From 5d45ce9e41fb1bcb0c1d371c1a78f456468c4c60 Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Fri, 18 Mar 2016 00:21:01 +0000 Subject: [PATCH] Adds documentation for the Octavia configuration This patch moves the Octavia configuration option documentation into the Octavia repository. The OpenStack docs team deleted this documentation from the Mitaka release[1]. The Octavia team finds value in this documentation so we are moving it into our repository. [1] https://review.openstack.org/#/c/259889/ Change-Id: I4fcc2a7dc8fa3ef343456d98202ea7d4f9cd1289 --- .../config-reference/octavia-config-table.rst | 334 ++++++++++++++++++ doc/source/index.rst | 8 + 2 files changed, 342 insertions(+) create mode 100644 doc/source/config-reference/octavia-config-table.rst diff --git a/doc/source/config-reference/octavia-config-table.rst b/doc/source/config-reference/octavia-config-table.rst new file mode 100644 index 0000000000..d7f1ab87a2 --- /dev/null +++ b/doc/source/config-reference/octavia-config-table.rst @@ -0,0 +1,334 @@ +================================ +Octavia configuration options +================================ + +Use the following options in the /etc/octavia/octavia.conf file. + +.. _octavia-config-table: + +.. list-table:: Description of Octavia configuration options + :header-rows: 1 + :class: config-ref-table + + * - Configuration option = Default value + - Description + * - **[DEFAULT]** + - + * - ``api_handler`` = ``queue_producer`` + - (StrOpt) The handler that the API communicates with + * - ``bind_host`` = ``0.0.0.0`` + - (IPOpt) The host IP to bind to + * - ``bind_port`` = ``9876`` + - (PortOpt) The port to bind to + * - ``debug`` = ``False`` + - (BoolOpt) If set to true, the logging level will be set to DEBUG instead of the default INFO level. + * - ``host`` = ``localhost`` + - (StrOpt) The hostname Octavia is running on + * - ``octavia_plugins`` = ``hot_plug_plugin`` + - (StrOpt) Name of the controller plugin to use + * - ``verbose`` = ``True`` + - (BoolOpt) If set to false, the logging level will be set to WARNING instead of the default INFO level. + * - **[amphora_agent]** + - + * - ``agent_server_ca`` = ``/etc/octavia/certs/client_ca.pem`` + - (StrOpt) The ca which signed the client certificates + * - ``agent_server_cert`` = ``/etc/octavia/certs/server.pem`` + - (StrOpt) The server certificate for the agent.py server to use + * - ``agent_server_network_dir`` = ``/etc/network/interfaces.d/`` + - (StrOpt) The directory where new network interfaces are located + * - ``agent_server_network_file`` = ``None`` + - (StrOpt) The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir. + * - ``amphora_id`` = ``None`` + - (StrOpt) The amphora ID. + * - **[anchor]** + - + * - ``password`` = ``simplepassword`` + - (StrOpt) Anchor password + * - ``url`` = ``http://localhost:9999/v1/sign/default`` + - (StrOpt) Anchor URL + * - ``username`` = ``myusername`` + - (StrOpt) Anchor username + * - **[certificates]** + - + * - ``barbican_auth`` = ``barbican_acl_auth`` + - (StrOpt) Name of the Barbican authentication method to use + * - ``ca_certificate`` = ``/etc/ssl/certs/ssl-cert-snakeoil.pem`` + - (StrOpt) Absolute path to the CA Certificate for signing. Defaults to env[OS_OCTAVIA_TLS_CA_CERT]. + * - ``ca_private_key`` = ``/etc/ssl/private/ssl-cert-snakeoil.key`` + - (StrOpt) Absolute path to the Private Key for signing. Defaults to env[OS_OCTAVIA_TLS_CA_KEY]. + * - ``ca_private_key_passphrase`` = ``None`` + - (StrOpt) Passphrase for the Private Key. Defaults to env[OS_OCTAVIA_CA_KEY_PASS] or None. + * - ``cert_generator`` = ``local_cert_generator`` + - (StrOpt) Name of the cert generator to use + * - ``cert_manager`` = ``barbican_cert_manager`` + - (StrOpt) Name of the cert manager to use + * - ``endpoint_type`` = ``publicURL`` + - (StrOpt) The endpoint_type to be used for barbican service. + * - ``region_name`` = ``None`` + - (StrOpt) Region in Identity service catalog to use for communication with the barbican service. + * - ``signing_digest`` = ``sha256`` + - (StrOpt) Certificate signing digest. Defaults to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or "sha256". + * - ``storage_path`` = ``/var/lib/octavia/certificates/`` + - (StrOpt) Absolute path to the certificate storage directory. Defaults to env[OS_OCTAVIA_TLS_STORAGE]. + * - **[controller_worker]** + - + * - ``amp_active_retries`` = ``10`` + - (IntOpt) Retry attempts to wait for Amphora to become active + * - ``amp_active_wait_sec`` = ``10`` + - (IntOpt) Seconds to wait between checks on whether an Amphora has become active + * - ``amp_flavor_id`` = + - (StrOpt) Nova instance flavor id for the Amphora + * - ``amp_image_id`` = + - (StrOpt) Glance image id for the Amphora image to boot + * - ``amp_image_tag`` = + - (StrOpt) Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined. + * - ``amp_network`` = + - (StrOpt) Network to attach to the Amphora + * - ``amp_secgroup_list`` = + - (ListOpt) List of security groups to attach to the Amphora + * - ``amp_ssh_access_allowed`` = ``True`` + - (BoolOpt) Determines whether or not to allow access to the Amphorae + * - ``amp_ssh_key_name`` = + - (StrOpt) SSH key name used to boot the Amphora + * - ``amphora_driver`` = ``amphora_noop_driver`` + - (StrOpt) Name of the amphora driver to use + * - ``cert_generator`` = ``local_cert_generator`` + - (StrOpt) Name of the cert generator to use + * - ``client_ca`` = ``/etc/octavia/certs/ca_01.pem`` + - (StrOpt) Client CA for the amphora agent to use + * - ``compute_driver`` = ``compute_noop_driver`` + - (StrOpt) Name of the compute driver to use + * - ``loadbalancer_topology`` = ``SINGLE`` + - (StrOpt) Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer. + * - ``network_driver`` = ``network_noop_driver`` + - (StrOpt) Name of the network driver to use + * - ``user_data_config_drive`` = ``False`` + - (BoolOpt) If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files. + * - **[database]** + - + * - ``backend`` = ``sqlalchemy`` + - (StrOpt) The back end to use for the database. + * - ``connection`` = ``None`` + - (StrOpt) The SQLAlchemy connection string to use to connect to the database. + * - ``connection_debug`` = ``0`` + - (IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything. + * - ``connection_trace`` = ``False`` + - (BoolOpt) Add Python stack traces to SQL as comment strings. + * - ``db_inc_retry_interval`` = ``True`` + - (BoolOpt) If True, increases the interval between retries of a database operation up to db_max_retry_interval. + * - ``db_max_retries`` = ``20`` + - (IntOpt) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count. + * - ``db_max_retry_interval`` = ``10`` + - (IntOpt) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation. + * - ``db_retry_interval`` = ``1`` + - (IntOpt) Seconds between retries of a database transaction. + * - ``idle_timeout`` = ``3600`` + - (IntOpt) Timeout before idle SQL connections are reaped. + * - ``max_overflow`` = ``50`` + - (IntOpt) If set, use this value for max_overflow with SQLAlchemy. + * - ``max_pool_size`` = ``None`` + - (IntOpt) Maximum number of SQL connections to keep open in a pool. + * - ``max_retries`` = ``10`` + - (IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count. + * - ``min_pool_size`` = ``1`` + - (IntOpt) Minimum number of SQL connections to keep open in a pool. + * - ``mysql_sql_mode`` = ``TRADITIONAL`` + - (StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode= + * - ``pool_timeout`` = ``None`` + - (IntOpt) If set, use this value for pool_timeout with SQLAlchemy. + * - ``retry_interval`` = ``10`` + - (IntOpt) Interval between retries of opening a SQL connection. + * - ``slave_connection`` = ``None`` + - (StrOpt) The SQLAlchemy connection string to use to connect to the slave database. + * - ``use_db_reconnect`` = ``False`` + - (BoolOpt) Enable the experimental use of database reconnect on connection lost. + * - **[glance]** + - + * - ``ca_certificates_file`` = ``None`` + - (StrOpt) CA certificates file path + * - ``endpoint`` = ``None`` + - (StrOpt) A new endpoint to override the endpoint in the keystone catalog. + * - ``endpoint_type`` = ``publicURL`` + - (StrOpt) Endpoint interface in identity service to use + * - ``insecure`` = ``False`` + - (BoolOpt) Disable certificate validation on SSL connections + * - ``region_name`` = ``None`` + - (StrOpt) Region