openstack/openstack-manuals
Code Issues Proposed changes

Merge "[config-ref] Updated options for keystone"

Browse Source
This commit is contained in:
Jenkins 2015-07-15 07:52:27 +00:00 committed by Gerrit Code Review
commit 471f3fac3a
33 changed files with 239 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/common/tables/keystone-amqp.xml
View File

@ -27,11 +27,11 @@
</tr>
<tr>
<td><option>notification_driver</option> = <replaceable>[]</replaceable></td>
<td>(MultiStrOpt) Driver or drivers to handle sending notifications.</td>
<td>(MultiStrOpt) The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop</td>
</tr>
<tr>
<td><option>notification_format</option> = <replaceable>basic</replaceable></td>
<td>(StrOpt) Define the notification format for Identity Service events. A "basic" notification has information about the resource being operated on. A "cadf" notification has the same information, as well as information about the initiator of the event. Valid options are: basic and cadf</td>
<td>(StrOpt) Define the notification format for Identity Service events. A "basic" notification has information about the resource being operated on. A "cadf" notification has the same information, as well as information about the initiator of the event.</td>
</tr>
<tr>
<td><option>notification_topics</option> = <replaceable>notifications</replaceable></td>

37
doc/common/tables/keystone-api.xml
View File

@ -25,10 +25,6 @@
<td><option>admin_token</option> = <replaceable>ADMIN</replaceable></td>
<td>(StrOpt) A "shared secret" that can be used to bootstrap Keystone. This "token" does not represent a user, and carries no explicit authorization. To disable in production (highly recommended), remove AdminTokenAuthMiddleware from your paste application pipelines (for example, in keystone-paste.ini).</td>
</tr>
<tr>
<td><option>compute_port</option> = <replaceable>8774</replaceable></td>
<td>(IntOpt) (Deprecated) The port which the OpenStack Compute service listens on. This option was only used for string replacement in the templated catalog backend. Templated catalogs should replace the "$(compute_port)s" substitution with the static port of the compute service. As of Juno, this option is deprecated and will be removed in the L release.</td>
</tr>
<tr>
<td><option>domain_id_immutable</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) Set this to false if you want to enable the ability for user, group and project entities to be moved between domains by updating their domain_id. Allowing such movement is not recommended if the scope of a domain admin is being restricted by use of an appropriate policy file (see policy.v3cloudsample as an example).</td>
@ -73,8 +69,8 @@
<th colspan="2">[endpoint_filter]</th>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.contrib.endpoint_filter.backends.sql.EndpointFilter</replaceable></td>
<td>(StrOpt) Endpoint Filter backend driver</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the endpoint filter backend driver in the keystone.endpoint_filter namespace.</td>
</tr>
<tr>
<td><option>return_all_endpoints_if_no_filter</option> = <replaceable>True</replaceable></td>
@ -84,8 +80,12 @@
<th colspan="2">[endpoint_policy]</th>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy</replaceable></td>
<td>(StrOpt) Endpoint policy backend driver</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the endpoint policy backend driver in the keystone.endpoint_policy namespace.</td>
</tr>
<tr>
<td><option>enabled</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) Enable endpoint_policy functionality.</td>
</tr>
<tr>
<th colspan="2">[eventlet_server]</th>
@ -102,6 +102,10 @@
<td><option>admin_workers</option> = <replaceable>None</replaceable></td>
<td>(IntOpt) The number of worker processes to serve the admin eventlet application. Defaults to number of CPUs (minimum of 2).</td>
</tr>
<tr>
<td><option>client_socket_timeout</option> = <replaceable>900</replaceable></td>
<td>(IntOpt) Timeout for socket operations on a client connection. If an incoming connection is idle for this number of seconds it will be closed. A value of '0' means wait forever.</td>
</tr>
<tr>
<td><option>public_bind_host</option> = <replaceable>0.0.0.0</replaceable></td>
<td>(StrOpt) The IP address of the network interface for the public service to listen on.</td>
@ -122,6 +126,21 @@
<td><option>tcp_keepidle</option> = <replaceable>600</replaceable></td>
<td>(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only applies if tcp_keepalive is true.</td>
</tr>
<tr>
<td><option>wsgi_keep_alive</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) If set to false, disables keepalives on the server; all connections will be closed after serving one request.</td>
</tr>
<tr>
<th colspan="2">[oslo_middleware]</th>
</tr>
<tr>
<td><option>max_request_body_size</option> = <replaceable>114688</replaceable></td>
<td>(IntOpt) The maximum body size for each request, in bytes.</td>
</tr>
<tr>
<td><option>secure_proxy_ssl_header</option> = <replaceable>X-Forwarded-Proto</replaceable></td>
<td>(StrOpt) The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by an SSL termination proxy.</td>
</tr>
<tr>
<th colspan="2">[paste_deploy]</th>
</tr>
@ -142,7 +161,7 @@
</tr>
<tr>
<td><option>driver</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Resource backend driver. If a resource driver is not specified, the assignment driver will choose the resource driver.</td>
<td>(StrOpt) Entrypoint for the resource backend driver in the keystone.resource namespace. If a resource driver is not specified, the assignment driver will choose the resource driver.</td>
</tr>
<tr>
<td><option>list_limit</option> = <replaceable>None</replaceable></td>

