Update config options with helpstrings and generate sample
Restructure the common config to include many help strings to support using the oslo.config auto-generated sample config file. Closes-Bug: #1229941 Change-Id: If352b3b816b1e7dc8b5fc3b9c1cb2adab187ffda
This commit is contained in:
parent
9fbb60dbe0
commit
23a4fe9ec7
|
@ -308,6 +308,26 @@ installed devstack with a different LDAP password, modify the file
|
|||
``keystone/tests/backend_liveldap.conf`` to reflect your password.
|
||||
|
||||
|
||||
Generating Updated Sample Config File
|
||||
-------------------------------------
|
||||
|
||||
Keystone's sample configuration file ``etc/keystone.conf.sample`` is automatically
|
||||
generated based upon all of the options available within Keystone. These options
|
||||
are sourced from the many files around Keystone as well as some external libraries.
|
||||
|
||||
If new options are added, primarily located in ``keystone.common.config``, a new
|
||||
sample configuration file needs to be generated. Generating a new sample configuration
|
||||
to be included in a commit run::
|
||||
|
||||
$ tox -esample_config -r
|
||||
|
||||
The tox command will place an updated sample config in ``etc/keystone.conf.sample``.
|
||||
|
||||
If there is a new external library (e.g. ``oslo.messaging``) that utilizes the
|
||||
``oslo.config`` package for configuration, it can be added to the list of libraries
|
||||
found in ``tools/config/oslo.config.generator.rc``.
|
||||
|
||||
|
||||
Translated responses
|
||||
--------------------
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -20,32 +20,78 @@ _DEFAULT_AUTH_METHODS = ['external', 'password', 'token']
|
|||
|
||||
FILE_OPTIONS = {
|
||||
None: [
|
||||
cfg.StrOpt('admin_token', secret=True, default='ADMIN'),
|
||||
cfg.StrOpt('admin_token', secret=True, default='ADMIN',
|
||||
help=('A "shared secret" that can be used to bootstrap '
|
||||
'Keystone. This "token" does not represent a user, '
|
||||
'and carries no explicit authorization. To disable '
|
||||
'in production (highly recommended), remove '
|
||||
'AdminTokenAuthMiddleware from your paste '
|
||||
'application pipelines (for example, in '
|
||||
'keystone-paste.ini).')),
|
||||
cfg.StrOpt('public_bind_host',
|
||||
default='0.0.0.0',
|
||||
deprecated_opts=[cfg.DeprecatedOpt('bind_host',
|
||||
group='DEFAULT')]),
|
||||
group='DEFAULT')],
|
||||
help=('The IP Address of the network interface to for the '
|
||||
'public service to listen on.')),
|
||||
cfg.StrOpt('admin_bind_host',
|
||||
default='0.0.0.0',
|
||||
deprecated_opts=[cfg.DeprecatedOpt('bind_host',
|
||||
group='DEFAULT')]),
|
||||
cfg.IntOpt('compute_port', default=8774),
|
||||
cfg.IntOpt('admin_port', default=35357),
|
||||
cfg.IntOpt('public_port', default=5000),
|
||||
group='DEFAULT')],
|
||||
help=('The IP Address of the network interface to for the '
|
||||
'admin service to listen on.')),
|
||||
cfg.IntOpt('compute_port', default=8774,
|
||||
help=('The port which the OpenStack Compute service '
|
||||
'listens on.')),
|
||||
cfg.IntOpt('admin_port', default=35357,
|
||||
help=('The port number which the admin service listens '
|
||||
'on.')),
|
||||
cfg.IntOpt('public_port', default=5000,
|
||||
help=('The port number which the public service listens '
|
||||
'on.')),
|
||||
cfg.StrOpt('public_endpoint',
|
||||
default='http://localhost:%(public_port)s/'),
|
||||
default='http://localhost:%(public_port)s/',
|
||||
help=('The base public endpoint URL for keystone that are '
|
||||
'advertised to clients (NOTE: this does NOT affect '
|
||||
