diff --git a/doc/source/dev/manual-devstack.rst b/doc/source/dev/manual-devstack.rst index f7de410a54..8fe3bdc416 100644 --- a/doc/source/dev/manual-devstack.rst +++ b/doc/source/dev/manual-devstack.rst @@ -157,7 +157,8 @@ Configure magnum:: # create the magnum conf directory sudo mkdir -p /etc/magnum - # copy sample config and modify it as necessary + # generate sample config file and modify it as necessary + tox -egenconfig sudo cp etc/magnum/magnum.conf.sample /etc/magnum/magnum.conf # copy policy.json diff --git a/etc/magnum/magnum-config-generator.conf b/etc/magnum/magnum-config-generator.conf new file mode 100644 index 0000000000..59165b2463 --- /dev/null +++ b/etc/magnum/magnum-config-generator.conf @@ -0,0 +1,14 @@ +[DEFAULT] +output_file = etc/magnum/magnum.conf.sample +wrap_width = 79 + +namespace = magnum +namespace = oslo.concurrency +namespace = oslo.db +namespace = oslo.log +namespace = oslo.messaging +namespace = oslo.middleware.cors +namespace = oslo.policy +namespace = oslo.service.periodic_task +namespace = oslo.service.service +namespace = keystonemiddleware.auth_token diff --git a/etc/magnum/magnum.conf.sample b/etc/magnum/magnum.conf.sample deleted file mode 100644 index f5478509a8..0000000000 --- a/etc/magnum/magnum.conf.sample +++ /dev/null @@ -1,1287 +0,0 @@ -[DEFAULT] - -# -# From magnum -# - -# This option enables or disables user authentication via Keystone. -# Default value is True. (boolean value) -#enable_authentication = true - -# Directory where the magnum python module is installed. (string -# value) -#pybasedir = /opt/stack/magnum/magnum - -# Directory where magnum binaries are installed. (string value) -#bindir = $pybasedir/bin - -# Top-level directory for maintaining magnum's state. (string value) -#state_path = $pybasedir - -# Path to the rootwrap configuration file to use for running commands -# as root. (string value) -#rootwrap_config = /etc/magnum/rootwrap.conf - -# Explicitly specify the temporary working directory. (string value) -#tempdir = - -# Enable periodic tasks. (boolean value) -#periodic_enable = true - -# Max interval size between periodic tasks execution in seconds. -# (integer value) -#periodic_interval_max = 60 - -# Name of this node. This can be an opaque identifier. It is not -# necessarily a hostname, FQDN, or IP address. However, the node name -# must be valid within an AMQP key, and if using ZeroMQ, a valid -# hostname, FQDN, or IP address. (string value) -#host = localhost - -# -# From oslo.log -# - -# Print debugging output (set logging level to DEBUG instead of -# default INFO level). (boolean value) -#debug = false - -# If set to false, will disable INFO logging level, making WARNING the -# default. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, log_format). (string -# value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# DEPRECATED. A logging.Formatter log message format string which may -# use any of the available logging.LogRecord attributes. This option -# is deprecated. Please use logging_context_format_string and -# logging_default_format_string instead. This option is ignored if -# log_config_append is set. (string value) -#log_format = - -# Format string for %%(asctime)s in log records. Default: %(default)s -# . This option is ignored if log_config_append is set. (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is set, -# logging will go to stdout. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative --log-file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# (Optional) Uses logging handler designed to watch file system. When -# log file is moved or removed this handler will open a new log file -# with specified path instantaneously. It makes sense only if log-file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# (Optional) Enables or disables syslog rfc5424 format for logging. If -# enabled, prefixes the MSG part of the syslog message with APP-NAME -# (RFC5424). The format without the APP-NAME is deprecated in Kilo, -# and will be removed in Mitaka, along with this option. This option -# is ignored if log_config_append is set. