Installation

Installation

Gnocchi can be installed using pip. Depending on the drivers and features you want to use (see Getting started for which driver to pick), you need to specify the extra variants you need. For example:

pip install gnocchi[postgresql,ceph,keystone]

This would install PostgreSQL support for the indexer, Ceph support for storage, and Keystone support for authentication and authorization.

The list of variants available is:

  • keystone – provides Keystone authentication support

  • mysql - provides MySQL indexer support

  • postgresql – provides PostgreSQL indexer support

  • swift – provides OpenStack Swift storage support

  • s3 – provides Amazon S3 storage support

  • ceph – provides Ceph (>= 0.80) storage support

  • ceph_alternative – provides Ceph (>= 12.2.0) storage support

  • redis – provides Redis storage support

  • prometheus – provides Prometheus Remote Write support

  • amqp1 – provides AMQP 1.0 support

  • doc – documentation building support

  • test – unit and functional tests support

To install Gnocchi from source, run the standard Python installation procedure:

pip install -e .

Again, depending on the drivers and features you want to use, you need to install extra variants using, for example:

pip install -e .[postgresql,ceph,ceph_recommended_lib]

Ceph requirements

The Ceph driver needs to have a Ceph user and a pool already created. They can be created for example with:

ceph osd pool create metrics 8 8
ceph auth get-or-create client.gnocchi mon "allow r" osd "allow rwx pool=metrics"

Gnocchi leverages some librados features (omap, async, operation context) available in the Ceph Python binding only since python-rados >= 12.2.0.

Configuration

Configuration file

No config file is provided with the source code; it will be created during the installation. In the case where no configuration file is installed, one can be easily created by running:

gnocchi-config-generator > /path/to/gnocchi.conf

By default, gnocchi looks for its configuration file in the following places, in order:

  • ~/.gnocchi/gnocchi.conf

  • ~/gnocchi.conf

  • /etc/gnocchi/gnocchi.conf

  • /etc/gnocchi.conf

  • ~/gnocchi/gnocchi.conf.d

  • ~/gnocchi.conf.d

  • /etc/gnocchi/gnocchi.conf.d

  • /etc/gnocchi.conf.d

Configure Gnocchi by editing the appropriate file.

The configuration file should be pretty explicit, but here are some of the base options you want to change and configure:

Option name

Help

storage.driver

The storage driver for metrics.

indexer.url

URL to your indexer.

storage.file_*

Configuration options to store files if you use the file storage driver.

storage.swift_*

Configuration options to access Swift if you use the Swift storage driver.

storage.ceph_*

Configuration options to access Ceph if you use the Ceph storage driver.

storage.s3_*

Configuration options to access S3 if you use the S3 storage driver.

storage.redis_*

Configuration options to access Redis if you use the Redis storage driver.

The same options are also available as incoming.<drivername>_* for configuring the incoming storage. If no incoming storage is set, the default is to use the configured storage driver.

Configuring authentication

The API server supports different authentication methods:

  • basic (the default) which uses the standard HTTP Authorization header. By default, only the user admin has some special permissions (e.g. create archive policies). The password of the authentication is not used.

  • keystone to use OpenStack Keystone. If you successfully installed the keystone flavor using pip (see Installation), you can set api.auth_mode to keystone to enable Keystone authentication. You also need to configure the keystone_authtoken section in gnocchi.conf with the proper value so Gnocchi is able to validate tokens.

  • remoteuser where Gnocchi will look at the HTTP server REMOTE_USER environment variable to get the username. Then the permissions model is the same as the basic mode.

Initialization

Once you have configured Gnocchi properly you need to initialize the indexer and storage:

gnocchi-upgrade

Upgrading

In order to upgrade from a previous version of Gnocchi, you need to make sure that your indexer and storage are properly upgraded.

Warning

Upgrade is only supported between one major version to another or between minor versions, e.g.:

  • version 2.0 to version 2.1 or 2.2 is supported

  • version 2.1 to version 3.0 is supported

  • version 2 to version 4 is not supported.