2
doc/common/tables/keystone-assignment.xml
View File

@ -19,7 +19,7 @@
</tr>
<tr>
<td><option>driver</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Assignment backend driver.</td>
<td>(StrOpt) Entrypoint for the assignment backend driver in the keystone.assignment namespace.</td>
</tr>
</tbody>
</table>

18
doc/common/tables/keystone-auth.xml
View File

@ -18,24 +18,24 @@
<th colspan="2">[auth]</th>
</tr>
<tr>
<td><option>external</option> = <replaceable>keystone.auth.plugins.external.DefaultDomain</replaceable></td>
<td>(StrOpt) The external (REMOTE_USER) auth plugin module.</td>
<td><option>external</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Entrypoint for the external (REMOTE_USER) auth plugin module in the keystone.auth.external namespace.</td>
</tr>
<tr>
<td><option>methods</option> = <replaceable>external, password, token, oauth1</replaceable></td>
<td>(ListOpt) Default auth methods.</td>
<td>(ListOpt) Allowed authentication methods.</td>
</tr>
<tr>
<td><option>oauth1</option> = <replaceable>keystone.auth.plugins.oauth1.OAuth</replaceable></td>
<td>(StrOpt) The oAuth1.0 auth plugin module.</td>
<td><option>oauth1</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Entrypoint for the oAuth1.0 auth plugin module in the keystone.auth.oauth1 namespace.</td>
</tr>
<tr>
<td><option>password</option> = <replaceable>keystone.auth.plugins.password.Password</replaceable></td>
<td>(StrOpt) The password auth plugin module.</td>
<td><option>password</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Entrypoint for the password auth plugin module in the keystone.auth.password namespace.</td>
</tr>
<tr>
<td><option>token</option> = <replaceable>keystone.auth.plugins.token.Token</replaceable></td>
<td>(StrOpt) The token auth plugin module.</td>
<td><option>token</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Entrypoint for the token auth plugin module in the keystone.auth.token namespace.</td>
</tr>
</tbody>
</table>

6
doc/common/tables/keystone-auth_token.xml
View File

@ -119,7 +119,7 @@
</tr>
<tr>
<td><option>memcache_pool_conn_get_timeout</option> = <replaceable>10</replaceable></td>
<td>(IntOpt) (Optional) Number of seconds that an operation will wait to get a memcache client connection from the pool.</td>
<td>(IntOpt) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.</td>
</tr>
<tr>
<td><option>memcache_pool_dead_retry</option> = <replaceable>300</replaceable></td>
@ -131,7 +131,7 @@
</tr>
<tr>
<td><option>memcache_pool_socket_timeout</option> = <replaceable>3</replaceable></td>
<td>(IntOpt) (Optional) Socket timeout in seconds for communicating with a memcache server.</td>
<td>(IntOpt) (Optional) Socket timeout in seconds for communicating with a memcached server.</td>
</tr>
<tr>
<td><option>memcache_pool_unused_timeout</option> = <replaceable>60</replaceable></td>
@ -147,7 +147,7 @@
</tr>
<tr>
<td><option>memcache_use_advanced_pool</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) (Optional) Use the advanced (eventlet safe) memcache client pool. The advanced pool will only work under python 2.x.</td>
<td>(BoolOpt) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.</td>
</tr>
<tr>
<td><option>revocation_cache_time</option> = <replaceable>10</replaceable></td>