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#use_syslog_rfc_format = true - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# List of logger=LEVEL pairs. This option is ignored if -# log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Format string for user_identity field of the -# logging_context_format_string (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve to this -# address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker = redis - -# Use REQ/REP pattern for all methods CALL/CAST/FANOUT. (boolean -# value) -#rpc_zmq_all_req_rep = true - -# Type of concurrency used. Either "native" or "eventlet" (string -# value) -#rpc_zmq_concurrency = eventlet - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. -# Default is unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. -# Must match "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Seconds to wait before a cast expires (TTL). Only supported by -# impl_zmq. (integer value) -#rpc_cast_timeout = 30 - -# The default number of seconds that poll should wait. Poll raises -# timeout exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Shows whether zmq-messaging uses broker or not. (boolean value) -#zmq_use_broker = true - -# Minimal port number for random ports range. (integer value) -#rpc_zmq_min_port = 49152 - -# Maximal port number for random ports range. (integer value) -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with -# ZMQBindError. (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = - -# Size of executor thread pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# A URL representing the messaging driver to use for notifications. If -# not set, we fall back to the same configuration used for RPC. -# (string value) -#notification_transport_url = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics = notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend option -# and driver specific configuration. (string value) -#transport_url = - -# The messaging driver to use, defaults to rabbit. Other drivers -# include qpid and zmq. (string value) -#rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the transport_url -# option. (string value) -#control_exchange = openstack - -# -# From oslo.service.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should we run -# them here? (boolean value) -#run_external_periodic_tasks = true - -# -# From oslo.service.service -# - -# Enable eventlet backdoor. Acceptable values are 0, , and -# :, where 0 results in listening on a random tcp port -# number; results in listening on the specified port number -# (and not enabling backdoor if that port is in use); and -# : results in listening on the smallest unused port -# number within the specified range of port numbers. The chosen port -# is displayed in the service's log file. (string value) -#backdoor_port = - -# Enables or disables logging values of all registered options when -# starting a service (at DEBUG level). (boolean value) -#log_options = true - -# Specify a timeout after which a gracefully shutdown server will -# exit. Zero value means endless wait. (integer value) -#graceful_shutdown_timeout = 60 - - -[api] - -# -# From magnum -# - -# The port for the Magnum API server. (port value) -# Minimum value: 1 -# Maximum value: 65535 -#port = 9511 - -# The listen IP for the Magnum API server. (ip address value) -#host = 127.0.0.1 - -# The maximum number of items returned in a single response from a -# collection resource. (integer value) -#max_limit = 1000 - - -[barbican_client] - -# -# From magnum -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type = publicURL - - -[bay] - -# -# From magnum -# - -# Location of template to build a k8s cluster on atomic. (string -# value) -# Deprecated group/name - [bay_heat]/template_path -#k8s_atomic_template_path = $pybasedir/templates/kubernetes/kubecluster.yaml - -# Location of template to build a k8s cluster on CoreOS. (string -# value) -#k8s_coreos_template_path = $pybasedir/templates/kubernetes/kubecluster-coreos.yaml - -# Url for etcd public discovery endpoint. (string value) -#etcd_discovery_service_endpoint_format = https://discovery.etcd.io/new?size=%(size)d - -# coreos discovery token url. (string value) -# Deprecated group/name - [bay_heat]/discovery_token_url -#coreos_discovery_token_url = - -# Location of template to build a swarm cluster on atomic. (string -# value) -#swarm_atomic_template_path = $pybasedir/templates/swarm/swarmcluster.yaml - -# Location of template to build a Mesos cluster on Ubuntu. (string -# value) -#mesos_ubuntu_template_path = $pybasedir/templates/mesos/mesoscluster.yaml - -# Enabled bay definition entry points. (list value) -#enabled_definitions = magnum_vm_atomic_k8s,magnum_vm_coreos_k8s,magnum_vm_atomic_swarm,magnum_vm_ubuntu_mesos - - -[bay_heat] - -# -# From magnum -# - -# Number of attempts to query the Heat stack for finding out the -# status of the created stack and getting template outputs. This -# value is ignored during bay creation if timeout is set as the poll -# will continue until bay creation either ends or times out. (integer -# value) -#max_attempts = 2000 - -# Sleep time interval between two attempts of querying the Heat stack. -# This interval is in seconds. (integer value) -#wait_interval = 1 - -# The length of time to let bay creation continue. This interval is -# in minutes. The default is no timeout. (integer value) -#bay_create_timeout = - - -[baymodel] - -# -# From magnum -# - -# Allowed network drivers for