Run the following:

  1. Stop the old version of Gnocchi API server and gnocchi-statsd daemon

  2. Stop the old version of gnocchi-metricd daemon

Warning

Data in backlog is never migrated between versions. Ensure the backlog is empty before any upgrade to ensure data is not lost.

  1. Install the new version of Gnocchi

  2. Run gnocchi-upgrade.

    This will take from a few minutes to several hours depending on the size of your index and storage.

  3. Start the new Gnocchi API server, gnocchi-metricd and gnocchi-statsd daemons

Installation using Docker

The gnocchi-docker repository contains the needed Dockerfile and script to build a Docker image containing Gnocchi latest version (fetched from PyPI). It also provides an example of docker-compose file in order to run a full deployment on Gnocchi (indexer and storage included).

Installation using OpenShift

The gnocchi-openshift repository contains the needed Dockerfile and script to build a Docker image containing Gnocchi latest version (fetched from PyPI).

Gnocchi Configuration sample

[DEFAULT]

#
# From cotyledon
#

# Enables or disables logging values of all registered options when starting a
# service (at DEBUG level). (boolean value)
# Note: This option can be changed without restarting.
#log_options = true

# Specify a timeout after which a gracefully shutdown server will exit. Zero
# value means endless wait. (integer value)
# Note: This option can be changed without restarting.
#graceful_shutdown_timeout = 60

#
# From gnocchi
#

# If set to true, the logging level will be set to DEBUG. (boolean value)
#debug = false

# If set to true, the logging level will be set to INFO. (boolean value)
#verbose = true

# Base directory for log files. If not set, logging will go to stderr. (string
# value)
#log_dir = <None>

# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. (string value)
#log_file = <None>

# Coordination driver URL (string value)
#coordination_url = <None>

# Number of threads to use to parallelize some operations. Default is set to
# the number of CPU available. (integer value)
# Minimum value: 1
# Deprecated group/name - [storage]/aggregation_workers_number
#parallel_operations = <None>

# Use syslog for logging. (boolean value)
#use_syslog = false

# Enable journald for logging. If running in a systemd environment you may wish
# to enable journal support. Doing so will use the journal native protocol
# which includes structured metadata in addition to log messages. (boolean
# value)
#use_journal = false

# Syslog facility to receive log lines. (string value)
#syslog_log_facility = user


[amqp1d]

#
# From gnocchi
#

# AMQP 1.0 URL to listen to (string value)
#url = localhost:5672/u/collectd/telemetry

# Data source for amqp1d (string value)
# Possible values:
# collectd - <No description provided>
#data_source = collectd

# Resource type name to use to identify metrics (string value)
#resource_type = collectd_amqp1d

# Creator value to use to amqpd1 (string value)
#creator = <None>

# Delay between flushes in seconds (floating point value)
#flush_delay = 10


[api]

#
# From gnocchi
#

# Path to API Paste configuration. (string value)
#paste_config = api-paste.ini

# Authentication mode to use. (string value)
# Possible values:
# basic - <No description provided>
# keystone - <No description provided>
# remoteuser - <No description provided>
#auth_mode = basic

# The maximum number of items returned in a single response from a collection
# resource (integer value)
#max_limit = 1000

# Number of seconds before timeout when attempting to do some operations.
# (integer value)
# Minimum value: 0
# Deprecated group/name - [api]/refresh_timeout
#operation_timeout = 10

# Custom UWSGI path to avoid auto discovery of packages. (string value)
#uwsgi_path = <None>

# Host to listen on (host address value)
#host = 0.0.0.0

# Port to listen on (port value)
# Minimum value: 0
# Maximum value: 65535
#port = 8041

# Socket type to use for uWSGI:
# * http: support HTTP/1.1 and keepalive,
#   but not chunked encoding (InfluxDB)
# * http-socket/socket: support chunked encoding, but require a upstream HTTP
#   Server for HTTP/1.1, keepalive and HTTP protocol correctness.
#  (string value)
# Possible values:
# http - <No description provided>
# http-socket - <No description provided>
# socket - <No description provided>
#uwsgi_mode = http