'how keystone listens for connections)')),
|
||||
cfg.StrOpt('admin_endpoint',
|
||||
default='http://localhost:%(admin_port)s/'),
|
||||
cfg.StrOpt('onready'),
|
||||
default='http://localhost:%(admin_port)s/',
|
||||
help=('The base admin endpoint URL for keystone that are '
|
||||
'advertised to clients (NOTE: this does NOT affect '
|
||||
'how keystone listens for connections)')),
|
||||
cfg.StrOpt('onready',
|
||||
help=('onready allows you to send a notification when the '
|
||||
'process is ready to serve For example, to have it '
|
||||
'notify using systemd, one could set shell command: '
|
||||
'"onready = systemd-notify --ready" or a module '
|
||||
'with notify() method: '
|
||||
'"onready = keystone.common.systemd"')),
|
||||
# default max request size is 112k
|
||||
cfg.IntOpt('max_request_body_size', default=114688),
|
||||
cfg.IntOpt('max_param_size', default=64),
|
||||
cfg.IntOpt('max_request_body_size', default=114688,
|
||||
help=('enforced by optional sizelimit middleware '
|
||||
'(keystone.middleware:RequestBodySizeLimiter)')),
|
||||
cfg.IntOpt('max_param_size', default=64,
|
||||
help='limit the sizes of user & tenant ID/names'),
|
||||
# we allow tokens to be a bit larger to accommodate PKI
|
||||
cfg.IntOpt('max_token_size', default=8192),
|
||||
cfg.IntOpt('max_token_size', default=8192,
|
||||
help=('similar to max_param_size, but provides an '
|
||||
'exception for token values')),
|
||||
cfg.StrOpt('member_role_id',
|
||||
default='9fe2ff9ee4384b1894a90878d3e92bab'),
|
||||
cfg.StrOpt('member_role_name', default='_member_'),
|
||||
cfg.IntOpt('crypt_strength', default=40000),
|
||||
default='9fe2ff9ee4384b1894a90878d3e92bab',
|
||||
help=('During a SQL upgrade member_role_id will be used '
|
||||
'to create a new role that will replace records in '
|
||||
'the user_tenant_membership table with explicit '
|
||||
'role grants. After migration, the member_role_id '
|
||||
'will be used in the API add_user_to_project.')),
|
||||
cfg.StrOpt('member_role_name', default='_member_',
|
||||
help=('During a SQL upgrade member_role_id will be used '
|
||||
'to create a new role that will replace records in '
|
||||
'the user_tenant_membership table with explicit '
|
||||
'role grants. After migration, member_role_name will '
|
||||
'be ignored.')),
|
||||
cfg.IntOpt('crypt_strength', default=40000,
|
||||
help=('The value passed as the keyword "rounds" to passlib '
|
||||
'encrypt method.')),
|
||||
cfg.BoolOpt('tcp_keepalive', default=False,
|
||||
help=("Set this to True if you want to enable "
|
||||
"TCP_KEEPALIVE on server sockets i.e. sockets used "
|
||||
|
@ -56,37 +102,102 @@ FILE_OPTIONS = {
|
|||
help=("Sets the value of TCP_KEEPIDLE in seconds for each "
|
||||
"server socket. Only applies if tcp_keepalive is "
|
||||
"True. Not supported on OS X.")),
|
||||
cfg.IntOpt('list_limit', default=None)],
|
||||
cfg.IntOpt('list_limit', default=None,
|
||||
help=('The maximum number of entities that will be '
|
||||
'returned in a collection can be set with '
|
||||
'list_limit, with no limit set by default. This '
|
||||
'global limit may be then overridden for a specific '
|
||||
'driver, by specifying a list_limit in the '
|
||||
'appropriate section (e.g. [assignment]'))],
|
||||
'identity': [
|
||||
cfg.StrOpt('default_domain_id', default='default'),
|
||||
cfg.StrOpt('default_domain_id', default='default',
|
||||
help=('This references the domain to use for all '
|
||||
'Identity API v2 requests (which are not aware of '
|
||||
'domains). A domain with this ID will be created '
|
||||
