value)
+#quota_snapshots = 10
+
+# Number of consistencygroups allowed per project (integer value)
+#quota_consistencygroups = 10
+
+# Number of groups allowed per project (integer value)
+#quota_groups = 10
+
+# Total amount of storage, in gigabytes, allowed for volumes and snapshots per
+# project (integer value)
+#quota_gigabytes = 1000
+
+# Number of volume backups allowed per project (integer value)
+#quota_backups = 10
+
+# Total amount of storage, in gigabytes, allowed for backups per project
+# (integer value)
+#quota_backup_gigabytes = 1000
+
+# Number of seconds until a reservation expires (integer value)
+#reservation_expire = 86400
+
+# Interval between periodic task runs to clean expired reservations in seconds.
+# (integer value)
+#reservation_clean_interval = $reservation_expire
+
+# Count of reservations until usage is refreshed (integer value)
+#until_refresh = 0
+
+# Number of seconds between subsequent usage refreshes (integer value)
+#max_age = 0
+
+# Default driver to use for quota checks (string value)
+#quota_driver = cinder.quota.DbQuotaDriver
+
+# Enables or disables use of default quota class with default quota. (boolean
+# value)
+#use_default_quota_class = true
+
+# Max size allowed per volume, in gigabytes (integer value)
+#per_volume_size_limit = -1
+
+# The scheduler host manager class to use (string value)
+#scheduler_host_manager = cinder.scheduler.host_manager.HostManager
+
+# Maximum number of attempts to schedule a volume (integer value)
+#scheduler_max_attempts = 3
+
+# Which filter class names to use for filtering hosts when not specified in the
+# request. (list value)
+#scheduler_default_filters = AvailabilityZoneFilter,CapacityFilter,CapabilitiesFilter
+
+# Which weigher class names to use for weighing hosts. (list value)
+#scheduler_default_weighers = CapacityWeigher
+
+# Which handler to use for selecting the host/pool after weighing (string
+# value)
+#scheduler_weight_handler = cinder.scheduler.weights.OrderedHostWeightHandler
+
+# Default scheduler driver to use (string value)
+#scheduler_driver = cinder.scheduler.filter_scheduler.FilterScheduler
+
+# Absolute path to scheduler configuration JSON file. (string value)
+#scheduler_json_config_location =
+
+# Multiplier used for weighing free capacity. Negative numbers mean to stack vs
+# spread. (floating point value)
+#capacity_weight_multiplier = 1.0
+
+# Multiplier used for weighing allocated capacity. Positive numbers mean to
+# stack vs spread. (floating point value)
+#allocated_capacity_weight_multiplier = -1.0
+
+# Multiplier used for weighing volume number. Negative numbers mean to spread
+# vs stack. (floating point value)
+#volume_number_multiplier = -1.0
+
+# Interval, in seconds, between nodes reporting state to datastore (integer
+# value)
+#report_interval = 10
+
+# Interval, in seconds, between running periodic tasks (integer value)
+#periodic_interval = 60
+
+# Range, in seconds, to randomly delay when starting the periodic task
+# scheduler to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 60
+
+# IP address on which OpenStack Volume API listens (string value)
+osapi_volume_listen = 10.167.4.37
+
+# Port on which OpenStack Volume API listens (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#osapi_volume_listen_port = 8776
+
+# Number of workers for OpenStack Volume API service. The default is equal to
+# the number of CPUs available. (integer value)
+osapi_volume_workers = 4
+
+# Wraps the socket in a SSL context if True is set. A certificate file and key
+# file must be specified. (boolean value)
+#osapi_volume_use_ssl = false
+
+# Option to enable strict host key checking.  When set to "True" Cinder will
+# only connect to systems with a host key present in the configured
+# "ssh_hosts_key_file".  When set to "False" the host key will be saved upon
+# first connection and used for subsequent connections.  Default=False (boolean
+# value)
+#strict_ssh_host_key_policy = false
+
+# File containing SSH host keys for the systems with which Cinder needs to
+# communicate.  OPTIONAL: Default=$state_path/ssh_known_hosts (string value)
+#ssh_hosts_key_file = $state_path/ssh_known_hosts
+
+# The number of characters in the salt. (integer value)
+#volume_transfer_salt_length = 8
+
+# The number of characters in the autogenerated auth key. (integer value)
+#volume_transfer_key_length = 16
+
+# Enables the Force option on upload_to_image. This enables running
+# upload_volume on in-use volumes for backends that support it. (boolean value)
+#enable_force_upload = false
+enable_force_upload = false
+
+# Create volume from snapshot at the host where snapshot resides (boolean
+# value)
+#snapshot_same_host = true
+
+# Ensure that the new volumes are the same AZ as snapshot or source volume
+# (boolean value)
+#cloned_volume_same_az = true
+
+# Cache volume availability zones in memory for the provided duration in
+# seconds (integer value)
+#az_cache_duration = 3600
+
+# Number of times to attempt to run flakey shell commands (integer value)
+#num_shell_tries = 3
+
+# The percentage of backend capacity is reserved (integer value)
+# Minimum value: 0
+# Maximum value: 100
+#reserved_percentage = 0
+
+# Prefix for iSCSI volumes (string value)
+# Deprecated group/name - [DEFAULT]/iscsi_target_prefix
+#target_prefix = iqn.2010-10.org.openstack:
+
+# The IP address that the iSCSI daemon is listening on (string value)
+# Deprecated group/name - [DEFAULT]/iscsi_ip_address
+#target_ip_address = $my_ip
+
+# The list of secondary IP addresses of the iSCSI daemon (list value)
+#iscsi_secondary_ip_addresses =
+
+# The port that the iSCSI daemon is listening on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/iscsi_port
+#target_port = 3260
+
+# The maximum number of times to rescan targets to find volume (integer value)
+#num_volume_device_scan_tries = 3
+
+# The backend name for a given driver implementation (string value)
+volume_backend_name = DEFAULT
+
+# Do we attach/detach volumes in cinder using multipath for volume to image and
+# image to volume transfers? (boolean value)
+#use_multipath_for_image_xfer = false
+
+# If this is set to True, attachment of volumes for image transfer will be
+# aborted when multipathd is not running. Otherwise, it will fallback to single
+# path. (boolean value)
+#enforce_multipath_for_image_xfer = false
+
+# Method used to wipe old volumes (string value)
+# Possible values:
+# none - <No description provided>
+# zero - <No description provided>
+#volume_clear = zero
+volume_clear = none
+
+# Size in MiB to wipe at start of old volumes. 1024 MiBat max. 0 => all
+# (integer value)
+# Maximum value: 1024
+#volume_clear_size = 0
+
+# The flag to pass to ionice to alter the i/o priority of the process used to
+# zero a volume after deletion, for example "-c3" for idle only priority.
+# (string value)
+#volume_clear_ionice = <None>
+
+# Target user-land tool to use. tgtadm is default, use lioadm for LIO iSCSI
+# support, scstadmin for SCST target support, ietadm for iSCSI Enterprise
+# Target, iscsictl for Chelsio iSCSI Target, nvmet for NVMEoF support, or fake
+# for testing. (string value)
+# Possible values:
+# tgtadm - <No description provided>
+# lioadm - <No description provided>
+# scstadmin - <No description provided>
+# iscsictl - <No description provided>
+# ietadm - <No description provided>
+# nvmet - <No description provided>
+# fake - <No description provided>
+# Deprecated group/name - [DEFAULT]/iscsi_helper
+target_helper = tgtadm
+
+# Volume configuration file storage directory (string value)
+volumes_dir = /var/lib/cinder/volumes
+
+# IET configuration file (string value)
+#iet_conf = /etc/iet/ietd.conf
+
+# Chiscsi (CXT) global defaults configuration file (string value)
+#chiscsi_conf = /etc/chelsio-iscsi/chiscsi.conf
+
+# Sets the behavior of the iSCSI target to either perform blockio or fileio
+# optionally, auto can be set and Cinder will autodetect type of backing device
+# (string value)
+# Possible values:
+# blockio - <No description provided>
+# fileio - <No description provided>
+# auto - <No description provided>
+#iscsi_iotype = fileio
+
+# The default block size used when copying/clearing volumes (string value)
+#volume_dd_blocksize = 1M
+
+# The blkio cgroup name to be used to limit bandwidth of volume copy (string
+# value)
+#volume_copy_blkio_cgroup_name = cinder-volume-copy
+
+# The upper limit of bandwidth of volume copy. 0 => unlimited (integer value)
+#volume_copy_bps_limit = 0
+
+# Sets the behavior of the iSCSI target to either perform write-back(on) or
+# write-through(off). This parameter is valid if target_helper is set to
+# tgtadm. (string value)
+# Possible values:
+# on - <No description provided>
+# off - <No description provided>
+#iscsi_write_cache = on
+
+# Sets the target-specific flags for the iSCSI target. Only used for tgtadm to
+# specify backing device flags using bsoflags option. The specified string is
+# passed as is to the underlying tool. (string value)
+#iscsi_target_flags =
+
+# Determines the target protocol for new volumes, created with tgtadm, lioadm
+# and nvmet target helpers. In order to enable RDMA, this parameter should be
+# set with the value "iser". The supported iSCSI protocol values are "iscsi"
+# and "iser", in case of nvmet target set to "nvmet_rdma". (string value)
+# Possible values:
+# iscsi - <No description provided>
+# iser - <No description provided>
+# nvmet_rdma - <No description provided>
+# Deprecated group/name - [DEFAULT]/iscsi_protocol
+#target_protocol = iscsi
+
+# The path to the client certificate key for verification, if the driver
+# supports it. (string value)
+#driver_client_cert_key = <None>
+
+# The path to the client certificate for verification, if the driver supports
+# it. (string value)
+#driver_client_cert = <None>
+
+# Tell driver to use SSL for connection to backend storage if the driver
+# supports it. (boolean value)
+#driver_use_ssl = false
+
+# Representation of the over subscription ratio when thin provisioning is
+# enabled. Default ratio is 20.0, meaning provisioned capacity can be 20 times
+# of the total physical capacity. If the ratio is 10.5, it means provisioned
+# capacity can be 10.5 times of the total physical capacity. A ratio of 1.0
+# means provisioned capacity cannot exceed the total physical capacity. If
+# ratio is 'auto', Cinder will automatically calculate the ratio based on the
+# provisioned capacity and the used space. If not set to auto, the ratio has to
+# be a minimum of 1.0. (string value)
+#max_over_subscription_ratio = 20.0
+
+# Certain ISCSI targets have predefined target names, SCST target driver uses
+# this name. (string value)
+#scst_target_iqn_name = <None>
+
+# SCST target implementation can choose from multiple SCST target drivers.
+# (string value)
+#scst_target_driver = iscsi
+
+# Option to enable/disable CHAP authentication for targets. (boolean value)
+#use_chap_auth = false
+
+# CHAP user name. (string value)
+#chap_username =
+
+# Password for specified CHAP account name. (string value)
+#chap_password =
+
+# Namespace for driver private data values to be saved in. (string value)
+#driver_data_namespace = <None>
+
+# String representation for an equation that will be used to filter hosts. Only
+# used when the driver filter is set to be used by the Cinder scheduler.
+# (string value)
+#filter_function = <None>
+
+# String representation for an equation that will be used to determine the
+# goodness of a host. Only used when using the goodness weigher is set to be
+# used by the Cinder scheduler. (string value)
+#goodness_function = <None>
+
+# If set to True the http client will validate the SSL certificate of the
+# backend endpoint. (boolean value)
+#driver_ssl_cert_verify = false
+
+# Can be used to specify a non default path to a CA_BUNDLE file or directory
+# with certificates of trusted CAs, which will be used to validate the backend
+# (string value)
+#driver_ssl_cert_path = <None>
+
+# List of options that control which trace info is written to the DEBUG log
+# level to assist developers. Valid values are method and api. (list value)
+#trace_flags = <None>
+
+# Multi opt of dictionaries to represent a replication target device.  This
+# option may be specified multiple times in a single config section to specify
+# multiple replication target devices.  Each entry takes the standard dict
+# config form: replication_device =
+# target_device_id:<required>,key1:value1,key2:value2... (dict value)
+#replication_device = <None>
+
+# If set to True, upload-to-image in raw format will create a cloned volume and
+# register its location to the image service, instead of uploading the volume
+# content. The cinder backend and locations support must be enabled in the
+# image service. (boolean value)
+#image_upload_use_cinder_backend = false
+
+# If set to True, the image volume created by upload-to-image will be placed in
+# the internal tenant. Otherwise, the image volume is created in the current
+# context's tenant. (boolean value)
+#image_upload_use_internal_tenant = false
+
+# Enable the image volume cache for this backend. (boolean value)
+#image_volume_cache_enabled = false
+
+# Max size of the image volume cache for this backend in GB. 0 => unlimited.
+# (integer value)
+#image_volume_cache_max_size_gb = 0
+
+# Max number of entries allowed in the image volume cache. 0 => unlimited.
+# (integer value)
+#image_volume_cache_max_count = 0
+
+# Report to clients of Cinder that the backend supports discard (aka.
+# trim/unmap). This will not actually change the behavior of the backend or the
+# client directly, it will only notify that it can be used. (boolean value)
+#report_discard_supported = false
+
+# Protocol for transferring data between host and storage back-end. (string
+# value)
+# Possible values:
+# iscsi - <No description provided>
+# fc - <No description provided>
+#storage_protocol = iscsi
+
+# If this is set to True, a temporary snapshot will be created for performing
+# non-disruptive backups. Otherwise a temporary volume will be cloned in order
+# to perform a backup. (boolean value)
+#backup_use_temp_snapshot = false
+
+# Set this to True when you want to allow an unsupported driver to start.
+# Drivers that haven't maintained a working CI system and testing are marked as
+# unsupported until CI is working again.  This also marks a driver as
+# deprecated and may be removed in the next release. (boolean value)
+#enable_unsupported_driver = false
+
+# Availability zone for this volume backend. If not set, the
+# storage_availability_zone option value is used as the default for all
+# backends. (string value)
+#backend_availability_zone = <None>
+
+# The maximum number of times to rescan iSER targetto find volume (integer
+# value)
+#num_iser_scan_tries = 3
+
+# Prefix for iSER volumes (string value)
+#iser_target_prefix = iqn.2010-10.org.openstack:
+
+# The IP address that the iSER daemon is listening on (string value)
+#iser_ip_address = $my_ip
+
+# The port that the iSER daemon is listening on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#iser_port = 3260
+
+# The name of the iSER target user-land tool to use (string value)
+#iser_helper = tgtadm
+
+# The port that the NVMe target is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#nvmet_port_id = 1
+
+# The namespace id associated with the subsystem that will be created with the
+# path for the LVM volume. (integer value)
+#nvmet_ns_id = 10
+
+# DataCore virtual disk type (single/mirrored). Mirrored virtual disks require
+# two storage servers in the server group. (string value)
+# Possible values:
+# single - <No description provided>
+# mirrored - <No description provided>
+#datacore_disk_type = single
+
+# DataCore virtual disk storage profile. (string value)
+#datacore_storage_profile = <None>
+
+# List of DataCore disk pools that can be used by volume driver. (list value)
+#datacore_disk_pools =
+
+# Seconds to wait for a response from a DataCore API call. (integer value)
+# Minimum value: 1
+#datacore_api_timeout = 300
+
+# Seconds to wait for DataCore virtual disk to come out of the "Failed" state.
+# (integer value)
+# Minimum value: 0
+#datacore_disk_failed_delay = 15
+
+# List of iSCSI targets that cannot be used to attach volume. To prevent the
+# DataCore iSCSI volume driver from using some front-end targets in volume
+# attachment, specify this option and list the iqn and target machine for each
+# target as the value, such as <iqn:target name>, <iqn:target name>,
+# <iqn:target name>. (list value)
+#datacore_iscsi_unallowed_targets =
+
+# Configure CHAP authentication for iSCSI connections. (boolean value)
+#datacore_iscsi_chap_enabled = false
+
+# iSCSI CHAP authentication password storage file. (string value)
+#datacore_iscsi_chap_storage = <None>
+
+# Storage system autoexpand parameter for volumes (True/False) (boolean value)
+#instorage_mcs_vol_autoexpand = true
+
+# Storage system compression option for volumes (boolean value)
+#instorage_mcs_vol_compression = false
+
+# Enable InTier for volumes (boolean value)
+#instorage_mcs_vol_intier = true
+
+# Allow tenants to specify QOS on create (boolean value)
+#instorage_mcs_allow_tenant_qos = false
+
+# Storage system grain size parameter for volumes (32/64/128/256) (integer
+# value)
+# Minimum value: 32
+# Maximum value: 256
+#instorage_mcs_vol_grainsize = 256
+
+# Storage system space-efficiency parameter for volumes (percentage) (integer
+# value)
+# Minimum value: -1
+# Maximum value: 100
+#instorage_mcs_vol_rsize = 2
+
+# Storage system threshold for volume capacity warnings (percentage) (integer
+# value)
+# Minimum value: -1
+# Maximum value: 100
+#instorage_mcs_vol_warning = 0
+
+# Maximum number of seconds to wait for LocalCopy to be prepared. (integer
+# value)
+# Minimum value: 1
+# Maximum value: 600
+#instorage_mcs_localcopy_timeout = 120
+
+# Specifies the InStorage LocalCopy copy rate to be used when creating a full
+# volume copy. The default is rate is 50, and the valid rates are 1-100.
+# (integer value)
+# Minimum value: 1
+# Maximum value: 100
+#instorage_mcs_localcopy_rate = 50
+
+# The I/O group in which to allocate volumes. It can be a comma-separated list
+# in which case the driver will select an io_group based on least number of
+# volumes associated with the io_group. (string value)
+#instorage_mcs_vol_iogrp = 0
+
+# Specifies secondary management IP or hostname to be used if san_ip is invalid
+# or becomes inaccessible. (string value)
+#instorage_san_secondary_ip = <None>
+
+# Comma separated list of storage system storage pools for volumes. (list
+# value)
+#instorage_mcs_volpool_name = volpool
+
+# Configure CHAP authentication for iSCSI connections (Default: Enabled)
+# (boolean value)
+#instorage_mcs_iscsi_chap_enabled = true
+
+# The StorPool template for volumes with no type. (string value)
+#storpool_template = <None>
+
+# The default StorPool chain replication value.  Used when creating a volume
+# with no specified type if storpool_template is not set.  Also used for
+# calculating the apparent free space reported in the stats. (integer value)
+#storpool_replication = 3
+
+# Create sparse Lun. (boolean value)
+#vrts_lun_sparse = true
+
+# VA config file. (string value)
+#vrts_target_config = /etc/cinder/vrts_target.xml
+
+# Timeout for creating the volume to migrate to when performing volume
+# migration (seconds) (integer value)
+#migration_create_volume_timeout_secs = 300
+
+# Offload pending volume delete during volume service startup (boolean value)
+#volume_service_inithost_offload = false
+
+# FC Zoning mode configured, only 'fabric' is supported now. (string value)
+#zoning_mode = <None>
+
+# Sets the value of TCP_KEEPALIVE (True/False) for each server socket. (boolean
+# value)
+#tcp_keepalive = true
+
+# Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not
+# supported on OS X. (integer value)
+#tcp_keepalive_interval = <None>
+
+# Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X.
+# (integer value)
+#tcp_keepalive_count = <None>
+
+
+[backend]
+
+#
+# From cinder
+#
+
+# Backend override of host value. (string value)
+#backend_host = <None>
+[lvm-driver]
+host=ctl02
+volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
+volume_backend_name=lvm-driver
 iscsi_helper = tgtadm
-volume_name_template = volume-%s
-volume_group = cinder-volumes
-verbose = True
-auth_strategy = keystone
-state_path = /var/lib/cinder
-lock_path = /var/lock/cinder
-volumes_dir = /var/lib/cinder/volumes
-enabled_backends = lvm
+volume_group = cinder-volume
+
+
+[backend_defaults]
+
+#
+# From cinder
+#
+
+# Number of times to attempt to run flakey shell commands (integer value)
+#num_shell_tries = 3
+
+# The percentage of backend capacity is reserved (integer value)
+# Minimum value: 0
+# Maximum value: 100
+#reserved_percentage = 0
+
+# Prefix for iSCSI volumes (string value)
+# Deprecated group/name - [backend_defaults]/iscsi_target_prefix
+#target_prefix = iqn.2010-10.org.openstack:
+
+# The IP address that the iSCSI daemon is listening on (string value)
+# Deprecated group/name - [backend_defaults]/iscsi_ip_address
+#target_ip_address = $my_ip
+
+# The list of secondary IP addresses of the iSCSI daemon (list value)
+#iscsi_secondary_ip_addresses =
+
+# The port that the iSCSI daemon is listening on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [backend_defaults]/iscsi_port
+#target_port = 3260
+
+# The maximum number of times to rescan targets to find volume (integer value)
+#num_volume_device_scan_tries = 3
+
+# The backend name for a given driver implementation (string value)
+#volume_backend_name = <None>
+
+# Do we attach/detach volumes in cinder using multipath for volume to image and
+# image to volume transfers? (boolean value)
+#use_multipath_for_image_xfer = false
+
+# If this is set to True, attachment of volumes for image transfer will be
+# aborted when multipathd is not running. Otherwise, it will fallback to single
+# path. (boolean value)
+#enforce_multipath_for_image_xfer = false
+
+# Method used to wipe old volumes (string value)
+# Possible values:
+# none - <No description provided>
+# zero - <No description provided>
+#volume_clear = zero
+
+# Size in MiB to wipe at start of old volumes. 1024 MiBat max. 0 => all
+# (integer value)
+# Maximum value: 1024
+#volume_clear_size = 0
+
+# The flag to pass to ionice to alter the i/o priority of the process used to
+# zero a volume after deletion, for example "-c3" for idle only priority.
+# (string value)
+#volume_clear_ionice = <None>
+
+# Target user-land tool to use. tgtadm is default, use lioadm for LIO iSCSI
+# support, scstadmin for SCST target support, ietadm for iSCSI Enterprise
+# Target, iscsictl for Chelsio iSCSI Target, nvmet for NVMEoF support, or fake
+# for testing. (string value)
+# Possible values:
+# tgtadm - <No description provided>
+# lioadm - <No description provided>
+# scstadmin - <No description provided>
+# iscsictl - <No description provided>
+# ietadm - <No description provided>
+# nvmet - <No description provided>
+# fake - <No description provided>
+# Deprecated group/name - [backend_defaults]/iscsi_helper
+#target_helper = tgtadm
+
+# Volume configuration file storage directory (string value)
+#volumes_dir = $state_path/volumes
+
+# IET configuration file (string value)
+#iet_conf = /etc/iet/ietd.conf
+
+# Chiscsi (CXT) global defaults configuration file (string value)
+#chiscsi_conf = /etc/chelsio-iscsi/chiscsi.conf
+
+# Sets the behavior of the iSCSI target to either perform blockio or fileio
+# optionally, auto can be set and Cinder will autodetect type of backing device
+# (string value)
+# Possible values:
+# blockio - <No description provided>
+# fileio - <No description provided>
+# auto - <No description provided>
+#iscsi_iotype = fileio
+
+# The default block size used when copying/clearing volumes (string value)
+#volume_dd_blocksize = 1M
+
+# The blkio cgroup name to be used to limit bandwidth of volume copy (string
+# value)
+#volume_copy_blkio_cgroup_name = cinder-volume-copy
+
+# The upper limit of bandwidth of volume copy. 0 => unlimited (integer value)
+#volume_copy_bps_limit = 0
+
+# Sets the behavior of the iSCSI target to either perform write-back(on) or
+# write-through(off). This parameter is valid if target_helper is set to
+# tgtadm. (string value)
+# Possible values:
+# on - <No description provided>
+# off - <No description provided>
+#iscsi_write_cache = on
+
+# Sets the target-specific flags for the iSCSI target. Only used for tgtadm to
+# specify backing device flags using bsoflags option. The specified string is
+# passed as is to the underlying tool. (string value)
+#iscsi_target_flags =
+
+# Determines the target protocol for new volumes, created with tgtadm, lioadm
+# and nvmet target helpers. In order to enable RDMA, this parameter should be
+# set with the value "iser". The supported iSCSI protocol values are "iscsi"
+# and "iser", in case of nvmet target set to "nvmet_rdma". (string value)
+# Possible values:
+# iscsi - <No description provided>
+# iser - <No description provided>
+# nvmet_rdma - <No description provided>
+# Deprecated group/name - [backend_defaults]/iscsi_protocol
+#target_protocol = iscsi
+
+# The path to the client certificate key for verification, if the driver
+# supports it. (string value)
+#driver_client_cert_key = <None>
+
+# The path to the client certificate for verification, if the driver supports
+# it. (string value)
+#driver_client_cert = <None>
+
+# Tell driver to use SSL for connection to backend storage if the driver
+# supports it. (boolean value)
+#driver_use_ssl = false
+
+# Representation of the over subscription ratio when thin provisioning is
+# enabled. Default ratio is 20.0, meaning provisioned capacity can be 20 times
+# of the total physical capacity. If the ratio is 10.5, it means provisioned
+# capacity can be 10.5 times of the total physical capacity. A ratio of 1.0
+# means provisioned capacity cannot exceed the total physical capacity. If
+# ratio is 'auto', Cinder will automatically calculate the ratio based on the
+# provisioned capacity and the used space. If not set to auto, the ratio has to
+# be a minimum of 1.0. (string value)
+#max_over_subscription_ratio = 20.0
+
+# Certain ISCSI targets have predefined target names, SCST target driver uses
+# this name. (string value)
+#scst_target_iqn_name = <None>
+
+# SCST target implementation can choose from multiple SCST target drivers.
+# (string value)
+#scst_target_driver = iscsi
+
+# Option to enable/disable CHAP authentication for targets. (boolean value)
+#use_chap_auth = false
+
+# CHAP user name. (string value)
+#chap_username =
+
+# Password for specified CHAP account name. (string value)
+#chap_password =
+
+# Namespace for driver private data values to be saved in. (string value)
+#driver_data_namespace = <None>
+
+# String representation for an equation that will be used to filter hosts. Only
+# used when the driver filter is set to be used by the Cinder scheduler.
+# (string value)
+#filter_function = <None>
+
+# String representation for an equation that will be used to determine the
+# goodness of a host. Only used when using the goodness weigher is set to be
+# used by the Cinder scheduler. (string value)
+#goodness_function = <None>
+
+# If set to True the http client will validate the SSL certificate of the
+# backend endpoint. (boolean value)
+#driver_ssl_cert_verify = false
+
+# Can be used to specify a non default path to a CA_BUNDLE file or directory
+# with certificates of trusted CAs, which will be used to validate the backend
+# (string value)
+#driver_ssl_cert_path = <None>
+
+# List of options that control which trace info is written to the DEBUG log
+# level to assist developers. Valid values are method and api. (list value)
+#trace_flags = <None>
+
+# Multi opt of dictionaries to represent a replication target device.  This
+# option may be specified multiple times in a single config section to specify
+# multiple replication target devices.  Each entry takes the standard dict
+# config form: replication_device =
+# target_device_id:<required>,key1:value1,key2:value2... (dict value)
+#replication_device = <None>
+
+# If set to True, upload-to-image in raw format will create a cloned volume and
+# register its location to the image service, instead of uploading the volume
+# content. The cinder backend and locations support must be enabled in the
+# image service. (boolean value)
+#image_upload_use_cinder_backend = false
+
+# If set to True, the image volume created by upload-to-image will be placed in
+# the internal tenant. Otherwise, the image volume is created in the current
+# context's tenant. (boolean value)
+#image_upload_use_internal_tenant = false
+
+# Enable the image volume cache for this backend. (boolean value)
+#image_volume_cache_enabled = false
+
+# Max size of the image volume cache for this backend in GB. 0 => unlimited.
+# (integer value)
+#image_volume_cache_max_size_gb = 0
+
+# Max number of entries allowed in the image volume cache. 0 => unlimited.
+# (integer value)
+#image_volume_cache_max_count = 0
+
+# Report to clients of Cinder that the backend supports discard (aka.
+# trim/unmap). This will not actually change the behavior of the backend or the
+# client directly, it will only notify that it can be used. (boolean value)
+#report_discard_supported = false
+
+# Protocol for transferring data between host and storage back-end. (string
+# value)
+# Possible values:
+# iscsi - <No description provided>
+# fc - <No description provided>
+#storage_protocol = iscsi
+
+# If this is set to True, a temporary snapshot will be created for performing
+# non-disruptive backups. Otherwise a temporary volume will be cloned in order
+# to perform a backup. (boolean value)
+#backup_use_temp_snapshot = false
+
+# Set this to True when you want to allow an unsupported driver to start.
+# Drivers that haven't maintained a working CI system and testing are marked as
+# unsupported until CI is working again.  This also marks a driver as
+# deprecated and may be removed in the next release. (boolean value)
+#enable_unsupported_driver = false
+
+# Availability zone for this volume backend. If not set, the
+# storage_availability_zone option value is used as the default for all
+# backends. (string value)
+#backend_availability_zone = <None>
+
+# The maximum number of times to rescan iSER targetto find volume (integer
+# value)
+#num_iser_scan_tries = 3
+
+# Prefix for iSER volumes (string value)
+#iser_target_prefix = iqn.2010-10.org.openstack:
+
+# The IP address that the iSER daemon is listening on (string value)
+#iser_ip_address = $my_ip
+
+# The port that the iSER daemon is listening on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#iser_port = 3260
+
+# The name of the iSER target user-land tool to use (string value)
+#iser_helper = tgtadm
+
+# The port that the NVMe target is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#nvmet_port_id = 1
+
+# The namespace id associated with the subsystem that will be created with the
+# path for the LVM volume. (integer value)
+#nvmet_ns_id = 10
+
+# Hostname for the CoprHD Instance (string value)
+#coprhd_hostname = <None>
+
+# Port for the CoprHD Instance (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#coprhd_port = 4443
+
+# Username for accessing the CoprHD Instance (string value)
+#coprhd_username = <None>
+
+# Password for accessing the CoprHD Instance (string value)
+#coprhd_password = <None>
+
+# Tenant to utilize within the CoprHD Instance (string value)
+#coprhd_tenant = <None>
+
+# Project to utilize within the CoprHD Instance (string value)
+#coprhd_project = <None>
+
+# Virtual Array to utilize within the CoprHD Instance (string value)
+#coprhd_varray = <None>
+
+# True | False to indicate if the storage array in CoprHD is VMAX or VPLEX
+# (boolean value)
+#coprhd_emulate_snapshot = false
+
+# Rest Gateway IP or FQDN for Scaleio (string value)
+#coprhd_scaleio_rest_gateway_host = None
+
+# Rest Gateway Port for Scaleio (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#coprhd_scaleio_rest_gateway_port = 4984
+
+# Username for Rest Gateway (string value)
+#coprhd_scaleio_rest_server_username = <None>
+
+# Rest Gateway Password (string value)
+#coprhd_scaleio_rest_server_password = <None>
+
+# verify server certificate (boolean value)
+#scaleio_verify_server_certificate = false
+
+# Server certificate path (string value)
+#scaleio_server_certificate_path = <None>
+
+# Datera API port. (string value)
+#datera_api_port = 7717
+
+# DEPRECATED: Datera API version. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#datera_api_version = 2
+
+# Timeout for HTTP 503 retry messages (integer value)
+#datera_503_timeout = 120
+
+# Interval between 503 retries (integer value)
+#datera_503_interval = 5
+
+# True to set function arg and return logging (boolean value)
+#datera_debug = false
+
+# ONLY FOR DEBUG/TESTING PURPOSES
+# True to set replica_count to 1 (boolean value)
+#datera_debug_replica_count_override = false
+
+# If set to 'Map' --> OpenStack project ID will be mapped implicitly to Datera
+# tenant ID
+# If set to 'None' --> Datera tenant ID will not be used during volume
+# provisioning
+# If set to anything else --> Datera tenant ID will be the provided value
+# (string value)
+#datera_tenant_id = <None>
+
+# Set to True to disable profiling in the Datera driver (boolean value)
+#datera_disable_profiler = false
+
+# Group name to use for creating volumes. Defaults to "group-0". (string value)
+#eqlx_group_name = group-0
+
+# Maximum retry count for reconnection. Default is 5. (integer value)
+# Minimum value: 0
+#eqlx_cli_max_retries = 5
+
+# Pool in which volumes will be created. Defaults to "default". (string value)
+#eqlx_pool = default
+
+# Storage Center System Serial Number (integer value)
+#dell_sc_ssn = 64702
+
+# Dell API port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#dell_sc_api_port = 3033
+
+# Name of the server folder to use on the Storage Center (string value)
+#dell_sc_server_folder = openstack
+
+# Name of the volume folder to use on the Storage Center (string value)
+#dell_sc_volume_folder = openstack
+
+# Enable HTTPS SC certificate verification (boolean value)
+#dell_sc_verify_cert = false
+
+# IP address of secondary DSM controller (string value)
+#secondary_san_ip =
+
+# Secondary DSM user name (string value)
+#secondary_san_login = Admin
+
+# Secondary DSM user password name (string value)
+#secondary_san_password =
+
+# Secondary Dell API port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#secondary_sc_api_port = 3033
+
+# Dell SC API async call default timeout in seconds. (integer value)
+#dell_api_async_rest_timeout = 15
+
+# Dell SC API sync call default timeout in seconds. (integer value)
+#dell_api_sync_rest_timeout = 30
+
+# Domain IP to be excluded from iSCSI returns. (IP address value)
+#excluded_domain_ip = <None>
+
+# Server OS type to use when creating a new server on the Storage Center.
+# (string value)
+#dell_server_os = Red Hat Linux 6.x
+
+# REST server port. (string value)
+#sio_rest_server_port = 443
+
+# Verify server certificate. (boolean value)
+#sio_verify_server_certificate = false
+
+# Server certificate path. (string value)
+#sio_server_certificate_path = <None>
+
+# Round up volume capacity. (boolean value)
+#sio_round_volume_capacity = true
+
+# Unmap volume before deletion. (boolean value)
+#sio_unmap_volume_before_deletion = false
+
+# Storage Pools. (string value)
+#sio_storage_pools = <None>
+
+# DEPRECATED: Protection Domain ID. (string value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by sio_storage_pools option
+#sio_protection_domain_id = <None>
+
+# DEPRECATED: Protection Domain name. (string value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by sio_storage_pools option
+#sio_protection_domain_name = <None>
+
+# DEPRECATED: Storage Pool name. (string value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by sio_storage_pools option
+#sio_storage_pool_name = <None>
+
+# DEPRECATED: Storage Pool ID. (string value)
+# This option is deprecated for removal since Pike.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by sio_storage_pools option
+#sio_storage_pool_id = <None>
+
+# ScaleIO API version. (string value)
+#sio_server_api_version = <None>
+
+# max_over_subscription_ratio setting for the ScaleIO driver. This replaces the
+# general max_over_subscription_ratio which has no effect in this
+# driver.Maximum value allowed for ScaleIO is 10.0. (floating point value)
+#sio_max_over_subscription_ratio = 10.0
+
+# Allow thick volumes to be created in Storage Pools when zero padding is
+# disabled. This option should not be enabled if multiple tenants will utilize
+# thick volumes from a shared Storage Pool. (boolean value)
+#sio_allow_non_padded_thick_volumes = false
+
+# A comma-separated list of storage pool names to be used. (list value)
+#unity_storage_pool_names = <None>
+
+# A comma-separated list of iSCSI or FC ports to be used. Each port can be
+# Unix-style glob expressions. (list value)
+#unity_io_ports = <None>
+
+# To remove the host from Unity when the last LUN is detached from it. By
+# default, it is False. (boolean value)
+#remove_empty_host = false
+
+# DEPRECATED: Use this file for cinder emc plugin config data. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#cinder_dell_emc_config_file = /etc/cinder/cinder_dell_emc_config.xml
+
+# Use this value to specify length of the interval in seconds. (integer value)
+#interval = 3
+
+# Use this value to specify number of retries. (integer value)
+#retries = 200
+
+# Use this value to enable the initiator_check. (boolean value)
+#initiator_check = false
+
+# REST server port number. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#san_rest_port = 8443
+
+# Serial number of the array to connect to. (string value)
+#vmax_array = <None>
+
+# Storage resource pool on array to use for provisioning. (string value)
+#vmax_srp = <None>
+
+# Service level to use for provisioning storage. (string value)
+#vmax_service_level = <None>
+
+# Workload (string value)
+#vmax_workload = <None>
+
+# List of port groups containing frontend ports configured prior for server
+# connection. (list value)
+#vmax_port_groups = <None>
+
+# VNX authentication scope type. By default, the value is global. (string
+# value)
+#storage_vnx_authentication_type = global
+
+# Directory path that contains the VNX security file. Make sure the security
+# file is generated first. (string value)
+#storage_vnx_security_file_dir = <None>
+
+# Naviseccli Path. (string value)
+#naviseccli_path = <None>
+
+# Comma-separated list of storage pool names to be used. (list value)
+#storage_vnx_pool_names = <None>
+
+# Default timeout for CLI operations in minutes. For example, LUN migration is
+# a typical long running operation, which depends on the LUN size and the load
+# of the array. An upper bound in the specific deployment can be set to avoid
+# unnecessary long wait. By default, it is 365 days long. (integer value)
+#default_timeout = 31536000
+
+# Default max number of LUNs in a storage group. By default, the value is 255.
+# (integer value)
+#max_luns_per_storage_group = 255
+
+# To destroy storage group when the last LUN is removed from it. By default,
+# the value is False. (boolean value)
+#destroy_empty_storage_group = false
+
+# Mapping between hostname and its iSCSI initiator IP addresses. (string value)
+#iscsi_initiators = <None>
+
+# Comma separated iSCSI or FC ports to be used in Nova or Cinder. (list value)
+#io_port_list = <None>
+
+# Automatically register initiators. By default, the value is False. (boolean
+# value)
+#initiator_auto_registration = false
+
+# Automatically deregister initiators after the related storage group is
+# destroyed. By default, the value is False. (boolean value)
+#initiator_auto_deregistration = false
+
+# DEPRECATED: Report free_capacity_gb as 0 when the limit to maximum number of
+# pool LUNs is reached. By default, the value is False. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#check_max_pool_luns_threshold = false
+
+# Delete a LUN even if it is in Storage Groups. By default, the value is False.
+# (boolean value)
+#force_delete_lun_in_storagegroup = false
+
+# Force LUN creation even if the full threshold of pool is reached. By default,
+# the value is False. (boolean value)
+#ignore_pool_full_threshold = false
+
+# XMS cluster id in multi-cluster environment (string value)
+#xtremio_cluster_name =
+
+# Number of retries in case array is busy (integer value)
+#xtremio_array_busy_retry_count = 5
+
+# Interval between retries in case array is busy (integer value)
+#xtremio_array_busy_retry_interval = 5
+
+# Number of volumes created from each cached glance image (integer value)
+#xtremio_volumes_per_glance_cache = 100
+
+# Should the driver remove initiator groups with no volumes after the last
+# connection was terminated. Since the behavior till now was to leave the IG
+# be, we default to False (not deleting IGs without connected volumes); setting
+# this parameter to True will remove any IG after terminating its connection to
+# the last volume. (boolean value)
+#xtremio_clean_unused_ig = false
+
+# The IP of DMS client socket server (IP address value)
+#disco_client = 127.0.0.1
+
+# The port to connect DMS client socket server (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#disco_client_port = 9898
+
+# DEPRECATED: Path to the wsdl file to communicate with DISCO request manager
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#disco_wsdl_path = /etc/cinder/DISCOService.wsdl
+
+# DEPRECATED: The IP address of the REST server (IP address value)
+# Deprecated group/name - [DEFAULT]/rest_ip
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Using san_ip later
+#disco_rest_ip = <None>
+
+# Use soap client or rest client for communicating with DISCO. Possible values
+# are "soap" or "rest". (string value)
+# Possible values:
+# soap - <No description provided>
+# rest - <No description provided>
+# Deprecated group/name - [DEFAULT]/choice_client
+#disco_choice_client = <None>
+
+# DEPRECATED: The port of DISCO source API (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Using san_api_port later
+#disco_src_api_port = 8080
+
+# Prefix before volume name to differentiate DISCO volume created through
+# openstack and the other ones (string value)
+# Deprecated group/name - [backend_defaults]/volume_name_prefix
+#disco_volume_name_prefix = openstack-
+
+# How long we check whether a snapshot is finished before we give up (integer
+# value)
+# Deprecated group/name - [backend_defaults]/snapshot_check_timeout
+#disco_snapshot_check_timeout = 3600
+
+# How long we check whether a restore is finished before we give up (integer
+# value)
+# Deprecated group/name - [backend_defaults]/restore_check_timeout
+#disco_restore_check_timeout = 3600
+
+# How long we check whether a clone is finished before we give up (integer
+# value)
+# Deprecated group/name - [backend_defaults]/clone_check_timeout
+#disco_clone_check_timeout = 3600
+
+# How long we wait before retrying to get an item detail (integer value)
+# Deprecated group/name - [backend_defaults]/retry_interval
+#disco_retry_interval = 1
+
+# Number of nodes that should replicate the data. (integer value)
+#drbdmanage_redundancy = 1
+
+# Resource deployment completion wait policy. (string value)
+#drbdmanage_resource_policy = {"ratio": "0.51", "timeout": "60"}
+
+# Disk options to set on new resources. See http://www.drbd.org/en/doc/users-
+# guide-90/re-drbdconf for all the details. (string value)
+#drbdmanage_disk_options = {"c-min-rate": "4M"}
+
+# Net options to set on new resources. See http://www.drbd.org/en/doc/users-
+# guide-90/re-drbdconf for all the details. (string value)
+#drbdmanage_net_options = {"connect-int": "4", "allow-two-primaries": "yes", "ko-count": "30", "max-buffers": "20000", "ping-timeout": "100"}
+
+# Resource options to set on new resources. See
+# http://www.drbd.org/en/doc/users-guide-90/re-drbdconf for all the details.
+# (string value)
+#drbdmanage_resource_options = {"auto-promote-timeout": "300"}
+
+# Snapshot completion wait policy. (string value)
+#drbdmanage_snapshot_policy = {"count": "1", "timeout": "60"}
+
+# Volume resize completion wait policy. (string value)
+#drbdmanage_resize_policy = {"timeout": "60"}
+
+# Resource deployment completion wait plugin. (string value)
+#drbdmanage_resource_plugin = drbdmanage.plugins.plugins.wait_for.WaitForResource
+
+# Snapshot completion wait plugin. (string value)
+#drbdmanage_snapshot_plugin = drbdmanage.plugins.plugins.wait_for.WaitForSnapshot
+
+# Volume resize completion wait plugin. (string value)
+#drbdmanage_resize_plugin = drbdmanage.plugins.plugins.wait_for.WaitForVolumeSize
+
+# If set, the c-vol node will receive a useable
+#                 /dev/drbdX device, even if the actual data is stored on
+#                 other nodes only.
+#                 This is useful for debugging, maintenance, and to be
+#                 able to do the iSCSI export from the c-vol node. (boolean
+# value)
+#drbdmanage_devs_on_controller = true
+
+# config file for cinder eternus_dx volume driver (string value)
+#cinder_eternus_config_file = /etc/cinder/cinder_fujitsu_eternus_dx.xml
+
+# The flag of thin storage allocation. (boolean value)
+#dsware_isthin = false
+
+# Fusionstorage manager ip addr for cinder-volume. (string value)
+#dsware_manager =
+
+# Fusionstorage agent ip addr range. (string value)
+#fusionstorageagent =
+
+# Pool type, like sata-2copy. (string value)
+#pool_type = default
+
+# Pool id permit to use. (list value)
+#pool_id_filter =
+
+# Create clone volume timeout. (integer value)
+#clone_volume_timeout = 680
+
+# Space network name to use for data transfer (string value)
+#hgst_net = Net 1 (IPv4)
+
+# Comma separated list of Space storage servers:devices. ex:
+# os1_stor:gbd0,os2_stor:gbd0 (string value)
+#hgst_storage_servers = os:gbd0
+
+# Should spaces be redundantly stored (1/0) (string value)
+#hgst_redundancy = 0
+
+# User to own created spaces (string value)
+#hgst_space_user = root
+
+# Group to own created spaces (string value)
+#hgst_space_group = disk
+
+# UNIX mode for created spaces (string value)
+#hgst_space_mode = 0600
+
+# 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1 (string value)
+#hpe3par_api_url =
+
+# 3PAR username with the 'edit' role (string value)
+#hpe3par_username =
+
+# 3PAR password for the user specified in hpe3par_username (string value)
+#hpe3par_password =
+
+# List of the CPG(s) to use for volume creation (list value)
+#hpe3par_cpg = OpenStack
+
+# The CPG to use for Snapshots for volumes. If empty the userCPG will be used.
+# (string value)
+#hpe3par_cpg_snap =
+
+# The time in hours to retain a snapshot.  You can't delete it before this
+# expires. (string value)
+#hpe3par_snapshot_retention =
+
+# The time in hours when a snapshot expires  and is deleted.  This must be
+# larger than expiration (string value)
+#hpe3par_snapshot_expiration =
+
+# Enable HTTP debugging to 3PAR (boolean value)
+#hpe3par_debug = false
+
+# List of target iSCSI addresses to use. (list value)
+#hpe3par_iscsi_ips =
+
+# Enable CHAP authentication for iSCSI connections. (boolean value)
+#hpe3par_iscsi_chap_enabled = false
+
+# HPE LeftHand WSAPI Server Url like https://<LeftHand ip>:8081/lhos (uri
+# value)
+# Deprecated group/name - [backend_defaults]/hplefthand_api_url
+#hpelefthand_api_url = <None>
+
+# HPE LeftHand Super user username (string value)
+# Deprecated group/name - [backend_defaults]/hplefthand_username
+#hpelefthand_username = <None>
+
+# HPE LeftHand Super user password (string value)
+# Deprecated group/name - [backend_defaults]/hplefthand_password
+#hpelefthand_password = <None>
+
+# HPE LeftHand cluster name (string value)
+# Deprecated group/name - [backend_defaults]/hplefthand_clustername
+#hpelefthand_clustername = <None>
+
+# Configure CHAP authentication for iSCSI connections (Default: Disabled)
+# (boolean value)
+# Deprecated group/name - [backend_defaults]/hplefthand_iscsi_chap_enabled
+#hpelefthand_iscsi_chap_enabled = false
+
+# Enable HTTP debugging to LeftHand (boolean value)
+# Deprecated group/name - [backend_defaults]/hplefthand_debug
+#hpelefthand_debug = false
+
+# Port number of SSH service. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#hpelefthand_ssh_port = 16022
+
+# The configuration file for the Cinder Huawei driver. (string value)
+#cinder_huawei_conf_file = /etc/cinder/cinder_huawei_conf.xml
+
+# The remote device hypermetro will use. (string value)
+#hypermetro_devices = <None>
+
+# The remote metro device san user. (string value)
+#metro_san_user = <None>
+
+# The remote metro device san password. (string value)
+#metro_san_password = <None>
+
+# The remote metro device domain name. (string value)
+#metro_domain_name = <None>
+
+# The remote metro device request url. (string value)
+#metro_san_address = <None>
+
+# The remote metro device pool names. (string value)
+#metro_storage_pools = <None>
+
+# Connection protocol should be FC. (Default is FC.) (string value)
+#flashsystem_connection_protocol = FC
+
+# Allows vdisk to multi host mapping. (Default is True) (boolean value)
+#flashsystem_multihostmap_enabled = true
+
+# DEPRECATED: This option no longer has any affect. It is deprecated and will
+# be removed in the next release. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#flashsystem_multipath_enabled = false
+
+# Default iSCSI Port ID of FlashSystem. (Default port is 0.) (integer value)
+#flashsystem_iscsi_portid = 0
+
+# Specifies the path of the GPFS directory where Block Storage volume and
+# snapshot files are stored. (string value)
+#gpfs_mount_point_base = <None>
+
+# Specifies the path of the Image service repository in GPFS.  Leave undefined
