280 lines
11 KiB
INI
280 lines
11 KiB
INI
# Copyright (c) 2019 Red Hat, Inc.
|
||
|
||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||
# not use this file except in compliance with the License. You may obtain
|
||
# a copy of the License at
|
||
|
||
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
||
# Unless required by applicable law or agreed to in writing, software
|
||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||
# License for the specific language governing permissions and limitations
|
||
# under the License.
|
||
|
||
[driver.amphora]
|
||
title=Amphora Provider
|
||
link=https://docs.openstack.org/api-ref/load-balancer/v2/index.html
|
||
|
||
[driver.ovn]
|
||
title=OVN Provider
|
||
link=https://docs.openstack.org/networking-ovn/latest/admin/loadbalancer.html
|
||
|
||
# Note: These should be in the order they appear in a create call.
|
||
|
||
[operation.admin_state_up]
|
||
title=admin_state_up
|
||
status=mandatory
|
||
notes=Enables and disables the listener.
|
||
cli=openstack loadbalancer listener create [--enable | --disable] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.client_authentication]
|
||
title=client_authentication
|
||
status=optional
|
||
notes=The TLS client authentication mode.
|
||
cli=openstack loadbalancer listener create [--client-authentication {NONE,OPTIONAL,MANDATORY}] <listner>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.client_ca_tls_container_ref]
|
||
title=client_ca_tls_container_ref
|
||
status=optional
|
||
notes=The ref of the key manager service secret containing a PEM format client CA certificate bundle for TERMINATED_TLS listeners.
|
||
cli=openstack loadbalancer listener create [--client-ca-tls-container-ref <container_ref>] <listner>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.client_crl_container_ref]
|
||
title=client_crl_container_ref
|
||
status=optional
|
||
notes=The URI of the key manager service secret containing a PEM format CA revocation list file for TERMINATED_TLS listeners.
|
||
cli=openstack loadbalancer listener create [--client-crl-container-ref <client_crl_container_ref>] <listner>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.connection_limit]
|
||
title=connection_limit
|
||
status=optional
|
||
notes=The maximum number of connections permitted for this listener.
|
||
cli=openstack loadbalancer listener create [--connection-limit <limit>] <listner>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.default_tls_container_ref]
|
||
title=default_tls_container_ref
|
||
status=optional
|
||
notes=The URI of the key manager service secret containing a PKCS12 format certificate/key bundle for TERMINATED_TLS listeners.
|
||
cli=openstack loadbalancer listener create [--default-tls-container-ref <container_ref>] <listner>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.description]
|
||
title=description
|
||
status=optional
|
||
notes=The description of the listener. Provided by the Octavia API service.
|
||
cli=openstack loadbalancer listener create [--description <description>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.insert_headers.X-Forwarded-For]
|
||
title=insert_headers - X-Forwarded-For
|
||
status=optional
|
||
notes=When “true” a X-Forwarded-For header is inserted into the request to the backend member that specifies the client IP address.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-Forwarded-For=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-Forwarded-Port]
|
||
title=insert_headers - X-Forwarded-Port
|
||
status=optional
|
||
notes=When “true” a X-Forwarded-Port header is inserted into the request to the backend member that specifies the listener port.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-Forwarded-Port=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-Forwarded-Proto]
|
||
title=insert_headers - X-Forwarded-Proto
|
||
status=optional
|
||
notes=When “true” a X-Forwarded-Proto header is inserted into the request to the backend member.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-Forwarded-Proto=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-Verify]
|
||
title=insert_headers - X-SSL-Client-Verify
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-Verify header is inserted into the request to the backend member that contains 0 if the client authentication was successful, or an result error number greater than 0 that align to the openssl veryify error codes.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-Verify=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-Has-Cert]
|
||
title=insert_headers - X-SSL-Client-Has-Cert
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-Has-Cert header is inserted into the request to the backend member that is ‘’true’’ if a client authentication certificate was presented, and ‘’false’’ if not. Does not indicate validity.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-Has-Cert=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-DN]
|
||
title=insert_headers - X-SSL-Client-DN
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-DN header is inserted into the request to the backend member that contains the full Distinguished Name of the certificate presented by the client.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-DN=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-CN]
|
||
title=insert_headers - X-SSL-Client-CN
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-CN header is inserted into the request to the backend member that contains the Common Name from the full Distinguished Name of the certificate presented by the client.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-CN=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Issuer]
|
||
title=insert_headers - X-SSL-Issuer
|
||
status=optional
|
||
notes=When “true” a X-SSL-Issuer header is inserted into the request to the backend member that contains the full Distinguished Name of the client certificate issuer.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Issuer=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-SHA1]
|
||
title=insert_headers - X-SSL-Client-SHA1
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-SHA1 header is inserted into the request to the backend member that contains the SHA-1 fingerprint of the certificate presented by the client in hex string format.
