Adds documentation for the Octavia configuration

This patch moves the Octavia configuration option documentation into the Octavia repository. The OpenStack docs team deleted this documentation from the Mitaka release[1]. The Octavia team finds value in this documentation so we are moving it into our repository. [1] https://review.openstack.org/#/c/259889/ Change-Id: I4fcc2a7dc8fa3ef343456d98202ea7d4f9cd1289
2016-03-18 00:21:01 +00:00 · 2016-03-18 00:21:01 +00:00 · 5d45ce9e41
commit 5d45ce9e41
parent e40b69168a
2 changed files with 342 additions and 0 deletions
--- a/doc/source/config-reference/octavia-config-table.rst
+++ b/doc/source/config-reference/octavia-config-table.rst
@ -0,0 +1,334 @@
+================================
+Octavia configuration options
+================================
+
+Use the following options in the /etc/octavia/octavia.conf file.
+
+.. _octavia-config-table:
+
+.. list-table:: Description of Octavia configuration options
+   :header-rows: 1
+   :class: config-ref-table
+
+   * - Configuration option = Default value
+     - Description
+   * - **[DEFAULT]**
+     -
+   * - ``api_handler`` = ``queue_producer``
+     - (StrOpt) The handler that the API communicates with
+   * - ``bind_host`` = ``0.0.0.0``
+     - (IPOpt) The host IP to bind to
+   * - ``bind_port`` = ``9876``
+     - (PortOpt) The port to bind to
+   * - ``debug`` = ``False``
+     - (BoolOpt) If set to true, the logging level will be set to DEBUG instead of the default INFO level.
+   * - ``host`` = ``localhost``
+     - (StrOpt) The hostname Octavia is running on
+   * - ``octavia_plugins`` = ``hot_plug_plugin``
+     - (StrOpt) Name of the controller plugin to use
+   * - ``verbose`` = ``True``
+     - (BoolOpt) If set to false, the logging level will be set to WARNING instead of the default INFO level.
+   * - **[amphora_agent]**
+     -
+   * - ``agent_server_ca`` = ``/etc/octavia/certs/client_ca.pem``
+     - (StrOpt) The ca which signed the client certificates
+   * - ``agent_server_cert`` = ``/etc/octavia/certs/server.pem``
+     - (StrOpt) The server certificate for the agent.py server to use
+   * - ``agent_server_network_dir`` = ``/etc/network/interfaces.d/``
+     - (StrOpt) The directory where new network interfaces are located
+   * - ``agent_server_network_file`` = ``None``
+     - (StrOpt) The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir.
+   * - ``amphora_id`` = ``None``
+     - (StrOpt) The amphora ID.
+   * - **[anchor]**
+     -
+   * - ``password`` = ``simplepassword``
+     - (StrOpt) Anchor password
+   * - ``url`` = ``http://localhost:9999/v1/sign/default``
+     - (StrOpt) Anchor URL
+   * - ``username`` = ``myusername``
+     - (StrOpt) Anchor username
+   * - **[certificates]**
+     -
+   * - ``barbican_auth`` = ``barbican_acl_auth``
+     - (StrOpt) Name of the Barbican authentication method to use
+   * - ``ca_certificate`` = ``/etc/ssl/certs/ssl-cert-snakeoil.pem``
+     - (StrOpt) Absolute path to the CA Certificate for signing. Defaults to env[OS_OCTAVIA_TLS_CA_CERT].
+   * - ``ca_private_key`` = ``/etc/ssl/private/ssl-cert-snakeoil.key``
+     - (StrOpt) Absolute path to the Private Key for signing. Defaults to env[OS_OCTAVIA_TLS_CA_KEY].
+   * - ``ca_private_key_passphrase`` = ``None``
+     - (StrOpt) Passphrase for the Private Key. Defaults to env[OS_OCTAVIA_CA_KEY_PASS] or None.
+   * - ``cert_generator`` = ``local_cert_generator``
+     - (StrOpt) Name of the cert generator to use
+   * - ``cert_manager`` = ``barbican_cert_manager``
+     - (StrOpt) Name of the cert manager to use
+   * - ``endpoint_type`` = ``publicURL``
+     - (StrOpt) The endpoint_type to be used for barbican service.
+   * - ``region_name`` = ``None``
+     - (StrOpt) Region in Identity service catalog to use for communication with the barbican service.
+   * - ``signing_digest`` = ``sha256``
+     - (StrOpt) Certificate signing digest. Defaults to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or "sha256".
+   * - ``storage_path`` = ``/var/lib/octavia/certificates/``
+     - (StrOpt) Absolute path to the certificate storage directory. Defaults to env[OS_OCTAVIA_TLS_STORAGE].