+# if not storing images in GPFS. (string value)
+#gpfs_images_dir = <None>
+
+# Specifies the type of image copy to be used.  Set this when the Image service
+# repository also uses GPFS so that image files can be transferred efficiently
+# from the Image service to the Block Storage service. There are two valid
+# values: "copy" specifies that a full copy of the image is made;
+# "copy_on_write" specifies that copy-on-write optimization strategy is used
+# and unmodified blocks of the image file are shared efficiently. (string
+# value)
+# Possible values:
+# copy - <No description provided>
+# copy_on_write - <No description provided>
+# <None> - <No description provided>
+#gpfs_images_share_mode = <None>
+
+# Specifies an upper limit on the number of indirections required to reach a
+# specific block due to snapshots or clones.  A lengthy chain of copy-on-write
+# snapshots or clones can have a negative impact on performance, but improves
+# space utilization.  0 indicates unlimited clone depth. (integer value)
+#gpfs_max_clone_depth = 0
+
+# Specifies that volumes are created as sparse files which initially consume no
+# space. If set to False, the volume is created as a fully allocated file, in
+# which case, creation may take a significantly longer time. (boolean value)
+#gpfs_sparse_volumes = true
+
+# Specifies the storage pool that volumes are assigned to. By default, the
+# system storage pool is used. (string value)
+#gpfs_storage_pool = system
+
+# Comma-separated list of IP address or hostnames of GPFS nodes. (list value)
+#gpfs_hosts =
+
+# Username for GPFS nodes. (string value)
+#gpfs_user_login = root
+
+# Password for GPFS node user. (string value)
+#gpfs_user_password =
+
+# Filename of private key to use for SSH authentication. (string value)
+#gpfs_private_key =
+
+# SSH port to use. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#gpfs_ssh_port = 22
+
+# File containing SSH host keys for the gpfs nodes with which driver needs to
+# communicate. Default=$state_path/ssh_known_hosts (string value)
+#gpfs_hosts_key_file = $state_path/ssh_known_hosts
+
+# Option to enable strict gpfs host key checking while connecting to gpfs
+# nodes. Default=False (boolean value)
+#gpfs_strict_host_key_policy = false
+
+# Mapping between IODevice address and unit address. (string value)
+#ds8k_devadd_unitadd_mapping =
+
+# Set the first two digits of SSID. (string value)
+#ds8k_ssid_prefix = FF
+
+# Reserve LSSs for consistency group. (string value)
+#lss_range_for_cg =
+
+# Set to zLinux if your OpenStack version is prior to Liberty and you're
+# connecting to zLinux systems. Otherwise set to auto. Valid values for this
+# parameter are: 'auto', 'AMDLinuxRHEL', 'AMDLinuxSuse', 'AppleOSX', 'Fujitsu',
+# 'Hp', 'HpTru64', 'HpVms', 'LinuxDT', 'LinuxRF', 'LinuxRHEL', 'LinuxSuse',
+# 'Novell', 'SGI', 'SVC', 'SanFsAIX', 'SanFsLinux', 'Sun', 'VMWare', 'Win2000',
+# 'Win2003', 'Win2008', 'Win2012', 'iLinux', 'nSeries', 'pLinux', 'pSeries',
+# 'pSeriesPowerswap', 'zLinux', 'iSeries'. (string value)
+#ds8k_host_type = auto
+
+# Proxy driver that connects to the IBM Storage Array (string value)
+#proxy = cinder.volume.drivers.ibm.ibm_storage.proxy.IBMStorageProxy
+
+# Connection type to the IBM Storage Array (string value)
+# Possible values:
+# fibre_channel - <No description provided>
+# iscsi - <No description provided>
+#connection_type = iscsi
+
+# CHAP authentication mode, effective only for iscsi (disabled|enabled) (string
+# value)
+# Possible values:
+# disabled - <No description provided>
+# enabled - <No description provided>
+#chap = disabled
+
+# List of Management IP addresses (separated by commas) (string value)
+#management_ips =
+
+# Comma separated list of storage system storage pools for volumes. (list
+# value)
+#storwize_svc_volpool_name = volpool
+
+# Storage system space-efficiency parameter for volumes (percentage) (integer
+# value)
+# Minimum value: -1
+# Maximum value: 100
+#storwize_svc_vol_rsize = 2
+
+# Storage system threshold for volume capacity warnings (percentage) (integer
+# value)
+# Minimum value: -1
+# Maximum value: 100
+#storwize_svc_vol_warning = 0
+
+# Storage system autoexpand parameter for volumes (True/False) (boolean value)
+#storwize_svc_vol_autoexpand = true
+
+# Storage system grain size parameter for volumes (32/64/128/256) (integer
+# value)
+#storwize_svc_vol_grainsize = 256
+
+# Storage system compression option for volumes (boolean value)
+#storwize_svc_vol_compression = false
+
+# Enable Easy Tier for volumes (boolean value)
+#storwize_svc_vol_easytier = true
+
+# The I/O group in which to allocate volumes. It can be a comma-separated list
+# in which case the driver will select an io_group based on least number of
+# volumes associated with the io_group. (string value)
+#storwize_svc_vol_iogrp = 0
+
+# Maximum number of seconds to wait for FlashCopy to be prepared. (integer
+# value)
+# Minimum value: 1
+# Maximum value: 600
+#storwize_svc_flashcopy_timeout = 120
+
+# DEPRECATED: This option no longer has any affect. It is deprecated and will
+# be removed in the next release. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#storwize_svc_multihostmap_enabled = true
+
+# Allow tenants to specify QOS on create (boolean value)
+#storwize_svc_allow_tenant_qos = false
+
+# If operating in stretched cluster mode, specify the name of the pool in which
+# mirrored copies are stored.Example: "pool2" (string value)
+#storwize_svc_stretched_cluster_partner = <None>
+
+# Specifies secondary management IP or hostname to be used if san_ip is invalid
+# or becomes inaccessible. (string value)
+#storwize_san_secondary_ip = <None>
+
+# Specifies that the volume not be formatted during creation. (boolean value)
+#storwize_svc_vol_nofmtdisk = false
+
+# Specifies the Storwize FlashCopy copy rate to be used when creating a full
+# volume copy. The default is rate is 50, and the valid rates are 1-150.
+# (integer value)
+# Minimum value: 1
+# Maximum value: 150
+#storwize_svc_flashcopy_rate = 50
+
+# Specifies the name of the pool in which mirrored copy is stored. Example:
+# "pool2" (string value)
+#storwize_svc_mirror_pool = <None>
+
+# Specifies the name of the peer pool for hyperswap volume, the peer pool must
+# exist on the other site. (string value)
+#storwize_peer_pool = <None>
+
+# Specifies the site information for host. One WWPN or multi WWPNs used in the
+# host can be specified. For example:
+# storwize_preferred_host_site=site1:wwpn1,site2:wwpn2&wwpn3 or
+# storwize_preferred_host_site=site1:iqn1,site2:iqn2 (dict value)
+#storwize_preferred_host_site =
+
+# This defines an optional cycle period that applies to Global Mirror
+# relationships with a cycling mode of multi. A Global Mirror relationship
+# using the multi cycling_mode performs a complete cycle at most once each
+# period. The default is 300 seconds, and the valid seconds are 60-86400.
+# (integer value)
+# Minimum value: 60
+# Maximum value: 86400
+#cycle_period_seconds = 300
+
+# Connect with multipath (FC only; iSCSI multipath is controlled by Nova)
+# (boolean value)
+#storwize_svc_multipath_enabled = false
+
+# Configure CHAP authentication for iSCSI connections (Default: Enabled)
+# (boolean value)
+#storwize_svc_iscsi_chap_enabled = true
+
+# Name of the pool from which volumes are allocated (string value)
+#infinidat_pool_name = <None>
+
+# Protocol for transferring data between host and storage back-end. (string
+# value)
+# Possible values:
+# iscsi - <No description provided>
+# fc - <No description provided>
+#infinidat_storage_protocol = fc
+
+# List of names of network spaces to use for iSCSI connectivity (list value)
+#infinidat_iscsi_netspaces =
+
+# Specifies whether to turn on compression for newly created volumes. (boolean
+# value)
+#infinidat_use_compression = false
+
+# K2 driver will calculate max_oversubscription_ratio on setting this option as
+# True. (boolean value)
+#auto_calc_max_oversubscription_ratio = false
+
+# Whether or not our private network has unique FQDN on each initiator or not.
+# For example networks with QA systems usually have multiple servers/VMs with
+# the same FQDN.  When true this will create host entries on K2 using the FQDN,
+# when false it will use the reversed IQN/WWNN. (boolean value)
+#unique_fqdn_network = true
+
+# Disabling iSCSI discovery (sendtargets) for multipath connections on K2
+# driver. (boolean value)
+#disable_discovery = false
+
+# Pool or Vdisk name to use for volume creation. (string value)
+#lenovo_backend_name = A
+
+# linear (for VDisk) or virtual (for Pool). (string value)
+# Possible values:
+# linear - <No description provided>
+# virtual - <No description provided>
+#lenovo_backend_type = virtual
+
+# Lenovo api interface protocol. (string value)
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
+#lenovo_api_protocol = https
+
+# Whether to verify Lenovo array SSL certificate. (boolean value)
+#lenovo_verify_certificate = false
+
+# Lenovo array SSL certificate path. (string value)
+#lenovo_verify_certificate_path = <None>
+
+# List of comma-separated target iSCSI IP addresses. (list value)
+#lenovo_iscsi_ips =
+
+# Name for the VG that will contain exported volumes (string value)
+#volume_group = cinder-volumes
+
+# If >0, create LVs with multiple mirrors. Note that this requires lvm_mirrors
+# + 2 PVs with available space (integer value)
+#lvm_mirrors = 0
+
+# Type of LVM volumes to deploy; (default, thin, or auto). Auto defaults to
+# thin if thin is supported. (string value)
+# Possible values:
+# default - <No description provided>
+# thin - <No description provided>
+# auto - <No description provided>
+#lvm_type = auto
+
+# LVM conf file to use for the LVM driver in Cinder; this setting is ignored if
+# the specified file does not exist (You can also specify 'None' to not use a
+# conf file even if one exists). (string value)
+#lvm_conf_file = /etc/cinder/lvm.conf
+
+# Suppress leaked file descriptor warnings in LVM commands. (boolean value)
+#lvm_suppress_fd_warnings = false
+
+# The storage family type used on the storage system; valid values are
+# ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.
+# (string value)
+# Possible values:
+# ontap_cluster - <No description provided>
+# eseries - <No description provided>
+#netapp_storage_family = ontap_cluster
+
+# The storage protocol to be used on the data path with the storage system.
+# (string value)
+# Possible values:
+# iscsi - <No description provided>
+# fc - <No description provided>
+# nfs - <No description provided>
+#netapp_storage_protocol = <None>
+
+# The hostname (or IP address) for the storage system or proxy server. (string
+# value)
+#netapp_server_hostname = <None>
+
+# The TCP port to use for communication with the storage system or proxy
+# server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for
+# HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS. (integer value)
+#netapp_server_port = <None>
+
+# The transport protocol used when communicating with the storage system or
+# proxy server. (string value)
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
+#netapp_transport_type = http
+
+# Administrative user account name used to access the storage system or proxy
+# server. (string value)
+#netapp_login = <None>
+
+# Password for the administrative user account specified in the netapp_login
+# option. (string value)
+#netapp_password = <None>
+
+# This option specifies the virtual storage server (Vserver) name on the
+# storage cluster on which provisioning of block storage volumes should occur.
+# (string value)
+#netapp_vserver = <None>
+
+# The quantity to be multiplied by the requested volume size to ensure enough
+# space is available on the virtual storage server (Vserver) to fulfill the
+# volume creation request.  Note: this option is deprecated and will be removed
+# in favor of "reserved_percentage" in the Mitaka release. (floating point
+# value)
+#netapp_size_multiplier = 1.2
+
+# This option determines if storage space is reserved for LUN allocation. If
+# enabled, LUNs are thick provisioned. If space reservation is disabled,
+# storage space is allocated on demand. (string value)
+# Possible values:
+# enabled - <No description provided>
+# disabled - <No description provided>
+#netapp_lun_space_reservation = enabled
+
+# If the percentage of available space for an NFS share has dropped below the
+# value specified by this option, the NFS image cache will be cleaned. (integer
+# value)
+#thres_avl_size_perc_start = 20
+
+# When the percentage of available space on an NFS share has reached the
+# percentage specified by this option, the driver will stop clearing files from
+# the NFS image cache that have not been accessed in the last M minutes, where
+# M is the value of the expiry_thres_minutes configuration option. (integer
+# value)
+#thres_avl_size_perc_stop = 60
+
+# This option specifies the threshold for last access time for images in the
+# NFS image cache. When a cache cleaning cycle begins, images in the cache that
+# have not been accessed in the last M minutes, where M is the value of this
+# parameter, will be deleted from the cache to create free space on the NFS
+# share. (integer value)
+#expiry_thres_minutes = 720
+
+# This option is used to specify the path to the E-Series proxy application on
+# a proxy server. The value is combined with the value of the
+# netapp_transport_type, netapp_server_hostname, and netapp_server_port options
+# to create the URL used by the driver to connect to the proxy application.
+# (string value)
+#netapp_webservice_path = /devmgr/v2
+
+# This option is only utilized when the storage family is configured to
+# eseries. This option is used to restrict provisioning to the specified
+# controllers. Specify the value of this option to be a comma separated list of
+# controller hostnames or IP addresses to be used for provisioning. (string
+# value)
+#netapp_controller_ips = <None>
+
+# Password for the NetApp E-Series storage array. (string value)
+#netapp_sa_password = <None>
+
+# This option specifies whether the driver should allow operations that require
+# multiple attachments to a volume. An example would be live migration of
+# servers that have volumes attached. When enabled, this backend is limited to
+# 256 total volumes in order to guarantee volumes can be accessed by more than
+# one host. (boolean value)
+#netapp_enable_multiattach = false
+
+# This option specifies the path of the NetApp copy offload tool binary. Ensure
+# that the binary has execute permissions set which allow the effective user of
+# the cinder-volume process to execute the file. (string value)
+#netapp_copyoffload_tool_path = <None>
+
+# This option defines the type of operating system that will access a LUN
+# exported from Data ONTAP; it is assigned to the LUN at the time it is
+# created. (string value)
+#netapp_lun_ostype = <None>
+
+# This option defines the type of operating system for all initiators that can
+# access a LUN. This information is used when mapping LUNs to individual hosts
+# or groups of hosts. (string value)
+#netapp_host_type = <None>
+
+# This option is used to restrict provisioning to the specified pools. Specify
+# the value of this option to be a regular expression which will be applied to
+# the names of objects from the storage backend which represent pools in
+# Cinder. This option is only utilized when the storage protocol is configured
+# to use iSCSI or FC. (string value)
+# Deprecated group/name - [backend_defaults]/netapp_volume_list
+# Deprecated group/name - [backend_defaults]/netapp_storage_pools
+#netapp_pool_name_search_pattern = (.+)
+
+# Multi opt of dictionaries to represent the aggregate mapping between source
+# and destination back ends when using whole back end replication. For every
+# source aggregate associated with a cinder pool (NetApp FlexVol), you would
+# need to specify the destination aggregate on the replication target device. A
+# replication target device is configured with the configuration option
+# replication_device. Specify this option as many times as you have replication
+# devices. Each entry takes the standard dict config form:
+# netapp_replication_aggregate_map =
+# backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,...
+# (dict value)
+#netapp_replication_aggregate_map = <None>
+
+# The maximum time in seconds to wait for existing SnapMirror transfers to
+# complete before aborting during a failover. (integer value)
+# Minimum value: 0
+#netapp_snapmirror_quiesce_timeout = 3600
+
+# IP address of Nexenta SA (string value)
+#nexenta_host =
+
+# HTTP(S) port to connect to Nexenta REST API server. If it is equal zero, 8443
+# for HTTPS and 8080 for HTTP is used (integer value)
+#nexenta_rest_port = 0
+
+# Use http or https for REST connection (default auto) (string value)
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
+# auto - <No description provided>
+#nexenta_rest_protocol = auto
+
+# Use secure HTTP for REST connection (default True) (boolean value)
+#nexenta_use_https = true
+
+# User name to connect to Nexenta SA (string value)
+#nexenta_user = admin
+
+# Password to connect to Nexenta SA (string value)
+#nexenta_password = nexenta
+
+# Nexenta target portal port (integer value)
+#nexenta_iscsi_target_portal_port = 3260
+
+# SA Pool that holds all volumes (string value)
+#nexenta_volume = cinder
+
+# IQN prefix for iSCSI targets (string value)
+#nexenta_target_prefix = iqn.1986-03.com.sun:02:cinder-
+
+# Prefix for iSCSI target groups on SA (string value)
+#nexenta_target_group_prefix = cinder/
+
+# Volume group for ns5 (string value)
+#nexenta_volume_group = iscsi
+
+# Compression value for new ZFS folders. (string value)
+# Possible values:
+# on - <No description provided>
+# off - <No description provided>
+# gzip - <No description provided>
+# gzip-1 - <No description provided>
+# gzip-2 - <No description provided>
+# gzip-3 - <No description provided>
+# gzip-4 - <No description provided>
+# gzip-5 - <No description provided>
+# gzip-6 - <No description provided>
+# gzip-7 - <No description provided>
+# gzip-8 - <No description provided>
+# gzip-9 - <No description provided>
+# lzjb - <No description provided>
+# zle - <No description provided>
+# lz4 - <No description provided>
+#nexenta_dataset_compression = on
+
+# Deduplication value for new ZFS folders. (string value)
+# Possible values:
+# on - <No description provided>
+# off - <No description provided>
+# sha256 - <No description provided>
+# verify - <No description provided>
+# sha256, verify - <No description provided>
+#nexenta_dataset_dedup = off
+
+# Human-readable description for the folder. (string value)
+#nexenta_dataset_description =
+
+# Block size for datasets (integer value)
+#nexenta_blocksize = 4096
+
+# Block size for datasets (integer value)
+#nexenta_ns5_blocksize = 32
+
+# Enables or disables the creation of sparse datasets (boolean value)
+#nexenta_sparse = false
+
+# File with the list of available nfs shares (string value)
+#nexenta_shares_config = /etc/cinder/nfs_shares
+
+# Base directory that contains NFS share mount points (string value)
+#nexenta_mount_point_base = $state_path/mnt
+
+# Enables or disables the creation of volumes as sparsed files that take no
+# space. If disabled (False), volume is created as a regular file, which takes
+# a long time. (boolean value)
+#nexenta_sparsed_volumes = true
+
+# If set True cache NexentaStor appliance volroot option value. (boolean value)
+#nexenta_nms_cache_volroot = true
+
+# Enable stream compression, level 1..9. 1 - gives best speed; 9 - gives best
+# compression. (integer value)
+#nexenta_rrmgr_compression = 0
+
+# TCP Buffer size in KiloBytes. (integer value)
+#nexenta_rrmgr_tcp_buf_size = 4096
+
+# Number of TCP connections. (integer value)
+#nexenta_rrmgr_connections = 2
+
+# NexentaEdge logical path of directory to store symbolic links to NBDs (string
+# value)
+#nexenta_nbd_symlinks_dir = /dev/disk/by-path
+
+# IP address of NexentaEdge management REST API endpoint (string value)
+#nexenta_rest_address =
+
+# User name to connect to NexentaEdge (string value)
+#nexenta_rest_user = admin
+
+# Password to connect to NexentaEdge (string value)
+#nexenta_rest_password = nexenta
+
+# NexentaEdge logical path of bucket for LUNs (string value)
+#nexenta_lun_container =
+
+# NexentaEdge iSCSI service name (string value)
+#nexenta_iscsi_service =
+
+# NexentaEdge iSCSI Gateway client address for non-VIP service (string value)
+#nexenta_client_address =
+
+# NexentaEdge iSCSI LUN object chunk size (integer value)
+#nexenta_chunksize = 32768
+
+# File with the list of available NFS shares. (string value)
+#nfs_shares_config = /etc/cinder/nfs_shares
+
+# Create volumes as sparsed files which take no space. If set to False volume
+# is created as regular file. In such case volume creation takes a lot of time.
+# (boolean value)
+#nfs_sparsed_volumes = true
+
+# Create volumes as QCOW2 files rather than raw files. (boolean value)
+#nfs_qcow2_volumes = false
+
+# Base dir containing mount points for NFS shares. (string value)
+#nfs_mount_point_base = $state_path/mnt
+
+# Mount options passed to the NFS client. See section of the NFS man page for
+# details. (string value)
+#nfs_mount_options = <None>
+
+# The number of attempts to mount NFS shares before raising an error.  At least
+# one attempt will be made to mount an NFS share, regardless of the value
+# specified. (integer value)
+#nfs_mount_attempts = 3
+
+# Enable support for snapshots on the NFS driver. Platforms using libvirt
+# <1.2.7 will encounter issues with this feature. (boolean value)
+#nfs_snapshot_support = false
+
+# Nimble Controller pool name (string value)
+#nimble_pool_name = default
+
+# Nimble Subnet Label (string value)
+#nimble_subnet_label = *
+
+# Whether to verify Nimble SSL Certificate (boolean value)
+#nimble_verify_certificate = false
+
+# Path to Nimble Array SSL certificate (string value)
+#nimble_verify_cert_path = <None>
+
+# DPL pool uuid in which DPL volumes are stored. (string value)
+#dpl_pool =
+
+# DPL port number. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#dpl_port = 8357
+
+# REST API authorization token. (string value)
+#pure_api_token = <None>
+
+# Automatically determine an oversubscription ratio based on the current total
+# data reduction values. If used this calculated value will override the
+# max_over_subscription_ratio config option. (boolean value)
+#pure_automatic_max_oversubscription_ratio = true
+
+# Snapshot replication interval in seconds. (integer value)
+#pure_replica_interval_default = 3600
+
+# Retain all snapshots on target for this time (in seconds.) (integer value)
+#pure_replica_retention_short_term_default = 14400
+
+# Retain how many snapshots for each day. (integer value)
+#pure_replica_retention_long_term_per_day_default = 3
+
+# Retain snapshots per day on target for this time (in days.) (integer value)
+#pure_replica_retention_long_term_default = 7
+
+# When enabled, all Pure volumes, snapshots, and protection groups will be
+# eradicated at the time of deletion in Cinder. Data will NOT be recoverable
+# after a delete with this set to True! When disabled, volumes and snapshots
+# will go into pending eradication state and can be recovered. (boolean value)
+#pure_eradicate_on_delete = false
+
+# The URL to management QNAP Storage. Driver does not support IPv6 address in
+# URL. (uri value)
+#qnap_management_url = <None>
+
+# The pool name in the QNAP Storage (string value)
+#qnap_poolname = <None>
+
+# Communication protocol to access QNAP storage (string value)
+#qnap_storage_protocol = iscsi
+
+# Quobyte URL to the Quobyte volume using e.g. a DNS SRV record (preferred) or
+# a host list (alternatively) like quobyte://<DIR host1>, <DIR host2>/<volume
+# name> (string value)
+#quobyte_volume_url = <None>
+
+# Path to a Quobyte Client configuration file. (string value)
+#quobyte_client_cfg = <None>
+
+# Create volumes as sparse files which take no space. If set to False, volume
+# is created as regular file. (boolean value)
+#quobyte_sparsed_volumes = true
+
+# Create volumes as QCOW2 files rather than raw files. (boolean value)
+#quobyte_qcow2_volumes = true
+
+# Base dir containing the mount point for the Quobyte volume. (string value)
+#quobyte_mount_point_base = $state_path/mnt
+
+# Create a cache of volumes from merged snapshots to speed up creation of
+# multiple volumes from a single snapshot. (boolean value)
+#quobyte_volume_from_snapshot_cache = false
+
+# The name of ceph cluster (string value)
+#rbd_cluster_name = ceph
+
+# The RADOS pool where rbd volumes are stored (string value)
+#rbd_pool = rbd
+
+# The RADOS client name for accessing rbd volumes - only set when using cephx
+# authentication (string value)
+#rbd_user = <None>
+
+# Path to the ceph configuration file (string value)
+#rbd_ceph_conf =
+
+# Path to the ceph keyring file (string value)
+#rbd_keyring_conf =
+
+# Flatten volumes created from snapshots to remove dependency from volume to
+# snapshot (boolean value)
+#rbd_flatten_volume_from_snapshot = false
+
+# The libvirt uuid of the secret for the rbd_user volumes (string value)
+#rbd_secret_uuid = <None>
+
+# Maximum number of nested volume clones that are taken before a flatten
+# occurs. Set to 0 to disable cloning. (integer value)
+#rbd_max_clone_depth = 5
+
+# Volumes will be chunked into objects of this size (in megabytes). (integer
+# value)
+#rbd_store_chunk_size = 4
+
+# Timeout value (in seconds) used when connecting to ceph cluster. If value <
+# 0, no timeout is set and default librados value is used. (integer value)
+#rados_connect_timeout = -1
+
+# Number of retries if connection to ceph cluster failed. (integer value)
+#rados_connection_retries = 3
+
+# Interval value (in seconds) between connection retries to ceph cluster.
+# (integer value)
+#rados_connection_interval = 5
+
+# Timeout value (in seconds) used when connecting to ceph cluster to do a
+# demotion/promotion of volumes. If value < 0, no timeout is set and default
+# librados value is used. (integer value)
+#replication_connect_timeout = 5
+
+# Set to True for driver to report total capacity as a dynamic value -used +
+# current free- and to False to report a static value -quota max bytes if
+# defined and global size of cluster if not. (boolean value)
+#report_dynamic_total_capacity = true
+
+# Set to True if the pool is used exclusively by Cinder. On exclusive use
+# driver won't query images' provisioned size as they will match the value
+# calculated by the Cinder core code for allocated_capacity_gb. This reduces
+# the load on the Ceph cluster as well as on the volume service. (boolean
+# value)
+#rbd_exclusive_cinder_pool = false
+
+# IP address or Hostname of NAS system. (string value)
+#nas_host =
+
+# User name to connect to NAS system. (string value)
+#nas_login = admin
+
+# Password to connect to NAS system. (string value)
+#nas_password =
+
+# SSH port to use to connect to NAS system. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#nas_ssh_port = 22
+
+# Filename of private key to use for SSH authentication. (string value)
+#nas_private_key =
+
+# Allow network-attached storage systems to operate in a secure environment
+# where root level access is not permitted. If set to False, access is as the
+# root user and insecure. If set to True, access is not as root. If set to
+# auto, a check is done to determine if this is a new installation: True is
+# used if so, otherwise False. Default is auto. (string value)
+#nas_secure_file_operations = auto
+
+# Set more secure file permissions on network-attached storage volume files to
+# restrict broad other/world access. If set to False, volumes are created with
+# open permissions. If set to True, volumes are created with permissions for
+# the cinder user and group (660). If set to auto, a check is done to determine
+# if this is a new installation: True is used if so, otherwise False. Default
+# is auto. (string value)
+#nas_secure_file_permissions = auto
+
+# Path to the share to use for storing Cinder volumes. For example:
+# "/srv/export1" for an NFS server export available at 10.0.5.10:/srv/export1 .
+# (string value)
+#nas_share_path =
+
+# Options used to mount the storage backend file system where Cinder volumes
+# are stored. (string value)
+#nas_mount_options = <None>
+
+# Provisioning type that will be used when creating volumes. (string value)
+# Possible values:
+# thin - <No description provided>
+# thick - <No description provided>
+#nas_volume_prov_type = thin
+
+# Pool or Vdisk name to use for volume creation. (string value)
+#hpmsa_backend_name = A
+
+# linear (for Vdisk) or virtual (for Pool). (string value)
+# Possible values:
+# linear - <No description provided>
+# virtual - <No description provided>
+#hpmsa_backend_type = virtual
+
+# HPMSA API interface protocol. (string value)
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
+#hpmsa_api_protocol = https
+
+# Whether to verify HPMSA array SSL certificate. (boolean value)
+#hpmsa_verify_certificate = false
+
+# HPMSA array SSL certificate path. (string value)
+#hpmsa_verify_certificate_path = <None>
+
+# List of comma-separated target iSCSI IP addresses. (list value)
+#hpmsa_iscsi_ips =
+
+# Use thin provisioning for SAN volumes? (boolean value)
+#san_thin_provision = true
+
+# IP address of SAN controller (string value)
+#san_ip =
+
+# Username for SAN controller (string value)
+#san_login = admin
+
+# Password for SAN controller (string value)
+#san_password =
+
+# Filename of private key to use for SSH authentication (string value)
+#san_private_key =
+
+# Cluster name to use for creating volumes (string value)
+#san_clustername =
+
+# SSH port to use with SAN (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#san_ssh_port = 22
+
+# Port to use to access the SAN API (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#san_api_port = <None>
+
+# Execute commands locally instead of over SSH; use if the volume service is
+# running on the SAN device (boolean value)
+#san_is_local = false
+
+# SSH connection timeout in seconds (integer value)
+#ssh_conn_timeout = 30
+
+# Minimum ssh connections in the pool (integer value)
+#ssh_min_pool_conn = 1
+
+# Maximum ssh connections in the pool (integer value)
+#ssh_max_pool_conn = 5
+
+# IP address of sheep daemon. (string value)
+#sheepdog_store_address = 127.0.0.1
+
+# Port of sheep daemon. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#sheepdog_store_port = 7000
+
+# Set 512 byte emulation on volume creation;  (boolean value)
+#sf_emulate_512 = true
+
+# Allow tenants to specify QOS on create (boolean value)
+#sf_allow_tenant_qos = false
+
+# Create SolidFire accounts with this prefix. Any string can be used here, but
+# the string "hostname" is special and will create a prefix using the cinder
+# node hostname (previous default behavior).  The default is NO prefix. (string
+# value)
+#sf_account_prefix = <None>
+
+# Create SolidFire volumes with this prefix. Volume names are of the form
+# <sf_volume_prefix><cinder-volume-id>.  The default is to use a prefix of
+# 'UUID-'. (string value)
+#sf_volume_prefix = UUID-
+
+# Account name on the SolidFire Cluster to use as owner of template/cache
+# volumes (created if does not exist). (string value)
+#sf_template_account_name = openstack-vtemplate
+
+# DEPRECATED: This option is deprecated and will be removed in the next
+# OpenStack release.  Please use the general cinder image-caching feature
+# instead. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: The Cinder caching feature should be used rather than this driver
+# specific implementation.
+#sf_allow_template_caching = false
+
+# Overrides default cluster SVIP with the one specified. This is required or
+# deployments that have implemented the use of VLANs for iSCSI networks in
+# their cloud. (string value)
+#sf_svip = <None>
+
+# SolidFire API port. Useful if the device api is behind a proxy on a different
+# port. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#sf_api_port = 443
+
+# Utilize volume access groups on a per-tenant basis. (boolean value)
+#sf_enable_vag = false
+
+# Volume on Synology storage to be used for creating lun. (string value)
+#synology_pool_name =
+
+# Management port for Synology storage. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#synology_admin_port = 5000
+
+# Administrator of Synology storage. (string value)
+#synology_username = admin
+
+# Password of administrator for logging in Synology storage. (string value)
+#synology_password =
+
+# Do certificate validation or not if $driver_use_ssl is True (boolean value)
+#synology_ssl_verify = true
+
+# One time password of administrator for logging in Synology storage if OTP is
+# enabled. (string value)
+#synology_one_time_pass = <None>
+
+# Device id for skip one time password check for logging in Synology storage if
+# OTP is enabled. (string value)
+#synology_device_id = <None>
+
+# The hostname (or IP address) for the storage system (string value)
+#tintri_server_hostname = <None>
+
+# User name for the storage system (string value)
+#tintri_server_username = <None>
+
+# Password for the storage system (string value)
+#tintri_server_password = <None>
+
+# API version for the storage system (string value)
+#tintri_api_version = v310
+
+# Delete unused image snapshots older than mentioned days (integer value)
+#tintri_image_cache_expiry_days = 30
+
+# Path to image nfs shares file (string value)
+#tintri_image_shares_config = <None>
+
+# IP address for connecting to VMware vCenter server. (string value)
+#vmware_host_ip = <None>
+
+# Port number for connecting to VMware vCenter server. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vmware_host_port = 443
+
+# Username for authenticating with VMware vCenter server. (string value)
+#vmware_host_username = <None>
+
+# Password for authenticating with VMware vCenter server. (string value)
+#vmware_host_password = <None>
+
+# Optional VIM service WSDL Location e.g http://<server>/vimService.wsdl.
+# Optional over-ride to default location for bug work-arounds. (string value)
+#vmware_wsdl_location = <None>
+
+# Number of times VMware vCenter server API must be retried upon connection
+# related issues. (integer value)
+#vmware_api_retry_count = 10
+
+# The interval (in seconds) for polling remote tasks invoked on VMware vCenter
+# server. (floating point value)
+#vmware_task_poll_interval = 2.0
+
+# Name of the vCenter inventory folder that will contain Cinder volumes. This
+# folder will be created under "OpenStack/<project_folder>", where
+# project_folder is of format "Project (<volume_project_id>)". (string value)
+#vmware_volume_folder = Volumes
+
+# Timeout in seconds for VMDK volume transfer between Cinder and Glance.
+# (integer value)
+#vmware_image_transfer_timeout_secs = 7200
+
+# Max number of objects to be retrieved per batch. Query results will be
+# obtained in batches from the server and not in one shot. Server may still
+# limit the count to something less than the configured value. (integer value)
+#vmware_max_objects_retrieval = 100
+
+# Optional string specifying the VMware vCenter server version. The driver
+# attempts to retrieve the version from VMware vCenter server. Set this
+# configuration only if you want to override the vCenter server version.
+# (string value)
+#vmware_host_version = <None>
+
+# Directory where virtual disks are stored during volume backup and restore.
+# (string value)
+#vmware_tmp_dir = /tmp
+
+# CA bundle file to use in verifying the vCenter server certificate. (string
+# value)
+#vmware_ca_file = <None>
+
+# If true, the vCenter server certificate is not verified. If false, then the
+# default CA truststore is used for verification. This option is ignored if
+# "vmware_ca_file" is set. (boolean value)
+#vmware_insecure = false
+
+# Name of a vCenter compute cluster where volumes should be created. (multi
+# valued)
+#vmware_cluster_name =
+
+# Maximum number of connections in http connection pool. (integer value)
+#vmware_connection_pool_size = 10
+
+# Default adapter type to be used for attaching volumes. (string value)
+# Possible values:
+# lsiLogic - <No description provided>
+# busLogic - <No description provided>
+# lsiLogicsas - <No description provided>
+# paraVirtual - <No description provided>
+# ide - <No description provided>
+#vmware_adapter_type = lsiLogic
+
+# Volume snapshot format in vCenter server. (string value)
+# Possible values:
+# template - <No description provided>
+# COW - <No description provided>
+#vmware_snapshot_format = template
+
+# If true, the backend volume in vCenter server is created lazily when the
+# volume is created without any source. The backend volume is created when the
+# volume is attached, uploaded to image service or during backup. (boolean
+# value)
+#vmware_lazy_create = true
+
+# Regular expression pattern to match the name of datastores where backend
+# volumes are created. (string value)
+#vmware_datastore_regex = <None>
+
+# File with the list of available vzstorage shares. (string value)
+#vzstorage_shares_config = /etc/cinder/vzstorage_shares
+
+# Create volumes as sparsed files which take no space rather than regular files
+# when using raw format, in which case volume creation takes lot of time.
+# (boolean value)
+#vzstorage_sparsed_volumes = true
+
+# Percent of ACTUAL usage of the underlying volume before no new volumes can be
+# allocated to the volume destination. (floating point value)
+#vzstorage_used_ratio = 0.95
+
+# Base dir containing mount points for vzstorage shares. (string value)
+#vzstorage_mount_point_base = $state_path/mnt
+
+# Mount options passed to the vzstorage client. See section of the pstorage-
+# mount man page for details. (list value)
+#vzstorage_mount_options = <None>
+
+# Default format that will be used when creating volumes if no volume format is
+# specified. (string value)
+#vzstorage_default_volume_format = raw
+
+# Path to store VHD backed volumes (string value)
+#windows_iscsi_lun_path = C:\iSCSIVirtualDisks
+
+# File with the list of available smbfs shares. (string value)
+#smbfs_shares_config = C:\OpenStack\smbfs_shares.txt
+
+# Default format that will be used when creating volumes if no volume format is
+# specified. (string value)
+# Possible values:
+# vhd - <No description provided>
+# vhdx - <No description provided>
+#smbfs_default_volume_format = vhd
+
+# Base dir containing mount points for smbfs shares. (string value)
+#smbfs_mount_point_base = C:\OpenStack\_mnt
+
+# Mappings between share locations and pool names. If not specified, the share
+# names will be used as pool names. Example:
+# //addr/share:pool_name,//addr/share2:pool_name2 (dict value)
+#smbfs_pool_mappings =
+
+# VPSA - Use ISER instead of iSCSI (boolean value)
+#zadara_use_iser = true
+
+# VPSA - Management Host name or IP address (string value)
+#zadara_vpsa_host = <None>
+
+# VPSA - Port number (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#zadara_vpsa_port = <None>
+
+# VPSA - Use SSL connection (boolean value)
+#zadara_vpsa_use_ssl = false
+
+# If set to True the http client will validate the SSL certificate of the VPSA
+# endpoint. (boolean value)
+#zadara_ssl_cert_verify = true
+
+# VPSA - Username (string value)
+#zadara_user = <None>
+
+# VPSA - Password (string value)
+#zadara_password = <None>
+
+# VPSA - Storage Pool assigned for volumes (string value)
+#zadara_vpsa_poolname = <None>
+
+# VPSA - Default encryption policy for volumes (boolean value)
+#zadara_vol_encrypt = false
+
+# VPSA - Default template for VPSA volume names (string value)
+#zadara_vol_name_template = OS_%s
+
+# VPSA - Attach snapshot policy for volumes (boolean value)
+#zadara_default_snap_policy = false
+
+# Storage pool name. (string value)
+#zfssa_pool = <None>
+
+# Project name. (string value)
+#zfssa_project = <None>
+
+# Block size. (string value)
+# Possible values:
+# 512 - <No description provided>
+# 1k - <No description provided>
+# 2k - <No description provided>
+# 4k - <No description provided>
+# 8k - <No description provided>
+# 16k - <No description provided>
+# 32k - <No description provided>
+# 64k - <No description provided>
+# 128k - <No description provided>
+#zfssa_lun_volblocksize = 8k
+
+# Flag to enable sparse (thin-provisioned): True, False. (boolean value)
+#zfssa_lun_sparse = false
+
+# Data compression. (string value)
+# Possible values:
+# off - <No description provided>
+# lzjb - <No description provided>
+# gzip-2 - <No description provided>
+# gzip - <No description provided>
+# gzip-9 - <No description provided>
+#zfssa_lun_compression = off
+
+# Synchronous write bias. (string value)
+# Possible values:
+# latency - <No description provided>
+# throughput - <No description provided>
+#zfssa_lun_logbias = latency
+
+# iSCSI initiator group. (string value)
+#zfssa_initiator_group =
+
+# iSCSI initiator IQNs. (comma separated) (string value)
+#zfssa_initiator =
+
+# iSCSI initiator CHAP user (name). (string value)
+#zfssa_initiator_user =
+
+# Secret of the iSCSI initiator CHAP user. (string value)
+#zfssa_initiator_password =
+
+# iSCSI initiators configuration. (string value)
+#zfssa_initiator_config =
+
+# iSCSI target group name. (string value)
+#zfssa_target_group = tgt-grp
+
+# iSCSI target CHAP user (name). (string value)
+#zfssa_target_user =
+
+# Secret of the iSCSI target CHAP user. (string value)
+#zfssa_target_password =
+
+# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string value)
+#zfssa_target_portal = <None>
+
+# Network interfaces of iSCSI targets. (comma separated) (string value)
+#zfssa_target_interfaces = <None>
+
+# REST connection timeout. (seconds) (integer value)
+#zfssa_rest_timeout = <None>
+
+# IP address used for replication data. (maybe the same as data ip) (string
+# value)
+#zfssa_replication_ip =
+
+# Flag to enable local caching: True, False. (boolean value)
+#zfssa_enable_local_cache = true
+
+# Name of ZFSSA project where cache volumes are stored. (string value)
+#zfssa_cache_project = os-cinder-cache
+
+# Driver policy for volume manage. (string value)
+# Possible values:
+# loose - <No description provided>
+# strict - <No description provided>
+#zfssa_manage_policy = loose
+
+# Data path IP address (string value)
+#zfssa_data_ip = <None>
+
+# HTTPS port number (string value)
+#zfssa_https_port = 443
+
+# Options to be passed while mounting share over nfs (string value)
+#zfssa_nfs_mount_options =
+
+# Storage pool name. (string value)
+#zfssa_nfs_pool =
+
+# Project name. (string value)
+#zfssa_nfs_project = NFSProject
+
+# Share name. (string value)
+#zfssa_nfs_share = nfs_share
+
+# Data compression. (string value)
+# Possible values:
+# off - <No description provided>
+# lzjb - <No description provided>
+# gzip-2 - <No description provided>
+# gzip - <No description provided>
+# gzip-9 - <No description provided>
+#zfssa_nfs_share_compression = off
+
+# Synchronous write bias-latency, throughput. (string value)
+# Possible values:
+# latency - <No description provided>
+# throughput - <No description provided>
+#zfssa_nfs_share_logbias = latency
+
+# Name of directory inside zfssa_nfs_share where cache volumes are stored.
+# (string value)
+#zfssa_cache_directory = os-cinder-cache
+
+# Driver to use for volume creation (string value)
+#volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
+
+# User defined capabilities, a JSON formatted string specifying key/value
+# pairs. The key/value pairs can be used by the CapabilitiesFilter to select
+# between backends when requests specify volume types. For example, specifying
+# a service level or the geographical location of a backend, then creating a
+# volume type to allow the user to select by these different properties.
+# (string value)
+#extra_capabilities = {}
+
+# Suppress requests library SSL certificate warnings. (boolean value)
+#suppress_requests_ssl_warnings = false
+
+# Size of the native threads pool for the backend.  Increase for backends that
+# heavily rely on this, like the RBD driver. (integer value)
+# Minimum value: 20
+#backend_native_threads_pool_size = 20
+
+
+[coordination]
+
+#
+# From cinder
+#
+
+# The backend URL to use for distributed coordination. (string value)
+#backend_url = file://$state_path
+
+
+[fc-zone-manager]
+
+#
+# From cinder
+#
+
+# South bound connector for zoning operation (string value)
+#brcd_sb_connector = HTTP
+
+# Southbound connector for zoning operation (string value)
+#cisco_sb_connector = cinder.zonemanager.drivers.cisco.cisco_fc_zone_client_cli.CiscoFCZoneClientCLI
+
+# FC Zone Driver responsible for zone management (string value)
+#zone_driver = cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver
+
+# Zoning policy configured by user; valid values include "initiator-target" or
+# "initiator" (string value)
+#zoning_policy = initiator-target
+
+# Comma separated list of Fibre Channel fabric names. This list of names is
+# used to retrieve other SAN credentials for connecting to each SAN fabric
+# (string value)
+#fc_fabric_names = <None>
+
+# FC SAN Lookup Service (string value)
+#fc_san_lookup_service = cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService
+
+# Set this to True when you want to allow an unsupported zone manager driver to
+# start.  Drivers that haven't maintained a working CI system and testing are
+# marked as unsupported until CI is working again.  This also marks a driver as
+# deprecated and may be removed in the next release. (boolean value)
+#enable_unsupported_driver = false
+
+
+[nova]
+
+#
+# From cinder
+#
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#interface = public
+
+# The authentication URL for the nova connection when using the current users
+# token (string value)
+#token_auth_url = <None>
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+
+[service_user]
+
+#
+# From cinder
+#
+
+#
+# When True, if sending a user token to an REST API, also send a service token.
+#  (boolean value)
+#send_service_user_token = false
+[barbican]
+#
+# From castellan.config
+#
+
+# Use this endpoint to connect to Barbican, for example:
+# "http://localhost:9311/" (string value)
+#barbican_endpoint = <None>
+
+# Version of the Barbican API, for example: "v1" (string value)
+#barbican_api_version = <None>
+
+# Use this endpoint to connect to Keystone (string value)
+# Deprecated group/name - [key_manager]/auth_url
+#auth_endpoint = http://localhost/identity/v3
+auth_endpoint = http://10.167.4.35:35357/v3
+
+# Number of seconds to wait before retrying poll for key creation completion
+# (integer value)
+#retry_delay = 1
+
+# Number of times to retry poll for key creation completion (integer value)
+#number_of_retries = 60
+
+# Specifies if insecure TLS (https) requests. If False, the server's
+# certificate will not be validated (boolean value)
+#verify_ssl = true
+
+# Specifies the type of endpoint.  Allowed values are: public, internal, and
+# admin (string value)
+# Possible values:
+# public - <No description provided>
+# internal - <No description provided>
+# admin - <No description provided>
+#barbican_endpoint_type = public
+barbican_endpoint_type = internal
+
+
+[key_manager]
+#
+# From castellan.config
+#
+
+# Specify the key manager implementation. Options are "barbican" and "vault".
+# Default is  "barbican". Will support the  values earlier set using
+# [key_manager]/api_class for some time. (string value)
+# Deprecated group/name - [key_manager]/api_class
+#backend = barbican
+backend = barbican
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internalURL
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = cinder
+
+[keystone_authtoken]
+
+#
+# From keystonemiddleware.auth_token
+#
+
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
+# Deprecated group/name - [keystone_authtoken]/auth_uri
+#www_authenticate_uri = <None>
+www_authenticate_uri = http://10.167.4.35:5000
+
+# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
+# be an "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. This option
+# is deprecated in favor of www_authenticate_uri and will be removed in the S
+# release. (string value)
+# This option is deprecated for removal since Queens.
+# Its value may be silently ignored in the future.
+# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
+# and will be removed in the S  release.
+#auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision = false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout = <None>
+
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
+#http_request_max_retries = 3
+
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
+#cache = <None>
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#signing_dir = <None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
+#memcached_servers = <None>
+memcached_servers=10.167.4.36:11211,10.167.4.37:11211,10.167.4.38:11211
+
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set
+# to -1 to disable caching completely. (integer value)
+#token_cache_time = 300
+
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in
+# the Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#revocation_cache_time = 10
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry = 300
+
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
+#enforce_token_bind = permissive
+
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#check_revocations_for_cached = false
+
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#hash_algorithms = md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
+#service_token_roles = service
+
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
+#service_token_roles_required = false
+
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internalURL
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = cinder
+
+[profiler]
+
+[oslo_concurrency]
 