in Identity service catalog to use for communication with the OpenStack services. + * - ``service_name`` = ``None`` + - (StrOpt) The name of the glance service in the keystone catalog + * - **[haproxy_amphora]** + - + * - ``base_cert_dir`` = ``/var/lib/octavia/certs`` + - (StrOpt) Base directory for cert storage. + * - ``base_path`` = ``/var/lib/octavia`` + - (StrOpt) Base directory for amphora files. + * - ``bind_host`` = ``0.0.0.0`` + - (IPOpt) The host IP to bind to + * - ``bind_port`` = ``9443`` + - (PortOpt) The port to bind to + * - ``client_cert`` = ``/etc/octavia/certs/client.pem`` + - (StrOpt) The client certificate to talk to the agent + * - ``connection_max_retries`` = ``300`` + - (IntOpt) Retry threshold for connecting to amphorae. + * - ``connection_retry_interval`` = ``5`` + - (IntOpt) Retry timeout between connection attempts in seconds. + * - ``haproxy_cmd`` = ``/usr/sbin/haproxy`` + - (StrOpt) The full path to haproxy + * - ``haproxy_stick_size`` = ``10k`` + - (StrOpt) Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k + * - ``haproxy_template`` = ``None`` + - (StrOpt) Custom haproxy template. + * - ``respawn_count`` = ``2`` + - (IntOpt) The respawn count for haproxy's upstart script + * - ``respawn_interval`` = ``2`` + - (IntOpt) The respawn interval for haproxy's upstart script + * - ``rest_request_conn_timeout`` = ``10`` + - (FloatOpt) The time in seconds to wait for a REST API to connect. + * - ``rest_request_read_timeout`` = ``60`` + - (FloatOpt) The time in seconds to wait for a REST API response. + * - ``server_ca`` = ``/etc/octavia/certs/server_ca.pem`` + - (StrOpt) The ca which signed the server certificates + * - ``use_upstart`` = ``True`` + - (BoolOpt) If False, use sysvinit. + * - **[health_manager]** + - + * - ``bind_ip`` = ``0.0.0.0`` + - (IPOpt) IP address the controller will listen on for heart beats + * - ``bind_port`` = ``5555`` + - (PortOpt) Port number the controller will listen onfor heart beats + * - ``controller_ip_port_list`` = + - (ListOpt) List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555 + * - ``event_streamer_driver`` = ``noop_event_streamer`` + - (StrOpt) Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don't need to sync the database or are running octavia in stand alone mode use the noop_event_streamer + * - ``failover_threads`` = ``10`` + - (IntOpt) Number of threads performing amphora failovers. + * - ``health_check_interval`` = ``3`` + - (IntOpt) Sleep time between health checks in seconds. + * - ``heartbeat_interval`` = ``10`` + - (IntOpt) Sleep time between sending hearthbeats. + * - ``heartbeat_key`` = ``None`` + - (StrOpt) key used to validate amphora sendingthe message + * - ``heartbeat_timeout`` = ``60`` + - (IntOpt) Interval, in seconds, to wait before failing over an amphora. + * - ``sock_rlimit`` = ``0`` + - (IntOpt) sets the value of the heartbeat recv buffer + * - ``status_update_threads`` = ``50`` + - (IntOpt) Number of threads performing amphora status update. + * - **[house_keeping]** + - + * - ``amphora_expiry_age`` = ``604800`` + - (IntOpt) Amphora expiry age in seconds + * - ``cert_expiry_buffer`` = ``1209600`` + - (IntOpt) Seconds until certificate expiration + * - ``cert_interval`` = ``3600`` + - (IntOpt) Certificate check interval in seconds + * - ``cert_rotate_threads`` = ``10`` + - (IntOpt) Number of threads performing amphora certificate rotation + * - ``cleanup_interval`` = ``30`` + - (IntOpt) DB cleanup interval in seconds + * - ``spare_amphora_pool_size`` = ``0`` + - (IntOpt) Number of spare amphorae + * - ``spare_check_interval`` = ``30`` + - (IntOpt) Spare check interval in seconds + * - **[keepalived_vrrp]** + - + * - ``vrrp_advert_int`` = ``1`` + - (IntOpt) Amphora role and priority advertisement interval in seconds. + * - ``vrrp_check_interval`` = ``5`` + - (IntOpt) VRRP health check script run interval in seconds. + * - ``vrrp_fail_count`` = ``2`` + - (IntOpt) Number of successive failure before transition to a fail state. + * - ``vrrp_garp_refresh_count`` = ``2`` + - (IntOpt) Number of gratuitous ARP announcements to make on each refresh interval. + * - ``vrrp_garp_refresh_interval`` = ``5`` + - (IntOpt) Time