# Whether the application is behind a proxy or not. This determines if the
# middleware should parse the headers or not. (boolean value)
#enable_proxy_headers_parsing = false


[archive_policy]

#
# From gnocchi
#

# Default aggregation methods to use in created archive policies (list value)
#default_aggregation_methods = mean,min,max,sum,std,count


[cors]

#
# From oslo.middleware.cors
#

# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
# slash. Example: https://horizon.example.com (list value)
#allowed_origin = <None>

# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true

# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers =

# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600

# Indicate which methods can be used during the actual request. (list value)
#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH

# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = Authorization,X-Auth-Token,X-Subject-Token,X-User-Id,X-Domain-Id,X-Project-Id,X-Roles


[healthcheck]

#
# From oslo.middleware.healthcheck
#

# DEPRECATED: The path to respond to healtcheck requests on. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#path = /healthcheck

# Show more detailed information as part of the response. Security note:
# Enabling this option may expose sensitive details about the service being
# monitored. Be sure to verify that it will not violate your security policies.
# (boolean value)
#detailed = false

# Additional backends that can perform health checks and report that
# information back as part of a request. (list value)
#backends =

# A list of network addresses to limit source ip allowed to access healthcheck
# information. Any request from ip outside of these network addresses are
# ignored. (list value)
#allowed_source_ranges =

# Ignore requests with proxy headers. (boolean value)
#ignore_proxied_requests = false

# Check the presence of a file to determine if an application is running on a
# port. Used by DisableByFileHealthcheck plugin. (string value)
#disable_by_file_path = <None>

# Check the presence of a file based on a port to determine if an application
# is running on a port. Expects a "port:path" list of strings. Used by
# DisableByFilesPortsHealthcheck plugin. (list value)
#disable_by_file_paths =

# Check the presence of files. Used by EnableByFilesHealthcheck plugin. (list
# value)
#enable_by_file_paths =


[incoming]

#
# From gnocchi
#

# Storage driver to use (string value)
#driver = ${storage.driver}

# Ceph pool name to use. (string value)
#ceph_pool = ${storage.ceph_pool}

# Ceph username (ie: admin without "client." prefix). (string value)
#ceph_username = ${storage.ceph_username}

# Ceph key (string value)
#ceph_secret = ${storage.ceph_secret}

# Ceph keyring path. (string value)
#ceph_keyring = ${storage.ceph_keyring}

# Ceph connection timeout in seconds (string value)
#ceph_timeout = ${storage.ceph_timeout}

# Ceph configuration file. (string value)
#ceph_conffile = ${storage.ceph_conffile}

# Path used to store gnocchi data files. (string value)
#file_basepath = ${storage.file_basepath}

# if > 0, this create a subdirectory for every N bytesof the metric uuid
# (integer value)
# Minimum value: 0
# Maximum value: 32
#file_subdir_len = ${storage.file_subdir_len}

# Swift authentication version to user. (string value)
#swift_auth_version = ${storage.swift_auth_version}

# If True, swiftclient won't check for a valid SSL certificate when
# authenticating. (boolean value)
#swift_auth_insecure = ${storage.swift_auth_insecure}

# Swift URL. If unset, it is obtained from the auth service. (string value)
#swift_url = ${storage.swift_url}

# Swift auth URL. (string value)
#swift_authurl = ${storage.swift_authurl}

# Swift token to user to authenticate. (string value)
#swift_preauthtoken = ${storage.swift_preauthtoken}

# A string giving the CA certificate file to use in SSL connections for
# verifying certs. (string value)
#swift_cacert = ${storage.swift_cacert}

# Swift region. (string value)
#swift_region = ${storage.swift_region}

# Swift user. (string value)
#swift_user = ${storage.swift_user}

# Swift user domain name. (string value)
#swift_user_domain_name = ${storage.swift_user_domain_name}

# Swift key/password. (string value)
#swift_key = ${storage.swift_key}

# Swift tenant name, only used in v2/v3 auth. (string value)
# Deprecated group/name - [incoming]/swift_tenant_name
#swift_project_name = ${storage.swift_project_name}