'for you by keystone-manage db_sync in migration '
|
||||
'008. The domain referenced by this ID cannot be '
|
||||
'deleted on the v3 API, to prevent accidentally '
|
||||
'breaking the v2 API. There is nothing special about '
|
||||
'this domain, other than the fact that it must '
|
||||
'exist to order to maintain support for your v2 '
|
||||
'clients.')),
|
||||
cfg.BoolOpt('domain_specific_drivers_enabled',
|
||||
default=False),
|
||||
default=False,
|
||||
help=('A subset (or all) of domains can have their own '
|
||||
'identity driver, each with their own partial '
|
||||
'configuration file in a domain configuration '
|
||||
'directory. Only values specific to the domain '
|
||||
'need to be placed in the domain specific '
|
||||
'configuration file. This feature is disabled by '
|
||||
'default; set to True to enable.')),
|
||||
cfg.StrOpt('domain_config_dir',
|
||||
default='/etc/keystone/domains'),
|
||||
default='/etc/keystone/domains',
|
||||
help=('Path for Keystone to locate the domain specific'
|
||||
'identity configuration files if '
|
||||
'domain_specific_drivers_enabled is set to true.')),
|
||||
cfg.StrOpt('driver',
|
||||
default=('keystone.identity.backends'
|
||||
'.sql.Identity')),
|
||||
cfg.IntOpt('max_password_length', default=4096),
|
||||
cfg.IntOpt('list_limit', default=None)],
|
||||
'.sql.Identity'),
|
||||
help='Keystone Identity backend driver'),
|
||||
cfg.IntOpt('max_password_length', default=4096,
|
||||
help=('Maximum supported length for user passwords; '
|
||||
'decrease to improve performance.')),
|
||||
cfg.IntOpt('list_limit', default=None,
|
||||
help=('Maximum number of entities that will be returned in '
|
||||
'an identity collection'))],
|
||||
'trust': [
|
||||
cfg.BoolOpt('enabled', default=True),
|
||||
cfg.BoolOpt('enabled', default=True,
|
||||
help=('delegation and impersonation features can be '
|
||||
'optionally disabled')),
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.trust.backends.sql.Trust')],
|
||||
default='keystone.trust.backends.sql.Trust',
|
||||
help='Keystone Trust backend driver')],
|
||||
'os_inherit': [
|
||||
cfg.BoolOpt('enabled', default=False)],
|
||||
cfg.BoolOpt('enabled', default=False,
|
||||
help=('role-assignment inheritance to projects from '
|
||||
'owning domain can be optionally enabled'))],
|
||||
'token': [
|
||||
cfg.ListOpt('bind', default=[]),
|
||||
cfg.StrOpt('enforce_token_bind', default='permissive'),
|
||||
cfg.IntOpt('expiration', default=3600),
|
||||
cfg.StrOpt('provider', default=None),
|
||||
cfg.ListOpt('bind', default=[],
|
||||
help=('External auth mechanisms that should add bind '
|
||||
'information to token e.g. kerberos, x509')),
|
||||
cfg.StrOpt('enforce_token_bind', default='permissive',
|
||||
help=('Enforcement policy on tokens presented to keystone '
|
||||
'with bind information. One of disabled, permissive, '
|
||||
'strict, required or a specifically required bind '
|
||||
'mode e.g. kerberos or x509 to require binding to '
|
||||
'that authentication.')),
|
||||
cfg.IntOpt('expiration', default=3600,
|
||||
help=('Amount of time a token should remain valid '
|
||||
'(in seconds)')),
|
||||
cfg.StrOpt('provider', default=None,
|
||||
help=('Controls the token construction, validation, and '
|
||||
'revocation operations. Core providers are '
|
||||
'keystone.token.providers.[pki|uuid].Provider')),
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.token.backends.sql.Token'),
|
||||
cfg.BoolOpt('caching', default=True),
|
||||
cfg.IntOpt('revocation_cache_time', default=3600),
|
||||
cfg.IntOpt('cache_time', default=None)],
