From 47fdb3c350034af27eb8089f27b59e58fc9da12d Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Tue, 10 Mar 2015 17:43:54 +0000 Subject: [PATCH] Avoid usability regression when generating config The descriptions of some of the configuration options had been updated in the sample config, but not in the declaration of the oslo.config option. This patch maintains parity between the two places these are currently defined, so that when we switch to only generating the config files, there isn't a loss of information. Change-Id: I634c03ac89a0f78cf86992490eb44d2db7a90352 --- glance/common/config.py | 17 +++++++++++++---- glance/common/property_utils.py | 8 +++++++- glance/common/wsgi.py | 10 ++++++++-- glance/registry/client/__init__.py | 19 ++++++++++++++----- 4 files changed, 42 insertions(+), 12 deletions(-) diff --git a/glance/common/config.py b/glance/common/config.py index 712a326ea4..dee9e8bf38 100644 --- a/glance/common/config.py +++ b/glance/common/config.py @@ -112,12 +112,19 @@ common_opts = [ 'caution!')), cfg.BoolOpt('show_multiple_locations', default=False, help=_('Whether to include the backend image locations ' - 'in image properties. Revealing storage location can ' + 'in image properties. ' + 'For example, if using the file system store a URL of ' + '"file:///path/to/image" will be returned to the user ' + 'in the \'direct_url\' meta-data field. ' + 'Revealing storage location can ' 'be a security risk, so use this setting with ' 'caution! The overrides show_image_direct_url.')), cfg.IntOpt('image_size_cap', default=1099511627776, help=_("Maximum size of image a user can upload in bytes. " - "Defaults to 1099511627776 bytes (1 TB).")), + "Defaults to 1099511627776 bytes (1 TB)." + "WARNING: this value should only be increased after " + "careful consideration and must be set to a value under " + "8 EB (9223372036854775808).")), cfg.StrOpt('user_storage_quota', default='0', help=_("Set a system wide quota for every user. This value is " "the total capacity that a user can use across " @@ -143,8 +150,10 @@ common_opts = [ help=_('The port on which a pydev process is listening for ' 'connections.')), cfg.StrOpt('metadata_encryption_key', secret=True, - help=_('Key used for encrypting sensitive metadata while ' - 'talking to the registry or database.')), + help=_('AES key for encrypting store \'location\' metadata. ' + 'This includes, if used, Swift or S3 credentials. ' + 'Should be set to a random string of length 16, 24 or ' + '32 bytes')), cfg.StrOpt('digest_algorithm', default='sha1', help=_('Digest algorithm which will be used for digital ' 'signature; the default is sha1 the default in Kilo ' diff --git a/glance/common/property_utils.py b/glance/common/property_utils.py index 341a8d84bd..d0915eb0d6 100644 --- a/glance/common/property_utils.py +++ b/glance/common/property_utils.py @@ -36,7 +36,13 @@ _LE = i18n._LE property_opts = [ cfg.StrOpt('property_protection_file', - help=_('The location of the property protection file.')), + help=_('The location of the property protection file.' + 'This file contains the rules for property protections ' + 'and the roles/policies associated with it. If this ' + 'config value is not specified, by default, property ' + 'protections won\'t be enforced. If a value is ' + 'specified and the file is not found, then the ' + 'glance-api service will not start.')), cfg.StrOpt('property_protection_rule_format', default='roles', help=_('This config value indicates whether "roles" or ' diff --git a/glance/common/wsgi.py b/glance/common/wsgi.py index d8ee6914ed..8471aeee90 100644 --- a/glance/common/wsgi.py +++ b/glance/common/wsgi.py @@ -89,8 +89,14 @@ eventlet_opts = [ 'large tokens (typically those generated by the ' 'Keystone v3 API with big service catalogs')), cfg.BoolOpt('http_keepalive', default=True, - help=_('If False, closes the client socket connection ' - 'explicitly.')), + help=_('If False, server will return the header ' + '"Connection: close", ' + 'If True, server will return "Connection: Keep-Alive" ' + 'in its responses. In order to close the client socket ' + 'connection explicitly after the response is sent and ' + 'read successfully by the client, you simply have to ' + 'set this option to False when you create a wsgi ' + 'server.')), ] profiler_opts = [ diff --git a/glance/registry/client/__init__.py b/glance/registry/client/__init__.py index f4ebdbbd93..3ffc452635 100644 --- a/glance/registry/client/__init__.py +++ b/glance/registry/client/__init__.py @@ -25,17 +25,26 @@ registry_client_opts = [ 'registry server. Either http or https.')), cfg.StrOpt('registry_client_key_file', help=_('The path to the key file to use in SSL connections ' - 'to the registry server.')), + 'to the registry server, if any. Alternately, you may ' + 'set the GLANCE_CLIENT_KEY_FILE environment variable to ' + 'a filepath of the key file')), cfg.StrOpt('registry_client_cert_file', help=_('The path to the cert file to use in SSL connections ' - 'to the registry server.')), + 'to the registry server, if any. Alternately, you may ' + 'set the GLANCE_CLIENT_CERT_FILE environment variable ' + 'to a filepath of the CA cert file')), cfg.StrOpt('registry_client_ca_file', - help=_('The path to the certifying authority cert file to ' - 'use in SSL connections to the registry server.')), + help=_('The path to the certifying authority cert file to use ' + 'in SSL connections to the registry server, if any. ' + 'Alternately, you may set the GLANCE_CLIENT_CA_FILE ' + 'environment variable to a filepath of the CA cert ' + 'file.')), cfg.BoolOpt('registry_client_insecure', default=False, help=_('When using SSL in connections to the registry server, ' 'do not require validation via a certifying ' - 'authority.')), + 'authority. This is the registry\'s equivalent of ' + 'specifying --insecure on the command line using ' + 'glanceclient for the API.')), cfg.IntOpt('registry_client_timeout', default=600, help=_('The period of time, in seconds, that the API server ' 'will wait for a registry request to complete. A '