4
doc/common/tables/keystone-catalog.xml
View File

@ -26,8 +26,8 @@
<td>(BoolOpt) Toggle for catalog caching. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.catalog.backends.sql.Catalog</replaceable></td>
<td>(StrOpt) Catalog backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the catalog backend driver in the keystone.catalog namespace.</td>
</tr>
<tr>
<td><option>list_limit</option> = <replaceable>None</replaceable></td>

11
doc/common/tables/keystone-common.xml
View File

@ -28,6 +28,17 @@
<td><option>memcached_servers</option> = <replaceable>None</replaceable></td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<th colspan="2">[oslo_concurrency]</th>
</tr>
<tr>
<td><option>disable_process_locking</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Enables or disables inter-process locks.</td>
</tr>
<tr>
<td><option>lock_path</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.</td>
</tr>
</tbody>
</table>
</para>

73
doc/common/tables/keystone-cors.xml Normal file
View File

@ -0,0 +1,73 @@
<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_cors">
<caption>Description of CORS configuration options</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[cors]</th>
</tr>
<tr>
<td><option>allow_credentials</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) Indicate that the actual request can include user credentials</td>
</tr>
<tr>
<td><option>allow_headers</option> = <replaceable>Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma</replaceable></td>
<td>(ListOpt) Indicate which header field names may be used during the actual request.</td>
</tr>
<tr>
<td><option>allow_methods</option> = <replaceable>GET, POST, PUT, DELETE, OPTIONS</replaceable></td>
<td>(ListOpt) Indicate which methods can be used during the actual request.</td>
</tr>
<tr>
<td><option>allowed_origin</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Indicate whether this resource may be shared with the domain received in the requests "origin" header.</td>
</tr>
<tr>
<td><option>expose_headers</option> = <replaceable>Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma</replaceable></td>
<td>(ListOpt) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.</td>
</tr>
<tr>
<td><option>max_age</option> = <replaceable>3600</replaceable></td>
<td>(IntOpt) Maximum cache age of CORS preflight requests.</td>
</tr>
<tr>
<th colspan="2">[cors.subdomain]</th>
</tr>
<tr>
<td><option>allow_credentials</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) Indicate that the actual request can include user credentials</td>
</tr>
<tr>
<td><option>allow_headers</option> = <replaceable>Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma</replaceable></td>
<td>(ListOpt) Indicate which header field names may be used during the actual request.</td>
</tr>
<tr>
<td><option>allow_methods</option> = <replaceable>GET, POST, PUT, DELETE, OPTIONS</replaceable></td>
<td>(ListOpt) Indicate which methods can be used during the actual request.</td>
</tr>
<tr>
<td><option>allowed_origin</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Indicate whether this resource may be shared with the domain received in the requests "origin" header.</td>
</tr>
<tr>
<td><option>expose_headers</option> = <replaceable>Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma</replaceable></td>
<td>(ListOpt) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.</td>
</tr>
<tr>
<td><option>max_age</option> = <replaceable>3600</replaceable></td>
<td>(IntOpt) Maximum cache age of CORS preflight requests.</td>
</tr>
</tbody>
</table>
</para>

4
doc/common/tables/keystone-credential.xml
View File

@ -18,8 +18,8 @@
<th colspan="2">[credential]</th>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.credential.backends.sql.Credential</replaceable></td>
<td>(StrOpt) Credential backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the credential backend driver in the keystone.credential namespace.</td>
</tr>
</tbody>
</table>