kubernetes baymodels. Use 'all' keyword -# to allow all drivers supported for kubernetes baymodels. Supported -# network drivers include flannel. (list value) -#kubernetes_allowed_network_drivers = all - -# Default network driver for kubernetes baymodels. (string value) -#kubernetes_default_network_driver = flannel - -# Allowed network drivers for docker swarm baymodels. Use 'all' -# keyword to allow all drivers supported for swarm baymodels. -# Supported network drivers include docker and flannel. (list value) -#swarm_allowed_network_drivers = all - -# Default network driver for docker swarm baymodels. (string value) -#swarm_default_network_driver = docker - -# Allowed network drivers for mesos baymodels. Use 'all' keyword to -# allow all drivers supported for mesos baymodels. Supported network -# drivers include docker. (list value) -#mesos_allowed_network_drivers = all - -# Default network driver for mesos baymodels. (string value) -#mesos_default_network_driver = docker - - -[certificates] - -# -# From magnum -# - -# Certificate Manager plugin. Defaults to barbican. (string value) -#cert_manager_type = barbican - -# Absolute path of the certificate storage directory. Defaults to -# /var/lib/magnum/certificates/. (string value) -#storage_path = /var/lib/magnum/certificates/ - - -[conductor] - -# -# From magnum -# - -# The queue to add conductor tasks to. (string value) -#topic = magnum-conductor - -# RPC timeout for the conductor liveness check that is used for bay -# locking. (integer value) -#conductor_life_check_timeout = 4 - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,POST,PUT,DELETE,OPTIONS - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - - -[cors.subdomain] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,POST,PUT,DELETE,OPTIONS - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - - -[database] - -# -# From magnum -# - -# MySQL engine to use. (string value) -#mysql_engine = InnoDB - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - - -[docker] - -# -# From magnum -# - -# Docker remote api version. Override it according to specific docker -# api version in your environment. (string value) -#docker_remote_api_version = 1.17 - -# Default timeout in seconds for docker client operations. (integer -# value) -#default_timeout = 60 - -# If set, ignore any SSL validation issues (boolean value) -#api_insecure = false - -# Location of CA certificates file for securing docker api requests -# (tlscacert). (string value) -#ca_file = - -# Location of TLS certificate file for securing docker api requests -# (tlscert). (string value) -#cert_file = - -# Location of TLS private key file for securing docker api requests -# (tlskey). (string value) -#key_file = - - -[docker_registry] - -# -# From magnum -# - -# User id of the trustee (string value) -#trustee_user_id = - -# The roles which are delegated to the trustee by the trustor. (list -# value) -#trust_roles = registry_user - - -[glance_client] - -# -# From magnum -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type = publicURL - -# Version of Glance API to use in glanceclient. (string value) -#api_version = 2 - - -[heat_client] - -# -# From magnum -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type = publicURL - -# Optional CA cert file to use in SSL connections. (string value) -#ca_file = - -# Optional PEM-formatted certificate chain file. (string value) -#cert_file = - -# Optional PEM-formatted file that contains the private key. (string -# value) -#key_file = - -# If set, then the server's certificate will not be verified. (boolean -# value) -#insecure = false - -# Version of Heat API to use in heatclient. (string value) -#api_version = 1 - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) -#auth_version = - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = - -# Required if identity server requires client certificate (string -# value) -#certfile = - -# Required if identity server requires client certificate (string -# value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may -# significantly reduce performance. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable values are -# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in -# the cache. If ENCRYPT, token data is encrypted and authenticated in -# the cache. If the value is not one of these options or empty, -# auth_token will raise an exception on initialization. (string value) -#memcache_security_strategy = - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcached server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcached client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This -# requires that PKI tokens are configured on the identity server. -# (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single -# algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, -# so