 [database]
-connection = sqlite:////var/lib/cinder/cinder.sqlite
+#
+# From oslo.db
+#
+
+# If True, SQLite uses synchronous mode. (boolean value)
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+#connection = <None>
+connection = mysql+pymysql://cinder:opnfv_secret@10.167.4.23/cinder?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# If True, transparently enables support for handling MySQL Cluster
+# (NDB). (boolean value)
+#mysql_enable_ndb = false
+
+# Connections which have been present in the connection pool longer
+# than this number of seconds will be replaced with a new one the next
+# time they are checked out from the pool. (integer value)
+# Deprecated group/name - [DATABASE]/idle_timeout
+# Deprecated group/name - [database]/idle_timeout
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#connection_recycle_time = 3600
+# (obryndzii) we change default connection_recycle_time to 280 in order to fix numerous
+# DBConnection errors in services until we implement this setting in reclass-system
+connection_recycle_time = 300
+
+# Minimum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a
+# value of 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+max_pool_size = 10
+
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+max_overflow = 30
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
+#db_max_retries = 20
+
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
+[oslo_messaging_notifications]
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+driver=messagingv2
+
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+# The maximum number of attempts to re-send a notification message
+# which failed to be delivered due to a recoverable error. 0 - No
+# retry, -1 - indefinite (integer value)
+#retry = -1
+[oslo_messaging_rabbit]
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete = false
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+
+# How long to wait before reconnecting in response to an AMQP consumer
+# cancel notification. (floating point value)
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may not be available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client before abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Possible values:
+# round-robin - <No description provided>
+# shuffle - <No description provided>
+#kombu_failover_strategy = round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used.
+# (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host = localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port = 5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid = guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Possible values:
+# PLAIN - <No description provided>
+# AMQPLAIN - <No description provided>
+# RABBIT-CR-DEMO - <No description provided>
+#rabbit_login_method = AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ.
+# (integer value)
+#rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default
+# is 0 (infinite retry count). (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+
+# NOTE(dmescheryakov) hardcoding to >0 by default
+# Having no prefetch limit makes oslo.messaging consume all available
+# messages from the queue. That can lead to a situation when several
+# server processes hog all the messages leaving others out of business.
+# That leads to artificial high message processing latency and at the
+# extrime to MessagingTimeout errors.
+rabbit_qos_prefetch_count = 64
+
+# Number of seconds after which the Rabbit broker is considered down
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 3
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Connection factory implementation (string value)
+# Possible values:
+# new - <No description provided>
+# single - <No description provided>
+# read_write - <No description provided>
+#connection_factory = single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
+#default_serializer_type = json
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more than one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+[oslo_middleware]
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the
+# original request protocol scheme was, even if it was hidden by a SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+# Whether the application is behind a proxy or not. This determines if
+# the middleware should parse the headers or not. (boolean value)
+enable_proxy_headers_parsing = True
+
+[oslo_policy]
+
+[oslo_reports]

