[DEFAULT] [airflow] # # From shipyard_api # # Airflow worker url scheme (string value) #worker_endpoint_scheme = http # Airflow worker port (integer value) #worker_port = 8793 [armada] # # From shipyard_api # # The service type for the service playing the role of Armada. The specified # type is used to perform the service lookup in the Keystone service catalog. # (string value) #service_type = armada [base] # # From shipyard_api # # The web server for Airflow (string value) #web_server = http://localhost:8080/ # Seconds to wait to connect to the airflow api (integer value) #airflow_api_connect_timeout = 5 # Seconds to wait for a response from the airflow api (integer value) #airflow_api_read_timeout = 60 # The database for shipyard (string value) #postgresql_db = postgresql+psycopg2://shipyard:changeme@postgresql.ucp:5432/shipyard # The database for airflow (string value) #postgresql_airflow_db = postgresql+psycopg2://shipyard:changeme@postgresql.ucp:5432/airflow # The SQLalchemy database connection pool size. (integer value) #pool_size = 15 # Should DB connections be validated prior to use. (boolean value) #pool_pre_ping = true # How long a request for a connection should wait before one becomes available. # (integer value) #pool_timeout = 30 # How many connections above pool_size are allowed to be open during high # usage. (integer value) #pool_overflow = 10 # Time, in seconds, when a connection should be closed and re-established. -1 # for no recycling. (integer value) #connection_recycle = -1 # The directory containing the alembic.ini file (string value) #alembic_ini_path = /home/shipyard/shipyard # Enable profiling of API requests. Do NOT use in production. (boolean value) #profiler = false [deckhand] # # From shipyard_api # # The service type for the service playing the role of Deckhand. The specified # type is used to perform the service lookup in the Keystone service catalog. # (string value) #service_type = deckhand [drydock] # # From shipyard_api # # The service type for the service playing the role of Drydock. The specified # type is used to perform the service lookup in the Keystone service catalog. # (string value) #service_type = physicalprovisioner [k8s_logs] # # From shipyard_api # # Namespace of Airship Pods (string value) #ucp_namespace = ucp [keystone_authtoken] # # From keystonemiddleware.auth_token # # Complete "public" Identity API endpoint. This endpoint should not be an # "admin" endpoint, as it should be accessible by all end users. # Unauthenticated clients are redirected to this endpoint to authenticate. # Although this endpoint should ideally be unversioned, client support in the # wild varies. If you're using a versioned v2 endpoint here, then this should # *not* be the same endpoint the service user utilizes for validating tokens, # because normal end users may not be able to reach that endpoint. (string # value) # Deprecated group/name - [keystone_authtoken]/auth_uri #www_authenticate_uri = # DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not # be an "admin" endpoint, as it should be accessible by all end users. # Unauthenticated clients are redirected to this endpoint to authenticate. # Although this endpoint should ideally be unversioned, client support in the # wild varies. If you're using a versioned v2 endpoint here, then this should # *not* be the same endpoint the service user utilizes for validating tokens, # because normal end users may not be able to reach that endpoint. This option # is deprecated in favor of www_authenticate_uri and will be removed in the S # release. (string value) # This option is deprecated for removal since Queens. # Its value may be silently ignored in the future. # Reason: The auth_uri option is deprecated in favor of www_authenticate_uri # and will be removed in the S release. #auth_uri = # API version of the admin Identity API endpoint. (string value) #auth_version = # Do not handle authorization requests within the middleware, but delegate the # authorization decision to downstream WSGI components. (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. (integer # value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with Identity # API Server. (integer value) #http_request_max_retries = 3 # Request environment key where the Swift cache object is stored. When # auth_token middleware is deployed with a Swift cache, use this option to have # the middleware share a caching backend with swift. Otherwise, use the # ``memcached_servers`` option instead. (string value) #cache = # Required if identity server requires client certificate (string value) #certfile = # Required if identity server requires client certificate (string value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs connections. # Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. (string value) #region_name = # DEPRECATED: Directory used to cache files related to PKI tokens. This option # has been deprecated in the Ocata release and will be removed in the P # release. (string value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. If left # undefined, tokens will instead be cached in-process. (list value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the middleware # caches previously-seen tokens for a configurable duration (in seconds). Set # to -1 to disable caching completely. (integer value) #token_cache_time = 300 # DEPRECATED: Determines the frequency at which the list of revoked tokens is # retrieved from the Identity service (in seconds). A high number of revocation # events combined with a low cache duration may significantly reduce # performance. Only valid for PKI tokens. This option has been deprecated in # the Ocata release and will be removed in the P release. (integer value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be authenticated or # authenticated and encrypted. If MAC, token