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-SHA1=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-Not-Before]
|
||
title=insert_headers - X-SSL-Client-Not-Before
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-Not-Before header is inserted into the request to the backend member that contains the start date presented by the client as a formatted string YYMMDDhhmmss[Z].
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-Not-Before=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.insert_headers.X-SSL-Client-Not-After]
|
||
title=insert_headers - X-SSL-Client-Not-After
|
||
status=optional
|
||
notes=When “true” a X-SSL-Client-Not-After header is inserted into the request to the backend member that contains the end date presented by the client as a formatted string YYMMDDhhmmss[Z].
|
||
cli=openstack loadbalancer listener create [--insert-headers X-SSL-Client-Not-Aftr=true] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.name]
|
||
title=name
|
||
status=optional
|
||
notes=The name of the load balancer listener. Provided by the Octavia API service.
|
||
cli=openstack loadbalancer listener create [--name <name>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.protocol.HTTP]
|
||
title=protocol - HTTP
|
||
status=optional
|
||
notes=HTTP protocol support for the listener.
|
||
cli=openstack loadbalancer listener create --protocol HTTP <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.protocol.HTTPS]
|
||
title=protocol - HTTPS
|
||
status=optional
|
||
notes=HTTPS protocol support for the listener.
|
||
cli=openstack loadbalancer listener create --protocol HTTPS <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.protocol.TCP]
|
||
title=protocol - TCP
|
||
status=optional
|
||
notes=TCP protocol support for the listener.
|
||
cli=openstack loadbalancer listener create --protocol TCP <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.protocol.TERMINATED_HTTPS]
|
||
title=protocol - TERMINATED_HTTPS
|
||
status=optional
|
||
notes=Terminated HTTPS protocol support for the listener.
|
||
cli=openstack loadbalancer listener create --protocol TERMINATED_HTTPS <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.protocol.UDP]
|
||
title=protocol - UDP
|
||
status=optional
|
||
notes=UDP protocol support for the listener.
|
||
cli=openstack loadbalancer listener create --protocol UDP <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.protocol_port]
|
||
title=protocol_port
|
||
status=mandatory
|
||
notes=The protocol port number for the listener.
|
||
cli=openstack loadbalancer listener create --protocol-port <port> <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.sni_container_refs]
|
||
title=sni_container_refs
|
||
status=optional
|
||
notes=A list of URIs to the key manager service secrets containing PKCS12 format certificate/key bundles for TERMINATED_TLS listeners.
|
||
cli=openstack loadbalancer listener create [--sni-container-refs [<container_ref> [<container_ref> ...]]] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.stats]
|
||
title=Listener statistics
|
||
status=mandatory
|
||
notes=The ability to show statistics for a listener.
|
||
cli=openstack loadbalancer listener stats show <listener>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.tags]
|
||
title=tags
|
||
status=optional
|
||
notes=The tags for the load balancer listener. Provided by the Octavia API service.
|
||
cli=openstack loadbalancer listener create [--tags <tag>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=complete
|
||
|
||
[operation.timeout_client_data]
|
||
title=timeout_client_data
|
||
status=optional
|
||
notes=Frontend client inactivity timeout in milliseconds.
|
||
cli=openstack loadbalancer listener create [--timeout-client-data <timeout>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.timeout_member_connect]
|
||
title=timeout_member_connect
|
||
status=optional
|
||
notes=Backend member connection timeout in milliseconds.
|
||
cli=openstack loadbalancer listener create [--timeout-member-connect <timeout>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.timeout-member-data]
|
||
title=timeout-member-data
|
||
status=optional
|
||
notes=Backend member inactivity timeout in milliseconds.
|
||
cli=openstack loadbalancer listener create [--timeout-member-data <timeout>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|
||
|
||
[operation.timeout-tcp-inspect]
|
||
title=timeout-tcp-inspect
|
||
status=optional
|
||
notes=Time, in milliseconds, to wait for additional TCP packets for content inspection.
|
||
cli=openstack loadbalancer listener create [--timeout-tcp-inspect <timeout>] <loadbalancer>
|
||
driver.amphora=complete
|
||
driver.ovn=missing
|