2019-04-30 22:24:03,003 [salt.state       :1951][INFO    ][23736] Completed state [/etc/cinder/cinder.conf] at time 22:24:03.003234 duration_in_ms=339.421
2019-04-30 22:24:03,003 [salt.state       :1780][INFO    ][23736] Running state [/etc/cinder/api-paste.ini] at time 22:24:03.003820
2019-04-30 22:24:03,004 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/cinder/api-paste.ini]
2019-04-30 22:24:03,027 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/files/rocky/api-paste.ini.controller.Debian'
2019-04-30 22:24:03,065 [salt.state       :300 ][INFO    ][23736] {'mode': '0640'}
2019-04-30 22:24:03,065 [salt.state       :1951][INFO    ][23736] Completed state [/etc/cinder/api-paste.ini] at time 22:24:03.065571 duration_in_ms=61.751
2019-04-30 22:24:03,066 [salt.state       :1780][INFO    ][23736] Running state [cinder-manage db sync; sleep 5;] at time 22:24:03.066549
2019-04-30 22:24:03,066 [salt.state       :1813][INFO    ][23736] Executing state cmd.run for [cinder-manage db sync; sleep 5;]
2019-04-30 22:24:03,067 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command '/bin/false' in directory '/root'
2019-04-30 22:24:03,076 [salt.state       :300 ][INFO    ][23736] onlyif execution failed
2019-04-30 22:24:03,076 [salt.state       :1951][INFO    ][23736] Completed state [cinder-manage db sync; sleep 5;] at time 22:24:03.076722 duration_in_ms=10.173
2019-04-30 22:24:03,077 [salt.state       :1780][INFO    ][23736] Running state [/etc/default/cinder-scheduler] at time 22:24:03.077478
2019-04-30 22:24:03,077 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/default/cinder-scheduler]
2019-04-30 22:24:03,098 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/files/default'
2019-04-30 22:24:03,106 [salt.state       :300 ][INFO    ][23736] File changed:
New file
2019-04-30 22:24:03,106 [salt.state       :1951][INFO    ][23736] Completed state [/etc/default/cinder-scheduler] at time 22:24:03.106314 duration_in_ms=28.836
2019-04-30 22:24:03,106 [salt.state       :1780][INFO    ][23736] Running state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 22:24:03.106787
2019-04-30 22:24:03,106 [salt.state       :1813][INFO    ][23736] Executing state file.managed for [/etc/apache2/conf-available/cinder-wsgi.conf]
2019-04-30 22:24:03,121 [salt.fileclient  :1219][INFO    ][23736] Fetching file from saltenv 'base', ** done ** 'cinder/files/rocky/cinder-wsgi.conf'
2019-04-30 22:24:03,160 [salt.state       :300 ][INFO    ][23736] File changed:
New file
2019-04-30 22:24:03,160 [salt.state       :1951][INFO    ][23736] Completed state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 22:24:03.160559 duration_in_ms=53.772
2019-04-30 22:24:03,161 [salt.state       :1780][INFO    ][23736] Running state [cinder-wsgi] at time 22:24:03.161690
2019-04-30 22:24:03,161 [salt.state       :1813][INFO    ][23736] Executing state apache_conf.enabled for [cinder-wsgi]
2019-04-30 22:24:03,162 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['a2enconf', 'cinder-wsgi'] in directory '/root'
2019-04-30 22:24:03,199 [salt.state       :300 ][INFO    ][23736] {'new': 'cinder-wsgi', 'old': None}
2019-04-30 22:24:03,199 [salt.state       :1951][INFO    ][23736] Completed state [cinder-wsgi] at time 22:24:03.199716 duration_in_ms=38.026
2019-04-30 22:24:03,201 [salt.state       :1780][INFO    ][23736] Running state [cinder-api] at time 22:24:03.201303
2019-04-30 22:24:03,201 [salt.state       :1813][INFO    ][23736] Executing state service.dead for [cinder-api]
2019-04-30 22:24:03,202 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'status', 'cinder-api.service', '-n', '0'] in directory '/root'
2019-04-30 22:24:03,213 [salt.state       :300 ][INFO    ][23736] The named service cinder-api is not available
2019-04-30 22:24:03,213 [salt.state       :1951][INFO    ][23736] Completed state [cinder-api] at time 22:24:03.213652 duration_in_ms=12.349
2019-04-30 22:24:03,215 [salt.state       :1780][INFO    ][23736] Running state [apache2] at time 22:24:03.215831
2019-04-30 22:24:03,216 [salt.state       :1813][INFO    ][23736] Executing state service.running for [apache2]
2019-04-30 22:24:03,216 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:24:03,256 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:24:03,273 [salt.state       :300 ][INFO    ][23736] The service apache2 is already running
2019-04-30 22:24:03,273 [salt.state       :1951][INFO    ][23736] Completed state [apache2] at time 22:24:03.273339 duration_in_ms=57.508
2019-04-30 22:24:03,273 [salt.state       :1780][INFO    ][23736] Running state [apache2] at time 22:24:03.273545
2019-04-30 22:24:03,273 [salt.state       :1813][INFO    ][23736] Executing state service.mod_watch for [apache2]
2019-04-30 22:24:03,278 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:24:03,289 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service'] in directory '/root'
2019-04-30 22:24:05,495 [salt.state       :300 ][INFO    ][23736] {'apache2': True}
2019-04-30 22:24:05,496 [salt.state       :1951][INFO    ][23736] Completed state [apache2] at time 22:24:05.496248 duration_in_ms=2222.703
2019-04-30 22:24:05,498 [salt.state       :1780][INFO    ][23736] Running state [cinder-scheduler] at time 22:24:05.497996
2019-04-30 22:24:05,498 [salt.state       :1813][INFO    ][23736] Executing state service.running for [cinder-scheduler]
2019-04-30 22:24:05,499 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'status', 'cinder-scheduler.service', '-n', '0'] in directory '/root'
2019-04-30 22:24:05,510 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:24:05,522 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-enabled', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:24:05,539 [salt.state       :300 ][INFO    ][23736] The service cinder-scheduler is already running
2019-04-30 22:24:05,540 [salt.state       :1951][INFO    ][23736] Completed state [cinder-scheduler] at time 22:24:05.540263 duration_in_ms=42.265
2019-04-30 22:24:05,540 [salt.state       :1780][INFO    ][23736] Running state [cinder-scheduler] at time 22:24:05.540593
2019-04-30 22:24:05,541 [salt.state       :1813][INFO    ][23736] Executing state service.mod_watch for [cinder-scheduler]
2019-04-30 22:24:05,541 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:24:05,553 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:24:06,651 [salt.state       :300 ][INFO    ][23736] {'cinder-scheduler': True}
2019-04-30 22:24:06,651 [salt.state       :1951][INFO    ][23736] Completed state [cinder-scheduler] at time 22:24:06.651516 duration_in_ms=1110.922
2019-04-30 22:24:06,681 [salt.state       :1780][INFO    ][23736] Running state [lvm-driver] at time 22:24:06.681676
2019-04-30 22:24:06,682 [salt.state       :1813][INFO    ][23736] Executing state cinderv3.volume_type_present for [lvm-driver]
2019-04-30 22:24:06,785 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command ['git', '--version'] in directory '/root'
2019-04-30 22:24:06,997 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command '/bin/false' in directory '/root'
2019-04-30 22:24:07,008 [salt.state       :300 ][INFO    ][23736] onlyif execution failed
2019-04-30 22:24:07,009 [salt.state       :1951][INFO    ][23736] Completed state [lvm-driver] at time 22:24:07.009139 duration_in_ms=327.464
2019-04-30 22:24:07,010 [salt.state       :1780][INFO    ][23736] Running state [lvm-driver] at time 22:24:07.010321
2019-04-30 22:24:07,010 [salt.state       :1813][INFO    ][23736] Executing state cinderv3.volume_type_key_present for [lvm-driver]
2019-04-30 22:24:07,014 [salt.loaded.int.module.cmdmod:395 ][INFO    ][23736] Executing command '/bin/false' in directory '/root'
2019-04-30 22:24:07,031 [salt.state       :300 ][INFO    ][23736] onlyif execution failed
2019-04-30 22:24:07,031 [salt.state       :1951][INFO    ][23736] Completed state [lvm-driver] at time 22:24:07.031279 duration_in_ms=20.958
2019-04-30 22:24:07,034 [salt.minion      :1711][INFO    ][23736] Returning information for job: 20190430222345767621
2019-04-30 22:24:07,805 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430222407792286
2019-04-30 22:24:07,814 [salt.minion      :1432][INFO    ][25220] Starting a new job with PID 25220
2019-04-30 22:24:11,728 [salt.state       :915 ][INFO    ][25220] Loading fresh modules for state activity
2019-04-30 22:24:13,589 [salt.state       :1780][INFO    ][25220] Running state [apache2] at time 22:24:13.588998
2019-04-30 22:24:13,589 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [apache2]
2019-04-30 22:24:13,589 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:24:13,873 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:13,873 [salt.state       :1951][INFO    ][25220] Completed state [apache2] at time 22:24:13.873615 duration_in_ms=284.616
2019-04-30 22:24:13,873 [salt.state       :1780][INFO    ][25220] Running state [openssl] at time 22:24:13.873886
2019-04-30 22:24:13,874 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [openssl]
2019-04-30 22:24:13,878 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:13,879 [salt.state       :1951][INFO    ][25220] Completed state [openssl] at time 22:24:13.879031 duration_in_ms=5.144
2019-04-30 22:24:13,879 [salt.state       :1780][INFO    ][25220] Running state [a2enmod ssl] at time 22:24:13.879509
2019-04-30 22:24:13,879 [salt.state       :1813][INFO    ][25220] Executing state cmd.run for [a2enmod ssl]
2019-04-30 22:24:13,879 [salt.state       :300 ][INFO    ][25220] /etc/apache2/mods-enabled/ssl.load exists
2019-04-30 22:24:13,880 [salt.state       :1951][INFO    ][25220] Completed state [a2enmod ssl] at time 22:24:13.880077 duration_in_ms=0.567
2019-04-30 22:24:13,880 [salt.state       :1780][INFO    ][25220] Running state [a2enmod rewrite] at time 22:24:13.880404
2019-04-30 22:24:13,880 [salt.state       :1813][INFO    ][25220] Executing state cmd.run for [a2enmod rewrite]
2019-04-30 22:24:13,880 [salt.state       :300 ][INFO    ][25220] /etc/apache2/mods-enabled/rewrite.load exists
2019-04-30 22:24:13,880 [salt.state       :1951][INFO    ][25220] Completed state [a2enmod rewrite] at time 22:24:13.880951 duration_in_ms=0.547
2019-04-30 22:24:13,881 [salt.state       :1780][INFO    ][25220] Running state [libapache2-mod-wsgi] at time 22:24:13.881262
2019-04-30 22:24:13,881 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [libapache2-mod-wsgi]
2019-04-30 22:24:13,886 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:13,886 [salt.state       :1951][INFO    ][25220] Completed state [libapache2-mod-wsgi] at time 22:24:13.886295 duration_in_ms=5.032
2019-04-30 22:24:13,886 [salt.state       :1780][INFO    ][25220] Running state [a2enmod wsgi] at time 22:24:13.886616
2019-04-30 22:24:13,886 [salt.state       :1813][INFO    ][25220] Executing state cmd.run for [a2enmod wsgi]
2019-04-30 22:24:13,887 [salt.state       :300 ][INFO    ][25220] /etc/apache2/mods-enabled/wsgi.load exists
2019-04-30 22:24:13,887 [salt.state       :1951][INFO    ][25220] Completed state [a2enmod wsgi] at time 22:24:13.887147 duration_in_ms=0.532
2019-04-30 22:24:13,887 [salt.state       :1780][INFO    ][25220] Running state [a2enmod status -q] at time 22:24:13.887457
2019-04-30 22:24:13,887 [salt.state       :1813][INFO    ][25220] Executing state cmd.run for [a2enmod status -q]
2019-04-30 22:24:13,887 [salt.state       :300 ][INFO    ][25220] /etc/apache2/mods-enabled/status.load exists
2019-04-30 22:24:13,888 [salt.state       :1951][INFO    ][25220] Completed state [a2enmod status -q] at time 22:24:13.887979 duration_in_ms=0.522
2019-04-30 22:24:13,891 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:24:13.891053
2019-04-30 22:24:13,891 [salt.state       :1813][INFO    ][25220] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.load]
2019-04-30 22:24:13,891 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2019-04-30 22:24:13,891 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:24:13.891618 duration_in_ms=0.566
2019-04-30 22:24:13,891 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:24:13.891787
2019-04-30 22:24:13,891 [salt.state       :1813][INFO    ][25220] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.conf]
2019-04-30 22:24:13,892 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2019-04-30 22:24:13,892 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:24:13.892280 duration_in_ms=0.492
2019-04-30 22:24:13,892 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:24:13.892430
2019-04-30 22:24:13,892 [salt.state       :1813][INFO    ][25220] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.load]
2019-04-30 22:24:13,892 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2019-04-30 22:24:13,892 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:24:13.892929 duration_in_ms=0.499
2019-04-30 22:24:13,893 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:24:13.893080
2019-04-30 22:24:13,893 [salt.state       :1813][INFO    ][25220] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.conf]
2019-04-30 22:24:13,893 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2019-04-30 22:24:13,893 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:24:13.893554 duration_in_ms=0.473
2019-04-30 22:24:13,895 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 22:24:13.895040
2019-04-30 22:24:13,895 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/mods-available/mpm_event.conf]
2019-04-30 22:24:13,939 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/mods-available/mpm_event.conf is in the correct state
2019-04-30 22:24:13,940 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 22:24:13.940121 duration_in_ms=45.08
2019-04-30 22:24:13,940 [salt.state       :1780][INFO    ][25220] Running state [a2enmod mpm_event] at time 22:24:13.940689
2019-04-30 22:24:13,940 [salt.state       :1813][INFO    ][25220] Executing state cmd.run for [a2enmod mpm_event]
2019-04-30 22:24:13,941 [salt.state       :300 ][INFO    ][25220] /etc/apache2/mods-enabled/mpm_event.load exists
2019-04-30 22:24:13,941 [salt.state       :1951][INFO    ][25220] Completed state [a2enmod mpm_event] at time 22:24:13.941233 duration_in_ms=0.543
2019-04-30 22:24:13,941 [salt.state       :1780][INFO    ][25220] Running state [apache_server_service_task] at time 22:24:13.941795
2019-04-30 22:24:13,942 [salt.state       :1813][INFO    ][25220] Executing state test.show_notification for [apache_server_service_task]
2019-04-30 22:24:13,942 [salt.state       :300 ][INFO    ][25220] Running apache.server.service
2019-04-30 22:24:13,942 [salt.state       :1951][INFO    ][25220] Completed state [apache_server_service_task] at time 22:24:13.942353 duration_in_ms=0.557
2019-04-30 22:24:13,942 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/ports.conf] at time 22:24:13.942681
2019-04-30 22:24:13,942 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/ports.conf]
2019-04-30 22:24:13,988 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/ports.conf is in the correct state
2019-04-30 22:24:13,989 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/ports.conf] at time 22:24:13.989247 duration_in_ms=46.566
2019-04-30 22:24:13,989 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/conf-available/security.conf] at time 22:24:13.989788
2019-04-30 22:24:13,990 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/conf-available/security.conf]
2019-04-30 22:24:14,032 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/conf-available/security.conf is in the correct state
2019-04-30 22:24:14,032 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/conf-available/security.conf] at time 22:24:14.032911 duration_in_ms=43.123
2019-04-30 22:24:14,040 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 22:24:14.039987
2019-04-30 22:24:14,040 [salt.state       :1813][INFO    ][25220] Executing state file.absent for [/etc/apache2/sites-enabled/000-default.conf]
2019-04-30 22:24:14,040 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/sites-enabled/000-default.conf is not present
2019-04-30 22:24:14,040 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 22:24:14.040935 duration_in_ms=0.948
2019-04-30 22:24:14,041 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:24:14.041409
2019-04-30 22:24:14,041 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:24:14,178 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/sites-available/wsgi_barbican_admin.conf is in the correct state
2019-04-30 22:24:14,178 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:24:14.178844 duration_in_ms=137.434
2019-04-30 22:24:14,179 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:24:14.179198
2019-04-30 22:24:14,179 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:24:14,311 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/sites-available/wsgi_barbican.conf is in the correct state
2019-04-30 22:24:14,311 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:24:14.311755 duration_in_ms=132.556
2019-04-30 22:24:14,312 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:24:14.312083
2019-04-30 22:24:14,312 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/sites-available/keystone_wsgi.conf]
2019-04-30 22:24:14,493 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/sites-available/keystone_wsgi.conf is in the correct state
2019-04-30 22:24:14,493 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:24:14.493549 duration_in_ms=181.465
2019-04-30 22:24:14,493 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:24:14.493920
2019-04-30 22:24:14,494 [salt.state       :1813][INFO    ][25220] Executing state file.symlink for [/etc/apache2/sites-enabled/keystone_wsgi.conf]
2019-04-30 22:24:14,495 [salt.state       :300 ][INFO    ][25220] Symlink /etc/apache2/sites-enabled/keystone_wsgi.conf is present and owned by root:root
2019-04-30 22:24:14,495 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:24:14.495470 duration_in_ms=1.551
2019-04-30 22:24:14,497 [salt.state       :1780][INFO    ][25220] Running state [apache2] at time 22:24:14.497598
2019-04-30 22:24:14,497 [salt.state       :1813][INFO    ][25220] Executing state service.running for [apache2]
2019-04-30 22:24:14,498 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:24:14,523 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:24:14,535 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:24:14,550 [salt.state       :300 ][INFO    ][25220] The service apache2 is already running
2019-04-30 22:24:14,551 [salt.state       :1951][INFO    ][25220] Completed state [apache2] at time 22:24:14.550968 duration_in_ms=53.37
2019-04-30 22:24:14,551 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/conf-enabled/security.conf] at time 22:24:14.551817
2019-04-30 22:24:14,552 [salt.state       :1813][INFO    ][25220] Executing state file.symlink for [/etc/apache2/conf-enabled/security.conf]
2019-04-30 22:24:14,553 [salt.state       :300 ][INFO    ][25220] Symlink /etc/apache2/conf-enabled/security.conf is present and owned by root:root
2019-04-30 22:24:14,553 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/conf-enabled/security.conf] at time 22:24:14.553784 duration_in_ms=1.966
2019-04-30 22:24:14,554 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:24:14.553992
2019-04-30 22:24:14,554 [salt.state       :1813][INFO    ][25220] Executing state file.absent for [/etc/apache2/sites-enabled/keystone_wsgi]
2019-04-30 22:24:14,554 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2019-04-30 22:24:14,554 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:24:14.554613 duration_in_ms=0.621
2019-04-30 22:24:14,556 [salt.state       :1780][INFO    ][25220] Running state [cinder-scheduler] at time 22:24:14.555950
2019-04-30 22:24:14,556 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [cinder-scheduler]
2019-04-30 22:24:14,562 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:14,562 [salt.state       :1951][INFO    ][25220] Completed state [cinder-scheduler] at time 22:24:14.562700 duration_in_ms=6.751
2019-04-30 22:24:14,562 [salt.state       :1780][INFO    ][25220] Running state [lvm2] at time 22:24:14.562855
2019-04-30 22:24:14,563 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [lvm2]
2019-04-30 22:24:14,570 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:14,570 [salt.state       :1951][INFO    ][25220] Completed state [lvm2] at time 22:24:14.570698 duration_in_ms=7.844
2019-04-30 22:24:14,570 [salt.state       :1780][INFO    ][25220] Running state [python-cinder] at time 22:24:14.570914
2019-04-30 22:24:14,571 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [python-cinder]
2019-04-30 22:24:14,576 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:14,576 [salt.state       :1951][INFO    ][25220] Completed state [python-cinder] at time 22:24:14.576237 duration_in_ms=5.322
2019-04-30 22:24:14,576 [salt.state       :1780][INFO    ][25220] Running state [gettext-base] at time 22:24:14.576412
2019-04-30 22:24:14,576 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [gettext-base]
2019-04-30 22:24:14,581 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:14,581 [salt.state       :1951][INFO    ][25220] Completed state [gettext-base] at time 22:24:14.581397 duration_in_ms=4.984
2019-04-30 22:24:14,581 [salt.state       :1780][INFO    ][25220] Running state [python-memcache] at time 22:24:14.581556
2019-04-30 22:24:14,581 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [python-memcache]
2019-04-30 22:24:14,586 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:14,586 [salt.state       :1951][INFO    ][25220] Completed state [python-memcache] at time 22:24:14.586804 duration_in_ms=5.247
2019-04-30 22:24:14,586 [salt.state       :1780][INFO    ][25220] Running state [python-pycadf] at time 22:24:14.586955
2019-04-30 22:24:14,587 [salt.state       :1813][INFO    ][25220] Executing state pkg.installed for [python-pycadf]
2019-04-30 22:24:14,591 [salt.state       :300 ][INFO    ][25220] All specified packages are already installed
2019-04-30 22:24:14,592 [salt.state       :1951][INFO    ][25220] Completed state [python-pycadf] at time 22:24:14.592099 duration_in_ms=5.144
2019-04-30 22:24:14,592 [salt.state       :1780][INFO    ][25220] Running state [cinder_controller_ssl_mysql] at time 22:24:14.592960
2019-04-30 22:24:14,593 [salt.state       :1813][INFO    ][25220] Executing state test.show_notification for [cinder_controller_ssl_mysql]
2019-04-30 22:24:14,593 [salt.state       :300 ][INFO    ][25220] Running cinder._ssl.controller_mysql
2019-04-30 22:24:14,593 [salt.state       :1951][INFO    ][25220] Completed state [cinder_controller_ssl_mysql] at time 22:24:14.593448 duration_in_ms=0.487
2019-04-30 22:24:14,593 [salt.state       :1780][INFO    ][25220] Running state [cinder_controller_ssl_rabbitmq] at time 22:24:14.593757
2019-04-30 22:24:14,593 [salt.state       :1813][INFO    ][25220] Executing state test.show_notification for [cinder_controller_ssl_rabbitmq]
2019-04-30 22:24:14,594 [salt.state       :300 ][INFO    ][25220] Running cinder._ssl.rabbitmq
2019-04-30 22:24:14,594 [salt.state       :1951][INFO    ][25220] Completed state [cinder_controller_ssl_rabbitmq] at time 22:24:14.594244 duration_in_ms=0.488
2019-04-30 22:24:14,594 [salt.state       :1780][INFO    ][25220] Running state [/etc/cinder/cinder.conf] at time 22:24:14.594714
2019-04-30 22:24:14,594 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/cinder/cinder.conf]
2019-04-30 22:24:14,838 [salt.state       :300 ][INFO    ][25220] File /etc/cinder/cinder.conf is in the correct state
2019-04-30 22:24:14,838 [salt.state       :1951][INFO    ][25220] Completed state [/etc/cinder/cinder.conf] at time 22:24:14.838851 duration_in_ms=244.136
2019-04-30 22:24:14,839 [salt.state       :1780][INFO    ][25220] Running state [/etc/cinder/api-paste.ini] at time 22:24:14.839500
2019-04-30 22:24:14,839 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/cinder/api-paste.ini]
2019-04-30 22:24:14,888 [salt.state       :300 ][INFO    ][25220] File /etc/cinder/api-paste.ini is in the correct state
2019-04-30 22:24:14,888 [salt.state       :1951][INFO    ][25220] Completed state [/etc/cinder/api-paste.ini] at time 22:24:14.888475 duration_in_ms=48.975
2019-04-30 22:24:14,889 [salt.state       :1780][INFO    ][25220] Running state [cinder-manage db sync; sleep 5;] at time 22:24:14.889046
2019-04-30 22:24:14,889 [salt.state       :1813][INFO    ][25220] Executing state cmd.run for [cinder-manage db sync; sleep 5;]
2019-04-30 22:24:14,889 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command '/bin/false' in directory '/root'
2019-04-30 22:24:14,901 [salt.state       :300 ][INFO    ][25220] onlyif execution failed
2019-04-30 22:24:14,901 [salt.state       :1951][INFO    ][25220] Completed state [cinder-manage db sync; sleep 5;] at time 22:24:14.901355 duration_in_ms=12.308
2019-04-30 22:24:14,902 [salt.state       :1780][INFO    ][25220] Running state [/etc/default/cinder-scheduler] at time 22:24:14.902064
2019-04-30 22:24:14,902 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/default/cinder-scheduler]
2019-04-30 22:24:14,918 [salt.state       :300 ][INFO    ][25220] File /etc/default/cinder-scheduler is in the correct state
2019-04-30 22:24:14,918 [salt.state       :1951][INFO    ][25220] Completed state [/etc/default/cinder-scheduler] at time 22:24:14.918905 duration_in_ms=16.841
2019-04-30 22:24:14,919 [salt.state       :1780][INFO    ][25220] Running state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 22:24:14.919260
2019-04-30 22:24:14,919 [salt.state       :1813][INFO    ][25220] Executing state file.managed for [/etc/apache2/conf-available/cinder-wsgi.conf]
2019-04-30 22:24:14,965 [salt.state       :300 ][INFO    ][25220] File /etc/apache2/conf-available/cinder-wsgi.conf is in the correct state
2019-04-30 22:24:14,965 [salt.state       :1951][INFO    ][25220] Completed state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 22:24:14.965435 duration_in_ms=46.175
2019-04-30 22:24:14,966 [salt.state       :1780][INFO    ][25220] Running state [cinder-wsgi] at time 22:24:14.966351
2019-04-30 22:24:14,966 [salt.state       :1813][INFO    ][25220] Executing state apache_conf.enabled for [cinder-wsgi]
2019-04-30 22:24:14,966 [salt.state       :300 ][INFO    ][25220] cinder-wsgi already enabled.
2019-04-30 22:24:14,966 [salt.state       :1951][INFO    ][25220] Completed state [cinder-wsgi] at time 22:24:14.966917 duration_in_ms=0.566
2019-04-30 22:24:14,967 [salt.state       :1780][INFO    ][25220] Running state [cinder-api] at time 22:24:14.967262
2019-04-30 22:24:14,967 [salt.state       :1813][INFO    ][25220] Executing state service.dead for [cinder-api]
2019-04-30 22:24:14,967 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'status', 'cinder-api.service', '-n', '0'] in directory '/root'
2019-04-30 22:24:14,979 [salt.state       :300 ][INFO    ][25220] The named service cinder-api is not available
2019-04-30 22:24:14,979 [salt.state       :1951][INFO    ][25220] Completed state [cinder-api] at time 22:24:14.979904 duration_in_ms=12.642
2019-04-30 22:24:14,981 [salt.state       :1780][INFO    ][25220] Running state [apache2] at time 22:24:14.981934
2019-04-30 22:24:14,982 [salt.state       :1813][INFO    ][25220] Executing state service.running for [apache2]
2019-04-30 22:24:14,982 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:24:14,992 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:24:15,006 [salt.state       :300 ][INFO    ][25220] The service apache2 is already running
2019-04-30 22:24:15,007 [salt.state       :1951][INFO    ][25220] Completed state [apache2] at time 22:24:15.007148 duration_in_ms=25.214
2019-04-30 22:24:15,008 [salt.state       :1780][INFO    ][25220] Running state [cinder-scheduler] at time 22:24:15.008902
2019-04-30 22:24:15,009 [salt.state       :1813][INFO    ][25220] Executing state service.running for [cinder-scheduler]
2019-04-30 22:24:15,009 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'status', 'cinder-scheduler.service', '-n', '0'] in directory '/root'
2019-04-30 22:24:15,023 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:24:15,035 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['systemctl', 'is-enabled', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:24:15,046 [salt.state       :300 ][INFO    ][25220] The service cinder-scheduler is already running
2019-04-30 22:24:15,047 [salt.state       :1951][INFO    ][25220] Completed state [cinder-scheduler] at time 22:24:15.047232 duration_in_ms=38.33
2019-04-30 22:24:15,049 [salt.state       :1780][INFO    ][25220] Running state [lvm-driver] at time 22:24:15.049695
2019-04-30 22:24:15,050 [salt.state       :1813][INFO    ][25220] Executing state cinderv3.volume_type_present for [lvm-driver]
2019-04-30 22:24:15,094 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command ['git', '--version'] in directory '/root'
2019-04-30 22:24:15,277 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command '/bin/false' in directory '/root'
2019-04-30 22:24:15,287 [salt.state       :300 ][INFO    ][25220] onlyif execution failed
2019-04-30 22:24:15,287 [salt.state       :1951][INFO    ][25220] Completed state [lvm-driver] at time 22:24:15.287426 duration_in_ms=237.73
2019-04-30 22:24:15,288 [salt.state       :1780][INFO    ][25220] Running state [lvm-driver] at time 22:24:15.288506
2019-04-30 22:24:15,288 [salt.state       :1813][INFO    ][25220] Executing state cinderv3.volume_type_key_present for [lvm-driver]
2019-04-30 22:24:15,292 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25220] Executing command '/bin/false' in directory '/root'
2019-04-30 22:24:15,300 [salt.state       :300 ][INFO    ][25220] onlyif execution failed
2019-04-30 22:24:15,300 [salt.state       :1951][INFO    ][25220] Completed state [lvm-driver] at time 22:24:15.300679 duration_in_ms=12.173
2019-04-30 22:24:15,303 [salt.minion      :1711][INFO    ][25220] Returning information for job: 20190430222407792286
2019-04-30 22:26:23,735 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430222623724024
2019-04-30 22:26:23,747 [salt.minion      :1432][INFO    ][25365] Starting a new job with PID 25365
2019-04-30 22:26:28,657 [salt.state       :915 ][INFO    ][25365] Loading fresh modules for state activity
2019-04-30 22:26:30,332 [salt.state       :1780][INFO    ][25365] Running state [apache2] at time 22:26:30.332697
2019-04-30 22:26:30,333 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [apache2]
2019-04-30 22:26:30,334 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:26:30,614 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:30,615 [salt.state       :1951][INFO    ][25365] Completed state [apache2] at time 22:26:30.614995 duration_in_ms=282.298
2019-04-30 22:26:30,615 [salt.state       :1780][INFO    ][25365] Running state [openssl] at time 22:26:30.615402
2019-04-30 22:26:30,615 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [openssl]
2019-04-30 22:26:30,620 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:30,621 [salt.state       :1951][INFO    ][25365] Completed state [openssl] at time 22:26:30.621216 duration_in_ms=5.814
2019-04-30 22:26:30,621 [salt.state       :1780][INFO    ][25365] Running state [a2enmod ssl] at time 22:26:30.621879
2019-04-30 22:26:30,622 [salt.state       :1813][INFO    ][25365] Executing state cmd.run for [a2enmod ssl]
2019-04-30 22:26:30,622 [salt.state       :300 ][INFO    ][25365] /etc/apache2/mods-enabled/ssl.load exists
2019-04-30 22:26:30,622 [salt.state       :1951][INFO    ][25365] Completed state [a2enmod ssl] at time 22:26:30.622907 duration_in_ms=1.028
2019-04-30 22:26:30,623 [salt.state       :1780][INFO    ][25365] Running state [a2enmod rewrite] at time 22:26:30.623404
2019-04-30 22:26:30,623 [salt.state       :1813][INFO    ][25365] Executing state cmd.run for [a2enmod rewrite]
2019-04-30 22:26:30,624 [salt.state       :300 ][INFO    ][25365] /etc/apache2/mods-enabled/rewrite.load exists
2019-04-30 22:26:30,624 [salt.state       :1951][INFO    ][25365] Completed state [a2enmod rewrite] at time 22:26:30.624373 duration_in_ms=0.969
2019-04-30 22:26:30,624 [salt.state       :1780][INFO    ][25365] Running state [libapache2-mod-wsgi] at time 22:26:30.624831
2019-04-30 22:26:30,625 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [libapache2-mod-wsgi]
2019-04-30 22:26:30,630 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:30,630 [salt.state       :1951][INFO    ][25365] Completed state [libapache2-mod-wsgi] at time 22:26:30.630423 duration_in_ms=5.593
2019-04-30 22:26:30,630 [salt.state       :1780][INFO    ][25365] Running state [a2enmod wsgi] at time 22:26:30.630885
2019-04-30 22:26:30,631 [salt.state       :1813][INFO    ][25365] Executing state cmd.run for [a2enmod wsgi]
2019-04-30 22:26:30,631 [salt.state       :300 ][INFO    ][25365] /etc/apache2/mods-enabled/wsgi.load exists
2019-04-30 22:26:30,631 [salt.state       :1951][INFO    ][25365] Completed state [a2enmod wsgi] at time 22:26:30.631845 duration_in_ms=0.96
2019-04-30 22:26:30,632 [salt.state       :1780][INFO    ][25365] Running state [a2enmod status -q] at time 22:26:30.632300
2019-04-30 22:26:30,632 [salt.state       :1813][INFO    ][25365] Executing state cmd.run for [a2enmod status -q]
2019-04-30 22:26:30,633 [salt.state       :300 ][INFO    ][25365] /etc/apache2/mods-enabled/status.load exists
2019-04-30 22:26:30,633 [salt.state       :1951][INFO    ][25365] Completed state [a2enmod status -q] at time 22:26:30.633291 duration_in_ms=0.991
2019-04-30 22:26:30,636 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:26:30.636379
2019-04-30 22:26:30,636 [salt.state       :1813][INFO    ][25365] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.load]
2019-04-30 22:26:30,637 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2019-04-30 22:26:30,637 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:26:30.637369 duration_in_ms=0.989
2019-04-30 22:26:30,637 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:26:30.637670
2019-04-30 22:26:30,638 [salt.state       :1813][INFO    ][25365] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.conf]
2019-04-30 22:26:30,638 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2019-04-30 22:26:30,638 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:26:30.638761 duration_in_ms=1.09
2019-04-30 22:26:30,639 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:26:30.639059
2019-04-30 22:26:30,639 [salt.state       :1813][INFO    ][25365] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.load]
2019-04-30 22:26:30,639 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2019-04-30 22:26:30,639 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:26:30.639966 duration_in_ms=0.907
2019-04-30 22:26:30,640 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:26:30.640302
2019-04-30 22:26:30,640 [salt.state       :1813][INFO    ][25365] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.conf]
2019-04-30 22:26:30,640 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2019-04-30 22:26:30,641 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:26:30.641220 duration_in_ms=0.919
2019-04-30 22:26:30,642 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 22:26:30.642765
2019-04-30 22:26:30,643 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/mods-available/mpm_event.conf]
2019-04-30 22:26:30,687 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/mods-available/mpm_event.conf is in the correct state
2019-04-30 22:26:30,687 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 22:26:30.687604 duration_in_ms=44.838
2019-04-30 22:26:30,688 [salt.state       :1780][INFO    ][25365] Running state [a2enmod mpm_event] at time 22:26:30.688306
2019-04-30 22:26:30,688 [salt.state       :1813][INFO    ][25365] Executing state cmd.run for [a2enmod mpm_event]
2019-04-30 22:26:30,689 [salt.state       :300 ][INFO    ][25365] /etc/apache2/mods-enabled/mpm_event.load exists
2019-04-30 22:26:30,689 [salt.state       :1951][INFO    ][25365] Completed state [a2enmod mpm_event] at time 22:26:30.689338 duration_in_ms=1.032
2019-04-30 22:26:30,690 [salt.state       :1780][INFO    ][25365] Running state [apache_server_service_task] at time 22:26:30.690015
2019-04-30 22:26:30,690 [salt.state       :1813][INFO    ][25365] Executing state test.show_notification for [apache_server_service_task]
2019-04-30 22:26:30,690 [salt.state       :300 ][INFO    ][25365] Running apache.server.service
2019-04-30 22:26:30,690 [salt.state       :1951][INFO    ][25365] Completed state [apache_server_service_task] at time 22:26:30.690933 duration_in_ms=0.919
2019-04-30 22:26:30,691 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/ports.conf] at time 22:26:30.691403
2019-04-30 22:26:30,691 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/ports.conf]
2019-04-30 22:26:30,731 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/ports.conf is in the correct state
2019-04-30 22:26:30,731 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/ports.conf] at time 22:26:30.731766 duration_in_ms=40.363
2019-04-30 22:26:30,732 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/conf-available/security.conf] at time 22:26:30.732232
2019-04-30 22:26:30,732 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/conf-available/security.conf]
2019-04-30 22:26:30,772 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/conf-available/security.conf is in the correct state
2019-04-30 22:26:30,772 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/conf-available/security.conf] at time 22:26:30.772425 duration_in_ms=40.193
2019-04-30 22:26:30,779 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 22:26:30.779013
2019-04-30 22:26:30,779 [salt.state       :1813][INFO    ][25365] Executing state file.absent for [/etc/apache2/sites-enabled/000-default.conf]
2019-04-30 22:26:30,779 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/sites-enabled/000-default.conf is not present
2019-04-30 22:26:30,780 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 22:26:30.780002 duration_in_ms=0.989
2019-04-30 22:26:30,780 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:26:30.780475
2019-04-30 22:26:30,780 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:26:30,913 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/sites-available/wsgi_barbican_admin.conf is in the correct state
2019-04-30 22:26:30,913 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:26:30.913891 duration_in_ms=133.415
2019-04-30 22:26:30,914 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:26:30.914388
2019-04-30 22:26:30,914 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:26:31,044 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/sites-available/wsgi_barbican.conf is in the correct state
2019-04-30 22:26:31,044 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:26:31.044635 duration_in_ms=130.247
2019-04-30 22:26:31,044 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:26:31.044969
2019-04-30 22:26:31,045 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/sites-available/keystone_wsgi.conf]
2019-04-30 22:26:31,228 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/sites-available/keystone_wsgi.conf is in the correct state
2019-04-30 22:26:31,229 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:26:31.228969 duration_in_ms=183.999
2019-04-30 22:26:31,229 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:26:31.229478
2019-04-30 22:26:31,229 [salt.state       :1813][INFO    ][25365] Executing state file.symlink for [/etc/apache2/sites-enabled/keystone_wsgi.conf]
2019-04-30 22:26:31,231 [salt.state       :300 ][INFO    ][25365] Symlink /etc/apache2/sites-enabled/keystone_wsgi.conf is present and owned by root:root
2019-04-30 22:26:31,231 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:26:31.231451 duration_in_ms=1.973
2019-04-30 22:26:31,233 [salt.state       :1780][INFO    ][25365] Running state [apache2] at time 22:26:31.233623
2019-04-30 22:26:31,233 [salt.state       :1813][INFO    ][25365] Executing state service.running for [apache2]
2019-04-30 22:26:31,234 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:26:31,258 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:26:31,269 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:26:31,281 [salt.state       :300 ][INFO    ][25365] The service apache2 is already running
2019-04-30 22:26:31,281 [salt.state       :1951][INFO    ][25365] Completed state [apache2] at time 22:26:31.281542 duration_in_ms=47.918
2019-04-30 22:26:31,282 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/conf-enabled/security.conf] at time 22:26:31.282471
2019-04-30 22:26:31,282 [salt.state       :1813][INFO    ][25365] Executing state file.symlink for [/etc/apache2/conf-enabled/security.conf]
2019-04-30 22:26:31,284 [salt.state       :300 ][INFO    ][25365] Symlink /etc/apache2/conf-enabled/security.conf is present and owned by root:root
2019-04-30 22:26:31,284 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/conf-enabled/security.conf] at time 22:26:31.284410 duration_in_ms=1.939
2019-04-30 22:26:31,284 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:26:31.284613
2019-04-30 22:26:31,284 [salt.state       :1813][INFO    ][25365] Executing state file.absent for [/etc/apache2/sites-enabled/keystone_wsgi]
2019-04-30 22:26:31,285 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2019-04-30 22:26:31,285 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:26:31.285220 duration_in_ms=0.608
2019-04-30 22:26:31,286 [salt.state       :1780][INFO    ][25365] Running state [cinder-scheduler] at time 22:26:31.286557
2019-04-30 22:26:31,286 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [cinder-scheduler]
2019-04-30 22:26:31,292 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:31,292 [salt.state       :1951][INFO    ][25365] Completed state [cinder-scheduler] at time 22:26:31.292787 duration_in_ms=6.23
2019-04-30 22:26:31,292 [salt.state       :1780][INFO    ][25365] Running state [lvm2] at time 22:26:31.292945
2019-04-30 22:26:31,293 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [lvm2]
2019-04-30 22:26:31,300 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:31,300 [salt.state       :1951][INFO    ][25365] Completed state [lvm2] at time 22:26:31.300230 duration_in_ms=7.286
2019-04-30 22:26:31,300 [salt.state       :1780][INFO    ][25365] Running state [python-cinder] at time 22:26:31.300403
2019-04-30 22:26:31,300 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [python-cinder]
2019-04-30 22:26:31,305 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:31,305 [salt.state       :1951][INFO    ][25365] Completed state [python-cinder] at time 22:26:31.305487 duration_in_ms=5.083
2019-04-30 22:26:31,305 [salt.state       :1780][INFO    ][25365] Running state [gettext-base] at time 22:26:31.305646
2019-04-30 22:26:31,305 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [gettext-base]
2019-04-30 22:26:31,310 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:31,310 [salt.state       :1951][INFO    ][25365] Completed state [gettext-base] at time 22:26:31.310487 duration_in_ms=4.842
2019-04-30 22:26:31,310 [salt.state       :1780][INFO    ][25365] Running state [python-memcache] at time 22:26:31.310638
2019-04-30 22:26:31,310 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [python-memcache]
2019-04-30 22:26:31,315 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:31,315 [salt.state       :1951][INFO    ][25365] Completed state [python-memcache] at time 22:26:31.315877 duration_in_ms=5.24
2019-04-30 22:26:31,316 [salt.state       :1780][INFO    ][25365] Running state [python-pycadf] at time 22:26:31.316025
2019-04-30 22:26:31,316 [salt.state       :1813][INFO    ][25365] Executing state pkg.installed for [python-pycadf]
2019-04-30 22:26:31,320 [salt.state       :300 ][INFO    ][25365] All specified packages are already installed
2019-04-30 22:26:31,321 [salt.state       :1951][INFO    ][25365] Completed state [python-pycadf] at time 22:26:31.321000 duration_in_ms=4.975
2019-04-30 22:26:31,321 [salt.state       :1780][INFO    ][25365] Running state [cinder_controller_ssl_mysql] at time 22:26:31.321915
2019-04-30 22:26:31,322 [salt.state       :1813][INFO    ][25365] Executing state test.show_notification for [cinder_controller_ssl_mysql]
2019-04-30 22:26:31,322 [salt.state       :300 ][INFO    ][25365] Running cinder._ssl.controller_mysql
2019-04-30 22:26:31,322 [salt.state       :1951][INFO    ][25365] Completed state [cinder_controller_ssl_mysql] at time 22:26:31.322448 duration_in_ms=0.533
2019-04-30 22:26:31,322 [salt.state       :1780][INFO    ][25365] Running state [cinder_controller_ssl_rabbitmq] at time 22:26:31.322777
2019-04-30 22:26:31,322 [salt.state       :1813][INFO    ][25365] Executing state test.show_notification for [cinder_controller_ssl_rabbitmq]
2019-04-30 22:26:31,323 [salt.state       :300 ][INFO    ][25365] Running cinder._ssl.rabbitmq
2019-04-30 22:26:31,323 [salt.state       :1951][INFO    ][25365] Completed state [cinder_controller_ssl_rabbitmq] at time 22:26:31.323264 duration_in_ms=0.487
2019-04-30 22:26:31,323 [salt.state       :1780][INFO    ][25365] Running state [/etc/cinder/cinder.conf] at time 22:26:31.323793
2019-04-30 22:26:31,323 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/cinder/cinder.conf]
2019-04-30 22:26:31,553 [salt.state       :300 ][INFO    ][25365] File /etc/cinder/cinder.conf is in the correct state
2019-04-30 22:26:31,553 [salt.state       :1951][INFO    ][25365] Completed state [/etc/cinder/cinder.conf] at time 22:26:31.553722 duration_in_ms=229.927
2019-04-30 22:26:31,554 [salt.state       :1780][INFO    ][25365] Running state [/etc/cinder/api-paste.ini] at time 22:26:31.554288
2019-04-30 22:26:31,554 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/cinder/api-paste.ini]
2019-04-30 22:26:31,598 [salt.state       :300 ][INFO    ][25365] File /etc/cinder/api-paste.ini is in the correct state
2019-04-30 22:26:31,598 [salt.state       :1951][INFO    ][25365] Completed state [/etc/cinder/api-paste.ini] at time 22:26:31.598568 duration_in_ms=44.28
2019-04-30 22:26:31,599 [salt.state       :1780][INFO    ][25365] Running state [cinder-manage db sync; sleep 5;] at time 22:26:31.599078
2019-04-30 22:26:31,599 [salt.state       :1813][INFO    ][25365] Executing state cmd.run for [cinder-manage db sync; sleep 5;]
2019-04-30 22:26:31,599 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command '/bin/false' in directory '/root'
2019-04-30 22:26:31,610 [salt.state       :300 ][INFO    ][25365] onlyif execution failed
2019-04-30 22:26:31,610 [salt.state       :1951][INFO    ][25365] Completed state [cinder-manage db sync; sleep 5;] at time 22:26:31.610319 duration_in_ms=11.241
2019-04-30 22:26:31,611 [salt.state       :1780][INFO    ][25365] Running state [/etc/default/cinder-scheduler] at time 22:26:31.611077
2019-04-30 22:26:31,611 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/default/cinder-scheduler]
2019-04-30 22:26:31,627 [salt.state       :300 ][INFO    ][25365] File /etc/default/cinder-scheduler is in the correct state
2019-04-30 22:26:31,627 [salt.state       :1951][INFO    ][25365] Completed state [/etc/default/cinder-scheduler] at time 22:26:31.627285 duration_in_ms=16.208
2019-04-30 22:26:31,627 [salt.state       :1780][INFO    ][25365] Running state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 22:26:31.627652
2019-04-30 22:26:31,627 [salt.state       :1813][INFO    ][25365] Executing state file.managed for [/etc/apache2/conf-available/cinder-wsgi.conf]
2019-04-30 22:26:31,671 [salt.state       :300 ][INFO    ][25365] File /etc/apache2/conf-available/cinder-wsgi.conf is in the correct state
2019-04-30 22:26:31,671 [salt.state       :1951][INFO    ][25365] Completed state [/etc/apache2/conf-available/cinder-wsgi.conf] at time 22:26:31.671340 duration_in_ms=43.689
2019-04-30 22:26:31,672 [salt.state       :1780][INFO    ][25365] Running state [cinder-wsgi] at time 22:26:31.672190
2019-04-30 22:26:31,672 [salt.state       :1813][INFO    ][25365] Executing state apache_conf.enabled for [cinder-wsgi]
2019-04-30 22:26:31,672 [salt.state       :300 ][INFO    ][25365] cinder-wsgi already enabled.
2019-04-30 22:26:31,672 [salt.state       :1951][INFO    ][25365] Completed state [cinder-wsgi] at time 22:26:31.672778 duration_in_ms=0.588
2019-04-30 22:26:31,673 [salt.state       :1780][INFO    ][25365] Running state [cinder-api] at time 22:26:31.673115
2019-04-30 22:26:31,673 [salt.state       :1813][INFO    ][25365] Executing state service.dead for [cinder-api]
2019-04-30 22:26:31,673 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'status', 'cinder-api.service', '-n', '0'] in directory '/root'
2019-04-30 22:26:31,686 [salt.state       :300 ][INFO    ][25365] The named service cinder-api is not available
2019-04-30 22:26:31,687 [salt.state       :1951][INFO    ][25365] Completed state [cinder-api] at time 22:26:31.687164 duration_in_ms=14.048
2019-04-30 22:26:31,689 [salt.state       :1780][INFO    ][25365] Running state [apache2] at time 22:26:31.689191
2019-04-30 22:26:31,689 [salt.state       :1813][INFO    ][25365] Executing state service.running for [apache2]
2019-04-30 22:26:31,690 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:26:31,702 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:26:31,716 [salt.state       :300 ][INFO    ][25365] The service apache2 is already running
2019-04-30 22:26:31,716 [salt.state       :1951][INFO    ][25365] Completed state [apache2] at time 22:26:31.716239 duration_in_ms=27.048
2019-04-30 22:26:31,717 [salt.state       :1780][INFO    ][25365] Running state [cinder-scheduler] at time 22:26:31.717862
2019-04-30 22:26:31,718 [salt.state       :1813][INFO    ][25365] Executing state service.running for [cinder-scheduler]
2019-04-30 22:26:31,718 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'status', 'cinder-scheduler.service', '-n', '0'] in directory '/root'
2019-04-30 22:26:31,731 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'is-active', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:26:31,742 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['systemctl', 'is-enabled', 'cinder-scheduler.service'] in directory '/root'
2019-04-30 22:26:31,754 [salt.state       :300 ][INFO    ][25365] The service cinder-scheduler is already running
2019-04-30 22:26:31,754 [salt.state       :1951][INFO    ][25365] Completed state [cinder-scheduler] at time 22:26:31.754743 duration_in_ms=36.881
2019-04-30 22:26:31,757 [salt.state       :1780][INFO    ][25365] Running state [lvm-driver] at time 22:26:31.757155
2019-04-30 22:26:31,757 [salt.state       :1813][INFO    ][25365] Executing state cinderv3.volume_type_present for [lvm-driver]
2019-04-30 22:26:31,799 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command ['git', '--version'] in directory '/root'
2019-04-30 22:26:31,973 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command '/bin/false' in directory '/root'
2019-04-30 22:26:31,983 [salt.state       :300 ][INFO    ][25365] onlyif execution failed
2019-04-30 22:26:31,983 [salt.state       :1951][INFO    ][25365] Completed state [lvm-driver] at time 22:26:31.983424 duration_in_ms=226.269
2019-04-30 22:26:31,984 [salt.state       :1780][INFO    ][25365] Running state [lvm-driver] at time 22:26:31.984454
2019-04-30 22:26:31,984 [salt.state       :1813][INFO    ][25365] Executing state cinderv3.volume_type_key_present for [lvm-driver]
2019-04-30 22:26:31,989 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25365] Executing command '/bin/false' in directory '/root'
2019-04-30 22:26:31,998 [salt.state       :300 ][INFO    ][25365] onlyif execution failed
2019-04-30 22:26:31,999 [salt.state       :1951][INFO    ][25365] Completed state [lvm-driver] at time 22:26:31.998977 duration_in_ms=14.523
2019-04-30 22:26:32,001 [salt.minion      :1711][INFO    ][25365] Returning information for job: 20190430222623724024
2019-04-30 22:28:47,862 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430222847849641
2019-04-30 22:28:47,875 [salt.minion      :1432][INFO    ][25454] Starting a new job with PID 25454
2019-04-30 22:28:51,753 [salt.state       :915 ][INFO    ][25454] Loading fresh modules for state activity
2019-04-30 22:28:51,794 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/init.sls'
2019-04-30 22:28:51,821 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/server.sls'
2019-04-30 22:28:51,929 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/db/offline_sync.sls'
2019-04-30 22:28:51,995 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/db/plugins/midonet.sls'
2019-04-30 22:28:52,058 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/db/plugins/service/bgpvpn.sls'
2019-04-30 22:28:52,120 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/fwaas.sls'
2019-04-30 22:28:52,182 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/_ssl/mysql.sls'
2019-04-30 22:28:52,261 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/_ssl/rabbitmq.sls'
2019-04-30 22:28:53,296 [salt.state       :1780][INFO    ][25454] Running state [neutron-server] at time 22:28:53.296072
2019-04-30 22:28:53,297 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:28:53,597 [salt.state       :1780][INFO    ][25454] Running state [python-neutron-lbaas] at time 22:28:53.597129
2019-04-30 22:28:53,606 [salt.state       :1780][INFO    ][25454] Running state [gettext-base] at time 22:28:53.606568
2019-04-30 22:28:53,611 [salt.state       :1780][INFO    ][25454] Running state [python-pycadf] at time 22:28:53.611331
2019-04-30 22:28:53,616 [salt.state       :1780][INFO    ][25454] Running state [/usr/sbin/policy-rc.d] at time 22:28:53.616228
2019-04-30 22:28:53,616 [salt.state       :1813][INFO    ][25454] Executing state file.managed for [/usr/sbin/policy-rc.d]
2019-04-30 22:28:53,627 [salt.state       :300 ][INFO    ][25454] File changed:
New file
2019-04-30 22:28:53,627 [salt.state       :1951][INFO    ][25454] Completed state [/usr/sbin/policy-rc.d] at time 22:28:53.627149 duration_in_ms=10.921
2019-04-30 22:28:53,627 [salt.state       :1780][INFO    ][25454] Running state [neutron-server] at time 22:28:53.627386
2019-04-30 22:28:53,627 [salt.state       :1813][INFO    ][25454] Executing state pkg.installed for [neutron-server]
2019-04-30 22:28:53,639 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['apt-cache', '-q', 'policy', 'neutron-server'] in directory '/root'
2019-04-30 22:28:53,693 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:28:55,239 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:28:55,261 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'neutron-server'] in directory '/root'
2019-04-30 22:29:02,930 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430222902917724
2019-04-30 22:29:02,941 [salt.minion      :1432][INFO    ][26090] Starting a new job with PID 26090
2019-04-30 22:29:02,955 [salt.minion      :1711][INFO    ][26090] Returning information for job: 20190430222902917724
2019-04-30 22:29:11,189 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:29:11,223 [salt.state       :300 ][INFO    ][25454] Made the following changes:
'ipset-6.29' changed from 'absent' to '1'
'python-neutron' changed from 'absent' to '2:13.0.3-2~u16.04+mcp88'
'neutron-plugin' changed from 'absent' to '1'
'ipset' changed from 'absent' to '6.29-1'
'neutron-server' changed from 'absent' to '2:13.0.3-2~u16.04+mcp88'
'python-ryu' changed from 'absent' to '4.26+dfsg1-1~u16.04+mcp'
'neutron-common' changed from 'absent' to '2:13.0.3-2~u16.04+mcp88'
'python-tinyrpc' changed from 'absent' to '0.6-1~u16.04+mcp'
'python-openvswitch' changed from 'absent' to '2.10.2-1~u16.04+mcp'
'libipset3' changed from 'absent' to '6.29-1'
'python2.7-neutron' changed from 'absent' to '1'
'python2.7-ryu' changed from 'absent' to '1'
'python-ovsdbapp' changed from 'absent' to '0.12.3-2~u16.04+mcp4'
'python-sortedcontainers' changed from 'absent' to '1.4.4-1'
'neutron-plugin-ml2' changed from 'absent' to '2:13.0.3-2~u16.04+mcp88'

