ironic-python-agent/etc/ironic_python_agent/ironic_python_agent.conf.sample
Pavlo Shchelokovskyy fdd11b54a5 Configure and use SSL-related requests options
This patch adds standard SSL options to IPA config and makes use of them
when making HTTP requests.

For now, a single set of certificates is used when needed.
In the future configuration can be expanded to allow per-service
certificates.

Besides, the 'insecure' option (defaults to False) can be overridden
through kernel command line parameter 'ipa-insecure'.
This will allow running IPA in CI-like environments with self-signed SSL
certificates.

Change-Id: I259d9b3caa9ba1dc3d7382f375b8e086a5348d80
Closes-Bug: #1642515
2017-01-13 11:33:44 +02:00

267 lines
10 KiB
Plaintext

[DEFAULT]
#
# From ironic-python-agent
#
# URL of the Ironic API. Can be supplied as "ipa-api-url"
# kernel parameter.The value must start with either http:// or
# https://. (string value)
# Deprecated group/name - [DEFAULT]/api_url
#api_url = <None>
# The IP address to listen on. Can be supplied as "ipa-listen-
# host" kernel parameter. (string value)
# Deprecated group/name - [DEFAULT]/listen_host
#listen_host = 0.0.0.0
# The port to listen on. Can be supplied as "ipa-listen-port"
# kernel parameter. (integer value)
# Deprecated group/name - [DEFAULT]/listen_port
#listen_port = 9999
# The host to tell Ironic to reply and send commands to. Can
# be supplied as "ipa-advertise-host" kernel parameter.
# (string value)
# Deprecated group/name - [DEFAULT]/advertise_host
#advertise_host = <None>
# The port to tell Ironic to reply and send commands to. Can
# be supplied as "ipa-advertise-port" kernel parameter.
# (integer value)
# Deprecated group/name - [DEFAULT]/advertise_port
#advertise_port = 9999
# The number of times to try and automatically determine the
# agent IPv4 address. Can be supplied as "ipa-ip-lookup-
# attempts" kernel parameter. (integer value)
# Deprecated group/name - [DEFAULT]/ip_lookup_attempts
#ip_lookup_attempts = 3
# The amount of time to sleep between attempts to determine IP
# address. Can be supplied as "ipa-ip-lookup-timeout" kernel
# parameter. (integer value)
# Deprecated group/name - [DEFAULT]/ip_lookup_sleep
#ip_lookup_sleep = 10
# The interface to use when looking for an IP address. Can be
# supplied as "ipa-network-interface" kernel parameter.
# (string value)
# Deprecated group/name - [DEFAULT]/network_interface
#network_interface = <None>
# The amount of time to retry the initial lookup call to
# Ironic. After the timeout, the agent will exit with a non-
# zero exit code. Can be supplied as "ipa-lookup-timeout"
# kernel parameter. (integer value)
# Deprecated group/name - [DEFAULT]/lookup_timeout
#lookup_timeout = 300
# The initial interval for retries on the initial lookup call
# to Ironic. The interval will be doubled after each failure
# until timeout is exceeded. Can be supplied as "ipa-lookup-
# interval" kernel parameter. (integer value)
# Deprecated group/name - [DEFAULT]/lookup_interval
#lookup_interval = 1
# The amount of seconds to wait for LLDP packets. Can be
# supplied as "ipa-lldp-timeout" kernel parameter. (floating
# point value)
#lldp_timeout = 30.0
# Whether IPA should attempt to receive LLDP packets for each
# network interface it discovers in the inventory. Can be
# supplied as "ipa-collect-lldp" kernel parameter. (boolean
# value)
#collect_lldp = false
# Note: for debugging only. Start the Agent but suppress any
# calls to Ironic API. Can be supplied as "ipa-standalone"
# kernel parameter. (boolean value)
#standalone = false
# Endpoint of ironic-inspector. If set, hardware inventory
# will be collected and sent to ironic-inspector on start up.
# Can be supplied as "ipa-inspection-callback-url" kernel
# parameter. (string value)
#inspection_callback_url = <None>
# Comma-separated list of plugins providing additional
# hardware data for inspection, empty value gives a minimum
# required set of plugins. Can be supplied as "ipa-inspection-
# collectors" kernel parameter. (string value)
#inspection_collectors = default
# Maximum time (in seconds) to wait for the PXE NIC (or all
# NICs if inspection_dhcp_all_interfaces is True) to get its
# IP address via DHCP before inspection. Set to 0 to disable
# waiting completely. Can be supplied as "ipa-inspection-dhcp-
# wait-timeout" kernel parameter. (integer value)
#inspection_dhcp_wait_timeout = 60
# Whether to wait for all interfaces to get their IP addresses
# before inspection. If set to false (the default), only waits
# for the PXE interface. Can be supplied as "ipa-inspection-
# dhcp-all-interfaces" kernel parameter. (boolean value)
#inspection_dhcp_all_interfaces = false
# How much time (in seconds) to wait for hardware to
# initialize before proceeding with any actions. Can be
# supplied as "ipa-hardware-initialization-delay" kernel
# parameter. (integer value)
#hardware_initialization_delay = 0