+   * - **[controller_worker]**
+     -
+   * - ``amp_active_retries`` = ``10``
+     - (IntOpt) Retry attempts to wait for Amphora to become active
+   * - ``amp_active_wait_sec`` = ``10``
+     - (IntOpt) Seconds to wait between checks on whether an Amphora has become active
+   * - ``amp_flavor_id`` =
+     - (StrOpt) Nova instance flavor id for the Amphora
+   * - ``amp_image_id`` =
+     - (StrOpt) Glance image id for the Amphora image to boot
+   * - ``amp_image_tag`` =
+     - (StrOpt) Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined.
+   * - ``amp_network`` =
+     - (StrOpt) Network to attach to the Amphora
+   * - ``amp_secgroup_list`` =
+     - (ListOpt) List of security groups to attach to the Amphora
+   * - ``amp_ssh_access_allowed`` = ``True``
+     - (BoolOpt) Determines whether or not to allow access to the Amphorae
+   * - ``amp_ssh_key_name`` =
+     - (StrOpt) SSH key name used to boot the Amphora
+   * - ``amphora_driver`` = ``amphora_noop_driver``
+     - (StrOpt) Name of the amphora driver to use
+   * - ``cert_generator`` = ``local_cert_generator``
+     - (StrOpt) Name of the cert generator to use
+   * - ``client_ca`` = ``/etc/octavia/certs/ca_01.pem``
+     - (StrOpt) Client CA for the amphora agent to use
+   * - ``compute_driver`` = ``compute_noop_driver``
+     - (StrOpt) Name of the compute driver to use
+   * - ``loadbalancer_topology`` = ``SINGLE``
+     - (StrOpt) Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer.
+   * - ``network_driver`` = ``network_noop_driver``
+     - (StrOpt) Name of the network driver to use
+   * - ``user_data_config_drive`` = ``False``
+     - (BoolOpt) If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files.
+   * - **[database]**
+     -
+   * - ``backend`` = ``sqlalchemy``
+     - (StrOpt) The back end to use for the database.
+   * - ``connection`` = ``None``
+     - (StrOpt) The SQLAlchemy connection string to use to connect to the database.
+   * - ``connection_debug`` = ``0``
+     - (IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
+   * - ``connection_trace`` = ``False``
+     - (BoolOpt) Add Python stack traces to SQL as comment strings.
+   * - ``db_inc_retry_interval`` = ``True``
+     - (BoolOpt) If True, increases the interval between retries of a database operation up to db_max_retry_interval.
+   * - ``db_max_retries`` = ``20``
+     - (IntOpt) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
+   * - ``db_max_retry_interval`` = ``10``
+     - (IntOpt) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
+   * - ``db_retry_interval`` = ``1``
+     - (IntOpt) Seconds between retries of a database transaction.
+   * - ``idle_timeout`` = ``3600``
+     - (IntOpt) Timeout before idle SQL connections are reaped.
+   * - ``max_overflow`` = ``50``
+     - (IntOpt) If set, use this value for max_overflow with SQLAlchemy.
+   * - ``max_pool_size`` = ``None``
+     - (IntOpt) Maximum number of SQL connections to keep open in a pool.
+   * - ``max_retries`` = ``10``
+     - (IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
+   * - ``min_pool_size`` = ``1``
+     - (IntOpt) Minimum number of SQL connections to keep open in a pool.
+   * - ``mysql_sql_mode`` = ``TRADITIONAL``
+     - (StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
+   * - ``pool_timeout`` = ``None``
+     - (IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
+   * - ``retry_interval`` = ``10``
+     - (IntOpt) Interval between retries of opening a SQL connection.
+   * - ``slave_connection`` = ``None``
+     - (StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
+   * - ``use_db_reconnect`` = ``False``
+     - (BoolOpt) Enable the experimental use of database reconnect on connection lost.
+   * - **[glance]**
+     -
+   * - ``ca_certificates_file`` = ``None``
+     - (StrOpt) CA certificates file path
+   * - ``endpoint`` = ``None``
+     - (StrOpt) A new endpoint to override the endpoint in the keystone catalog.
+   * - ``endpoint_type`` = ``publicURL``
+     - (StrOpt) Endpoint interface in identity service to use
+   * - ``insecure`` = ``False``
+     - (BoolOpt) Disable certificate validation on SSL connections
+   * - ``region_name`` = ``None``
+     - (StrOpt) Region in Identity service catalog to use for communication with the OpenStack services.
+   * - ``service_name`` = ``None``
+     - (StrOpt) The name of the glance service in the keystone catalog
+   * - **[haproxy_amphora]**
+     -
+   * - ``base_cert_dir`` = ``/var/lib/octavia/certs``
+     - (StrOpt) Base directory for cert storage.
