Stephen Finucane b5edc294a1 docs: Add man pages for 'nova-policy'

I don't actually grok what this does that 'oslopolicy-checker' couldn't
do, so perhaps we can deprecate this in the future. For now though,
simply document the thing. While we're here, we make some additional
related changes:

- Remove references to the 'policy.yaml' file for services that don't
  use policy (i.e. everything except the API services and, due to a bug,
  the nova-compute service).
- Update remaining references to the 'policy.yaml' file to include the
  'policy.d/' directory
- Update the help text for the '--api-name' and '--target' options of
  the 'nova-policy policy check' command to correct tense and better
  explain their purpose.

Also, yes, 'nova-policy policy check' is dumb. Don't blame me :)

Change-Id: I913b0de9ec40a615da7bf9981852edef4a88fecb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-bug: #1675486

2021-04-19 10:47:17 +01:00

2.8 KiB

Raw Blame History

nova-novncproxy

Synopsis

nova-novncproxy [<options>...]

Description

nova-novncproxy is a server daemon that serves the Nova noVNC Websocket Proxy service, which provides a websocket proxy that is compatible with OpenStack Nova noVNC consoles.

Options

General options

Websockify options

VNC options

--vnc-auth_schemes VNC_AUTH_SCHEMES

The authentication schemes to use with the compute node. Control what RFB authentication schemes are permitted for connections between the proxy and the compute host. If multiple schemes are enabled, the first matching scheme will be used, thus the strongest schemes should be listed first.

--vnc-novncproxy_host VNC_NOVNCPROXY_HOST

IP address that the noVNC console proxy should bind to. The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients. noVNC provides VNC support through a websocket-based client. This option sets the private address to which the noVNC console proxy service should bind to.

--vnc-novncproxy_port VNC_NOVNCPROXY_PORT

Port that the noVNC console proxy should bind to. The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients. noVNC provides VNC support through a websocket-based client. This option sets the private port to which the noVNC console proxy service should bind to.

--vnc-vencrypt_ca_certs VNC_VENCRYPT_CA_CERTS

The path to the CA certificate PEM file The fully qualified path to a PEM file containing one or more x509 certificates for the certificate authorities used by the compute node VNC server.

--vnc-vencrypt_client_cert VNC_VENCRYPT_CLIENT_CERT

The path to the client key file (for x509) The fully qualified path to a PEM file containing the x509 certificate which the VNC proxy server presents to the compute node during VNC authentication.

--vnc-vencrypt_client_key VNC_VENCRYPT_CLIENT_KEY

The path to the client certificate PEM file (for x509) The fully qualified path to a PEM file containing the private key which the VNC proxy server presents to the compute node during VNC authentication.

Debugger options

Files

/etc/nova/nova.conf
/etc/nova/rootwrap.conf
/etc/nova/rootwrap.d/

Bugs

Nova bugs are managed at Launchpad

2.8 KiB Raw Blame History