8
doc/common/tables/keystone-database.xml
View File

@ -35,19 +35,19 @@
</tr>
<tr>
<td><option>db_inc_retry_interval</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.</td>
<td>(BoolOpt) If True, increases the interval between retries of a database operation up to db_max_retry_interval.</td>
</tr>
<tr>
<td><option>db_max_retries</option> = <replaceable>20</replaceable></td>
<td>(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.</td>
<td>(IntOpt) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.</td>
</tr>
<tr>
<td><option>db_max_retry_interval</option> = <replaceable>10</replaceable></td>
<td>(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.</td>
<td>(IntOpt) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.</td>
</tr>
<tr>
<td><option>db_retry_interval</option> = <replaceable>1</replaceable></td>
<td>(IntOpt) Seconds between database connection retries.</td>
<td>(IntOpt) Seconds between retries of a database transaction.</td>
</tr>
<tr>
<td><option>idle_timeout</option> = <replaceable>3600</replaceable></td>

4
doc/common/tables/keystone-debug.xml
View File

@ -17,10 +17,6 @@
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td><option>backdoor_port</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Enable eventlet backdoor. Acceptable values are 0, &lt;port&gt;, and &lt;start&gt;:&lt;end&gt;, where 0 results in listening on a random tcp port number; &lt;port&gt; results in listening on the specified port number (and not enabling backdoor if that port is in use); and &lt;start&gt;:&lt;end&gt; results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.</td>
</tr>
<tr>
<td><option>pydev_debug_host</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Host to connect to for remote debugger.</td>

4
doc/common/tables/keystone-domain.xml
View File

@ -26,8 +26,8 @@
<td>(BoolOpt) Toggle for domain config caching. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.resource.config_backends.sql.DomainConfig</replaceable></td>
<td>(StrOpt) Domain config backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the domain config backend driver in the keystone.resource.domain_config namespace.</td>
</tr>
</tbody>
</table>

42
doc/common/tables/keystone-ec2.xml
View File

@ -1,42 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_ec2">
<caption>Description of EC2 configuration options</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[keystone_ec2_token]</th>
</tr>
<tr>
<td><option>cafile</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) A PEM encoded certificate authority to use when verifying HTTPS connections. Defaults to the system CAs.</td>
</tr>
<tr>
<td><option>certfile</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Client certificate key filename. Required if EC2 server requires client certificate.</td>
</tr>
<tr>
<td><option>insecure</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Disable SSL certificate verification.</td>
</tr>
<tr>
<td><option>keyfile</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Required if EC2 server requires client certificate.</td>
</tr>
<tr>
<td><option>url</option> = <replaceable>http://localhost:5000/v2.0/ec2tokens</replaceable></td>
<td>(StrOpt) URL to get token from ec2 request.</td>
</tr>
</tbody>
</table>
</para>

4
doc/common/tables/keystone-federation.xml
View File

@ -22,8 +22,8 @@
<td>(StrOpt) Value to be used when filtering assertion parameters from the environment.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.contrib.federation.backends.sql.Federation</replaceable></td>
<td>(StrOpt) Federation backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the federation backend driver in the keystone.federation namespace.</td>
</tr>
<tr>
<td><option>federated_domain_name</option> = <replaceable>Federated</replaceable></td>

4
doc/common/tables/keystone-identity.xml
View File

@ -42,8 +42,8 @@
<td>(BoolOpt) A subset (or all) of domains can have their own identity driver, each with their own partial configuration options, stored in either the resource backend or in a file in a domain configuration directory (depending on the setting of domain_configurations_from_database). Only values specific to the domain need to be specified in this manner. This feature is disabled by default; set to true to enable.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.identity.backends.sql.Identity</replaceable></td>
<td>(StrOpt) Identity backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the identity backend driver in the keystone.identity namespace.</td>
</tr>
<tr>
<td><option>list_limit</option> = <replaceable>None</replaceable></td>