+   * - ``base_path`` = ``/var/lib/octavia``
+     - (StrOpt) Base directory for amphora files.
+   * - ``bind_host`` = ``0.0.0.0``
+     - (IPOpt) The host IP to bind to
+   * - ``bind_port`` = ``9443``
+     - (PortOpt) The port to bind to
+   * - ``client_cert`` = ``/etc/octavia/certs/client.pem``
+     - (StrOpt) The client certificate to talk to the agent
+   * - ``connection_max_retries`` = ``300``
+     - (IntOpt) Retry threshold for connecting to amphorae.
+   * - ``connection_retry_interval`` = ``5``
+     - (IntOpt) Retry timeout between connection attempts in seconds.
+   * - ``haproxy_cmd`` = ``/usr/sbin/haproxy``
+     - (StrOpt) The full path to haproxy
+   * - ``haproxy_stick_size`` = ``10k``
+     - (StrOpt) Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k
+   * - ``haproxy_template`` = ``None``
+     - (StrOpt) Custom haproxy template.
+   * - ``respawn_count`` = ``2``
+     - (IntOpt) The respawn count for haproxy's upstart script
+   * - ``respawn_interval`` = ``2``
+     - (IntOpt) The respawn interval for haproxy's upstart script
+   * - ``rest_request_conn_timeout`` = ``10``
+     - (FloatOpt) The time in seconds to wait for a REST API to connect.
+   * - ``rest_request_read_timeout`` = ``60``
+     - (FloatOpt) The time in seconds to wait for a REST API response.
+   * - ``server_ca`` = ``/etc/octavia/certs/server_ca.pem``
+     - (StrOpt) The ca which signed the server certificates
+   * - ``use_upstart`` = ``True``
+     - (BoolOpt) If False, use sysvinit.
+   * - **[health_manager]**
+     -
+   * - ``bind_ip`` = ``0.0.0.0``
+     - (IPOpt) IP address the controller will listen on for heart beats
+   * - ``bind_port`` = ``5555``
+     - (PortOpt) Port number the controller will listen onfor heart beats
+   * - ``controller_ip_port_list`` =
+     - (ListOpt) List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555
+   * - ``event_streamer_driver`` = ``noop_event_streamer``
+     - (StrOpt) Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don't need to sync the database or are running octavia in stand alone mode use the noop_event_streamer
+   * - ``failover_threads`` = ``10``
+     - (IntOpt) Number of threads performing amphora failovers.
+   * - ``health_check_interval`` = ``3``
+     - (IntOpt) Sleep time between health checks in seconds.
+   * - ``heartbeat_interval`` = ``10``
+     - (IntOpt) Sleep time between sending hearthbeats.
+   * - ``heartbeat_key`` = ``None``
+     - (StrOpt) key used to validate amphora sendingthe message
+   * - ``heartbeat_timeout`` = ``60``
+     - (IntOpt) Interval, in seconds, to wait before failing over an amphora.
+   * - ``sock_rlimit`` = ``0``
+     - (IntOpt) sets the value of the heartbeat recv buffer
+   * - ``status_update_threads`` = ``50``
+     - (IntOpt) Number of threads performing amphora status update.
+   * - **[house_keeping]**
+     -
+   * - ``amphora_expiry_age`` = ``604800``
+     - (IntOpt) Amphora expiry age in seconds
+   * - ``cert_expiry_buffer`` = ``1209600``
+     - (IntOpt) Seconds until certificate expiration
+   * - ``cert_interval`` = ``3600``
+     - (IntOpt) Certificate check interval in seconds
+   * - ``cert_rotate_threads`` = ``10``
+     - (IntOpt) Number of threads performing amphora certificate rotation
+   * - ``cleanup_interval`` = ``30``
+     - (IntOpt) DB cleanup interval in seconds
+   * - ``spare_amphora_pool_size`` = ``0``
+     - (IntOpt) Number of spare amphorae
+   * - ``spare_check_interval`` = ``30``
+     - (IntOpt) Spare check interval in seconds
+   * - **[keepalived_vrrp]**
+     -
+   * - ``vrrp_advert_int`` = ``1``
+     - (IntOpt) Amphora role and priority advertisement interval in seconds.
+   * - ``vrrp_check_interval`` = ``5``
+     - (IntOpt) VRRP health check script run interval in seconds.
+   * - ``vrrp_fail_count`` = ``2``
+     - (IntOpt) Number of successive failure before transition to a fail state.
+   * - ``vrrp_garp_refresh_count`` = ``2``
+     - (IntOpt) Number of gratuitous ARP announcements to make on each refresh interval.
+   * - ``vrrp_garp_refresh_interval`` = ``5``
+     - (IntOpt) Time in seconds between gratuitous ARP announcements from the MASTER.