in seconds between gratuitous ARP announcements from the MASTER. + * - ``vrrp_success_count`` = ``2`` + - (IntOpt) Number of successive failure before transition to a success state. + * - **[keystone_authtoken]** + - + * - ``admin_password`` = ``None`` + - (StrOpt) Service user password. + * - ``admin_tenant_name`` = ``admin`` + - (StrOpt) Service tenant name. + * - ``admin_user`` = ``None`` + - (StrOpt) Service username. + * - ``auth_uri`` = ``None`` + - (StrOpt) Complete public Identity API endpoint. + * - ``cafile`` = ``None`` + - (StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. + * - ``certfile`` = ``None`` + - (StrOpt) Required if identity server requires client certificate + * - ``insecure`` = ``False`` + - (BoolOpt) Verify HTTPS connections. + * - ``keyfile`` = ``None`` + - (StrOpt) Required if identity server requires client certificate + * - ``region_name`` = ``None`` + - (StrOpt) The region in which the identity server can be found. + * - **[keystone_authtoken_v3]** + - + * - ``admin_project_domain`` = ``default`` + - (StrOpt) Admin project keystone authentication domain + * - ``admin_user_domain`` = ``default`` + - (StrOpt) Admin user keystone authentication domain + * - **[networking]** + - + * - ``lb_network_name`` = ``None`` + - (StrOpt) Name of amphora internal network + * - ``max_retries`` = ``15`` + - (IntOpt) The maximum attempts to retry an action with the networking service. + * - ``retry_interval`` = ``1`` + - (IntOpt) Seconds to wait before retrying an action with the networking service. + * - **[neutron]** + - + * - ``ca_certificates_file`` = ``None`` + - (StrOpt) CA certificates file path + * - ``endpoint`` = ``None`` + - (StrOpt) A new endpoint to override the endpoint in the keystone catalog. + * - ``endpoint_type`` = ``publicURL`` + - (StrOpt) Endpoint interface in identity service to use + * - ``insecure`` = ``False`` + - (BoolOpt) Disable certificate validation on SSL connections + * - ``region_name`` = ``None`` + - (StrOpt) Region in Identity service catalog to use for communication with the OpenStack services. + * - ``service_name`` = ``None`` + - (StrOpt) The name of the neutron service in the keystone catalog + * - **[nova]** + - + * - ``ca_certificates_file`` = ``None`` + - (StrOpt) CA certificates file path + * - ``enable_anti_affinity`` = ``False`` + - (BoolOpt) Flag to indicate if nova anti-affinity feature is turned on. + * - ``endpoint`` = ``None`` + - (StrOpt) A new endpoint to override the endpoint in the keystone catalog. + * - ``endpoint_type`` = ``publicURL`` + - (StrOpt) Endpoint interface in identity service to use + * - ``insecure`` = ``False`` + - (BoolOpt) Disable certificate validation on SSL connections + * - ``region_name`` = ``None`` + - (StrOpt) Region in Identity service catalog to use for communication with the OpenStack services. + * - ``service_name`` = ``None`` + - (StrOpt) The name of the nova service in the keystone catalog + * - **[oslo_messaging]** + - + * - ``event_stream_topic`` = ``neutron_lbaas_event`` + - (StrOpt) topic name for communicating events through a queue + * - ``topic`` = ``None`` + - (StrOpt) No help text available for this option. + * - **[oslo_messaging_rabbit]** + - + * - ``rabbit_hosts`` = ``$rabbit_host:$rabbit_port`` + - (ListOpt) RabbitMQ HA cluster host:port pairs. + * - ``rabbit_password`` = ``guest`` + - (StrOpt) The RabbitMQ password. + * - ``rabbit_port`` = ``5672`` + - (PortOpt) The RabbitMQ broker port where a single node is used. + * - ``rabbit_userid`` = ``guest`` + - (StrOpt) The RabbitMQ userid. + * - ``rpc_conn_pool_size`` = ``30`` + - (IntOpt) Size of RPC connection pool. + * - **[task_flow]** + - + * - ``engine`` = ``serial`` + - (StrOpt) TaskFlow engine to use + * - ``max_workers`` = ``5`` + - (IntOpt) The maximum number of workers diff --git a/doc/source/index.rst b/doc/source/index.rst index 48ba851285..43b6267239 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -12,6 +12,14 @@ Getting started main/glossary.rst +Configuration reference +----------------------- + +.. toctree:: + :maxdepth: 1 + + config-reference/octavia-config-table.rst + For developers --------------