|
||||
default='keystone.token.backends.sql.Token',
|
||||
help='Keystone Token persistence backend driver'),
|
||||
cfg.BoolOpt('caching', default=True,
|
||||
help=('Toggle for token system cacheing. This has no '
|
||||
'effect unless global caching is enabled.')),
|
||||
cfg.IntOpt('revocation_cache_time', default=3600,
|
||||
help=('Time to cache the revocation list (in seconds). '
|
||||
'This has no effect unless global and token '
|
||||
'caching are enabled.')),
|
||||
cfg.IntOpt('cache_time', default=None,
|
||||
help=('Time to cache tokens (in seconds). This has no '
|
||||
'effect unless global and token caching are '
|
||||
'enabled.'))],
|
||||
'cache': [
|
||||
cfg.StrOpt('config_prefix', default='cache.keystone'),
|
||||
cfg.IntOpt('expiration_time', default=600),
|
||||
cfg.StrOpt('config_prefix', default='cache.keystone',
|
||||
help=('Prefix for building the configuration dictionary '
|
||||
'for the cache region. This should not need to be '
|
||||
'changed unless there is another dogpile.cache '
|
||||
'region with the same configuration name')),
|
||||
cfg.IntOpt('expiration_time', default=600,
|
||||
help=('Default TTL, in seconds, for any cached item in '
|
||||
'the dogpile.cache region. This applies to any '
|
||||
'cached method that doesn\'t have an explicit '
|
||||
'cache expiration time defined for it.')),
|
||||
# NOTE(morganfainberg): the dogpile.cache.memory acceptable in devstack
|
||||
# and other such single-process/thread deployments. Running
|
||||
# dogpile.cache.memory in any other configuration has the same pitfalls
|
||||
|
@ -95,94 +206,179 @@ FILE_OPTIONS = {
|
|||
# prevent issues with the memory cache ending up in "production"
|
||||
# unintentionally, we register a no-op as the keystone default caching
|
||||
# backend.
|
||||
cfg.StrOpt('backend', default='keystone.common.cache.noop'),
|
||||
cfg.BoolOpt('use_key_mangler', default=True),
|
||||
cfg.MultiStrOpt('backend_argument', default=[]),
|
||||
cfg.ListOpt('proxies', default=[]),
|
||||
# Global toggle for all caching using the should_cache_fn mechanism.
|
||||
cfg.BoolOpt('enabled', default=False),
|
||||
# caching backend specific debugging.
|
||||
cfg.BoolOpt('debug_cache_backend', default=False)],
|
||||
cfg.StrOpt('backend', default='keystone.common.cache.noop',
|
||||
help=('Dogpile.cache backend module. It is recommended '
|
||||
'that Memcache (dogpile.cache.memcache) or Redis '
|
||||
'(dogpile.cache.redis) be used in production '
|
||||
'deployments. Small workloads (single process) '
|
||||
'like devstack can use the dogpile.cache.memory '
|
||||
'backend.')),
|
||||
cfg.BoolOpt('use_key_mangler', default=True,
|
||||
help=('Use a key-mangling function (sha1) to ensure '
|
||||
'fixed length cache-keys. This is toggle-able for '
|
||||
'debugging purposes, it is highly recommended to '
|
||||
'always leave this set to True.')),
|
||||
cfg.MultiStrOpt('backend_argument', default=[],
|
||||
help=('Arguments supplied to the backend module. '
|
||||
'Specify this option once per argument to be '
|
||||
'passed to the dogpile.cache backend. Example '
|
||||
'format: <argname>:<value>')),
|
||||
cfg.ListOpt('proxies', default=[],
|
||||
help=('Proxy Classes to import that will affect the way '
|
||||
'the dogpile.cache backend functions. See the '
|
||||
'dogpile.cache documentation on '
|
||||
'changing-backend-behavior. Comma delimited '
|
||||
'list e.g. '
|
||||
'my.dogpile.proxy.Class, my.dogpile.proxyClass2')),
|
||||
cfg.BoolOpt('enabled', default=False,
|
||||
help=('Global toggle for all caching using the '