+   * - ``vrrp_success_count`` = ``2``
+     - (IntOpt) Number of successive failure before transition to a success state.
+   * - **[keystone_authtoken]**
+     -
+   * - ``admin_password`` = ``None``
+     - (StrOpt) Service user password.
+   * - ``admin_tenant_name`` = ``admin``
+     - (StrOpt) Service tenant name.
+   * - ``admin_user`` = ``None``
+     - (StrOpt) Service username.
+   * - ``auth_uri`` = ``None``
+     - (StrOpt) Complete public Identity API endpoint.
+   * - ``cafile`` = ``None``
+     - (StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
+   * - ``certfile`` = ``None``
+     - (StrOpt) Required if identity server requires client certificate
+   * - ``insecure`` = ``False``
+     - (BoolOpt) Verify HTTPS connections.
+   * - ``keyfile`` = ``None``
+     - (StrOpt) Required if identity server requires client certificate
+   * - ``region_name`` = ``None``
+     - (StrOpt) The region in which the identity server can be found.
+   * - **[keystone_authtoken_v3]**
+     -
+   * - ``admin_project_domain`` = ``default``
+     - (StrOpt) Admin project keystone authentication domain
+   * - ``admin_user_domain`` = ``default``
+     - (StrOpt) Admin user keystone authentication domain
+   * - **[networking]**
+     -
+   * - ``lb_network_name`` = ``None``
+     - (StrOpt) Name of amphora internal network
+   * - ``max_retries`` = ``15``
+     - (IntOpt) The maximum attempts to retry an action with the networking service.
+   * - ``retry_interval`` = ``1``
+     - (IntOpt) Seconds to wait before retrying an action with the networking service.
+   * - **[neutron]**
+     -
+   * - ``ca_certificates_file`` = ``None``
+     - (StrOpt) CA certificates file path
+   * - ``endpoint`` = ``None``
+     - (StrOpt) A new endpoint to override the endpoint in the keystone catalog.
+   * - ``endpoint_type`` = ``publicURL``
+     - (StrOpt) Endpoint interface in identity service to use
+   * - ``insecure`` = ``False``
+     - (BoolOpt) Disable certificate validation on SSL connections
+   * - ``region_name`` = ``None``
+     - (StrOpt) Region in Identity service catalog to use for communication with the OpenStack services.
+   * - ``service_name`` = ``None``
+     - (StrOpt) The name of the neutron service in the keystone catalog
+   * - **[nova]**
+     -
+   * - ``ca_certificates_file`` = ``None``
+     - (StrOpt) CA certificates file path
+   * - ``enable_anti_affinity`` = ``False``
+     - (BoolOpt) Flag to indicate if nova anti-affinity feature is turned on.
+   * - ``endpoint`` = ``None``
+     - (StrOpt) A new endpoint to override the endpoint in the keystone catalog.
+   * - ``endpoint_type`` = ``publicURL``
+     - (StrOpt) Endpoint interface in identity service to use
+   * - ``insecure`` = ``False``
+     - (BoolOpt) Disable certificate validation on SSL connections
+   * - ``region_name`` = ``None``
+     - (StrOpt) Region in Identity service catalog to use for communication with the OpenStack services.
+   * - ``service_name`` = ``None``
+     - (StrOpt) The name of the nova service in the keystone catalog
+   * - **[oslo_messaging]**
+     -
+   * - ``event_stream_topic`` = ``neutron_lbaas_event``
+     - (StrOpt) topic name for communicating events through a queue
+   * - ``topic`` = ``None``
+     - (StrOpt) No help text available for this option.
+   * - **[oslo_messaging_rabbit]**
+     -
+   * - ``rabbit_hosts`` = ``$rabbit_host:$rabbit_port``
+     - (ListOpt) RabbitMQ HA cluster host:port pairs.
+   * - ``rabbit_password`` = ``guest``
+     - (StrOpt) The RabbitMQ password.
+   * - ``rabbit_port`` = ``5672``
+     - (PortOpt) The RabbitMQ broker port where a single node is used.
+   * - ``rabbit_userid`` = ``guest``
+     - (StrOpt) The RabbitMQ userid.
+   * - ``rpc_conn_pool_size`` = ``30``
+     - (IntOpt) Size of RPC connection pool.
+   * - **[task_flow]**
+     -
+   * - ``engine`` = ``serial``
+     - (StrOpt) TaskFlow engine to use
+   * - ``max_workers`` = ``5``
+     - (IntOpt) The maximum number of workers
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -12,6 +12,14 @@ Getting started

   main/glossary.rst

+Configuration reference
+-----------------------
+
+.. toctree::
+   :maxdepth: 1
+
+   config-reference/octavia-config-table.rst
+
 For developers
 --------------