put the preferred one first for performance. The result of the -# first hash will be stored in the cache. This will typically be set -# to multiple values only while migrating from a less secure algorithm -# to a more secure one. Once all the old tokens are expired this -# option should be set to a single value for better performance. (list -# value) -#hash_algorithms = md5 - -# Prefix to prepend at the beginning of the path. Deprecated, use -# identity_uri. (string value) -#auth_admin_prefix = - -# Host providing the admin Identity API endpoint. Deprecated, use -# identity_uri. (string value) -#auth_host = 127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port = 35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol = https - -# Complete admin Identity API endpoint. This should specify the -# unversioned root endpoint e.g. https://localhost:35357/ (string -# value) -#identity_uri = - -# This option is deprecated and may be removed in a future release. -# Single shared secret with the Keystone configuration used for -# bootstrapping a Keystone installation, or otherwise bypassing the -# normal authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token = - -# Service username. (string value) -#admin_user = - -# Service user password. (string value) -#admin_password = - -# Service tenant name. (string value) -#admin_tenant_name = admin - -# Authentication type to load (unknown value) -# Deprecated group/name - [DEFAULT]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (unknown -# value) -#auth_section = - - -[magnum_client] - -# -# From magnum -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type = publicURL - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = - - -[neutron_client] - -# -# From magnum -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type = publicURL - - -[nova_client] - -# -# From magnum -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type = publicURL - -# Version of Nova API to use in novaclient. (string value) -#api_version = 2 - - -[oslo_concurrency] - -# -# From oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified -# directory should only be writable by the user running the processes -# that need locking. Defaults to environment variable OSLO_LOCK_PATH. -# If external locks are used, a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -#lock_path = - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file to verify server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string -# value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - -# Space separated list of acceptable SASL mechanisms (string value) -# Deprecated group/name - [amqp1]/sasl_mechanisms -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string -# value) -# Deprecated group/name - [amqp1]/sasl_config_dir -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -# Deprecated group/name - [amqp1]/sasl_config_name -#sasl_config_name = - -# User name for message broker authentication (string value) -# Deprecated group/name - [amqp1]/username -#username = - -# Password for message broker authentication (string value) -# Deprecated group/name - [amqp1]/password -#password = - - -[oslo_messaging_qpid] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Send a single AMQP reply to call message. The current behaviour -# since oslo-incubator is to send two AMQP replies - first one with -# the payload, a second one to ensure the other have finish to send -# the payload. We are going to remove it in the N release, but we must -# keep backward compatible at the same time. This option provides such -# compatibility - it defaults to False in Liberty and can be turned on -# for early adopters with a new installations or for testing. Please -# note, that this option will be removed in the Mitaka release. -# (boolean value) -#send_single_reply = false - -# Qpid broker hostname. (string value) -# Deprecated group/name - [DEFAULT]/qpid_hostname -#qpid_hostname = localhost - -# Qpid broker port. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_port -#qpid_port = 5672 - -# Qpid HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/qpid_hosts -#qpid_hosts = $qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_username -#qpid_username = - -# Password for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_password -#qpid_password = - -# Space separated list of SASL mechanisms to use for auth. (string -# value) -# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms -#qpid_sasl_mechanisms = - -# Seconds between connection keepalive heartbeats. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_heartbeat -#qpid_heartbeat = 60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -# Deprecated group/name - [DEFAULT]/qpid_protocol -#qpid_protocol = tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay -#qpid_tcp_nodelay = true - -# The number of prefetched messages held by receiver. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity -#qpid_receiver_capacity = 1 - -# The qpid topology version to use. Version 1 is what was originally -# used by impl_qpid. Version 2 includes some backwards-incompatible -# changes that allow broker federation to work. Users should update -# to version 2 when they are able to take everything down, as it -# requires a clean break. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_topology_version -#qpid_topology_version = 1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Send a single AMQP reply to call message. The current behaviour -# since oslo-incubator is to send two AMQP replies - first one with -# the payload, a second one to ensure the other have finish to send -# the payload. We are going to remove it in the N release, but we must -# keep backward compatible at the same time. This option provides such -# compatibility - it defaults to False in Liberty and can be turned on -# for early adopters with a new installations or for testing. Please -# note, that this option will be removed in the Mitaka release. -# (boolean value) -#send_single_reply = false - -# SSL version to use (valid only if SSL enabled). Valid values are -# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be -# available on some distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). -# (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer -# cancel notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay = 1.0 - -# How long to wait before considering a reconnect attempt to have -# failed. This value should not be longer than rpc_response_timeout. -# (integer value) -#kombu_reconnect_timeout = 60 - -# The RabbitMQ broker address where a single node is used. (string -# value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host = localhost - -# The RabbitMQ broker port where a single node is used. (integer -# value) -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port = 5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid = guest - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -#rabbit_password = guest - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. -# (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff = 2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries = 0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this -# option, you must wipe the RabbitMQ database. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues = false - -# Number of seconds after which the Rabbit broker is considered down -# if heartbeat's keep-alive fails (0 disable the heartbeat). -# EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit = false - -[oslo_messaging_notifications] -# The Drivers(s) to handle sending notifications. Possible values are -# messaging, messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver = - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - - -[x509] - -# -# From magnum -# - -# Certificate can get the CA flag in x509 extensions. (boolean value) -#allow_ca = false - -# List of allowed x509 extensions. Available values: -# "authorityKeyIdentifier", "subjectKeyIdentifier", -# "authorityInfoAccess", "basicConstraints", "cRLDistributionPoints", -# "certificatePolicies", "extendedKeyUsage", "OCSPNoCheck", -# "inhibitAnyPolicy", "keyUsage", "nameConstraints", "subjectAltName", -# "issuerAltName" (list value) -#allowed_extensions = keyUsage,extendedKeyUsage,subjectAltName,basicConstraints,subjectKeyIdentifier - -# List of allowed x509 key usage. Available values: "Digital -# Signature", "Non Repudiation", "Key Encipherment", "Data -# Encipherment", "Key Agreement", "Certificate Sign", "CRL Sign", -# "Encipher Only", "Decipher Only" (list value) -#allowed_key_usage = Digital Signature,Key Encipherment,Non Repudiation - -# Number of days for which a certificate is valid. (integer value) -#term_of_validity = 1825 - -# Size of generated private key. (integer value) -#rsa_key_size = 2048 diff --git a/tox.ini b/tox.ini index 01953f3278..0c1c4a0a5a 100644 --- a/tox.ini +++ b/tox.ini @@ -115,17 +115,7 @@ commands = {[testenv:docs]commands} [testenv:genconfig] commands = - oslo-config-generator --output-file etc/magnum/magnum.conf.sample \ - --namespace magnum \ - --namespace oslo.concurrency \ - --namespace oslo.db \ - --namespace oslo.log \ - --namespace oslo.messaging \ - --namespace oslo.middleware.cors \ - --namespace oslo.policy \ - --namespace oslo.service.periodic_task \ - --namespace oslo.service.service \ - --namespace keystonemiddleware.auth_token + oslo-config-generator --config-file etc/magnum/magnum-config-generator.conf [flake8] exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,tools,magnum/common/pythonk8sclient