openstack/ec2-api
Code Issues Proposed changes
Files
5c562dcbb2d575d6d30bd5adcc339eea257d217f
ec2-api/etc/ec2api/ec2api.conf.sample
Feodor Tersin dc08136037 Copy S3 server implmenetation from Nova 
Copy S3 server implmenetation and unit tests from Nova.
Add fileutils from oslo-incubator and refresh incubation modules.

Upgrade script doesn't copy buckets content because Nova S3 server
is not intended to be permanent full functionality object storage, but
has to be used temporary to CreateImage operation only.

Change-Id: I7d38b0a8e014dfff8238e7134d837d1074e4dd95
2015-04-01 16:37:46 +03:00

479 lines
12 KiB
Plaintext
Raw Blame History

[DEFAULT]
#
# Options defined in ec2api.context
#
# Admin user (string value)
#admin_user=<None>
# Admin password (string value)
#admin_password=<None>
# Admin tenant name (string value)
#admin_tenant_name=<None>
#
# Options defined in ec2api.exception
#
# Make exception message format errors fatal (boolean value)
#fatal_exception_format_errors=false
#
# Options defined in ec2api.paths
#
# Directory where the ec2api python module is installed
# (string value)
#pybasedir=/home/apavlov/stackforge/ec2-api
# Directory where ec2api binaries are installed (string value)
#bindir=/usr/local/bin
# Top-level directory for maintaining ec2api's state (string
# value)
#state_path=$pybasedir
#
# Options defined in ec2api.service
#
# The IP address on which the EC2 API will listen. (string
# value)
#ec2api_listen=0.0.0.0
# The port on which the EC2 API will listen. (integer value)
#ec2api_listen_port=8788
# Enable ssl connections or not for EC2 API (boolean value)
#ec2api_use_ssl=false
# Number of workers for EC2 API service. The default will be
# equal to the number of CPUs available. (integer value)
#ec2api_workers=<None>
# The IP address on which the metadata API will listen.
# (string value)
#metadata_listen=0.0.0.0
# The port on which the metadata API will listen. (integer
# value)
#metadata_listen_port=8789
# Enable ssl connections or not for EC2 API Metadata (boolean
# value)
#metadata_use_ssl=false
# Number of workers for metadata service. The default will be
# the number of CPUs available. (integer value)
#metadata_workers=<None>
# Maximum time since last check-in for up service (integer
# value)
#service_down_time=60
#
# Options defined in ec2api.utils
#
# Explicitly specify the temporary working directory (string
# value)
#tempdir=<None>
#
# Options defined in ec2api.wsgi
#
# File name for the paste.deploy config for ec2api (string
# value)
#api_paste_config=api-paste.ini
# A python format string that is used as the template to
# generate log lines. The following values can be formatted
# into it: client_ip, date_time, request_line, status_code,
# body_length, wall_seconds. (string value)
#wsgi_log_format=%(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
# CA certificate file to use to verify connecting clients
# (string value)
#ssl_ca_file=<None>
# SSL certificate of API server (string value)
#ssl_cert_file=<None>
# SSL private key of API server (string value)
#ssl_key_file=<None>
# Sets the value of TCP_KEEPIDLE in seconds for each server
# socket. Not supported on OS X. (integer value)
#tcp_keepidle=600
# Size of the pool of greenthreads used by wsgi (integer
# value)
#wsgi_default_pool_size=1000
# Maximum line size of message headers to be accepted.
# max_header_line may need to be increased when using large
# tokens (typically those generated by the Keystone v3 API
# with big service catalogs). (integer value)
#max_header_line=16384