2019-04-30 22:29:11,244 [salt.state       :915 ][INFO    ][25454] Loading fresh modules for state activity
2019-04-30 22:29:11,274 [salt.state       :1951][INFO    ][25454] Completed state [neutron-server] at time 22:29:11.274312 duration_in_ms=17646.925
2019-04-30 22:29:11,278 [salt.state       :1780][INFO    ][25454] Running state [python-neutron-lbaas] at time 22:29:11.278249
2019-04-30 22:29:11,278 [salt.state       :1813][INFO    ][25454] Executing state pkg.installed for [python-neutron-lbaas]
2019-04-30 22:29:11,749 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:29:11,772 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-neutron-lbaas'] in directory '/root'
2019-04-30 22:29:14,259 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:29:14,297 [salt.state       :300 ][INFO    ][25454] Made the following changes:
'python-neutron-lbaas' changed from 'absent' to '2:13.0.0-2~u16.04+mcp8'

2019-04-30 22:29:14,316 [salt.state       :915 ][INFO    ][25454] Loading fresh modules for state activity
2019-04-30 22:29:14,338 [salt.state       :1951][INFO    ][25454] Completed state [python-neutron-lbaas] at time 22:29:14.338397 duration_in_ms=3060.147
2019-04-30 22:29:14,342 [salt.state       :1780][INFO    ][25454] Running state [gettext-base] at time 22:29:14.342230
2019-04-30 22:29:14,342 [salt.state       :1813][INFO    ][25454] Executing state pkg.installed for [gettext-base]
2019-04-30 22:29:14,904 [salt.state       :300 ][INFO    ][25454] All specified packages are already installed
2019-04-30 22:29:14,904 [salt.state       :1951][INFO    ][25454] Completed state [gettext-base] at time 22:29:14.904461 duration_in_ms=562.229
2019-04-30 22:29:14,904 [salt.state       :1780][INFO    ][25454] Running state [python-pycadf] at time 22:29:14.904878
2019-04-30 22:29:14,905 [salt.state       :1813][INFO    ][25454] Executing state pkg.installed for [python-pycadf]
2019-04-30 22:29:14,913 [salt.state       :300 ][INFO    ][25454] All specified packages are already installed
2019-04-30 22:29:14,913 [salt.state       :1951][INFO    ][25454] Completed state [python-pycadf] at time 22:29:14.913140 duration_in_ms=8.262
2019-04-30 22:29:14,913 [salt.state       :1780][INFO    ][25454] Running state [neutron-plugin-ml2] at time 22:29:14.913304
2019-04-30 22:29:14,913 [salt.state       :1813][INFO    ][25454] Executing state pkg.installed for [neutron-plugin-ml2]
2019-04-30 22:29:14,918 [salt.state       :300 ][INFO    ][25454] All specified packages are already installed
2019-04-30 22:29:14,918 [salt.state       :1951][INFO    ][25454] Completed state [neutron-plugin-ml2] at time 22:29:14.918239 duration_in_ms=4.936
2019-04-30 22:29:14,920 [salt.state       :1780][INFO    ][25454] Running state [/etc/neutron/plugins/ml2/ml2_conf.ini] at time 22:29:14.920006
2019-04-30 22:29:14,920 [salt.state       :1813][INFO    ][25454] Executing state file.managed for [/etc/neutron/plugins/ml2/ml2_conf.ini]
2019-04-30 22:29:14,942 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/files/rocky/ml2_conf.ini'
2019-04-30 22:29:15,054 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/files/rocky/_ml2_conf.vpp.ini'
2019-04-30 22:29:15,065 [salt.state       :300 ][INFO    ][25454] File changed:
--- 
+++ 
@@ -1,5 +1,5 @@
+
 [DEFAULT]
-
 #
 # From oslo.log
 #
@@ -114,6 +114,7 @@
 #fatal_deprecations = false
 