|
||||
'should_cache_fn mechanism')),
|
||||
cfg.BoolOpt('debug_cache_backend', default=False,
|
||||
help=('Extra debugging from the cache backend (cache '
|
||||
'keys, get/set/delete/etc calls) This is only '
|
||||
'really useful if you need to see the specific '
|
||||
'cache-backend get/set/delete calls with the '
|
||||
'keys/values. Typically this should be left set '
|
||||
'to False.'))],
|
||||
'ssl': [
|
||||
cfg.BoolOpt('enable', default=False),
|
||||
cfg.BoolOpt('enable', default=False,
|
||||
help=('Toggle for SSL support on the keystone '
|
||||
'eventlet servers.')),
|
||||
cfg.StrOpt('certfile',
|
||||
default="/etc/keystone/ssl/certs/keystone.pem"),
|
||||
default="/etc/keystone/ssl/certs/keystone.pem",
|
||||
help='Path of the certfile for SSL.'),
|
||||
cfg.StrOpt('keyfile',
|
||||
default="/etc/keystone/ssl/private/keystonekey.pem"),
|
||||
default='/etc/keystone/ssl/private/keystonekey.pem',
|
||||
help='Path of the keyfile for SSL.'),
|
||||
cfg.StrOpt('ca_certs',
|
||||
default="/etc/keystone/ssl/certs/ca.pem"),
|
||||
default='/etc/keystone/ssl/certs/ca.pem',
|
||||
help='Path of the ca cert file for SSL.'),
|
||||
cfg.StrOpt('ca_key',
|
||||
default="/etc/keystone/ssl/private/cakey.pem"),
|
||||
default='/etc/keystone/ssl/private/cakey.pem',
|
||||
help='Path of the CA key file for SSL'),
|
||||
cfg.BoolOpt('cert_required', default=False),
|
||||
cfg.IntOpt('key_size', default=1024),
|
||||
cfg.IntOpt('valid_days', default=3650),
|
||||
cfg.IntOpt('key_size', default=1024,
|
||||
help='SSL Key Length (in bits) (auto generated '
|
||||
'certificate)'),
|
||||
cfg.IntOpt('valid_days', default=3650,
|
||||
help='Days the certificate is valid for once signed '
|
||||
'(auto generated certificate)'),
|
||||
cfg.StrOpt('cert_subject',
|
||||
default='/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')],
|
||||
default='/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
|
||||
help='SSL Certificate Subject (auto generated '
|
||||
'certificate)')],
|
||||
'signing': [
|
||||
cfg.StrOpt('token_format', default=None),
|
||||
cfg.StrOpt('token_format', default=None,
|
||||
help=('Deprecated in favor of provider in the '
|
||||
'[token] section')),
|
||||
cfg.StrOpt('certfile',
|
||||
default="/etc/keystone/ssl/certs/signing_cert.pem"),
|
||||
default='/etc/keystone/ssl/certs/signing_cert.pem',
|
||||
help='Path of the certfile for token signing.'),
|
||||
cfg.StrOpt('keyfile',
|
||||
default="/etc/keystone/ssl/private/signing_key.pem"),
|
||||
default='/etc/keystone/ssl/private/signing_key.pem',
|
||||
help='Path of the keyfile for token signing.'),
|
||||
cfg.StrOpt('ca_certs',
|
||||
default="/etc/keystone/ssl/certs/ca.pem"),
|
||||
default='/etc/keystone/ssl/certs/ca.pem',
|
||||
help='Path of the CA for token signing.'),
|
||||
cfg.StrOpt('ca_key',
|
||||
default="/etc/keystone/ssl/private/cakey.pem"),
|
||||
cfg.IntOpt('key_size', default=2048),
|
||||
cfg.IntOpt('valid_days', default=3650),
|
||||
default='/etc/keystone/ssl/private/cakey.pem',
|
||||
help='Path of the CA Key for token signing'),
|
||||
cfg.IntOpt('key_size', default=2048,
|
||||
help='Key Size (in bits) for token signing cert '
|
||||
'(auto generated certificate)'),
|
||||
cfg.IntOpt('valid_days', default=3650,
|
||||
help='Day the token signing cert is valid for '
|
||||
'(auto generated certificate)'),
|
||||
cfg.StrOpt('cert_subject',
|
||||
default=('/C=US/ST=Unset/L=Unset/O=Unset/'
|
||||
'CN=www.example.com'))],
|
||||
'CN=www.example.com'),
|
||||
help='Certificate Subject (auto generated certificate) for '