# Swift project domain name. (string value)
#swift_project_domain_name = ${storage.swift_project_domain_name}

# Prefix to namespace metric containers. (string value)
#swift_container_prefix = ${storage.swift_container_prefix}

# Storage policy to use when creating containers. When unset, the default Swift
# storage policy is used. (string value)
#swift_storage_policy = ${storage.swift_storage_policy}

# Endpoint type to connect to Swift (string value)
#swift_endpoint_type = ${storage.swift_endpoint_type}

# A string giving the service type of the swift service to use. This setting is
# only used if swift_auth_version is 2. (string value)
#swift_service_type = ${storage.swift_service_type}

# Connection timeout in seconds. (integer value)
# Minimum value: 0
#swift_timeout = ${storage.swift_timeout}

# Redis URL
#
#   For example::
#
#     redis://[username:password]@localhost:6379?db=0
#
#   We proxy some options to the redis client (used to configure the redis
# client
#   internals so that it works as you expect/want it to):  `db`, `encoding`,
# `health_check_interval`, `retry_on_timeout`, `sentinel`, `sentinel_fallback`,
# `sentinel_password`, `sentinel_ssl`, `sentinel_username`, `socket_keepalive`,
# `socket_timeout`, `ssl`, `ssl_ca_certs`, `ssl_certfile`, `ssl_keyfile`
#
#   Further resources/links:
#
#    - http://redis-py.readthedocs.org/en/latest/#redis.Redis
#    - https://github.com/andymccurdy/redis-py/blob/2.10.3/redis/client.py
#
#   To use a `sentinel`_ the connection URI must point to the sentinel server.
#   At connection time the sentinel will be asked for the current IP and port
#   of the master and then connect there. The connection URI for sentinel
#   should be written as follows::
#
#     redis://<sentinel host>:<sentinel port>?sentinel=<master name>
#
#   Additional sentinel hosts are listed with multiple ``sentinel_fallback``
#   parameters as follows::
#
#       redis://<sentinel host>:<sentinel port>?sentinel=<master name>&
#         sentinel_fallback=<other sentinel host>:<sentinel port>&
#         sentinel_fallback=<other sentinel host>:<sentinel port>&
#         sentinel_fallback=<other sentinel host>:<sentinel port>
#
#   Further resources/links:
#
#   - http://redis.io/
#   - http://redis.io/topics/sentinel
#   - http://redis.io/topics/cluster-spec
#
#  (string value)
#redis_url = ${storage.redis_url}

# S3 endpoint URL (string value)
#s3_endpoint_url = ${storage.s3_endpoint_url}

# S3 region name (string value)
#s3_region_name = ${storage.s3_region_name}

# S3 access key id (string value)
#s3_access_key_id = ${storage.s3_access_key_id}

# S3 secret access key (string value)
#s3_secret_access_key = ${storage.s3_secret_access_key}

# Prefix to namespace metric bucket. (string value)
#s3_bucket_prefix = ${storage.s3_bucket_prefix}

# Maximum time to wait checking data consistency when writing to S3. Set to 0
# to disable data consistency validation. (floating point value)
# Minimum value: 0
#s3_check_consistency_timeout = ${storage.s3_check_consistency_timeout}

# The maximum number of connections to keep in a connection pool. (integer
# value)
# Minimum value: 1
#s3_max_pool_connections = ${storage.s3_max_pool_connections}


[indexer]

#
# From gnocchi
#

# Indexer driver to use (string value)
#url = postgresql://localhost/postgres?host=/tmp/tmpgj02qe4h&port=9824


[keystone_authtoken]

#
# From keystonemiddleware.auth_token
#

# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. (string
# value)
# Deprecated group/name - [keystone_authtoken]/auth_uri
#www_authenticate_uri = <None>

# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
# be an "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. This option
# is deprecated in favor of www_authenticate_uri and will be removed in the S
# release. (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
# and will be removed in the S  release.
#auth_uri = <None>