6
doc/common/tables/keystone-ldap.xml
View File

@ -19,7 +19,7 @@
</tr>
<tr>
<td><option>alias_dereferencing</option> = <replaceable>default</replaceable></td>
<td>(StrOpt) The LDAP dereferencing option for queries. This can be either "never", "searching", "always", "finding" or "default". The "default" option falls back to using default dereferencing configured by your ldap.conf.</td>
<td>(StrOpt) The LDAP dereferencing option for queries. The "default" option falls back to using default dereferencing configured by your ldap.conf.</td>
</tr>
<tr>
<td><option>allow_subtree_delete</option> = <replaceable>False</replaceable></td>
@ -187,7 +187,7 @@
</tr>
<tr>
<td><option>query_scope</option> = <replaceable>one</replaceable></td>
<td>(StrOpt) The LDAP scope for queries, this can be either "one" (onelevel/singleLevel) or "sub" (subtree/wholeSubtree).</td>
<td>(StrOpt) The LDAP scope for queries, "one" represents oneLevel/singleLevel and "sub" represents subtree/wholeSubtree options.</td>
</tr>
<tr>
<td><option>role_additional_attribute_mapping</option> = <replaceable></replaceable></td>
@ -247,7 +247,7 @@
</tr>
<tr>
<td><option>tls_req_cert</option> = <replaceable>demand</replaceable></td>
<td>(StrOpt) Valid options for tls_req_cert are demand, never, and allow.</td>
<td>(StrOpt) Specifies what checks to perform on client certificates in an incoming TLS session.</td>
</tr>
<tr>
<td><option>url</option> = <replaceable>ldap://localhost</replaceable></td>

18
doc/common/tables/keystone-logging.xml
View File

@ -70,7 +70,7 @@
<td>(StrOpt) Format string to use for log messages without context.</td>
</tr>
<tr>
<td><option>logging_exception_prefix</option> = <replaceable>%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s</replaceable></td>
<td><option>logging_exception_prefix</option> = <replaceable>%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s</replaceable></td>
<td>(StrOpt) Prefix each line of exception output with this format.</td>
</tr>
<tr>
@ -81,18 +81,18 @@
<td><option>syslog_log_facility</option> = <replaceable>LOG_USER</replaceable></td>
<td>(StrOpt) Syslog facility to receive log lines.</td>
</tr>
<tr>
<td><option>use_syslog</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.</td>
</tr>
<tr>
<td><option>use_syslog_rfc_format</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.</td>
</tr>
<tr>
<td><option>use_stderr</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) Log output to standard error.</td>
</tr>
<tr>
<td><option>use_syslog</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424.</td>
</tr>
<tr>
<td><option>use_syslog_rfc_format</option> = <replaceable>True</replaceable></td>
<td>(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in K, and will be removed in M, along with this option.</td>
</tr>
<tr>
<td><option>verbose</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).</td>

8
doc/common/tables/keystone-mapping.xml
View File

@ -22,12 +22,12 @@
<td>(BoolOpt) The format of user and group IDs changed in Juno for backends that do not generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the underlying attribute in LDAP. By default this mapping is disabled, which ensures that existing IDs will not change. Even when the mapping is enabled by using domain specific drivers, any users and groups from the default domain being handled by LDAP will still not be mapped to ensure their IDs remain backward compatible. Setting this value to False will enable the mapping for even the default LDAP driver. It is only safe to do this if you do not already have assignments for users and groups from the default LDAP domain, and it is acceptable for Keystone to provide the different IDs to clients than it did previously. Typically this means that the only time you can set this value to False is when configuring a fresh installation.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.identity.mapping_backends.sql.Mapping</replaceable></td>
<td>(StrOpt) Keystone Identity Mapping backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the identity mapping backend driver in the keystone.identity.id_mapping namespace.</td>
</tr>
<tr>
<td><option>generator</option> = <replaceable>keystone.identity.id_generators.sha256.Generator</replaceable></td>
<td>(StrOpt) Public ID generator for user and group entities. The Keystone identity mapper only supports generators that produce no more than 64 characters.</td>
<td><option>generator</option> = <replaceable>sha256</replaceable></td>
<td>(StrOpt) Entrypoint for the public ID generator for user and group entities in the keystone.identity.id_generator namespace. The Keystone identity mapper only supports generators that produce no more than 64 characters.</td>
</tr>
</tbody>
</table>