|
||||
'token signing.')],
|
||||
'assignment': [
|
||||
# assignment has no default for backward compatibility reasons.
|
||||
# If assignment driver is not specified, the identity driver chooses
|
||||
# the backend
|
||||
cfg.StrOpt('driver', default=None),
|
||||
cfg.BoolOpt('caching', default=True),
|
||||
cfg.IntOpt('cache_time', default=None),
|
||||
cfg.IntOpt('list_limit', default=None)],
|
||||
cfg.StrOpt('driver', default=None,
|
||||
help='Keystone Assignment backend driver'),
|
||||
cfg.BoolOpt('caching', default=True,
|
||||
help=('Toggle for assignment caching. This has no effect '
|
||||
'unless global caching is enabled.')),
|
||||
cfg.IntOpt('cache_time', default=None,
|
||||
help='TTL (in seconds) to cache assignment data. This has '
|
||||
'no effect unless global caching is enabled.'),
|
||||
cfg.IntOpt('list_limit', default=None,
|
||||
help=('Maximum number of entities that will be returned '
|
||||
'in an assignment collection'))],
|
||||
'credential': [
|
||||
cfg.StrOpt('driver',
|
||||
default=('keystone.credential.backends'
|
||||
'.sql.Credential'))],
|
||||
'.sql.Credential'),
|
||||
help='Keystone Credential backend driver')],
|
||||
'oauth1': [
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.contrib.oauth1.backends.sql.OAuth1'),
|
||||
cfg.IntOpt('request_token_duration', default=28800),
|
||||
cfg.IntOpt('access_token_duration', default=86400)],
|
||||
default='keystone.contrib.oauth1.backends.sql.OAuth1',
|
||||
help='Keystone Credential backend driver'),
|
||||
cfg.IntOpt('request_token_duration', default=28800,
|
||||
help='Duration (in seconds) for the OAuth Request Token'),
|
||||
cfg.IntOpt('access_token_duration', default=86400,
|
||||
help='Duration (in seconds) for the OAuth Access Token')],
|
||||
|
||||
'federation': [
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.contrib.federation.'
|
||||
'backends.sql.Federation')],
|
||||
'backends.sql.Federation',
|
||||
help='Keystone Federation backend driver')],
|
||||
|
||||
'policy': [
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.policy.backends.sql.Policy'),
|
||||
cfg.IntOpt('list_limit', default=None)],
|
||||
default='keystone.policy.backends.sql.Policy',
|
||||
help='Keystone Policy backend driver'),
|
||||
cfg.IntOpt('list_limit', default=None,
|
||||
help=('Maximum number of entities that will be returned '
|
||||
'in a policy collection'))],
|
||||
'ec2': [
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.contrib.ec2.backends.kvs.Ec2')],
|
||||
default='keystone.contrib.ec2.backends.kvs.Ec2',
|
||||
help='Keystone EC2Credential backend driver')],
|
||||
'endpoint_filter': [
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.contrib.endpoint_filter.backends'
|
||||
'.sql.EndpointFilter'),
|
||||
cfg.BoolOpt('return_all_endpoints_if_no_filter', default=True)],
|
||||
'.sql.EndpointFilter',
|
||||
help='Keystone Endpoint Filter backend driver'),
|
||||
cfg.BoolOpt('return_all_endpoints_if_no_filter', default=True,
|
||||
help='Toggle to return all active endpoints if no filter '
|
||||
'exists.')],
|
||||
'stats': [
|
||||
cfg.StrOpt('driver',
|
||||
default=('keystone.contrib.stats.backends'
|
||||
'.kvs.Stats'))],
|
||||
'.kvs.Stats'),
|
||||
help='Keystone stats backend driver')],
|
||||
'ldap': [
|
||||
cfg.StrOpt('url', default='ldap://localhost'),
|
||||
cfg.StrOpt('user', default=None),
|
||||
cfg.StrOpt('password', secret=True, default=None),
|
||||