data is authenticated (with HMAC) # in the cache. If ENCRYPT, token data is encrypted and authenticated in the # cache. If the value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) # Possible values: # None - # MAC - # ENCRYPT - #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This string is # used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead before it is # tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every memcached # server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a memcached # server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held unused in the # pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a memcached # client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. The # advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false # (Optional) Indicate whether to set the X-Service-Catalog header. If False, # middleware will not ask for service catalog on token validation and will not # set the X-Service-Catalog header. (boolean value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: "disabled" # to not check token binding. "permissive" (default) to validate binding # information if the bind type is of a form known to the server and ignore it # if not. "strict" like "permissive" but if the bind type is unknown the token # will be rejected. "required" any form of token binding is needed to be # allowed. Finally the name of a binding method that must be present in tokens. # (string value) #enforce_token_bind = permissive # DEPRECATED: If true, the revocation list will be checked for cached tokens. # This requires that PKI tokens are configured on the identity server. (boolean # value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #check_revocations_for_cached = false # DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a # single algorithm or multiple. The algorithms are those supported by Python # standard hashlib.new(). The hashes will be tried in the order given, so put # the preferred one first for performance. The result of the first hash will be # stored in the cache. This will typically be set to multiple values only while # migrating from a less secure algorithm to a more secure one. Once all the old # tokens are expired this option should be set to a single value for better # performance. (list value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #hash_algorithms = md5 # A choice of roles that must be present in a service token. Service tokens are # allowed to request that an expired token can be used and so this check should # tightly control that only actual services should be sending this token. Roles # here are applied as an ANY check so any role in this list must be present. # For backwards compatibility reasons this currently only affects the # allow_expired check. (list value) #service_token_roles = service # For backwards compatibility reasons we must let valid service tokens pass # that don't pass the service_token_roles check as valid. Setting this true # will become the default in a future release and should be enabled if # possible. (boolean value) #service_token_roles_required = false # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = # Config Section from which to load plugin specific options (string value) #auth_section = # # From shipyard_api # # PEM encoded Certificate Authority to use when verifying HTTPs connections. # (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # PEM encoded client certificate key file (string value) #keyfile = # Verify HTTPS connections. (boolean value) #insecure = false # Timeout value for http requests (integer value) #timeout = # Collect per-API call timing information. (boolean value) #collect_timing = false # Log requests to multiple loggers. (boolean value) #split_loggers = false [logging] # # From shipyard_api # # The default logging level for the root logger. ERROR=40, WARNING=30, INFO=20, # DEBUG=10 (integer value) #log_level = 10 # The logging levels for named loggers. Use standard representations for # logging levels: ERROR. WARN, INFO, DEBUG. Configuration file format: # named_log_levels = keystoneauth:INFO,othlgr:WARN (dict value) #named_log_levels = keystoneauth:20,keystonemiddleware:20 [promenade] # # From shipyard_api # # The service type for the service playing the role of Promenade. The specified # type is used to perform the service lookup in the Keystone service catalog. # (string value) #service_type = kubernetesprovisioner [requests_config] # # From shipyard_api # # Airflow logs retrieval connect timeout (in seconds) (integer value) #airflow_log_connect_timeout = 5 # Airflow logs retrieval timeout (in seconds) (integer value) #airflow_log_read_timeout = 300 # Deckhand client connect timeout (in seconds) (integer value) #deckhand_client_connect_timeout = 5 # Deckhand client timeout (in seconds) for GET, PUT, POST and DELETE request # (integer value) #deckhand_client_read_timeout = 300 # Airship component validation connect timeout (in seconds) (integer value) #validation_connect_timeout = 5 # Airship component validation timeout (in seconds) (integer value) #validation_read_timeout = 300 # Maximum time to wait to connect to a note source URL (in seconds) (integer # value) #notes_connect_timeout = 5 # Read timeout for a note source URL (in seconds) (integer value) #notes_read_timeout = 10 # Connect timeout used for connecting to Drydock using the Drydock client (in # seconds) (integer value) #drydock_client_connect_timeout = 20 # Read timeout used for responses from Drydock using the Drydock client (in # seconds) (integer value) #drydock_client_read_timeout = 300 [shipyard] # # From shipyard_api # # The service type for the service playing the role of Shipyard. The specified # type is used to perform the service lookup in the Keystone service catalog. # (string value) #service_type = shipyard