4
doc/common/tables/keystone-oauth.xml
View File

@ -22,8 +22,8 @@
<td>(IntOpt) Duration (in seconds) for the OAuth Access Token.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.contrib.oauth1.backends.sql.OAuth1</replaceable></td>
<td>(StrOpt) Credential backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for hte OAuth backend driver in the keystone.oauth1 namespace.</td>
</tr>
<tr>
<td><option>request_token_duration</option> = <replaceable>28800</replaceable></td>

26
doc/common/tables/keystone-oslo_middleware.xml
View File

@ -1,26 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_oslo_middleware">
<caption>Description of oslo_middleware configuration options</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[oslo_middleware]</th>
</tr>
<tr>
<td><option>max_request_body_size</option> = <replaceable>114688</replaceable></td>
<td>(IntOpt) The maximum body size for each request, in bytes.</td>
</tr>
</tbody>
</table>
</para>

4
doc/common/tables/keystone-policy.xml
View File

@ -33,8 +33,8 @@
<th colspan="2">[policy]</th>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.policy.backends.sql.Policy</replaceable></td>
<td>(StrOpt) Policy backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the policy backend driver in the keystone.policy namespace.</td>
</tr>
<tr>
<td><option>list_limit</option> = <replaceable>None</replaceable></td>

4
doc/common/tables/keystone-qpid.xml
View File

@ -70,8 +70,8 @@
<td>(StrOpt) Username for Qpid connection.</td>
</tr>
<tr>
<td><option>rpc_conn_pool_size</option> = <replaceable>30</replaceable></td>
<td>(IntOpt) Size of RPC connection pool.</td>
<td><option>send_single_reply</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Send a single AMQP reply to call message. The current behaviour since oslo-incubator is to send two AMQP replies - first one with the payload, a second one to ensure the other have finish to send the payload. We are going to remove it in the N release, but we must keep backward compatible at the same time. This option provides such compatibility - it defaults to False in Liberty and can be turned on for early adopters with a new installations or for testing. Please note, that this option will be removed in M release.</td>
</tr>
</tbody>
</table>

12
doc/common/tables/keystone-rabbitmq.xml
View File

@ -34,13 +34,17 @@
<td>(IntOpt) How often times during the heartbeat_timeout_threshold we check the heartbeat.</td>
</tr>
<tr>
<td><option>heartbeat_timeout_threshold</option> = <replaceable>0</replaceable></td>
<td>(IntOpt) Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disables the heartbeat, &gt;0 enables it. Enabling heartbeats requires kombu&gt;=3.0.7 and amqp&gt;=1.4.0). EXPERIMENTAL</td>
<td><option>heartbeat_timeout_threshold</option> = <replaceable>60</replaceable></td>
<td>(IntOpt) Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL</td>
</tr>
<tr>
<td><option>kombu_reconnect_delay</option> = <replaceable>1.0</replaceable></td>
<td>(FloatOpt) How long to wait before reconnecting in response to an AMQP consumer cancel notification.</td>
</tr>
<tr>
<td><option>kombu_reconnect_timeout</option> = <replaceable>60</replaceable></td>
<td>(IntOpt) How long to wait before considering a reconnect attempt to have failed. This value should not be longer than rpc_response_timeout.</td>
</tr>
<tr>
<td><option>kombu_ssl_ca_certs</option> = <replaceable></replaceable></td>
<td>(StrOpt) SSL certification authority file (valid only if SSL enabled).</td>
@ -106,8 +110,8 @@
<td>(StrOpt) The RabbitMQ virtual host.</td>
</tr>
<tr>
<td><option>rpc_conn_pool_size</option> = <replaceable>30</replaceable></td>
<td>(IntOpt) Size of RPC connection pool.</td>
<td><option>send_single_reply</option> = <replaceable>False</replaceable></td>
<td>(BoolOpt) Send a single AMQP reply to call message. The current behaviour since oslo-incubator is to send two AMQP replies - first one with the payload, a second one to ensure the other have finish to send the payload. We are going to remove it in the N release, but we must keep backward compatible at the same time. This option provides such compatibility - it defaults to False in Liberty and can be turned on for early adopters with a new installations or for testing. Please note, that this option will be removed in M release.</td>
</tr>
</tbody>
</table>