# API version of the Identity API endpoint. (string value)
#auth_version = <None>

# Interface to use for the Identity API endpoint. Valid values are "public",
# "internal" (default) or "admin". (string value)
#interface = internal

# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
#delay_auth_decision = false

# Request timeout value for communicating with Identity API server. (integer
# value)
#http_connect_timeout = <None>

# How many times are we trying to reconnect when communicating with Identity
# API Server. (integer value)
#http_request_max_retries = 3

# Request environment key where the Swift cache object is stored. When
# auth_token middleware is deployed with a Swift cache, use this option to have
# the middleware share a caching backend with swift. Otherwise, use the
# ``memcached_servers`` option instead. (string value)
#cache = <None>

# Required if identity server requires client certificate (string value)
#certfile = <None>

# Required if identity server requires client certificate (string value)
#keyfile = <None>

# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
#cafile = <None>

# Verify HTTPS connections. (boolean value)
#insecure = false

# The region in which the identity server can be found. (string value)
#region_name = <None>

# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
#memcached_servers = <None>

# In order to prevent excessive effort spent validating tokens, the middleware
# caches previously-seen tokens for a configurable duration (in seconds). Set
# to -1 to disable caching completely. (integer value)
#token_cache_time = 300

# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
# Possible values:
# None - <No description provided>
# MAC - <No description provided>
# ENCRYPT - <No description provided>
#memcache_security_strategy = None

# (Optional, mandatory if memcache_security_strategy is defined) This string is
# used for key derivation. (string value)
#memcache_secret_key = <None>

# (Optional) Number of seconds memcached server is considered dead before it is
# tried again. (integer value)
#memcache_pool_dead_retry = 300

# (Optional) Maximum total number of open connections to every memcached
# server. (integer value)
#memcache_pool_maxsize = 10

# (Optional) Socket timeout in seconds for communicating with a memcached
# server. (integer value)
#memcache_pool_socket_timeout = 3

# (Optional) Number of seconds a connection to memcached is held unused in the
# pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60

# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10

# (Optional) Use the advanced (eventlet safe) memcached client pool. (boolean
# value)
#memcache_use_advanced_pool = true

# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
# set the X-Service-Catalog header. (boolean value)
#include_service_catalog = true

# Used to control the use and type of token binding. Can be set to: "disabled"
# to not check token binding. "permissive" (default) to validate binding
# information if the bind type is of a form known to the server and ignore it
# if not. "strict" like "permissive" but if the bind type is unknown the token
# will be rejected. "required" any form of token binding is needed to be
# allowed. Finally the name of a binding method that must be present in tokens.
# (string value)
#enforce_token_bind = permissive

# A choice of roles that must be present in a service token. Service tokens are
# allowed to request that an expired token can be used and so this check should
# tightly control that only actual services should be sending this token. Roles
# here are applied as an ANY check so any role in this list must be present.
# For backwards compatibility reasons this currently only affects the
# allow_expired check. (list value)
#service_token_roles = service

# For backwards compatibility reasons we must let valid service tokens pass
# that don't pass the service_token_roles check as valid. Setting this true
# will become the default in a future release and should be enabled if
# possible. (boolean value)
#service_token_roles_required = false

# The name or type of the service as it appears in the service catalog. This is
# used to validate tokens that have restricted access rules. (string value)
#service_type = <None>

# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
#auth_type = <None>

# Config Section from which to load plugin specific options (string value)
#auth_section = <None>


[metricd]

#
# From gnocchi
#

# Number of workers for Gnocchi metric daemons. By default the available number
# of CPU is used. (integer value)
# Minimum value: 1
#workers = <None>

# How many seconds to wait between scheduling new metrics to process (integer
# value)
#metric_processing_delay = 60

# Allow to bypass `metric_processing_delay` if metricd is notified that
# measures are ready to be processed. (boolean value)
#greedy = true

# How many seconds to wait between metric ingestion reporting. Set value to -1
# to disable reporting (integer value)
# Minimum value: -1
#metric_reporting_delay = 120