cfg.StrOpt('suffix', default='cn=example,cn=com'),
|
||||
cfg.StrOpt('url', default='ldap://localhost',
|
||||
help='URL for connecting to the LDAP server'),
|
||||
cfg.StrOpt('user', default=None,
|
||||
help='User BindDN to query the LDAP server'),
|
||||
cfg.StrOpt('password', secret=True, default=None,
|
||||
help='Password for the BindDN to query the LDAP server'),
|
||||
cfg.StrOpt('suffix', default='cn=example,cn=com',
|
||||
help='LDAP server suffix'),
|
||||
cfg.BoolOpt('use_dumb_member', default=False),
|
||||
cfg.StrOpt('dumb_member', default='cn=dumb,dc=nonexistent'),
|
||||
cfg.BoolOpt('allow_subtree_delete', default=False),
|
||||
cfg.StrOpt('query_scope', default='one'),
|
||||
cfg.IntOpt('page_size', default=0),
|
||||
cfg.StrOpt('alias_dereferencing', default='default'),
|
||||
cfg.BoolOpt('allow_subtree_delete', default=False,
|
||||
help='allow deleting subtrees'),
|
||||
cfg.StrOpt('query_scope', default='one',
|
||||
help=('The LDAP scope for queries, this can be either '
|
||||
'"one" (onelevel/singleLevel) or "sub" '
|
||||
'(subtree/wholeSubtree)')),
|
||||
cfg.IntOpt('page_size', default=0,
|
||||
help=('Maximum results per page; a value of zero ("0") '
|
||||
'disables paging')),
|
||||
cfg.StrOpt('alias_dereferencing', default='default',
|
||||
help=('The LDAP dereferencing option for queries. This '
|
||||
'can be either "never", "searching", "always", '
|
||||
'"finding" or "default". The "default" option falls '
|
||||
'back to using default dereferencing configured by '
|
||||
'your ldap.conf.')),
|
||||
|
||||
cfg.StrOpt('user_tree_dn', default=None),
|
||||
cfg.StrOpt('user_filter', default=None),
|
||||
|
@ -254,35 +450,63 @@ FILE_OPTIONS = {
|
|||
cfg.StrOpt('tls_cacertfile', default=None),
|
||||
cfg.StrOpt('tls_cacertdir', default=None),
|
||||
cfg.BoolOpt('use_tls', default=False),
|
||||
cfg.StrOpt('tls_req_cert', default='demand')],
|
||||
cfg.StrOpt('tls_req_cert', default='demand',
|
||||
help=('valid options for tls_req_cert are demand, never, '
|
||||
'and allow'))],
|
||||
'pam': [
|
||||
cfg.StrOpt('userid', default=None),
|
||||
cfg.StrOpt('password', default=None)],
|
||||
'auth': [
|
||||
cfg.ListOpt('methods', default=_DEFAULT_AUTH_METHODS),
|
||||
cfg.ListOpt('methods', default=_DEFAULT_AUTH_METHODS,
|
||||
help='Default auth methods.'),
|
||||
cfg.StrOpt('password',
|
||||
default='keystone.auth.plugins.password.Password'),
|
||||
default='keystone.auth.plugins.password.Password',
|
||||
help='The password auth plugin module'),
|
||||
cfg.StrOpt('token',
|
||||
default='keystone.auth.plugins.token.Token'),
|
||||
default='keystone.auth.plugins.token.Token',
|
||||
help='The token auth plugin module'),
|
||||
#deals with REMOTE_USER authentication
|
||||
cfg.StrOpt('external',
|
||||
default='keystone.auth.plugins.external.DefaultDomain')],
|
||||
default='keystone.auth.plugins.external.DefaultDomain',
|
||||
help='The external (REMOTE_USER) auth plugin module.')],
|
||||
'paste_deploy': [
|
||||
cfg.StrOpt('config_file', default='keystone-paste.ini')],
|
||||
cfg.StrOpt('config_file', default='keystone-paste.ini',
|
||||
help=('Name of the paste configuration file that defines '
|
||||
'the available pipelines'))],
|
||||
'memcache': [
|
||||
cfg.ListOpt('servers', default=['localhost:11211']),
|
||||
cfg.IntOpt('max_compare_and_set_retry', default=16)],
|
||||
cfg.ListOpt('servers', default=['localhost:11211'],
|
||||