 
+
 [l2pop]
 
 #
@@ -122,7 +123,7 @@
 
 # Delay within which agent is expected to update existing ports when it
 # restarts (integer value)
-#agent_boot_time = 180
+agent_boot_time = 180
 
 
 [ml2]
@@ -138,28 +139,31 @@
 # Ordered list of network_types to allocate as tenant networks. The default
 # value 'local' is useful for single-box testing but provides no connectivity
 # between hosts. (list value)
-#tenant_network_types = local
+tenant_network_types = flat,vxlan
 
 # An ordered list of networking mechanism driver entrypoints to be loaded from
 # the neutron.ml2.mechanism_drivers namespace. (list value)
-#mechanism_drivers =
+mechanism_drivers = openvswitch,l2population
 
 # An ordered list of extension driver entrypoints to be loaded from the
 # neutron.ml2.extension_drivers namespace. For example: extension_drivers =
 # port_security,qos (list value)
 #extension_drivers =
 
+
+extension_drivers = port_security
+
 # Maximum size of an IP packet (MTU) that can traverse the underlying physical
 # network infrastructure without fragmentation when using an overlay/tunnel
 # protocol. This option allows specifying a physical network MTU value that
 # differs from the default global_physnet_mtu value. (integer value)
-#path_mtu = 0
+path_mtu = 1500
 
 # A list of mappings of physical networks to MTU values. The format of the
 # mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
 # network MTU value that differs from the default global_physnet_mtu value.
 # (list value)
-#physical_network_mtus =
+physical_network_mtus = physnet1:1500
 
 # Default network type for external networks when no provider attributes are
 # specified. By default it is None, which means that if provider attributes are
@@ -183,7 +187,7 @@
 # List of physical_network names with which flat networks can be created. Use
 # default '*' to allow flat networks with arbitrary physical_network names. Use
 # an empty list to disable flat networks. (list value)
-#flat_networks = *
+flat_networks = *
 
 
 [ml2_type_geneve]
@@ -194,14 +198,14 @@
 
 # Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
 # Geneve VNI IDs that are available for tenant network allocation (list value)
-#vni_ranges =
+vni_ranges = 1:65536
 
 # Geneve encapsulation header size is dynamic, this value is used to calculate
 # the maximum MTU for the driver. This is the sum of the sizes of the outer ETH
 # + IP + UDP + GENEVE header sizes. The default size for this field is 50,
 # which is the size of the Geneve header without any additional option headers.
 # (integer value)
-#max_header_size = 30
+max_header_size = 38
 
 
 [ml2_type_gre]
@@ -212,7 +216,7 @@
 
 # Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE
 # tunnel IDs that are available for tenant network allocation (list value)
-#tunnel_id_ranges =
+tunnel_id_ranges = 2:65535
 
 
 [ml2_type_vlan]
@@ -225,7 +229,7 @@
 # specifying physical_network names usable for VLAN provider and tenant
 # networks, as well as ranges of VLAN tags on each available for allocation to
 # tenant networks. (list value)
-#network_vlan_ranges =
+network_vlan_ranges = 
 
 
 [ml2_type_vxlan]
@@ -236,12 +240,12 @@
 
 # Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
 # VXLAN VNI IDs that are available for tenant network allocation (list value)
-#vni_ranges =
+vni_ranges = 2:65535
 
 # Multicast group for VXLAN. When configured, will enable sending all broadcast
 # traffic to this multicast group. When left unconfigured, will disable
 # multicast VXLAN mode. (string value)
-#vxlan_group = <None>
+vxlan_group = 224.0.0.1
 
 
 [securitygroup]
@@ -251,12 +255,12 @@
 #
 
 # Driver for security groups firewall in the L2 agent (string value)
-#firewall_driver = <None>
+firewall_driver = openvswitch
 
 # Controls whether the neutron security group API is enabled in the server. It
 # should be false when using no security groups or using the nova security
 # group API. (boolean value)
-#enable_security_group = true
+enable_security_group = True
 
 # Use ipset to speed-up the iptables based security groups. Enabling ipset
 # support requires that ipset is installed on L2 agent node. (boolean value)

2019-04-30 22:29:15,065 [salt.state       :1951][INFO    ][25454] Completed state [/etc/neutron/plugins/ml2/ml2_conf.ini] at time 22:29:15.065576 duration_in_ms=145.57
2019-04-30 22:29:15,067 [salt.state       :1780][INFO    ][25454] Running state [neutron_ssl_mysql] at time 22:29:15.067080
2019-04-30 22:29:15,067 [salt.state       :1813][INFO    ][25454] Executing state test.show_notification for [neutron_ssl_mysql]
2019-04-30 22:29:15,067 [salt.state       :300 ][INFO    ][25454] Running neutron._ssl.mysql
2019-04-30 22:29:15,067 [salt.state       :1951][INFO    ][25454] Completed state [neutron_ssl_mysql] at time 22:29:15.067592 duration_in_ms=0.512
2019-04-30 22:29:15,067 [salt.state       :1780][INFO    ][25454] Running state [neutron_server_ssl_rabbitmq] at time 22:29:15.067821
2019-04-30 22:29:15,067 [salt.state       :1813][INFO    ][25454] Executing state test.show_notification for [neutron_server_ssl_rabbitmq]
2019-04-30 22:29:15,068 [salt.state       :300 ][INFO    ][25454] Running neutron._ssl.rabbitmq
2019-04-30 22:29:15,068 [salt.state       :1951][INFO    ][25454] Completed state [neutron_server_ssl_rabbitmq] at time 22:29:15.068284 duration_in_ms=0.463
2019-04-30 22:29:15,068 [salt.state       :1780][INFO    ][25454] Running state [/etc/neutron/neutron.conf] at time 22:29:15.068607
2019-04-30 22:29:15,068 [salt.state       :1813][INFO    ][25454] Executing state file.managed for [/etc/neutron/neutron.conf]
2019-04-30 22:29:15,085 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/files/rocky/neutron-server.conf'
2019-04-30 22:29:15,221 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/service/_wsgi_default.conf'
2019-04-30 22:29:15,290 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/_concurrency.conf'
2019-04-30 22:29:15,335 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/rocky/oslo/service/_ssl.conf'
2019-04-30 22:29:15,346 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/files/rocky/bgpvpn.conf'
2019-04-30 22:29:15,358 [salt.state       :300 ][INFO    ][25454] File changed:
--- 
+++ 
@@ -1,5 +1,5 @@
+
 [DEFAULT]
-core_plugin = ml2
 
 #
 # From neutron
@@ -10,28 +10,19 @@
 #state_path = /var/lib/neutron
 
 # The host IP to bind to. (host address value)
-#bind_host = 0.0.0.0
+bind_host = 10.167.4.37
 
 # The port to bind to (port value)
 # Minimum value: 0
 # Maximum value: 65535
-#bind_port = 9696
-
-# The path for API extensions. Note that this can be a colon-separated list of
-# paths. For example: api_extensions_path =
-# extensions:/path/to/more/exts:/even/more/exts. The __path__ of
-# neutron.extensions is appended to this, so if your extensions are in there
-# you don't need to specify them here. (string value)
-#api_extensions_path =
+bind_port = 9696
+# The core plugin Neutron will use (string value)
+core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+# The service plugins Neutron will use (list value)
+service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,metering,trunk
 
 # The type of authentication to use (string value)
 #auth_strategy = keystone
-
-# The core plugin Neutron will use (string value)
-#core_plugin = <None>
-
-# The service plugins Neutron will use (list value)
-#service_plugins =
 
 # The base MAC address Neutron will use for VIFs. The first 3 octets will
 # remain unchanged. If the 4th octet is not 00, it will also be used. The
@@ -43,7 +34,7 @@
 
 # The maximum number of items returned in a single response, value was
 # 'infinite' or negative integer means no limit (string value)
-#pagination_max_limit = -1
+pagination_max_limit = -1
 
 # Default value of availability zone hints. The availability zone aware
 # schedulers use this when the resources availability_zone_hints is empty.
@@ -69,10 +60,10 @@
 
 # DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
 # lease times. (integer value)
-#dhcp_lease_duration = 86400
+dhcp_lease_duration = 600
 
 # Domain to use for building the hostnames (string value)
-#dns_domain = openstacklocal
+dns_domain = novalocal
 
 # Driver for external DNS integration. (string value)
 #external_dns_driver = <None>
@@ -83,7 +74,7 @@
 # Allow overlapping IP support in Neutron. Attention: the following parameter
 # MUST be set to False if Neutron is being used in conjunction with Nova
 # security groups. (boolean value)
-#allow_overlapping_ips = false
+allow_overlapping_ips = true
 
 # Hostname to be used by the Neutron server, agents and services running on
 # this machine. All the agents and services running on this machine must use
@@ -96,11 +87,11 @@
 #network_link_prefix = <None>
 
 # Send notification to nova when port status changes (boolean value)
-#notify_nova_on_port_status_changes = true
+notify_nova_on_port_status_changes = true
 
 # Send notification to nova when port data (fixed_ips/floatingip) changes so
 # nova can update its cache. (boolean value)
-#notify_nova_on_port_data_changes = true
+notify_nova_on_port_data_changes = true
 
 # Number of seconds between sending events to nova if there are any events to
 # send. (integer value)
@@ -125,7 +116,7 @@
 # neutron automatically subtracts the overlay protocol overhead from this
 # value. Defaults to 1500, the standard value for Ethernet. (integer value)
 # Deprecated group/name - [ml2]/segment_mtu
-#global_physnet_mtu = 1500
+global_physnet_mtu = 1500
 
 # Number of backlog requests to configure the socket with (integer value)
 #backlog = 4096
@@ -145,11 +136,11 @@
 #api_workers = <None>
 
 # Number of RPC worker processes for service. (integer value)
-#rpc_workers = 1
+rpc_workers = 4
 
 # Number of RPC worker processes dedicated to state reports queue. (integer
 # value)
-#rpc_state_report_workers = 1
+rpc_state_report_workers = 4
 
 # Range of seconds to randomly delay when starting the periodic task scheduler
 # to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -179,7 +170,7 @@
 
 # Seconds to regard the agent is down; should be at least twice
 # report_interval, to be sure the agent is down for good. (integer value)
-#agent_down_time = 75
+agent_down_time = 300
 
 # Representing the resource type whose load is being reported by the agent.
 # This can be "networks", "subnets" or "ports". When specified (Default is
@@ -222,7 +213,7 @@
 # greater than 1, the scheduler automatically assigns multiple DHCP agents for
 # a given tenant network, providing high availability for DHCP service.
 # (integer value)
-#dhcp_agents_per_network = 1
+dhcp_agents_per_network = 2
 
 # Enable services on an agent with admin_state_up False. If this option is
 # False, when admin_state_up of an agent is turned False, services on it will
@@ -241,28 +232,28 @@
 
 # System-wide flag to determine the type of router that tenants can create.
 # Only admin can override. (boolean value)
-#router_distributed = false
+router_distributed = False
 
 # Determine if setup is configured for DVR. If False, DVR API extension will be
 # disabled. (boolean value)
-#enable_dvr = true
+enable_dvr = False
 
 # Driver to use for scheduling router to a default L3 agent (string value)
-#router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
+router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
 
 # Allow auto scheduling of routers to L3 agent. (boolean value)
 #router_auto_schedule = true
 
 # Automatically reschedule routers from offline L3 agents to online L3 agents.
 # (boolean value)
-#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
 
 # Enable HA mode for virtual routers. (boolean value)
-#l3_ha = false
+l3_ha = False
 
 # Maximum number of L3 agents which a HA router will be scheduled on. If it is
 # set to 0 then the router will be scheduled on every agent. (integer value)
-#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
 
 # Subnet used for the l3 HA admin network. (string value)
 #l3_ha_net_cidr = 169.254.192.0/18
@@ -283,7 +274,6 @@
 
 # Maximum number of allowed address pairs (integer value)
 #max_allowed_address_pair = 10
-
 #
 # From oslo.log
 #
@@ -447,6 +437,7 @@
 # exception when timeout expired. (integer value)
 #rpc_poll_timeout = 1
 
+
 # Expiration timeout in seconds of a name service record about existing target
 # ( < 0 means no timeout). (integer value)
 #zmq_target_expire = 300
@@ -574,6 +565,7 @@
 # https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
 # (string value)
 #transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
 
 # DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
 # include amqp and zmq. (string value)
@@ -584,8 +576,7 @@
 
 # The default exchange under which topics are scoped. May be overridden by an
 # exchange name specified in the transport_url option. (string value)
-#control_exchange = neutron
-
+#control_exchange = keystone
 #
 # From oslo.service.wsgi
 #
@@ -621,7 +612,6 @@
 
 
 [agent]
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
 
 #
 # From neutron.agent
@@ -631,7 +621,7 @@
 # /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to
 # 'sudo' to skip the filtering and just run the command directly. (string
 # value)
-#root_helper = sudo
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 
 # Use the root helper when listing the namespaces on a system. This may not be
 # required depending on the security configuration. If the root helper is not
@@ -656,7 +646,7 @@
 # Seconds between nodes reporting state to server; should be less than
 # agent_down_time, best if it is half or less than agent_down_time. (floating
 # point value)
-#report_interval = 30
+report_interval = 30
 
 # Log agent heartbeats (boolean value)
 #log_agent_heartbeats = false
@@ -688,9 +678,8 @@
 
 
 [cors]
-
-#
-# From oslo.middleware.cors
+#
+# From oslo.middleware
 #
 
 # Indicate whether this resource may be shared with the domain received in the
@@ -703,7 +692,7 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
@@ -713,20 +702,11 @@
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
+
 
 
 [database]
-connection = sqlite:////var/lib/neutron/neutron.sqlite
-
-#
-# From neutron.db
-#
-
-# Database engine for which script will be generated when using offline
-# migration. (string value)
-#engine =
-
 #
 # From oslo.db
 #
@@ -744,9 +724,9 @@
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
+connection = mysql+pymysql://neutron:opnfv_secret@10.167.4.23/neutron?charset=utf8
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
 #slave_connection = <None>
 
 # The SQL mode to be used for MySQL sessions. This option, including the
@@ -768,6 +748,7 @@
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #connection_recycle_time = 3600
+connection_recycle_time = 300
 
 # DEPRECATED: Minimum number of SQL connections to keep open in a pool.
 # (integer value)
@@ -784,12 +765,14 @@
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
 #max_pool_size = 5
+max_pool_size = 10
 
 # Maximum number of database connection retries during startup. Set to -1 to
 # specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
+max_retries = -1
 
 # Interval between retries of opening a SQL connection. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
@@ -800,6 +783,7 @@
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = 50
+max_overflow = 30
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
 # value)
@@ -840,8 +824,8 @@
 #connection_parameters =
 
 
+
 [keystone_authtoken]
-
 #
 # From keystonemiddleware.auth_token
 #
@@ -856,6 +840,7 @@
 # value)
 # Deprecated group/name - [keystone_authtoken]/auth_uri
 #www_authenticate_uri = <None>
+www_authenticate_uri = http://10.167.4.35:5000
 
 # DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
 # be an "admin" endpoint, as it should be accessible by all end users.
@@ -871,6 +856,7 @@
 # Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
 # and will be removed in the S  release.
 #auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
@@ -908,6 +894,7 @@
 
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
+region_name = RegionOne
 
 # DEPRECATED: Directory used to cache files related to PKI tokens. This option
 # has been deprecated in the Ocata release and will be removed in the P
@@ -921,36 +908,6 @@
 # undefined, tokens will instead be cached in-process. (list value)
 # Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
-
-# In order to prevent excessive effort spent validating tokens, the middleware
-# caches previously-seen tokens for a configurable duration (in seconds). Set
-# to -1 to disable caching completely. (integer value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of revocation
-# events combined with a low cache duration may significantly reduce
-# performance. Only valid for PKI tokens. This option has been deprecated in
-# the Ocata release and will be removed in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
-# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-# cache. If the value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-# Possible values:
-# None - <No description provided>
-# MAC - <No description provided>
-# ENCRYPT - <No description provided>
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is
-# used for key derivation. (string value)
-#memcache_secret_key = <None>
 
 # (Optional) Number of seconds memcached server is considered dead before it is
 # tried again. (integer value)
@@ -1028,66 +985,15 @@
 # Authentication type to load (string value)
 # Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
+auth_type = password
 
 # Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
-
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
-# [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
-[nova]
-
-#
-# From neutron
-#
 
 # Name of nova region to use. Useful if keystone manages more than one region.
 # (string value)
 #region_name = <None>
+region_name = RegionOne
 
 # Type of the nova endpoint to use.  This endpoint will be looked up in the
 # keystone catalog and should be one of public, internal or admin. (string
@@ -1097,35 +1003,35 @@
 # admin - <No description provided>
 # internal - <No description provided>
 #endpoint_type = public
-
-#
-# From nova.auth
-#
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
 
 # Authentication URL (string value)
 #auth_url = <None>
+auth_url = http://10.167.4.35:35357
 
 # Authentication type to load (string value)
 # Deprecated group/name - [nova]/auth_plugin
 #auth_type = <None>
-
-# PEM encoded Certificate Authority to use when verifying HTTPs connections.
-# (string value)
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
 #cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# Collect per-API call timing information. (boolean value)
-#collect_timing = false
 
 # Optional domain ID to use with v3 and v2 parameters. It will be used for both
 # the user and project domain in v3 and ignored in v2 authentication. (string
 # value)
 #default_domain_id = <None>
 
-# Optional domain name to use with v3 API and v2 parameters. It will be used
-# for both the user and project domain in v3 and ignored in v2 authentication.
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
 # (string value)
 #default_domain_name = <None>
 
@@ -1138,28 +1044,26 @@
 # Verify HTTPS connections. (boolean value)
 #insecure = false
 
-# PEM encoded client certificate key file (string value)
+# Required if identity server requires client certificate (string value)
 #keyfile = <None>
 
 # User's password (string value)
 #password = <None>
+password = opnfv_secret
 
 # Domain ID containing project (string value)
 #project_domain_id = <None>
+project_domain_id = default
 
 # Domain name containing project (string value)
 #project_domain_name = <None>
 
 # Project ID to scope to (string value)
-# Deprecated group/name - [nova]/tenant_id
 #project_id = <None>
 
 # Project name to scope to (string value)
-# Deprecated group/name - [nova]/tenant_name
 #project_name = <None>
-
-# Log requests to multiple loggers. (boolean value)
-#split_loggers = false
+project_name = service
 
 # Scope for system operations (string value)
 #system_scope = <None>
@@ -1178,347 +1082,190 @@
 
 # User's domain id (string value)
 #user_domain_id = <None>
+user_domain_id = default
 
 # User's domain name (string value)
 #user_domain_name = <None>
 
-# User id (string value)
+# User ID (string value)
 #user_id = <None>
 
 # Username (string value)
-# Deprecated group/name - [nova]/user_name
+# Deprecated group/name - [neutron]/user_name
 #username = <None>
-
-
-[oslo_concurrency]
-
-#
-# From oslo.concurrency
-#
-
-# Enables or disables inter-process locks. (boolean value)
-#disable_process_locking = false
-
-# Directory to use for lock files.  For security, the specified directory
-# should only be writable by the user running the processes that need locking.
-# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
-# a lock path must be set. (string value)
-#lock_path = <None>
-
-
-[oslo_messaging_amqp]
+username = neutron
+
+
+[matchmaker_redis]
 
 #
 # From oslo.messaging
 #
 
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it
-# will use the system's CA-bundle to verify the server's certificate. (boolean
-# value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string
-# value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string
-# value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional)
-# (string value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the
-# hostname in the transport_url. In some configurations it may be preferable to
-# use the virtual hostname instead, for example if the server uses the Server
-# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
-# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# DEPRECATED: Host to locate redis. (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the
-# username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the
-# password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively
-# support virtual hosting (such as qpidd). When set to true the virtual host
-# name will be added to all message bus addresses, effectively creating a
-# private 'subnet' per virtual host. Set to False if the message bus supports
-# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
-# as the name of the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-
-# robin fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
 # Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
+#host = 127.0.0.1
+
+# DEPRECATED: Use this port to connect to redis host. (port value)
 # Minimum value: 0
 # Maximum value: 65535
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 # Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
+#port = 6379
+
+# DEPRECATED: Password for Redis server (optional). (string value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy (integer
-# value)
+# Reason: Replaced by [DEFAULT]/transport_url
+#password =
+
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
+# [host:port, host1:port ... ] (list value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating
-# point value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
+# Reason: Replaced by [DEFAULT]/transport_url
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 2000
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout = 10000
+
+
+[nova]
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = RegionOne
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
 # Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set,
-# we fall back to the same configuration used for RPC. (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
-
-# The maximum number of attempts to re-send a notification message which failed
-# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
-# (integer value)
-#retry = -1
-
-
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internal
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:5000
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = nova
+
+
+[oslo_concurrency]
+#
+# From oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+#disable_process_locking = false
+
+# Directory to use for lock files.  For security, the specified
+# directory should only be writable by the user running the processes
+# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
+# If OSLO_LOCK_PATH is not set in the environment, use the Python
+# tempfile.gettempdir function to find a suitable location. If
+# external locks are used, a lock path must be set. (string value)
+#lock_path = /tmp
+lock_path = /var/lock/neutron
 [oslo_messaging_rabbit]
-
 #
 # From oslo.messaging
 #
@@ -1534,24 +1281,6 @@
 # Connect over SSL. (boolean value)
 # Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
 #ssl = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
 
 # How long to wait before reconnecting in response to an AMQP consumer cancel
 # notification. (floating point value)
@@ -1666,213 +1395,59 @@
 #heartbeat_rate = 2
 
 
-[oslo_messaging_zmq]
-
+
+[oslo_messaging_notifications]
 #
 # From oslo.messaging
 #
 
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger
-# period. The value of 0 specifies no linger period. Pending messages shall be
-# discarded immediately when the socket is closed. Positive values specify an
-# upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target
-# ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+driver = messagingv2
+
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+# The maximum number of attempts to re-send a notification message which failed
+# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
 # (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Possible values:
-# json - <No description provided>
-# msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to
-# skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value
-# and 0) means to skip any overrides and leave it to OS default. (integer
-# value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0)
-# means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is
-# not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
+#retry = -1
 
 
 [oslo_middleware]
-
-#
-# From oslo.middleware.http_proxy_to_wsgi
-#
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by a SSL termination
+# proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
 
 # Whether the application is behind a proxy or not. This determines if the
 # middleware should parse the headers or not. (boolean value)
 #enable_proxy_headers_parsing = false
+enable_proxy_headers_parsing = True
+
 
 
 [oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating
-# policies. If ``True``, the scope of the token used in the request is compared
-# to the ``scope_types`` of the policy being enforced. If the scopes do not
-# match, an ``InvalidScope`` exception will be raised. If ``False``, a message
-# will be logged informing operators that policies are being invoked with
-# mismatching scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check (string
-# value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
 
 
 [quotas]
@@ -1927,7 +1502,6 @@
 
 
 [ssl]
-
 #
 # From oslo.service.sslutils
 #
@@ -1952,3 +1526,19 @@
 # Sets the list of available ciphers. value should be a string in the OpenSSL
 # cipher list format. (string value)
 #ciphers = <None>
+
+
+[ovs]
+
+#
+# Advanced services configs
+#
+
+
+
+# BGPVPN config
+
+[service_providers]
+
+
+

2019-04-30 22:29:15,358 [salt.state       :1951][INFO    ][25454] Completed state [/etc/neutron/neutron.conf] at time 22:29:15.358953 duration_in_ms=290.346
2019-04-30 22:29:15,359 [salt.state       :1780][INFO    ][25454] Running state [neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head] at time 22:29:15.359697
2019-04-30 22:29:15,359 [salt.state       :1813][INFO    ][25454] Executing state cmd.run for [neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head]
2019-04-30 22:29:15,360 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command '/bin/false' in directory '/root'
2019-04-30 22:29:15,371 [salt.state       :300 ][INFO    ][25454] onlyif execution failed
2019-04-30 22:29:15,371 [salt.state       :1951][INFO    ][25454] Completed state [neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head] at time 22:29:15.371704 duration_in_ms=12.007
2019-04-30 22:29:15,372 [salt.state       :1780][INFO    ][25454] Running state [neutron-db-manage --subproject networking-midonet upgrade head] at time 22:29:15.372198
2019-04-30 22:29:15,372 [salt.state       :1813][INFO    ][25454] Executing state cmd.run for [neutron-db-manage --subproject networking-midonet upgrade head]
2019-04-30 22:29:15,373 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command '/bin/false' in directory '/root'
2019-04-30 22:29:15,381 [salt.state       :300 ][INFO    ][25454] onlyif execution failed
2019-04-30 22:29:15,381 [salt.state       :1951][INFO    ][25454] Completed state [neutron-db-manage --subproject networking-midonet upgrade head] at time 22:29:15.381708 duration_in_ms=9.511
2019-04-30 22:29:15,382 [salt.state       :1780][INFO    ][25454] Running state [neutron-db-manage --config-file /etc/neutron/neutron.conf --subproject networking-bgpvpn upgrade head] at time 22:29:15.382211
2019-04-30 22:29:15,382 [salt.state       :1813][INFO    ][25454] Executing state cmd.run for [neutron-db-manage --config-file /etc/neutron/neutron.conf --subproject networking-bgpvpn upgrade head]
2019-04-30 22:29:15,383 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command '/bin/false' in directory '/root'
2019-04-30 22:29:15,390 [salt.state       :300 ][INFO    ][25454] onlyif execution failed
2019-04-30 22:29:15,391 [salt.state       :1951][INFO    ][25454] Completed state [neutron-db-manage --config-file /etc/neutron/neutron.conf --subproject networking-bgpvpn upgrade head] at time 22:29:15.391065 duration_in_ms=8.855
2019-04-30 22:29:15,391 [salt.state       :1780][INFO    ][25454] Running state [/usr/sbin/policy-rc.d] at time 22:29:15.391586
2019-04-30 22:29:15,391 [salt.state       :1813][INFO    ][25454] Executing state file.absent for [/usr/sbin/policy-rc.d]
2019-04-30 22:29:15,392 [salt.state       :300 ][INFO    ][25454] {'removed': '/usr/sbin/policy-rc.d'}
2019-04-30 22:29:15,392 [salt.state       :1951][INFO    ][25454] Completed state [/usr/sbin/policy-rc.d] at time 22:29:15.392441 duration_in_ms=0.855
2019-04-30 22:29:15,392 [salt.state       :1780][INFO    ][25454] Running state [ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini] at time 22:29:15.392846
2019-04-30 22:29:15,393 [salt.state       :1813][INFO    ][25454] Executing state cmd.run for [ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini]
2019-04-30 22:29:15,393 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command 'test -e /etc/neutron/plugin.ini' in directory '/root'
2019-04-30 22:29:15,401 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command 'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini' in directory '/root'
2019-04-30 22:29:15,408 [salt.state       :300 ][INFO    ][25454] {'pid': 26692, 'retcode': 0, 'stderr': '', 'stdout': ''}
2019-04-30 22:29:15,409 [salt.state       :1951][INFO    ][25454] Completed state [ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini] at time 22:29:15.409330 duration_in_ms=16.483
2019-04-30 22:29:15,409 [salt.state       :1780][INFO    ][25454] Running state [/etc/neutron/api-paste.ini] at time 22:29:15.409838
2019-04-30 22:29:15,410 [salt.state       :1813][INFO    ][25454] Executing state file.managed for [/etc/neutron/api-paste.ini]
2019-04-30 22:29:15,428 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/files/rocky/api-paste.ini'
2019-04-30 22:29:15,486 [salt.state       :300 ][INFO    ][25454] File changed:
--- 
+++ 
@@ -1,3 +1,4 @@
+
 [composite:neutron]
 use = egg:Paste#urlmap
 /: neutronversions_composite

