drydock/examples/drydock.conf.keystone

[DEFAULT]

#
# From drydock_provisioner
#

# Polling interval in seconds for checking subtask or downstream status (integer
# value)
#poll_interval = 10


[authentication]

#
# From drydock_provisioner
#

# Client request authentication strategy (string value)
#auth_strategy = keystone

# X-Auth-Token value to bypass backend authentication (string value)
#admin_token = bigboss

# Can backend authentication be bypassed? (boolean value)
#bypass_enabled = false


[bootdata]

#
# From drydock_provisioner
#

# Path to file to distribute for prom_init.sh (string value)
#prom_init = /etc/drydock/bootdata/join.sh


[keystone_authtoken]

#
# From keystonemiddleware.auth_token
#

# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
# clients are redirected to this endpoint to authenticate. Although this
# endpoint should  ideally be unversioned, client support in the wild varies.
# If you're using a versioned v2 endpoint here, then this  should *not* be the
# same endpoint the service user utilizes  for validating tokens, because normal
# end users may not be  able to reach that endpoint. (string value)
auth_uri = http://172.20.0.3:5000/v3

# API version of the admin Identity API endpoint. (string value)
auth_version = 3

# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
delay_auth_decision = true

# Request timeout value for communicating with Identity API server. (integer
# value)
#http_connect_timeout = <None>

# How many times are we trying to reconnect when communicating with Identity API
# Server. (integer value)
#http_request_max_retries = 3

# Request environment key where the Swift cache object is stored. When
# auth_token middleware is deployed with a Swift cache, use this option to have
# the middleware share a caching backend with swift. Otherwise, use the
# ``memcached_servers`` option instead. (string value)
#cache = <None>

# Required if identity server requires client certificate (string value)
#certfile = <None>

# Required if identity server requires client certificate (string value)
#keyfile = <None>

# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
#cafile = <None>

# Verify HTTPS connections. (boolean value)
#insecure = false

# The region in which the identity server can be found. (string value)
#region_name = <None>

# Directory used to cache files related to PKI tokens. (string value)
#signing_dir = <None>

# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
#memcached_servers = <None>

# In order to prevent excessive effort spent validating tokens, the middleware
# caches previously-seen tokens for a configurable duration (in seconds). Set to
# -1 to disable caching completely. (integer value)
#token_cache_time = 300

# Determines the frequency at which the list of revoked tokens is retrieved from
# the Identity service (in seconds). A high number of revocation events combined
# with a low cache duration may significantly reduce performance. Only valid for
# PKI tokens. (integer value)
#revocation_cache_time = 10

# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
# Allowed values: None, MAC, ENCRYPT
#memcache_security_strategy = None

# (Optional, mandatory if memcache_security_strategy is defined) This string is
# used for key derivation. (string value)
#memcache_secret_key = <None>

# (Optional) Number of seconds memcached server is considered dead before it is
# tried again. (integer value)
#memcache_pool_dead_retry = 300

# (Optional) Maximum total number of open connections to every memcached server.
# (integer value)
#memcache_pool_maxsize = 10

# (Optional) Socket timeout in seconds for communicating with a memcached
# server. (integer value)
#memcache_pool_socket_timeout = 3

# (Optional) Number of seconds a connection to memcached is held unused in the
# pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60

# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10

# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false

# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
# set the X-Service-Catalog header. (boolean value)
#include_service_catalog = true

# Used to control the use and type of token binding. Can be set to: "disabled"
# to not check token binding. "permissive" (default) to validate binding
# information if the bind type is of a form known to the server and ignore it if
# not. "strict" like "permissive" but if the bind type is unknown the token will
# be rejected. "required" any form of token binding is needed to be allowed.
# Finally the name of a binding method that must be present in tokens. (string
# value)
#enforce_token_bind = permissive

# If true, the revocation list will be checked for cached tokens. This requires
# that PKI tokens are configured on the identity server. (boolean value)
#check_revocations_for_cached = false

# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
# or multiple. The algorithms are those supported by Python standard
# hashlib.new(). The hashes will be tried in the order given, so put the
# preferred one first for performance. The result of the first hash will be
# stored in the cache. This will typically be set to multiple values only while
# migrating from a less secure algorithm to a more secure one. Once all the old
# tokens are expired this option should be set to a single value for better
# performance. (list value)
#hash_algorithms = md5

# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
auth_type = password

# Config Section from which to load plugin specific options (string value)
auth_section = keystone_authtoken_password


[keystone_authtoken_password]

#
# From drydock_provisioner
#

# Authentication URL (string value)
auth_url = http://172.20.0.3:5000/

# Domain ID to scope to (string value)
#domain_id = <None>

# Domain name to scope to (string value)
domain_name = ucp

# Project ID to scope to (string value)
# Deprecated group/name - [keystone_authtoken_password]/tenant_id
#project_id = <None>

# Project name to scope to (string value)
# Deprecated group/name - [keystone_authtoken_password]/tenant_name
project_name = service

# Domain ID containing project (string value)
#project_domain_id = <None>

# Domain name containing project (string value)
project_domain_name = ucp

# Trust ID (string value)
#trust_id = <None>

# Optional domain ID to use with v3 and v2 parameters. It will be used for both
# the user and project domain in v3 and ignored in v2 authentication. (string
# value)
#default_domain_id = <None>

# Optional domain name to use with v3 API and v2 parameters. It will be used for
# both the user and project domain in v3 and ignored in v2 authentication.
# (string value)
default_domain_name = ucp

# User id (string value)
#user_id = <None>

# Username (string value)
# Deprecated group/name - [keystone_authtoken_password]/user_name
#username = <None>
user_name = drydock

# User's domain id (string value)
#user_domain_id = <None>

# User's domain name (string value)
user_domain_name = ucp

# User's password (string value)
password = drydock


[logging]

#
# From drydock_provisioner
#

# Global log level for Drydock (string value)
#log_level = INFO

# Logger name for the top-level logger (string value)
#global_logger_name = drydock

# Logger name for OOB driver logging (string value)
#oobdriver_logger_name = ${global_logger_name}.oobdriver

# Logger name for Node driver logging (string value)
#nodedriver_logger_name = ${global_logger_name}.nodedriver

# Logger name for API server logging (string value)
#control_logger_name = ${global_logger_name}.control


[maasdriver]

#
# From drydock_provisioner
#

# The API key for accessing MaaS (string value)
#maas_api_key = <None>

# The URL for accessing MaaS API (string value)
#maas_api_url = <None>

# Polling interval for querying MaaS status in seconds (integer value)
#poll_interval = 10


[oslo_policy]

#
# From oslo.policy
#

# The file that defines policies. (string value)
#policy_file = policy.json

# Default rule. Enforced when a requested rule is not found. (string value)
#policy_default_rule = default

# Directories where policy configuration files are stored. They can be relative
# to any directory in the search path defined by the config_dir option, or
# absolute paths. The file defined by policy_file must exist for these
# directories to be searched.  Missing or empty directories are ignored. (multi
# valued)
#policy_dirs = policy.d


[plugins]

#
# From drydock_provisioner
#

# Module path string of a input ingester to enable (multi valued)
#ingester = drydock_provisioner.ingester.plugins.yaml.YamlIngester

# Module path string of a OOB driver to enable (multi valued)
#oob_driver = drydock_provisioner.drivers.oob.pyghmi_driver.PyghmiDriver

# Module path string of the Node driver to enable (string value)
#node_driver = drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver

# Module path string of the Network driver enable (string value)
#network_driver = <None>


[timeouts]

#
# From drydock_provisioner
#

# Fallback timeout when a specific one is not configured (integer value)
#drydock_timeout = 5

# Timeout in minutes for creating site network templates (integer value)
#create_network_template = 2

# Timeout in minutes for creating user credentials (integer value)
#configure_user_credentials = 2

# Timeout in minutes for initial node identification (integer value)
#identify_node = 10

# Timeout in minutes for node commissioning and hardware configuration (integer
# value)
#configure_hardware = 30

# Timeout in minutes for configuring node networking (integer value)
#apply_node_networking = 5

# Timeout in minutes for configuring node platform (integer value)
#apply_node_platform = 5

# Timeout in minutes for deploying a node (integer value)
#deploy_node = 45