#
# Options defined in ec2api.api
#
# URL to get token from ec2 request. (string value)
#keystone_url=http://localhost:5000/v2.0
# URL to get token from ec2 request. (string value)
#keystone_ec2_tokens_url=$keystone_url/ec2tokens
# Time in seconds before ec2 timestamp expires (integer value)
#ec2_timestamp_expiry=300
#
# Options defined in ec2api.api.auth
#
# whether to use per-user rate limiting for the api. (boolean
# value)
#api_rate_limit=false
# Treat X-Forwarded-For as the canonical remote address. Only
# enable this if you have a sanitizing proxy. (boolean value)
#use_forwarded_for=false
#
# Options defined in ec2api.api.availability_zone
#
# The availability_zone to show internal services under
# (string value)
#internal_service_availability_zone=internal
# IP address of this host (string value)
#my_ip=10.0.0.1
# The IP address of the EC2 API server (string value)
#ec2_host=$my_ip
# The port of the EC2 API server (integer value)
#ec2_port=8788
# The protocol to use when connecting to the EC2 API server
# (http, https) (string value)
#ec2_scheme=http
# The path prefix used to call the ec2 API server (string
# value)
#ec2_path=/
# List of region=fqdn pairs separated by commas (list value)
#region_list=
#
# Options defined in ec2api.api.common
#
# True if server supports Neutron for full VPC access (boolean
# value)
#full_vpc_support=true
#
# Options defined in ec2api.api.dhcp_options
#
# MTU size to set by DHCP for instances. Corresponds with the
# network_device_mtu in ec2api.conf. (integer value)
#network_device_mtu=1500
#
# Options defined in ec2api.api.image
#
# The topic cert nodes listen on (string value)
#cert_topic=cert
# Parent directory for tempdir used for image decryption
# (string value)
#image_decryption_dir=/tmp
# Hostname or IP for OpenStack to use when accessing the S3
# api (string value)
#s3_host=$my_ip
# Port used when accessing the S3 api (integer value)
#s3_port=3334
# Whether to use SSL when talking to S3 (boolean value)
#s3_use_ssl=false
# Whether to affix the tenant id to the access key when
# downloading from S3 (boolean value)
#s3_affix_tenant=false
#
# Options defined in ec2api.api.instance
#
# Return the IP address as private dns hostname in describe
# instances (boolean value)
#ec2_private_dns_show_ip=false
#
# Options defined in ec2api.api.internet_gateway
#
# Name of the external network, which is used to connectVPCs
# to Internet and to allocate Elastic IPs (string value)
#external_network=<None>
#
# Options defined in ec2api.s3.s3server
#
# Path to S3 buckets (string value)
#buckets_path=$state_path/buckets
# IP address for S3 API to listen (string value)
#s3_listen=0.0.0.0
# Port for S3 API to listen (integer value)
#s3_listen_port=3334
[None]
#
# Options defined in ec2api.openstack.common.eventlet_backdoor
#
# Enable eventlet backdoor. Acceptable values are 0, <port>,
# and <start>:<end>, where 0 results in listening on a random
# tcp port number; <port> results in listening on the
# specified port number (and not enabling backdoor if that
# port is in use); and <start>:<end> results in listening on
# the smallest unused port number within the specified range
# of port numbers. The chosen port is displayed in the
# service's log file. (string value)
#backdoor_port=<None>
[database]
#
# Options defined in ec2api.db.api
#
# Enable the experimental use of thread pooling for all DB API
# calls (boolean value)
# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
#use_tpool=false
[keystone_authtoken]