# How many seconds to wait between cleaning of expired data (integer value)
#metric_cleanup_delay = 300

# Number of workers that share a task. A higher value may improve worker
# utilization but may also increase load on coordination backend. Value is
# capped by number of workers globally. (integer value)
# Minimum value: 1
#processing_replicas = 3

# Number of metrics that should be deleted simultaneously by one janitor.
# (integer value)
# Minimum value: 1
#cleanup_batch_size = 10000


[oslo_policy]

#
# From oslo.policy
#

# DEPRECATED: This option controls whether or not to enforce scope when
# evaluating policies. If ``True``, the scope of the token used in the request
# is compared to the ``scope_types`` of the policy being enforced. If the
# scopes do not match, an ``InvalidScope`` exception will be raised. If
# ``False``, a message will be logged informing operators that policies are
# being invoked with mismatching scope. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This configuration was added temporarily to facilitate a smooth
# transition to the new RBAC. OpenStack will always enforce scope checks. This
# configuration option is deprecated and will be removed in the 2025.2 cycle.
#enforce_scope = true

# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going
# to be evaluated. This means if any existing token is allowed for old defaults
# but is disallowed for new defaults, it will be disallowed. It is encouraged
# to enable this flag along with the ``enforce_scope`` flag so that you can get
# the benefits of new defaults and ``scope_type`` together. If ``False``, the
# deprecated policy check string is logically OR'd with the new policy check
# string, allowing for a graceful upgrade experience between releases with new
# policies, which is the default behavior. (boolean value)
#enforce_new_defaults = true

# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)
#policy_file = policy.yaml

# Default rule. Enforced when a requested rule is not found. (string value)
#policy_default_rule = default

# Directories where policy configuration files are stored. They can be relative
# to any directory in the search path defined by the config_dir option, or
# absolute paths. The file defined by policy_file must exist for these
# directories to be searched.  Missing or empty directories are ignored. (multi
# valued)
#policy_dirs = policy.d

# Content Type to send and receive data for REST based policy check (string
# value)
# Possible values:
# application/x-www-form-urlencoded - <No description provided>
# application/json - <No description provided>
#remote_content_type = application/x-www-form-urlencoded

# server identity verification for REST based policy check (boolean value)
#remote_ssl_verify_server_crt = false

# Absolute path to ca cert file for REST based policy check (string value)
#remote_ssl_ca_crt_file = <None>

# Absolute path to client cert for REST based policy check (string value)
#remote_ssl_client_crt_file = <None>

# Absolute path client key file REST based policy check (string value)
#remote_ssl_client_key_file = <None>

# Timeout in seconds for REST based policy check (floating point value)
# Minimum value: 0
#remote_timeout = 60


[statsd]

#
# From gnocchi
#

# The listen IP for statsd (host address value)
#host = 0.0.0.0

# The port for statsd (port value)
# Minimum value: 0
# Maximum value: 65535
#port = 8125

# Resource UUID to use to identify statsd in Gnocchi (unknown value)
#resource_id = <None>

# Creator value to use to identify statsd in Gnocchi (string value)
#creator = <None>

# Archive policy name to use when creating metrics (string value)
#archive_policy_name = <None>

# Delay between flushes (floating point value)
#flush_delay = 10


[storage]

#
# From gnocchi
#

# Storage driver to use (string value)
#driver = file

# Ceph pool name to use. (string value)
#ceph_pool = gnocchi

# Ceph username (ie: admin without "client." prefix). (string value)
#ceph_username = <None>

# Ceph key (string value)
#ceph_secret = <None>

# Ceph keyring path. (string value)
#ceph_keyring = <None>

# Ceph connection timeout in seconds (string value)
#ceph_timeout = 30

# Ceph configuration file. (string value)
#ceph_conffile = /etc/ceph/ceph.conf

# Path used to store gnocchi data files. (string value)
#file_basepath = /var/lib/gnocchi

# if > 0, this create a subdirectory for every N bytesof the metric uuid
# (integer value)
# Minimum value: 0
# Maximum value: 32
#file_subdir_len = 2