help='Memcache servers in the format of "host:port"'),
|
||||
cfg.IntOpt('max_compare_and_set_retry', default=16,
|
||||
help=('Number of compare-and-set attempts to make when '
|
||||
'using compare-and-set in the token memcache back '
|
||||
'end'))],
|
||||
'catalog': [
|
||||
cfg.StrOpt('template_file',
|
||||
default='default_catalog.templates'),
|
||||
default='default_catalog.templates',
|
||||
help='Catalog template file name for use with the '
|
||||
'template catalog backend.'),
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.catalog.backends.sql.Catalog'),
|
||||
cfg.IntOpt('list_limit', default=None)],
|
||||
default='keystone.catalog.backends.sql.Catalog',
|
||||
help='Keystone catalog backend driver'),
|
||||
cfg.IntOpt('list_limit', default=None,
|
||||
help=('Maximum number of entities that will be returned '
|
||||
'in a catalog collection'))],
|
||||
'kvs': [
|
||||
cfg.ListOpt('backends', default=[]),
|
||||
cfg.StrOpt('config_prefix', default='keystone.kvs'),
|
||||
cfg.BoolOpt('enable_key_mangler', default=True),
|
||||
cfg.IntOpt('default_lock_timeout', default=5)]}
|
||||
cfg.ListOpt('backends', default=[],
|
||||
help='Extra dogpile.cache backend modules to register '
|
||||
'with the dogpile.cache library'),
|
||||
cfg.StrOpt('config_prefix', default='keystone.kvs',
|
||||
help=('Prefix for building the configuration dictionary '
|
||||
'for the KVS region. This should not need to be '
|
||||
'changed unless there is another dogpile.cache '
|
||||
'region with the same configuration name')),
|
||||
cfg.BoolOpt('enable_key_mangler', default=True,
|
||||
help=('Toggle to disable using a key-mangling function '
|
||||
'to ensure fixed length keys. This is toggle-able '
|
||||
'for debugging purposes, it is highly recommended '
|
||||
'to always leave this set to True.')),
|
||||
cfg.IntOpt('default_lock_timeout', default=5,
|
||||
help='Default lock timeout for distributed locking.')]}
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
|
|
@ -20,6 +20,6 @@ tools/config/generate_sample.sh -b ./ -p ${PROJECT_NAME} -o ${TEMPDIR}
|
|||
if ! diff -u ${TEMPDIR}/${CFGFILE_NAME} ${CFGFILE}
|
||||
then
|
||||
echo "${0##*/}: ${PROJECT_NAME}.conf.sample is not up to date."
|
||||
echo "${0##*/}: Please run ${0%%${0##*/}}generate_sample.sh."
|
||||
echo "${0##*/}: Please run 'tox -esample_config -r' (see doc/source/developing.rst for more info)"
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
@ -1 +1,4 @@
|
|||
# Environmental Variables that affect the automatic sample config generation.
|
||||
# Additions to any of these variables are space delimited. See the "generate_sample.sh"
|
||||
# script for the variables that can be used.
|
||||
KEYSTONE_CONFIG_GENERATOR_EXTRA_LIBRARIES='keystone oslo.messaging'
|
||||
|
|
7
tox.ini
7
tox.ini
|
@ -1,7 +1,7 @@
|
|||
[tox]
|
||||
minversion = 1.6
|
||||
skipsdist = True
|
||||
envlist = py26,py27,py33,pep8,docs
|
||||
envlist = py26,py27,py33,pep8,docs,sample_config
|
||||
|
||||
[testenv]
|
||||
usedevelop = True
|
||||
|
@ -40,5 +40,10 @@ builtins = _
|
|||
exclude=.venv,.git,.tox,build,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor,.update-venv,*.ini
|
||||
|
||||
[testenv:docs]
|
||||
envdir = {toxworkdir}/venv
|
||||
commands=
|
||||
python setup.py build_sphinx
|
||||
|
||||
[testenv:sample_config]
|
||||
envdir = {toxworkdir}/venv
|
||||
commands = {toxinidir}/tools/config/generate_sample.sh
|
||||
|
|
Loading…
Reference in New Issue