#
# Options defined in keystoneclient.middleware.auth_token
#
# Prefix to prepend at the beginning of the path. Deprecated,
# use identity_uri. (string value)
#auth_admin_prefix=
# Host providing the admin Identity API endpoint. Deprecated,
# use identity_uri. (string value)
#auth_host=127.0.0.1
# Port of the admin Identity API endpoint. Deprecated, use
# identity_uri. (integer value)
#auth_port=35357
# Protocol of the admin Identity API endpoint (http or https).
# Deprecated, use identity_uri. (string value)
#auth_protocol=https
# Complete public Identity API endpoint (string value)
#auth_uri=<None>
# Complete admin Identity API endpoint. This should specify
# the unversioned root endpoint e.g. https://localhost:35357/
# (string value)
#identity_uri=<None>
# API version of the admin Identity API endpoint (string
# value)
#auth_version=<None>
# Do not handle authorization requests within the middleware,
# but delegate the authorization decision to downstream WSGI
# components (boolean value)
#delay_auth_decision=false
# Request timeout value for communicating with Identity API
# server. (boolean value)
#http_connect_timeout=<None>
# How many times are we trying to reconnect when communicating
# with Identity API Server. (integer value)
#http_request_max_retries=3
# This option is deprecated and may be removed in a future
# release. Single shared secret with the Keystone
# configuration used for bootstrapping a Keystone
# installation, or otherwise bypassing the normal
# authentication process. This option should not be used, use
# `admin_user` and `admin_password` instead. (string value)
#admin_token=<None>
# Keystone account username (string value)
#admin_user=<None>
# Keystone account password (string value)
#admin_password=<None>
# Keystone service account tenant name to validate user tokens
# (string value)
#admin_tenant_name=admin
# Env key for the swift cache (string value)
#cache=<None>
# Required if Keystone server requires client certificate
# (string value)
#certfile=<None>
# Required if Keystone server requires client certificate
# (string value)
#keyfile=<None>
# A PEM encoded Certificate Authority to use when verifying
# HTTPs connections. Defaults to system CAs. (string value)
#cafile=<None>
# Verify HTTPS connections. (boolean value)
#insecure=false
# Directory used to cache files related to PKI tokens (string
# value)
#signing_dir=<None>
# Optionally specify a list of memcached server(s) to use for
# caching. If left undefined, tokens will instead be cached
# in-process. (list value)
# Deprecated group/name - [DEFAULT]/memcache_servers
#memcached_servers=<None>
# In order to prevent excessive effort spent validating
# tokens, the middleware caches previously-seen tokens for a
# configurable duration (in seconds). Set to -1 to disable
# caching completely. (integer value)
#token_cache_time=300
# Determines the frequency at which the list of revoked tokens
# is retrieved from the Identity service (in seconds). A high
# number of revocation events combined with a low cache
# duration may significantly reduce performance. (integer
# value)
#revocation_cache_time=10
# (optional) if defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable
# values are MAC or ENCRYPT. If MAC, token data is
# authenticated (with HMAC) in the cache. If ENCRYPT, token
# data is encrypted and authenticated in the cache. If the
# value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
#memcache_security_strategy=<None>
# (optional, mandatory if memcache_security_strategy is
# defined) this string is used for key derivation. (string
# value)
#memcache_secret_key=<None>
# (optional) indicate whether to set the X-Service-Catalog
# header. If False, middleware will not ask for service
# catalog on token validation and will not set the X-Service-
# Catalog header. (boolean value)
#include_service_catalog=true
# Used to control the use and type of token binding. Can be
# set to: "disabled" to not check token binding. "permissive"
# (default) to validate binding information if the bind type
# is of a form known to the server and ignore it if not.
# "strict" like "permissive" but if the bind type is unknown
# the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a
# binding method that must be present in tokens. (string
# value)
#enforce_token_bind=permissive
# If true, the revocation list will be checked for cached
# tokens. This requires that PKI tokens are configured on the
# Keystone server. (boolean value)
#check_revocations_for_cached=false
# Hash algorithms to use for hashing PKI tokens. This may be a
# single algorithm or multiple. The algorithms are those
# supported by Python standard hashlib.new(). The hashes will
# be tried in the order given, so put the preferred one first
# for performance. The result of the first hash will be stored
# in the cache. This will typically be set to multiple values
# only while migrating from a less secure algorithm to a more
# secure one. Once all the old tokens are expired this option
# should be set to a single value for better performance.
# (list value)
#hash_algorithms=md5
[metadata]
#
# Options defined in ec2api.metadata
#
# IP address used by Nova metadata server. (string value)
#nova_metadata_ip=127.0.0.1
# TCP Port used by Nova metadata server. (integer value)
#nova_metadata_port=8775
# Protocol to access nova metadata, http or https (string
# value)
#nova_metadata_protocol=http
# Allow to perform insecure SSL (https) requests to nova
# metadata (boolean value)
#nova_metadata_insecure=false
# Certificate Authority public key (CA cert) file for ssl
# (string value)
#auth_ca_cert=<None>
# Client certificate for nova metadata api server. (string
# value)
#nova_client_cert=
# Private key of client certificate. (string value)
#nova_client_priv_key=
# Shared secret to sign instance-id request (string value)
#metadata_proxy_shared_secret=
View Git Blame Copy Permalink