2019-04-30 22:29:15,487 [salt.state       :1951][INFO    ][25454] Completed state [/etc/neutron/api-paste.ini] at time 22:29:15.487014 duration_in_ms=77.177
2019-04-30 22:29:15,487 [salt.state       :1780][INFO    ][25454] Running state [/etc/default/neutron-server] at time 22:29:15.487307
2019-04-30 22:29:15,487 [salt.state       :1813][INFO    ][25454] Executing state file.managed for [/etc/default/neutron-server]
2019-04-30 22:29:15,501 [salt.fileclient  :1219][INFO    ][25454] Fetching file from saltenv 'base', ** done ** 'neutron/files/rocky/neutron-server'
2019-04-30 22:29:15,554 [salt.state       :300 ][INFO    ][25454] File changed:
--- 
+++ 
@@ -1,5 +1,8 @@
+# Generated by Salt.
+
 # defaults for neutron-server
 
 # path to config file corresponding to the core_plugin specified in
 # neutron.conf
+#NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
 NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"

2019-04-30 22:29:15,554 [salt.state       :1951][INFO    ][25454] Completed state [/etc/default/neutron-server] at time 22:29:15.554691 duration_in_ms=67.383
2019-04-30 22:29:15,555 [salt.state       :1780][INFO    ][25454] Running state [neutron-server] at time 22:29:15.555899
2019-04-30 22:29:15,556 [salt.state       :1813][INFO    ][25454] Executing state service.running for [neutron-server]
2019-04-30 22:29:15,556 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemctl', 'status', 'neutron-server.service', '-n', '0'] in directory '/root'
2019-04-30 22:29:15,570 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemctl', 'is-active', 'neutron-server.service'] in directory '/root'
2019-04-30 22:29:15,581 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2019-04-30 22:29:15,594 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'neutron-server.service'] in directory '/root'
2019-04-30 22:29:15,610 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemctl', 'is-active', 'neutron-server.service'] in directory '/root'
2019-04-30 22:29:15,624 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2019-04-30 22:29:15,637 [salt.loaded.int.module.cmdmod:395 ][INFO    ][25454] Executing command ['systemctl', 'is-enabled', 'neutron-server.service'] in directory '/root'
2019-04-30 22:29:15,648 [salt.state       :300 ][INFO    ][25454] {'neutron-server': True}
2019-04-30 22:29:15,649 [salt.state       :1951][INFO    ][25454] Completed state [neutron-server] at time 22:29:15.649110 duration_in_ms=93.211
2019-04-30 22:29:15,650 [salt.minion      :1711][INFO    ][25454] Returning information for job: 20190430222847849641
2019-04-30 22:32:35,272 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command state.sls with jid 20190430223235261068
2019-04-30 22:32:35,284 [salt.minion      :1432][INFO    ][26758] Starting a new job with PID 26758
2019-04-30 22:32:39,305 [salt.state       :915 ][INFO    ][26758] Loading fresh modules for state activity
2019-04-30 22:32:39,346 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/init.sls'
2019-04-30 22:32:39,370 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/server.sls'
2019-04-30 22:32:40,289 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/_ssl/mysql.sls'
2019-04-30 22:32:40,337 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/_ssl/rabbitmq.sls'
2019-04-30 22:32:40,379 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/db/offline_sync.sls'
2019-04-30 22:32:41,351 [salt.state       :1780][INFO    ][26758] Running state [apache2] at time 22:32:41.351094
2019-04-30 22:32:41,351 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [apache2]
2019-04-30 22:32:41,351 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:32:41,709 [salt.state       :300 ][INFO    ][26758] All specified packages are already installed
2019-04-30 22:32:41,709 [salt.state       :1951][INFO    ][26758] Completed state [apache2] at time 22:32:41.709815 duration_in_ms=358.72
2019-04-30 22:32:41,710 [salt.state       :1780][INFO    ][26758] Running state [openssl] at time 22:32:41.710127
2019-04-30 22:32:41,710 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [openssl]
2019-04-30 22:32:41,715 [salt.state       :300 ][INFO    ][26758] All specified packages are already installed
2019-04-30 22:32:41,715 [salt.state       :1951][INFO    ][26758] Completed state [openssl] at time 22:32:41.715650 duration_in_ms=5.523
2019-04-30 22:32:41,716 [salt.state       :1780][INFO    ][26758] Running state [a2enmod ssl] at time 22:32:41.716158
2019-04-30 22:32:41,716 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [a2enmod ssl]
2019-04-30 22:32:41,716 [salt.state       :300 ][INFO    ][26758] /etc/apache2/mods-enabled/ssl.load exists
2019-04-30 22:32:41,717 [salt.state       :1951][INFO    ][26758] Completed state [a2enmod ssl] at time 22:32:41.716953 duration_in_ms=0.794
2019-04-30 22:32:41,717 [salt.state       :1780][INFO    ][26758] Running state [a2enmod rewrite] at time 22:32:41.717424
2019-04-30 22:32:41,717 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [a2enmod rewrite]
2019-04-30 22:32:41,718 [salt.state       :300 ][INFO    ][26758] /etc/apache2/mods-enabled/rewrite.load exists
2019-04-30 22:32:41,718 [salt.state       :1951][INFO    ][26758] Completed state [a2enmod rewrite] at time 22:32:41.718183 duration_in_ms=0.758
2019-04-30 22:32:41,718 [salt.state       :1780][INFO    ][26758] Running state [libapache2-mod-wsgi] at time 22:32:41.718678
2019-04-30 22:32:41,718 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [libapache2-mod-wsgi]
2019-04-30 22:32:41,723 [salt.state       :300 ][INFO    ][26758] All specified packages are already installed
2019-04-30 22:32:41,723 [salt.state       :1951][INFO    ][26758] Completed state [libapache2-mod-wsgi] at time 22:32:41.723947 duration_in_ms=5.268
2019-04-30 22:32:41,724 [salt.state       :1780][INFO    ][26758] Running state [a2enmod wsgi] at time 22:32:41.724413
2019-04-30 22:32:41,724 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [a2enmod wsgi]
2019-04-30 22:32:41,725 [salt.state       :300 ][INFO    ][26758] /etc/apache2/mods-enabled/wsgi.load exists
2019-04-30 22:32:41,725 [salt.state       :1951][INFO    ][26758] Completed state [a2enmod wsgi] at time 22:32:41.725177 duration_in_ms=0.764
2019-04-30 22:32:41,725 [salt.state       :1780][INFO    ][26758] Running state [a2enmod status -q] at time 22:32:41.725663
2019-04-30 22:32:41,725 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [a2enmod status -q]
2019-04-30 22:32:41,726 [salt.state       :300 ][INFO    ][26758] /etc/apache2/mods-enabled/status.load exists
2019-04-30 22:32:41,726 [salt.state       :1951][INFO    ][26758] Completed state [a2enmod status -q] at time 22:32:41.726427 duration_in_ms=0.764
2019-04-30 22:32:41,728 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:32:41.728504
2019-04-30 22:32:41,728 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.load]
2019-04-30 22:32:41,729 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/mods-enabled/mpm_prefork.load is not present
2019-04-30 22:32:41,729 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/mods-enabled/mpm_prefork.load] at time 22:32:41.729277 duration_in_ms=0.773
2019-04-30 22:32:41,729 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:32:41.729506
2019-04-30 22:32:41,729 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_prefork.conf]
2019-04-30 22:32:41,730 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/mods-enabled/mpm_prefork.conf is not present
2019-04-30 22:32:41,730 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/mods-enabled/mpm_prefork.conf] at time 22:32:41.730275 duration_in_ms=0.769
2019-04-30 22:32:41,730 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:32:41.730504
2019-04-30 22:32:41,730 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.load]
2019-04-30 22:32:41,731 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/mods-enabled/mpm_worker.load is not present
2019-04-30 22:32:41,731 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/mods-enabled/mpm_worker.load] at time 22:32:41.731315 duration_in_ms=0.811
2019-04-30 22:32:41,731 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:32:41.731551
2019-04-30 22:32:41,731 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/mods-enabled/mpm_worker.conf]
2019-04-30 22:32:41,732 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/mods-enabled/mpm_worker.conf is not present
2019-04-30 22:32:41,732 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/mods-enabled/mpm_worker.conf] at time 22:32:41.732329 duration_in_ms=0.778
2019-04-30 22:32:41,733 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/mods-available/mpm_event.conf] at time 22:32:41.733934
2019-04-30 22:32:41,734 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/apache2/mods-available/mpm_event.conf]
2019-04-30 22:32:41,779 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/mods-available/mpm_event.conf is in the correct state
2019-04-30 22:32:41,779 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/mods-available/mpm_event.conf] at time 22:32:41.779795 duration_in_ms=45.861
2019-04-30 22:32:41,780 [salt.state       :1780][INFO    ][26758] Running state [a2enmod mpm_event] at time 22:32:41.780524
2019-04-30 22:32:41,780 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [a2enmod mpm_event]
2019-04-30 22:32:41,781 [salt.state       :300 ][INFO    ][26758] /etc/apache2/mods-enabled/mpm_event.load exists
2019-04-30 22:32:41,781 [salt.state       :1951][INFO    ][26758] Completed state [a2enmod mpm_event] at time 22:32:41.781270 duration_in_ms=0.746
2019-04-30 22:32:41,782 [salt.state       :1780][INFO    ][26758] Running state [apache_server_service_task] at time 22:32:41.781984
2019-04-30 22:32:41,782 [salt.state       :1813][INFO    ][26758] Executing state test.show_notification for [apache_server_service_task]
2019-04-30 22:32:41,782 [salt.state       :300 ][INFO    ][26758] Running apache.server.service
2019-04-30 22:32:41,782 [salt.state       :1951][INFO    ][26758] Completed state [apache_server_service_task] at time 22:32:41.782659 duration_in_ms=0.675
2019-04-30 22:32:41,783 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/ports.conf] at time 22:32:41.783124
2019-04-30 22:32:41,783 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/apache2/ports.conf]
2019-04-30 22:32:41,824 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/ports.conf is in the correct state
2019-04-30 22:32:41,824 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/ports.conf] at time 22:32:41.824379 duration_in_ms=41.254
2019-04-30 22:32:41,824 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/conf-available/security.conf] at time 22:32:41.824861
2019-04-30 22:32:41,825 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/apache2/conf-available/security.conf]
2019-04-30 22:32:41,866 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/conf-available/security.conf is in the correct state
2019-04-30 22:32:41,866 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/conf-available/security.conf] at time 22:32:41.866474 duration_in_ms=41.612
2019-04-30 22:32:41,874 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-enabled/000-default.conf] at time 22:32:41.874526
2019-04-30 22:32:41,874 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/sites-enabled/000-default.conf]
2019-04-30 22:32:41,875 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-enabled/000-default.conf is not present
2019-04-30 22:32:41,875 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-enabled/000-default.conf] at time 22:32:41.875354 duration_in_ms=0.828
2019-04-30 22:32:41,875 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:32:41.875826
2019-04-30 22:32:41,876 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:32:42,017 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-available/wsgi_barbican_admin.conf is in the correct state
2019-04-30 22:32:42,017 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:32:42.017644 duration_in_ms=141.818
2019-04-30 22:32:42,018 [salt.state       :1780][INFO    ][26758] Running state [barbican-api] at time 22:32:42.018748
2019-04-30 22:32:42,019 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [barbican-api]
2019-04-30 22:32:42,032 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['apt-cache', '-q', 'policy', 'barbican-api'] in directory '/root'
2019-04-30 22:32:42,085 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['apt-get', '-q', 'update'] in directory '/root'
2019-04-30 22:32:43,538 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:32:43,561 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'barbican-api'] in directory '/root'
2019-04-30 22:32:47,937 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:32:47,980 [salt.state       :300 ][INFO    ][26758] Made the following changes:
'python-barbican' changed from 'absent' to '1:7.0.0-1~u16.04+mcp28'
'barbican-api' changed from 'absent' to '1:7.0.0-1~u16.04+mcp28'
'barbican-common' changed from 'absent' to '1:7.0.0-1~u16.04+mcp28'

2019-04-30 22:32:48,003 [salt.state       :915 ][INFO    ][26758] Loading fresh modules for state activity
2019-04-30 22:32:48,028 [salt.state       :1951][INFO    ][26758] Completed state [barbican-api] at time 22:32:48.028236 duration_in_ms=6009.488
2019-04-30 22:32:48,032 [salt.state       :1780][INFO    ][26758] Running state [barbican-keystone-listener] at time 22:32:48.031972
2019-04-30 22:32:48,032 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [barbican-keystone-listener]
2019-04-30 22:32:48,568 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:32:48,600 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'barbican-keystone-listener'] in directory '/root'
2019-04-30 22:32:50,300 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command saltutil.find_job with jid 20190430223250288171
2019-04-30 22:32:50,310 [salt.minion      :1432][INFO    ][28098] Starting a new job with PID 28098
2019-04-30 22:32:50,329 [salt.minion      :1711][INFO    ][28098] Returning information for job: 20190430223250288171
2019-04-30 22:32:52,764 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:32:52,809 [salt.state       :300 ][INFO    ][26758] Made the following changes:
'barbican-keystone-listener' changed from 'absent' to '1:7.0.0-1~u16.04+mcp28'

2019-04-30 22:32:52,836 [salt.state       :915 ][INFO    ][26758] Loading fresh modules for state activity
2019-04-30 22:32:52,872 [salt.state       :1951][INFO    ][26758] Completed state [barbican-keystone-listener] at time 22:32:52.872512 duration_in_ms=4840.539
2019-04-30 22:32:52,876 [salt.state       :1780][INFO    ][26758] Running state [barbican-worker] at time 22:32:52.876546
2019-04-30 22:32:52,883 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [barbican-worker]
2019-04-30 22:32:53,544 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg', '--get-selections', '*'] in directory '/root'
2019-04-30 22:32:53,575 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'barbican-worker'] in directory '/root'
2019-04-30 22:32:57,914 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root'
2019-04-30 22:32:57,963 [salt.state       :300 ][INFO    ][26758] Made the following changes:
'barbican-worker' changed from 'absent' to '1:7.0.0-1~u16.04+mcp28'

2019-04-30 22:32:58,004 [salt.state       :915 ][INFO    ][26758] Loading fresh modules for state activity
2019-04-30 22:32:58,035 [salt.state       :1951][INFO    ][26758] Completed state [barbican-worker] at time 22:32:58.035265 duration_in_ms=5158.717
2019-04-30 22:32:58,039 [salt.state       :1780][INFO    ][26758] Running state [python-memcache] at time 22:32:58.039141
2019-04-30 22:32:58,039 [salt.state       :1813][INFO    ][26758] Executing state pkg.installed for [python-memcache]
2019-04-30 22:32:58,934 [salt.state       :300 ][INFO    ][26758] All specified packages are already installed
2019-04-30 22:32:58,935 [salt.state       :1951][INFO    ][26758] Completed state [python-memcache] at time 22:32:58.935130 duration_in_ms=895.988
2019-04-30 22:32:58,940 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-available/barbican-api.conf] at time 22:32:58.940092
2019-04-30 22:32:58,940 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/sites-available/barbican-api.conf]
2019-04-30 22:32:58,941 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-available/barbican-api.conf is not present
2019-04-30 22:32:58,941 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-available/barbican-api.conf] at time 22:32:58.941285 duration_in_ms=1.193
2019-04-30 22:32:58,944 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-enabled/barbican-api.conf] at time 22:32:58.944150
2019-04-30 22:32:58,944 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/sites-enabled/barbican-api.conf]
2019-04-30 22:32:58,944 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-enabled/barbican-api.conf is not present
2019-04-30 22:32:58,944 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-enabled/barbican-api.conf] at time 22:32:58.944740 duration_in_ms=0.59
2019-04-30 22:32:58,944 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/conf-enabled/barbican-api.conf] at time 22:32:58.944916
2019-04-30 22:32:58,945 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/conf-enabled/barbican-api.conf]
2019-04-30 22:32:58,945 [salt.state       :300 ][INFO    ][26758] {'removed': '/etc/apache2/conf-enabled/barbican-api.conf'}
2019-04-30 22:32:58,945 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/conf-enabled/barbican-api.conf] at time 22:32:58.945489 duration_in_ms=0.573
2019-04-30 22:32:58,946 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:32:58.946143
2019-04-30 22:32:58,946 [salt.state       :1813][INFO    ][26758] Executing state file.exists for [/etc/apache2/sites-available/wsgi_barbican_admin.conf]
2019-04-30 22:32:58,946 [salt.state       :300 ][INFO    ][26758] Path /etc/apache2/sites-available/wsgi_barbican_admin.conf exists
2019-04-30 22:32:58,946 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-available/wsgi_barbican_admin.conf] at time 22:32:58.946676 duration_in_ms=0.534
2019-04-30 22:32:58,947 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:32:58.947058
2019-04-30 22:32:58,947 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:32:59,102 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-available/wsgi_barbican.conf is in the correct state
2019-04-30 22:32:59,103 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:32:59.103026 duration_in_ms=155.968
2019-04-30 22:32:59,103 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:32:59.103532
2019-04-30 22:32:59,103 [salt.state       :1813][INFO    ][26758] Executing state file.exists for [/etc/apache2/sites-available/wsgi_barbican.conf]
2019-04-30 22:32:59,103 [salt.state       :300 ][INFO    ][26758] Path /etc/apache2/sites-available/wsgi_barbican.conf exists
2019-04-30 22:32:59,104 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-available/wsgi_barbican.conf] at time 22:32:59.104082 duration_in_ms=0.549
2019-04-30 22:32:59,104 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:32:59.104453
2019-04-30 22:32:59,104 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/apache2/sites-available/keystone_wsgi.conf]
2019-04-30 22:32:59,295 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-available/keystone_wsgi.conf is in the correct state
2019-04-30 22:32:59,296 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-available/keystone_wsgi.conf] at time 22:32:59.296138 duration_in_ms=191.684
2019-04-30 22:32:59,296 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:32:59.296780
2019-04-30 22:32:59,297 [salt.state       :1813][INFO    ][26758] Executing state file.symlink for [/etc/apache2/sites-enabled/keystone_wsgi.conf]
2019-04-30 22:32:59,298 [salt.state       :300 ][INFO    ][26758] Symlink /etc/apache2/sites-enabled/keystone_wsgi.conf is present and owned by root:root
2019-04-30 22:32:59,298 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-enabled/keystone_wsgi.conf] at time 22:32:59.298717 duration_in_ms=1.937
2019-04-30 22:32:59,301 [salt.state       :1780][INFO    ][26758] Running state [apache2] at time 22:32:59.301418
2019-04-30 22:32:59,301 [salt.state       :1813][INFO    ][26758] Executing state service.running for [apache2]
2019-04-30 22:32:59,302 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'status', 'apache2.service', '-n', '0'] in directory '/root'
2019-04-30 22:32:59,316 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:32:59,327 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:32:59,340 [salt.state       :300 ][INFO    ][26758] The service apache2 is already running
2019-04-30 22:32:59,340 [salt.state       :1951][INFO    ][26758] Completed state [apache2] at time 22:32:59.340722 duration_in_ms=39.303
2019-04-30 22:32:59,341 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/conf-enabled/security.conf] at time 22:32:59.341574
2019-04-30 22:32:59,341 [salt.state       :1813][INFO    ][26758] Executing state file.symlink for [/etc/apache2/conf-enabled/security.conf]
2019-04-30 22:32:59,343 [salt.state       :300 ][INFO    ][26758] Symlink /etc/apache2/conf-enabled/security.conf is present and owned by root:root
2019-04-30 22:32:59,343 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/conf-enabled/security.conf] at time 22:32:59.343700 duration_in_ms=2.126
2019-04-30 22:32:59,344 [salt.state       :1780][INFO    ][26758] Running state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:32:59.344051
2019-04-30 22:32:59,344 [salt.state       :1813][INFO    ][26758] Executing state file.absent for [/etc/apache2/sites-enabled/keystone_wsgi]
2019-04-30 22:32:59,344 [salt.state       :300 ][INFO    ][26758] File /etc/apache2/sites-enabled/keystone_wsgi is not present
2019-04-30 22:32:59,345 [salt.state       :1951][INFO    ][26758] Completed state [/etc/apache2/sites-enabled/keystone_wsgi] at time 22:32:59.345095 duration_in_ms=1.045
2019-04-30 22:32:59,346 [salt.state       :1780][INFO    ][26758] Running state [barbican_ssl_mysql] at time 22:32:59.346251
2019-04-30 22:32:59,346 [salt.state       :1813][INFO    ][26758] Executing state test.show_notification for [barbican_ssl_mysql]
2019-04-30 22:32:59,346 [salt.state       :300 ][INFO    ][26758] Running barbican._ssl.mysql
2019-04-30 22:32:59,347 [salt.state       :1951][INFO    ][26758] Completed state [barbican_ssl_mysql] at time 22:32:59.347200 duration_in_ms=0.95
2019-04-30 22:32:59,347 [salt.state       :1780][INFO    ][26758] Running state [barbican_ssl_rabbitmq] at time 22:32:59.347664
2019-04-30 22:32:59,347 [salt.state       :1813][INFO    ][26758] Executing state test.show_notification for [barbican_ssl_rabbitmq]
2019-04-30 22:32:59,348 [salt.state       :300 ][INFO    ][26758] Running barbican._ssl.rabbitmq
2019-04-30 22:32:59,348 [salt.state       :1951][INFO    ][26758] Completed state [barbican_ssl_rabbitmq] at time 22:32:59.348630 duration_in_ms=0.966
2019-04-30 22:32:59,350 [salt.state       :1780][INFO    ][26758] Running state [/etc/barbican/barbican.conf] at time 22:32:59.350342
2019-04-30 22:32:59,350 [salt.state       :1813][INFO    ][26758] Executing state file.managed for [/etc/barbican/barbican.conf]
2019-04-30 22:32:59,366 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/files/rocky/barbican.conf.Debian'
2019-04-30 22:32:59,456 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'oslo_templates/files/queens/oslo/service/_wsgi_default.conf'
2019-04-30 22:32:59,469 [salt.fileclient  :1219][INFO    ][26758] Fetching file from saltenv 'base', ** done ** 'barbican/files/rocky/plugin/_simple_crypto.conf'
2019-04-30 22:32:59,574 [salt.state       :300 ][INFO    ][26758] File changed:
--- 
+++ 
@@ -1,3 +1,5 @@
+
+
 [DEFAULT]
 
 #
@@ -16,9 +18,11 @@
 # Maximum allowed http request size against the barbican-api. (integer
 # value)
 #max_allowed_request_size_in_bytes = 15000
+max_allowed_request_size_in_bytes = 1000000
 
 # Maximum allowed secret size in bytes. (integer value)
 #max_allowed_secret_in_bytes = 10000
+max_allowed_secret_in_bytes = 10000
 
 # Host name, for use in HATEOAS-style references Note: Typically this
 # would be the load balanced endpoint that clients would use to
@@ -27,6 +31,7 @@
 # to override default config value which is 'http://localhost:9311'
 # (string value)
 #host_href = http://localhost:9311
+host_href = http://10.167.4.35:9311
 
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
@@ -35,6 +40,7 @@
 # Note: For absolute addresses, use '////' slashes after 'sqlite:'.
 # (string value)
 #sql_connection = sqlite:///barbican.sqlite
+sql_connection = mysql+pymysql://barbican:opnfv_secret@10.167.4.23/barbican?charset=utf8
 
 # Period in seconds after which SQLAlchemy should reestablish its
 # connection to the database. MySQL uses a default `wait_timeout` of 8
@@ -43,6 +49,7 @@
 # value to ensure that SQLAlchemy reconnects before MySQL can drop the
 # connection. (integer value)
 #sql_idle_timeout = 3600
+sql_idle_timeout = 180
 
 # Maximum number of database connection retries during startup. Set to
 # -1 to specify an infinite retry count. (integer value)
@@ -54,14 +61,17 @@
 
 # Create the Barbican database on service startup. (boolean value)
 #db_auto_create = true
+db_auto_create = False
 
 # Maximum page size for the 'limit' paging URL parameter. (integer
 # value)
 #max_limit_paging = 100
+max_limit_paging = 100
 
 # Default page size for the 'limit' paging URL parameter. (integer
 # value)
 #default_limit_paging = 10
+default_limit_paging = 10
 
 # Accepts a class imported from the sqlalchemy.pool module, and
 # handles the details of building the pool for you. If commented out,
@@ -109,7 +119,6 @@
 # provided then the existence of this option overrides the usage of
 # that option. (string value)
 #backdoor_socket = <None>
-
 #
 # From oslo.log
 #
@@ -128,7 +137,6 @@
 # logging_context_format_string). (string value)
 # Note: This option can be changed without restarting.
 # Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
 
 # Defines the format string for %%(asctime)s in log records. Default:
 # %(default)s . This option is ignored if log_config_append is set.
@@ -226,7 +234,6 @@
 
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
-
 #
 # From oslo.messaging
 #
@@ -281,6 +288,7 @@
 # timeout exception when timeout expired. (integer value)
 #rpc_poll_timeout = 1
 
+
 # Expiration timeout in seconds of a name service record about
 # existing target ( < 0 means no timeout). (integer value)
 #zmq_target_expire = 300
@@ -415,6 +423,7 @@
 # https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
 # (string value)
 #transport_url = <None>
+transport_url = rabbit://openstack:opnfv_secret@10.167.4.28:5672,openstack:opnfv_secret@10.167.4.29:5672,openstack:opnfv_secret@10.167.4.30:5672//openstack
 
 # DEPRECATED: The messaging driver to use, defaults to rabbit. Other
 # drivers include amqp and zmq. (string value)
@@ -428,49 +437,45 @@
 # option. (string value)
 #control_exchange = openstack
 
+
 #
 # From oslo.service.periodic_task
 #
 
 # Some periodic tasks can be run in a separate process. Should we run
 # them here? (boolean value)
-#run_external_periodic_tasks = true
-
-#
+#run_external_periodic_tasks = true#
 # From oslo.service.wsgi
 #
 
 # File name for the paste.deploy config for api service (string value)
 #api_paste_config = api-paste.ini
 
-# A python format string that is used as the template to generate log
-# lines. The following values can beformatted into it: client_ip,
-# date_time, request_line, status_code, body_length, wall_seconds.
-# (string value)
+# A python format string that is used as the template to generate log lines.
+# The following values can beformatted into it: client_ip, date_time,
+# request_line, status_code, body_length, wall_seconds. (string value)
 #wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s  len: %(body_length)s time: %(wall_seconds).7f
 
-# Sets the value of TCP_KEEPIDLE in seconds for each server socket.
-# Not supported on OS X. (integer value)
+# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
+# supported on OS X. (integer value)
 #tcp_keepidle = 600
 
 # Size of the pool of greenthreads used by wsgi (integer value)
 #wsgi_default_pool_size = 100
 
-# Maximum line size of message headers to be accepted. max_header_line
-# may need to be increased when using large tokens (typically those
-# generated when keystone is configured to use PKI tokens with big
-# service catalogs). (integer value)
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated when
+# keystone is configured to use PKI tokens with big service catalogs). (integer
+# value)
 #max_header_line = 16384
 
-# If False, closes the client socket connection explicitly. (boolean
-# value)
+# If False, closes the client socket connection explicitly. (boolean value)
 #wsgi_keep_alive = true
 
-# Timeout for client connections' socket operations. If an incoming
-# connection is idle for this number of seconds it will be closed. A
-# value of '0' means wait forever. (integer value)
+# Timeout for client connections' socket operations. If an incoming connection
+# is idle for this number of seconds it will be closed. A value of '0' means
+# wait forever. (integer value)
 #client_socket_timeout = 900
-
 
 [certificate]
 
@@ -500,35 +505,6 @@
 
 [cors]
 
-#
-# From oslo.middleware.cors
-#
-
-# Indicate whether this resource may be shared with the domain
-# received in the requests "origin" header. Format:
-# "<protocol>://<host>[:<port>]", no trailing slash. Example:
-# https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials
-# (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to
-# HTTP Simple Headers. (list value)
-#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Project-Id,X-Identity-Status,X-User-Id,X-Storage-Token,X-Domain-Id,X-User-Domain-Id,X-Project-Domain-Id,X-Roles
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list
-# value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual
-# request. (list value)
-#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Project-Id,X-Identity-Status,X-User-Id,X-Storage-Token,X-Domain-Id,X-User-Domain-Id,X-Project-Domain-Id,X-Roles
-
 
 [crypto]
 
@@ -538,119 +514,94 @@
 
 # Extension namespace to search for plugins. (string value)
 #namespace = barbican.crypto.plugin
+namespace = barbican.crypto.plugin
 
 # List of crypto plugins to load. (multi valued)
 #enabled_crypto_plugins = simple_crypto
 
 
-[dogtag_plugin]
-
-#
-# From barbican.plugin.dogtag
-#
-
-# Path to PEM file for authentication (string value)
-#pem_path = /etc/barbican/kra_admin_cert.pem
-
-# Hostname for the Dogtag instance (string value)
-#dogtag_host = localhost
-
-# Port for the Dogtag instance (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#dogtag_port = 8443
-
-# Path to the NSS certificate database (string value)
-#nss_db_path = /etc/barbican/alias
-
-# Password for the NSS certificate databases (string value)
-#nss_password = <None>
-
-# Profile for simple CMC requests (string value)
-#simple_cmc_profile = caOtherCert
-
-# List of automatically approved enrollment profiles (string value)
-#auto_approved_profiles = caServerCert
-
-# Time in days for CA entries to expire (string value)
-#ca_expiration_time = 1
-
-# Working directory for Dogtag plugin (string value)
-#plugin_working_dir = /etc/barbican/dogtag
+[secretstore:software]
+secret_store_plugin = store_crypto
+crypto_plugin = simple_crypto
+global_default = True
+
+
+
+[simple_crypto_plugin]
+#
+# From barbican.plugin.crypto.simple
+#
+
+# Key encryption key to be used by Simple Crypto Plugin (string value)
+#kek = dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg=
+kek = 'YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY='
 
 # User friendly plugin name (string value)
-#plugin_name = Dogtag KRA
-
-# Retries when storing or generating secrets (integer value)
-#retries = 3
+#plugin_name = Software Only Crypto
 