# The number of times to try and check to see if at least one
# suitable disk has appeared in inventory before proceeding
# with any actions. Can be supplied as "ipa-disk-wait-
# attempts" kernel parameter. (integer value)
#disk_wait_attempts = 10
# How much time (in seconds) to wait between attempts to check
# if at least one suitable disk has appeared in inventory. Can
# be supplied as "ipa-disk-wait-delay" kernel parameter.
# (integer value)
#disk_wait_delay = 3
# Verify HTTPS connections. Can be supplied as "ipa-insecure"
# kernel parameter. (boolean value)
#insecure = false
# Path to PEM encoded Certificate Authority file to use when
# verifying HTTPS connections. Default is to use available
# system-wide configured CAs. (string value)
#cafile = <None>
# Path to PEM encoded client certificate cert file. Must be
# provided together with "keyfile" option. Default is to not
# present any client certificates to the server. (string
# value)
#certfile = <None>
# Path to PEM encoded client certificate key file. Must be
# provided together with "certfile" option. Default is to not
# present any client certificates to the server. (string
# value)
#keyfile = <None>
#
# From oslo.log
#
# If set to true, the logging level will be set to DEBUG
# instead of the default INFO level. (boolean value)
# Note: This option can be changed without restarting.
#debug = false
# DEPRECATED: If set to false, the logging level will be set
# to WARNING instead of the default INFO level. (boolean
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true
# The name of a logging configuration file. This file is
# appended to any existing logging configuration files. For
# details about logging configuration files, see the Python
# logging module documentation. Note that when logging
# configuration files are used then all logging configuration
# is set in the configuration file and other logging
# configuration options are ignored (for example,
# logging_context_format_string). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>
# Defines the format string for %%(asctime)s in log records.
# Default: %(default)s . This option is ignored if
# log_config_append is set. (string value)
#log_date_format = %Y-%m-%d %H:%M:%S
# (Optional) Name of log file to send logging output to. If no
# default is set, logging will go to stderr as defined by
# use_stderr. This option is ignored if log_config_append is
# set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>
# (Optional) The base directory used for relative log_file
# paths. This option is ignored if log_config_append is set.
# (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>
# Uses logging handler designed to watch file system. When log
# file is moved or removed this handler will open a new log
# file with specified path instantaneously. It makes sense
# only if log_file option is specified and Linux platform is
# used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false
# Use syslog for logging. Existing syslog format is DEPRECATED
# and will be changed later to honor RFC5424. This option is
# ignored if log_config_append is set. (boolean value)
#use_syslog = false
# Syslog facility to receive log lines. This option is ignored
# if log_config_append is set. (string value)
#syslog_log_facility = LOG_USER
# Log output to standard error. This option is ignored if
# log_config_append is set. (boolean value)
#use_stderr = false
# Format string to use for log messages with context. (string
# value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
# Format string to use for log messages when context is
# undefined. (string value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
# Additional data to append to log message when logging level
# for the message is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format.
# (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
# Defines the format string for %(user_identity)s that is used
# in logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
# List of package logging levels in logger=LEVEL pairs. This
# option is ignored if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
# Enables or disables publication of error events. (boolean
# value)
#publish_errors = false
# The format for an instance that is passed with the log
# message. (string value)
#instance_format = "[instance: %(uuid)s] "
# The format for an instance UUID that is passed with the log
# message. (string value)
#instance_uuid_format = "[instance: %(uuid)s] "
# Interval, number of seconds, of log rate limiting. (integer
# value)
#rate_limit_interval = 0
# Maximum number of logged messages per rate_limit_interval.
# (integer value)
#rate_limit_burst = 0
# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
# WARNING, DEBUG or empty string. Logs with level greater or
# equal to rate_limit_except_level are not filtered. An empty
# string means that all levels are filtered. (string value)
#rate_limit_except_level = CRITICAL
# Enables or disables fatal status of deprecations. (boolean
# value)
#fatal_deprecations = false