# Swift authentication version to user. (string value)
#swift_auth_version = 1

# If True, swiftclient won't check for a valid SSL certificate when
# authenticating. (boolean value)
#swift_auth_insecure = false

# Swift URL. If unset, it is obtained from the auth service. (string value)
#swift_url = <None>

# Swift auth URL. (string value)
#swift_authurl = http://localhost:8080/auth/v1.0

# Swift token to user to authenticate. (string value)
#swift_preauthtoken = <None>

# A string giving the CA certificate file to use in SSL connections for
# verifying certs. (string value)
#swift_cacert = <None>

# Swift region. (string value)
#swift_region = <None>

# Swift user. (string value)
#swift_user = admin:admin

# Swift user domain name. (string value)
#swift_user_domain_name = Default

# Swift key/password. (string value)
#swift_key = admin

# Swift tenant name, only used in v2/v3 auth. (string value)
# Deprecated group/name - [storage]/swift_tenant_name
#swift_project_name = <None>

# Swift project domain name. (string value)
#swift_project_domain_name = Default

# Prefix to namespace metric containers. (string value)
#swift_container_prefix = gnocchi

# Storage policy to use when creating containers. When unset, the default Swift
# storage policy is used. (string value)
#swift_storage_policy = <None>

# Endpoint type to connect to Swift (string value)
#swift_endpoint_type = publicURL

# A string giving the service type of the swift service to use. This setting is
# only used if swift_auth_version is 2. (string value)
#swift_service_type = object-store

# Connection timeout in seconds. (integer value)
# Minimum value: 0
#swift_timeout = 300

# Redis URL
#
#   For example::
#
#     redis://[username:password]@localhost:6379?db=0
#
#   We proxy some options to the redis client (used to configure the redis
# client
#   internals so that it works as you expect/want it to):  `db`, `encoding`,
# `health_check_interval`, `retry_on_timeout`, `sentinel`, `sentinel_fallback`,
# `sentinel_password`, `sentinel_ssl`, `sentinel_username`, `socket_keepalive`,
# `socket_timeout`, `ssl`, `ssl_ca_certs`, `ssl_certfile`, `ssl_keyfile`
#
#   Further resources/links:
#
#    - http://redis-py.readthedocs.org/en/latest/#redis.Redis
#    - https://github.com/andymccurdy/redis-py/blob/2.10.3/redis/client.py
#
#   To use a `sentinel`_ the connection URI must point to the sentinel server.
#   At connection time the sentinel will be asked for the current IP and port
#   of the master and then connect there. The connection URI for sentinel
#   should be written as follows::
#
#     redis://<sentinel host>:<sentinel port>?sentinel=<master name>
#
#   Additional sentinel hosts are listed with multiple ``sentinel_fallback``
#   parameters as follows::
#
#       redis://<sentinel host>:<sentinel port>?sentinel=<master name>&
#         sentinel_fallback=<other sentinel host>:<sentinel port>&
#         sentinel_fallback=<other sentinel host>:<sentinel port>&
#         sentinel_fallback=<other sentinel host>:<sentinel port>
#
#   Further resources/links:
#
#   - http://redis.io/
#   - http://redis.io/topics/sentinel
#   - http://redis.io/topics/cluster-spec
#
#  (string value)
#redis_url = redis://localhost:6379/

# S3 endpoint URL (string value)
#s3_endpoint_url = <None>

# S3 region name (string value)
#s3_region_name = <None>

# S3 access key id (string value)
#s3_access_key_id = <None>

# S3 secret access key (string value)
#s3_secret_access_key = <None>

# Prefix to namespace metric bucket. (string value)
#s3_bucket_prefix = gnocchi

# Maximum time to wait checking data consistency when writing to S3. Set to 0
# to disable data consistency validation. (floating point value)
# Minimum value: 0
#s3_check_consistency_timeout = 60

# The maximum number of connections to keep in a connection pool. (integer
# value)
# Minimum value: 1
#s3_max_pool_connections = 50