 
 [keystone_authtoken]
-
 #
 # From keystonemiddleware.auth_token
 #
 
-# Complete "public" Identity API endpoint. This endpoint should not be
-# an "admin" endpoint, as it should be accessible by all end users.
-# Unauthenticated clients are redirected to this endpoint to
-# authenticate. Although this endpoint should ideally be unversioned,
-# client support in the wild varies. If you're using a versioned v2
-# endpoint here, then this should *not* be the same endpoint the
-# service user utilizes for validating tokens, because normal end
-# users may not be able to reach that endpoint. (string value)
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
 # Deprecated group/name - [keystone_authtoken]/auth_uri
 #www_authenticate_uri = <None>
-
-# DEPRECATED: Complete "public" Identity API endpoint. This endpoint
-# should not be an "admin" endpoint, as it should be accessible by all
-# end users. Unauthenticated clients are redirected to this endpoint
-# to authenticate. Although this endpoint should ideally be
-# unversioned, client support in the wild varies. If you're using a
-# versioned v2 endpoint here, then this should *not* be the same
-# endpoint the service user utilizes for validating tokens, because
-# normal end users may not be able to reach that endpoint. This option
-# is deprecated in favor of www_authenticate_uri and will be removed
-# in the S release. (string value)
+www_authenticate_uri = http://10.167.4.35:5000
+
+# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
+# be an "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. This option
+# is deprecated in favor of www_authenticate_uri and will be removed in the S
+# release. (string value)
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
-# Reason: The auth_uri option is deprecated in favor of
-# www_authenticate_uri and will be removed in the S  release.
+# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
+# and will be removed in the S  release.
 #auth_uri = <None>
+auth_uri = http://10.167.4.35:5000
 
 # API version of the admin Identity API endpoint. (string value)
 #auth_version = <None>
 
-# Do not handle authorization requests within the middleware, but
-# delegate the authorization decision to downstream WSGI components.
-# (boolean value)
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
 #delay_auth_decision = false
 
-# Request timeout value for communicating with Identity API server.
-# (integer value)
+# Request timeout value for communicating with Identity API server. (integer
+# value)
 #http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating with
-# Identity API Server. (integer value)
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
 #http_request_max_retries = 3
 
 # Request environment key where the Swift cache object is stored. When
-# auth_token middleware is deployed with a Swift cache, use this
-# option to have the middleware share a caching backend with swift.
-# Otherwise, use the ``memcached_servers`` option instead. (string
-# value)
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
 #cache = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #certfile = <None>
 
-# Required if identity server requires client certificate (string
-# value)
+# Required if identity server requires client certificate (string value)
 #keyfile = <None>
 
-# A PEM encoded Certificate Authority to use when verifying HTTPs
-# connections. Defaults to system CAs. (string value)
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
 #cafile = <None>
 
 # Verify HTTPS connections. (boolean value)
@@ -659,137 +610,203 @@
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
 
-# DEPRECATED: Directory used to cache files related to PKI tokens.
-# This option has been deprecated in the Ocata release and will be
-# removed in the P release. (string value)
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
 #signing_dir = <None>
 
-# Optionally specify a list of memcached server(s) to use for caching.
-# If left undefined, tokens will instead be cached in-process. (list
-# value)
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
 # Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating tokens, the
-# middleware caches previously-seen tokens for a configurable duration
-# (in seconds). Set to -1 to disable caching completely. (integer
-# value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked
-# tokens is retrieved from the Identity service (in seconds). A high
-# number of revocation events combined with a low cache duration may
-# significantly reduce performance. Only valid for PKI tokens. This
-# option has been deprecated in the Ocata release and will be removed
-# in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. If MAC, token data is
-# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
-# encrypted and authenticated in the cache. If the value is not one of
-# these options or empty, auth_token will raise an exception on
-# initialization. (string value)
-# Possible values:
-# None - <No description provided>
-# MAC - <No description provided>
-# ENCRYPT - <No description provided>
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This
-# string is used for key derivation. (string value)
-#memcache_secret_key = <None>
-
-# (Optional) Number of seconds memcached server is considered dead
-# before it is tried again. (integer value)
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
 #memcache_pool_dead_retry = 300
 
-# (Optional) Maximum total number of open connections to every
-# memcached server. (integer value)
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
 #memcache_pool_maxsize = 10
 
-# (Optional) Socket timeout in seconds for communicating with a
-# memcached server. (integer value)
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
 #memcache_pool_socket_timeout = 3
 
-# (Optional) Number of seconds a connection to memcached is held
-# unused in the pool before it is closed. (integer value)
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
 #memcache_pool_unused_timeout = 60
 
-# (Optional) Number of seconds that an operation will wait to get a
-# memcached client connection from the pool. (integer value)
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcached client pool.
-# The advanced pool will only work under python 2.x. (boolean value)
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
-# (Optional) Indicate whether to set the X-Service-Catalog header. If
-# False, middleware will not ask for service catalog on token
-# validation and will not set the X-Service-Catalog header. (boolean
-# value)
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
 #include_service_catalog = true
 
-# Used to control the use and type of token binding. Can be set to:
-# "disabled" to not check token binding. "permissive" (default) to
-# validate binding information if the bind type is of a form known to
-# the server and ignore it if not. "strict" like "permissive" but if
-# the bind type is unknown the token will be rejected. "required" any
-# form of token binding is needed to be allowed. Finally the name of a
-# binding method that must be present in tokens. (string value)
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
 #enforce_token_bind = permissive
 
-# DEPRECATED: If true, the revocation list will be checked for cached
-# tokens. This requires that PKI tokens are configured on the identity
-# server. (boolean value)
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
 #check_revocations_for_cached = false
 
-# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may
-# be a single algorithm or multiple. The algorithms are those
-# supported by Python standard hashlib.new(). The hashes will be tried
-# in the order given, so put the preferred one first for performance.
-# The result of the first hash will be stored in the cache. This will
-# typically be set to multiple values only while migrating from a less
-# secure algorithm to a more secure one. Once all the old tokens are
-# expired this option should be set to a single value for better
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
 # performance. (list value)
 # This option is deprecated for removal since Ocata.
 # Its value may be silently ignored in the future.
 # Reason: PKI token format is no longer supported.
 #hash_algorithms = md5
 
-# A choice of roles that must be present in a service token. Service
-# tokens are allowed to request that an expired token can be used and
-# so this check should tightly control that only actual services
-# should be sending this token. Roles here are applied as an ANY check
-# so any role in this list must be present. For backwards
-# compatibility reasons this currently only affects the allow_expired
-# check. (list value)
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
 #service_token_roles = service
 
-# For backwards compatibility reasons we must let valid service tokens
-# pass that don't pass the service_token_roles check as valid. Setting
-# this true will become the default in a future release and should be
-# enabled if possible. (boolean value)
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
 #service_token_roles_required = false
 
 # Authentication type to load (string value)
 # Deprecated group/name - [keystone_authtoken]/auth_plugin
 #auth_type = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
+auth_type = password
+
+# Config Section from which to load plugin specific options (string value)
 #auth_section = <None>
 
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+
+# Type of the nova endpoint to use.  This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Possible values:
+# public - <No description provided>
+# admin - <No description provided>
+# internal - <No description provided>
+#endpoint_type = public
+endpoint_type = internalURL
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = http://10.167.4.35:35357
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+auth_type = password
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used for
+# both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+password = opnfv_secret
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+project_domain_id = default
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name = service
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+user_domain_id = default
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username = barbican
 
 [keystone_notifications]
 
@@ -800,11 +817,12 @@
 # True enables keystone notification listener  functionality. (boolean
 # value)
 #enable = false
+enable = True
 
 # The default exchange under which topics are scoped. May be
 # overridden by an exchange name specified in the transport_url
 # option. (string value)
-#control_exchange = keystone
+#control_exchange = openstack
 
 # Keystone notification queue topic name. This name needs to match one
 # of values mentioned in Keystone deployment's 'notification_topics'
@@ -820,6 +838,7 @@
 # error. Enable this only when underlying transport supports this
 # feature. (boolean value)
 #allow_requeue = false
+allow_requeue = False
 
 # Version of tasks invoked via notifications (string value)
 #version = 1.0
@@ -827,46 +846,6 @@
 # Define the number of max threads to be used for notification server
 # processing functionality. (integer value)
 #thread_pool_size = 10
-
-
-[kmip_plugin]
-
-#
-# From barbican.plugin.secret_store.kmip
-#
-
-# Username for authenticating with KMIP server (string value)
-#username = <None>
-
-# Password for authenticating with KMIP server (string value)
-#password = <None>
-
-# Address of the KMIP server (string value)
-#host = localhost
-
-# Port for the KMIP server (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#port = 5696
-
-# SSL version, maps to the module ssl's constants (string value)
-#ssl_version = PROTOCOL_TLSv1_2
-
-# File path to concatenated "certification authority" certificates
-# (string value)
-#ca_certs = <None>
-
-# File path to local client certificate (string value)
-#certfile = <None>
-
-# File path to local client certificate keyfile (string value)
-#keyfile = <None>
-
-# Only support PKCS#1 encoding of asymmetric keys (boolean value)
-#pkcs1_only = false
-
-# User friendly plugin name (string value)
-#plugin_name = KMIP HSM
 
 
 [matchmaker_redis]
@@ -913,331 +892,7 @@
 
 # Timeout in ms on blocking socket operations. (integer value)
 #socket_timeout = 10000
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a
-# generated UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are
-# given, it will use the system's CA-bundle to verify the server's
-# certificate. (boolean value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate
-# (string value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication
-# (string value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate
-# (optional) (string value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate
-# matches the hostname in the transport_url. In some configurations it
-# may be preferable to use the virtual hostname instead, for example
-# if the server uses the Server Name Indication TLS extension
-# (rfc6066) to provide a certificate per virtual host. Set
-# ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string
-# value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# DEPRECATED: User name for message broker authentication (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the
-# username.
-#username =
-
-# DEPRECATED: Password for message broker authentication (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use configuration option transport_url to provide the
-# password.
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after
-# each unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval +
-# connection_retry_backoff (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due
-# to a recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which
-# failed due to a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used
-# when caller does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used
-# when caller does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link
-# after expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not
-# support routing otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not
-# natively support virtual hosting (such as qpidd). When set to true
-# the virtual host name will be added to all message bus addresses,
-# effectively creating a private 'subnet' per virtual host. Set to
-# False if the message bus supports virtual hosting using the
-# 'hostname' field in the AMQP 1.0 Open performative as the name of
-# the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string
-# value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used
-# by the message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular
-# RPC/Notification server. Used by the message bus to identify
-# messages sent to a single destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers.
-# Used by the message bus to identify messages that should be
-# delivered in a round-robin fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (floating point value)
-#kafka_consumer_timeout = 1.0
-
-# DEPRECATED: Pool Size for Kafka Consumers (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#pool_size = 10
-
-# DEPRECATED: The pool size limit for connections expiration policy
-# (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_min_size = 2
-
-# DEPRECATED: The time-to-live in sec of idle connections in the pool
-# (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Driver no longer uses connection pool.
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate
-# message consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds
-# (floating point value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-# Enable asynchronous consumer commits (boolean value)
-#enable_auto_commit = false
-
-# The maximum number of records returned in a poll call (integer
-# value)
-#max_poll_records = 500
-
-# Protocol used to communicate with brokers (string value)
-# Possible values:
-# PLAINTEXT - <No description provided>
-# SASL_PLAINTEXT - <No description provided>
-# SSL - <No description provided>
-# SASL_SSL - <No description provided>
-#security_protocol = PLAINTEXT
-
-# Mechanism when security protocol is SASL (string value)
-#sasl_mechanism = PLAIN
-
-# CA certificate PEM file used to verify the server certificate
-# (string value)
-#ssl_cafile =
-
-
-[oslo_messaging_notifications]
-
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If
-# not set, we fall back to the same configuration used for RPC.
-# (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
-
-# The maximum number of attempts to re-send a notification message
-# which failed to be delivered due to a recoverable error. 0 - No
-# retry, -1 - indefinite (integer value)
-#retry = -1
-
-
 [oslo_messaging_rabbit]
-
 #
 # From oslo.messaging
 #
@@ -1250,28 +905,9 @@
 # Auto-delete queues in AMQP. (boolean value)
 #amqp_auto_delete = false
 
-# Connect over SSL. (boolean value)
-# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
-#ssl = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are
-# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
-# available on some distributions. (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
-#ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
-#ssl_key_file =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
-#ssl_cert_file =
-
-# SSL certification authority file (valid only if SSL enabled).
-# (string value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
-#ssl_ca_file =
+# Enable SSL (boolean value)
+#ssl = <None>
+
 
 # How long to wait before reconnecting in response to an AMQP consumer
 # cancel notification. (floating point value)
@@ -1378,7 +1014,14 @@
 
 # Specifies the number of messages to prefetch. Setting to zero allows
 # unlimited messages. (integer value)
-#rabbit_qos_prefetch_count = 0
+
+# NOTE(dmescheryakov) hardcoding to >0 by default
+# Having no prefetch limit makes oslo.messaging consume all available
+# messages from the queue. That can lead to a situation when several
+# server processes hog all the messages leaving others out of business.
+# That leads to artificial high message processing latency and at the
+# extrime to MessagingTimeout errors.
+rabbit_qos_prefetch_count = 64
 
 # Number of seconds after which the Rabbit broker is considered down
 # if heartbeat's keep-alive fails (0 disable the heartbeat).
@@ -1389,292 +1032,178 @@
 # heartbeat. (integer value)
 #heartbeat_rate = 2
 
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet
-# interface, or IP. The "host" option should point or resolve to this
-# address. (string value)
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 3
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Connection factory implementation (string value)
 # Possible values:
-# redis - <No description provided>
-# sentinel - <No description provided>
-# dummy - <No description provided>
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic.
-# Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address.
-# Must match "host" option, if running Nova. (string value)
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent
-# after closing a socket. The default value of -1 specifies an
-# infinite linger period. The value of 0 specifies no linger period.
-# Pending messages shall be discarded immediately when the socket is
-# closed. Positive values specify an upper bound for the linger
-# period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises
-# timeout exception when timeout expired. (integer value)
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about
-# existing target ( < 0 means no timeout). (integer value)
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing
-# target. (integer value)
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
-# (boolean value)
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes
-# sense only with use_router_proxy=False which means to use direct
-# connections for direct message types (ignored otherwise). (boolean
-# value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover
-# reasons. This option is actual only in dynamic connections mode.
+# new - <No description provided>
+# single - <No description provided>
+# read_write - <No description provided>
+#connection_factory = single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`.
 # (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with
-# ZMQBindError. (integer value)
-#rpc_zmq_bind_port_retries = 100
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
 # Possible values:
 # json - <No description provided>
 # msgpack - <No description provided>
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means
-# not keeping a queue when server side disconnects. False means to
-# keep queue and messages even if server is disconnected, when the
-# server appears we send all accumulated messages to it. (boolean
-# value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1
-# (or any other negative value) means to skip any overrides and leave
-# it to OS default; 0 and 1 (or any other positive value) mean to
-# disable and enable the option respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition.
-# The unit is platform dependent, for example, seconds in Linux,
-# milliseconds in Windows etc. The default value of -1 (or any other
-# negative value and 0) means to skip any overrides and leave it to OS
-# default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring
-# that remote end is not available. The default value of -1 (or any
-# other negative value and 0) means to skip any overrides and leave it
-# to OS default. (integer value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not
-# received. The unit is platform dependent, for example, seconds in
-# Linux, milliseconds in Windows etc. The default value of -1 (or any
-# other negative value and 0) means to skip any overrides and leave it
-# to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer
-# value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which
-# it is not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism
-# works only via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each
-# retry attempt this timeout is multiplied by some specified
-# multiplier. (integer value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt.
-# (integer value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems
-# occurred: positive value N means at most N retries, 0 means no
-# retries, None or -1 (or any other negative values) mean to retry
-# forever. This option is used only if acknowledgments are enabled.
-# (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option
-# has higher priority then the default publishers list taken from the
-# matchmaker. (list value)
-#subscribe_on =
+#default_serializer_type = json
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more than one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_messaging_notifications]
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+driver = messagingv2
+
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+# The maximum number of attempts to re-send a notification message
+# which failed to be delivered due to a recoverable error. 0 - No
+# retry, -1 - indefinite (integer value)
+#retry = -1
 
 
 [oslo_middleware]
-
-#
-# From oslo.middleware.http_proxy_to_wsgi
-#
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# DEPRECATED: The HTTP Header that will be used to determine what the
+# original request protocol scheme was, even if it was hidden by a SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
 
 # Whether the application is behind a proxy or not. This determines if
 # the middleware should parse the headers or not. (boolean value)
-#enable_proxy_headers_parsing = false
-
+enable_proxy_headers_parsing = True
 
 [oslo_policy]
 
-#
-# From oslo.policy
-#
-
-# This option controls whether or not to enforce scope when evaluating
-# policies. If ``True``, the scope of the token used in the request is
-# compared to the ``scope_types`` of the policy being enforced. If the
-# scopes do not match, an ``InvalidScope`` exception will be raised.
-# If ``False``, a message will be logged informing operators that
-# policies are being invoked with mismatching scope. (boolean value)
-#enforce_scope = false
-
-# The file that defines policies. (string value)
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string
-# value)
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be
-# relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by
-# policy_file must exist for these directories to be searched.
-# Missing or empty directories are ignored. (multi valued)
-#policy_dirs = policy.d
-
-# Content Type to send and receive data for REST based policy check
-# (string value)
-# Possible values:
-# application/x-www-form-urlencoded - <No description provided>
-# application/json - <No description provided>
-#remote_content_type = application/x-www-form-urlencoded
-
-# server identity verification for REST based policy check (boolean
-# value)
-#remote_ssl_verify_server_crt = false
-
-# Absolute path to ca cert file for REST based policy check (string
-# value)
-#remote_ssl_ca_crt_file = <None>
-
-# Absolute path to client cert for REST based policy check (string
-# value)
-#remote_ssl_client_crt_file = <None>
-
-# Absolute path client key file REST based policy check (string value)
-#remote_ssl_client_key_file = <None>
-
-
-[p11_crypto_plugin]
-
-#
-# From barbican.plugin.crypto.p11
-#
-
-# Path to vendor PKCS11 library (string value)
-#library_path = <None>
-
-# Password to login to PKCS11 session (string value)
-#login = <None>
-
-# Master KEK label (as stored in the HSM) (string value)
-#mkek_label = <None>
-
-# Master KEK length in bytes. (integer value)
-#mkek_length = <None>
-
-# Master HMAC Key label (as stored in the HSM) (string value)
-#hmac_label = <None>
-
-# HSM Slot ID (integer value)
-#slot_id = 1
-
-# Flag for Read/Write Sessions (boolean value)
-#rw_session = true
-
-# Project KEK length in bytes. (integer value)
-#pkek_length = 32
-
-# Project KEK Cache Time To Live, in seconds (integer value)
-#pkek_cache_ttl = 900
-
-# Project KEK Cache Item Limit (integer value)
-#pkek_cache_limit = 100
-
-# Secret encryption mechanism (string value)
-# Deprecated group/name - [p11_crypto_plugin]/algorithm
-#encryption_mechanism = CKM_AES_CBC
-
-# HMAC Key Type (string value)
-#hmac_key_type = CKK_AES
-
-# HMAC Key Generation Algorithm (string value)
-#hmac_keygen_mechanism = CKM_AES_KEY_GEN
-
-# File to pull entropy for seeding RNG (string value)
-#seed_file =
-
-# Amount of data to read from file for seed (integer value)
-#seed_length = 32
-
-# User friendly plugin name (string value)
-#plugin_name = PKCS11 HSM
-
-# Generate IVs for CKM_AES_GCM mechanism. (boolean value)
-# Deprecated group/name - [p11_crypto_plugin]/generate_iv
-#aes_gcm_generate_iv = true
-
-# Always set CKA_SENSITIVE=CK_TRUE including CKA_EXTRACTABLE=CK_TRUE
-# keys. (boolean value)
-#always_set_cka_sensitive = true
-
 
 [queue]
 
@@ -1685,6 +1214,7 @@
 # True enables queuing, False invokes workers synchronously (boolean
 # value)
 #enable = false
+
 
 # Queue namespace (string value)
 #namespace = barbican
@@ -1754,73 +1284,36 @@
 # Flag to enable multiple secret store plugin backend support. Default
 # is False (boolean value)
 #enable_multiple_secret_stores = false
+enable_multiple_secret_stores = True
 
 # List of suffix to use for looking up plugins which are supported
 # with multiple backend support. (list value)
 #stores_lookup_suffix = <None>
-
-
-[simple_crypto_plugin]
-
-#
-# From barbican.plugin.crypto.simple
-#
-
-# Key encryption key to be used by Simple Crypto Plugin (string value)
-#kek = dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg=
-
-# User friendly plugin name (string value)
-#plugin_name = Software Only Crypto
-
-
-[snakeoil_ca_plugin]
-
-#
-# From barbican.certificate.plugin.snakeoil
-#
-
-# Path to CA certificate file (string value)
-#ca_cert_path = <None>
-
-# Path to CA certificate key file (string value)
-#ca_cert_key_path = <None>
-
-# Path to CA certificate chain file (string value)
-#ca_cert_chain_path = <None>
-
-# Path to CA chain pkcs7 file (string value)
-#ca_cert_pkcs7_path = <None>
-
-# Directory in which to store certs/keys for subcas (string value)
-#subca_cert_key_directory = /etc/barbican/snakeoil-cas
+stores_lookup_suffix = software
 
 
 [ssl]
-
 #
 # From oslo.service.sslutils
 #
 
-# CA certificate file to use to verify connecting clients. (string
-# value)
+# CA certificate file to use to verify connecting clients. (string value)
 # Deprecated group/name - [DEFAULT]/ssl_ca_file
 #ca_file = <None>
 
-# Certificate file to use when starting the server securely. (string
-# value)
+# Certificate file to use when starting the server securely. (string value)
 # Deprecated group/name - [DEFAULT]/ssl_cert_file
 #cert_file = <None>
 
-# Private key file to use when starting the server securely. (string
-# value)
+# Private key file to use when starting the server securely. (string value)
 # Deprecated group/name - [DEFAULT]/ssl_key_file
 #key_file = <None>
 
-# SSL version to use (valid only if SSL enabled). Valid values are
-# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
-# available on some distributions. (string value)
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
 #version = <None>
 
-# Sets the list of available ciphers. value should be a string in the
-# OpenSSL cipher list format. (string value)
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
 #ciphers = <None>

2019-04-30 22:32:59,575 [salt.state       :1951][INFO    ][26758] Completed state [/etc/barbican/barbican.conf] at time 22:32:59.575064 duration_in_ms=224.722
2019-04-30 22:32:59,575 [salt.state       :1780][INFO    ][26758] Running state [barbican-db-manage upgrade] at time 22:32:59.575476
2019-04-30 22:32:59,575 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [barbican-db-manage upgrade]
2019-04-30 22:32:59,576 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command '/bin/false' in directory '/root'
2019-04-30 22:32:59,590 [salt.state       :300 ][INFO    ][26758] onlyif execution failed
2019-04-30 22:32:59,591 [salt.state       :1951][INFO    ][26758] Completed state [barbican-db-manage upgrade] at time 22:32:59.591032 duration_in_ms=15.557
2019-04-30 22:32:59,592 [salt.state       :1780][INFO    ][26758] Running state [barbican-manage db sync_secret_stores] at time 22:32:59.592130
2019-04-30 22:32:59,592 [salt.state       :1813][INFO    ][26758] Executing state cmd.run for [barbican-manage db sync_secret_stores]
2019-04-30 22:32:59,593 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command 'barbican-manage db sync_secret_stores' as user 'barbican' in directory '/var/lib/barbican'
2019-04-30 22:33:01,235 [salt.state       :300 ][INFO    ][26758] {'pid': 28686, 'retcode': 0, 'stderr': '', 'stdout': "2019-04-30 22:33:00.420 28691 INFO barbican.model.sync [-] Syncing the secret_stores table with barbican.conf\x1b[00m\n2019-04-30 22:33:00.421 28691 INFO barbican.model.repositories [-] Setting up database engine and session factory\x1b[00m\n2019-04-30 22:33:00.438 28691 WARNING oslo_db.sqlalchemy.engines [-] MySQL SQL mode is 'NO_ENGINE_SUBSTITUTION', consider enabling TRADITIONAL or STRICT_ALL_TABLES: Empty\x1b[00m\n2019-04-30 22:33:00.441 28691 INFO barbican.model.repositories [-] Not auto-creating barbican registry DB\x1b[00m\n2019-04-30 22:33:01.117 28691 INFO barbican.plugin.crypto.simple_crypto [-] Software Only Crypto initialized\x1b[00m"}
2019-04-30 22:33:01,236 [salt.state       :1951][INFO    ][26758] Completed state [barbican-manage db sync_secret_stores] at time 22:33:01.236743 duration_in_ms=1644.612
2019-04-30 22:33:01,238 [salt.state       :1780][INFO    ][26758] Running state [wsgi_barbican] at time 22:33:01.238918
2019-04-30 22:33:01,239 [salt.state       :1813][INFO    ][26758] Executing state apache_site.enabled for [wsgi_barbican]
2019-04-30 22:33:01,240 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['a2ensite', 'wsgi_barbican'] in directory '/root'
2019-04-30 22:33:01,281 [salt.state       :300 ][INFO    ][26758] {'new': 'wsgi_barbican', 'old': None}
2019-04-30 22:33:01,281 [salt.state       :1951][INFO    ][26758] Completed state [wsgi_barbican] at time 22:33:01.281470 duration_in_ms=42.552
2019-04-30 22:33:01,282 [salt.state       :1780][INFO    ][26758] Running state [wsgi_barbican_admin] at time 22:33:01.282328
2019-04-30 22:33:01,282 [salt.state       :1813][INFO    ][26758] Executing state apache_site.enabled for [wsgi_barbican_admin]
2019-04-30 22:33:01,283 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['a2ensite', 'wsgi_barbican_admin'] in directory '/root'
2019-04-30 22:33:01,319 [salt.state       :300 ][INFO    ][26758] {'new': 'wsgi_barbican_admin', 'old': None}
2019-04-30 22:33:01,319 [salt.state       :1951][INFO    ][26758] Completed state [wsgi_barbican_admin] at time 22:33:01.319869 duration_in_ms=37.541
2019-04-30 22:33:01,320 [salt.state       :1780][INFO    ][26758] Running state [apache2] at time 22:33:01.320842
2019-04-30 22:33:01,321 [salt.state       :1813][INFO    ][26758] Executing state service.running for [apache2]
2019-04-30 22:33:01,321 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:33:01,332 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'apache2.service'] in directory '/root'
2019-04-30 22:33:01,347 [salt.state       :300 ][INFO    ][26758] The service apache2 is already running
2019-04-30 22:33:01,347 [salt.state       :1951][INFO    ][26758] Completed state [apache2] at time 22:33:01.347492 duration_in_ms=26.649
2019-04-30 22:33:01,347 [salt.state       :1780][INFO    ][26758] Running state [apache2] at time 22:33:01.347709
2019-04-30 22:33:01,348 [salt.state       :1813][INFO    ][26758] Executing state service.mod_watch for [apache2]
2019-04-30 22:33:01,348 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'apache2.service'] in directory '/root'
2019-04-30 22:33:01,359 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'apache2.service'] in directory '/root'
2019-04-30 22:33:03,585 [salt.state       :300 ][INFO    ][26758] {'apache2': True}
2019-04-30 22:33:03,586 [salt.state       :1951][INFO    ][26758] Completed state [apache2] at time 22:33:03.586164 duration_in_ms=2238.455
2019-04-30 22:33:03,586 [salt.state       :1780][INFO    ][26758] Running state [barbican-keystone-listener] at time 22:33:03.586955
2019-04-30 22:33:03,587 [salt.state       :1813][INFO    ][26758] Executing state service.running for [barbican-keystone-listener]
2019-04-30 22:33:03,587 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'status', 'barbican-keystone-listener.service', '-n', '0'] in directory '/root'
2019-04-30 22:33:03,600 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'barbican-keystone-listener.service'] in directory '/root'
2019-04-30 22:33:03,610 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-keystone-listener.service'] in directory '/root'
2019-04-30 22:33:03,623 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'systemctl', 'start', 'barbican-keystone-listener.service'] in directory '/root'
2019-04-30 22:33:03,639 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'barbican-keystone-listener.service'] in directory '/root'
2019-04-30 22:33:03,651 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-keystone-listener.service'] in directory '/root'
2019-04-30 22:33:03,661 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-keystone-listener.service'] in directory '/root'
2019-04-30 22:33:03,673 [salt.state       :300 ][INFO    ][26758] {'barbican-keystone-listener': True}
2019-04-30 22:33:03,674 [salt.state       :1951][INFO    ][26758] Completed state [barbican-keystone-listener] at time 22:33:03.673948 duration_in_ms=86.992
2019-04-30 22:33:03,674 [salt.state       :1780][INFO    ][26758] Running state [barbican-worker] at time 22:33:03.674404
2019-04-30 22:33:03,674 [salt.state       :1813][INFO    ][26758] Executing state service.dead for [barbican-worker]
2019-04-30 22:33:03,675 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'status', 'barbican-worker.service', '-n', '0'] in directory '/root'
2019-04-30 22:33:03,687 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:03,697 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:03,707 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'systemctl', 'stop', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:18,745 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-active', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:18,756 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:18,766 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:18,780 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemd-run', '--scope', 'systemctl', 'disable', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:19,123 [salt.loaded.int.module.cmdmod:395 ][INFO    ][26758] Executing command ['systemctl', 'is-enabled', 'barbican-worker.service'] in directory '/root'
2019-04-30 22:33:19,145 [salt.state       :300 ][INFO    ][26758] {'barbican-worker': True}
2019-04-30 22:33:19,145 [salt.state       :1951][INFO    ][26758] Completed state [barbican-worker] at time 22:33:19.145873 duration_in_ms=15471.468
2019-04-30 22:33:19,148 [salt.minion      :1711][INFO    ][26758] Returning information for job: 20190430223235261068
2019-04-30 22:47:19,110 [salt.utils.schedule:1377][INFO    ][1731] Running scheduled job: __mine_interval
2019-04-30 22:50:27,003 [salt.minion      :1308][INFO    ][1731] User sudo_ubuntu Executing command cp.push_dir with jid 20190430225026989463
2019-04-30 22:50:27,016 [salt.minion      :1432][INFO    ][29384] Starting a new job with PID 29384