4
doc/common/tables/keystone-revoke.xml
View File

@ -26,8 +26,8 @@
<td>(BoolOpt) Toggle for revocation event caching. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.contrib.revoke.backends.sql.Revoke</replaceable></td>
<td>(StrOpt) An implementation of the backend for persisting revocation events.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for an implementation of the backend for persisting revocation events in the keystone.revoke namespace.</td>
</tr>
<tr>
<td><option>expiration_buffer</option> = <replaceable>1800</replaceable></td>

2
doc/common/tables/keystone-role.xml
View File

@ -27,7 +27,7 @@
</tr>
<tr>
<td><option>driver</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Role backend driver.</td>
<td>(StrOpt) Entrypoint for the role backend driver in the keystone.role namespace.</td>
</tr>
<tr>
<td><option>list_limit</option> = <replaceable>None</replaceable></td>

4
doc/common/tables/keystone-rpc.xml
View File

@ -33,6 +33,10 @@
<td><option>rpc_cast_timeout</option> = <replaceable>30</replaceable></td>
<td>(IntOpt) Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.</td>
</tr>
<tr>
<td><option>rpc_conn_pool_size</option> = <replaceable>30</replaceable></td>
<td>(IntOpt) Size of RPC connection pool.</td>
</tr>
<tr>
<td><option>rpc_response_timeout</option> = <replaceable>60</replaceable></td>
<td>(IntOpt) Seconds to wait for a response from a call.</td>

2
doc/common/tables/keystone-saml.xml
View File

@ -47,7 +47,7 @@
</tr>
<tr>
<td><option>idp_contact_type</option> = <replaceable>other</replaceable></td>
<td>(StrOpt) Contact type. Allowed values are: technical, support, administrative billing, and other</td>
<td>(StrOpt) The contact type describing the main point of contact for the identity provider.</td>
</tr>
<tr>
<td><option>idp_entity_id</option> = <replaceable>None</replaceable></td>

2
doc/common/tables/keystone-security.xml
View File

@ -18,7 +18,7 @@
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td><option>crypt_strength</option> = <replaceable>40000</replaceable></td>
<td><option>crypt_strength</option> = <replaceable>10000</replaceable></td>
<td>(IntOpt) The value passed as the keyword "rounds" to passlib's encrypt method.</td>
</tr>
</tbody>

8
doc/common/tables/keystone-token.xml
View File

@ -34,8 +34,8 @@
<td>(BoolOpt) Toggle for token system caching. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.token.persistence.backends.sql.Token</replaceable></td>
<td>(StrOpt) Token persistence backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the token persistence backend driver in the keystone.token.persistence namespace.</td>
</tr>
<tr>
<td><option>enforce_token_bind</option> = <replaceable>permissive</replaceable></td>
@ -50,8 +50,8 @@
<td>(StrOpt) The hash algorithm to use for PKI tokens. This can be set to any algorithm that hashlib supports. WARNING: Before changing this value, the auth_token middleware must be configured with the hash_algorithms, otherwise token revocation will not be processed correctly.</td>
</tr>
<tr>
<td><option>provider</option> = <replaceable>keystone.token.providers.uuid.Provider</replaceable></td>
<td>(StrOpt) Controls the token construction, validation, and revocation operations. Core providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider".</td>
<td><option>provider</option> = <replaceable>uuid</replaceable></td>
<td>(StrOpt) Controls the token construction, validation, and revocation operations. Entrypoint in the keystone.token.provider namespace. Core providers are [fernet|pkiz|pki|uuid].</td>
</tr>
<tr>
<td><option>revoke_by_id</option> = <replaceable>True</replaceable></td>

4
doc/common/tables/keystone-trust.xml
View File

@ -22,8 +22,8 @@
<td>(BoolOpt) Enable redelegation feature.</td>
</tr>
<tr>
<td><option>driver</option> = <replaceable>keystone.trust.backends.sql.Trust</replaceable></td>
<td>(StrOpt) Trust backend driver.</td>
<td><option>driver</option> = <replaceable>sql</replaceable></td>
<td>(StrOpt) Entrypoint for the trust backend driver in the keystone.trust namespace.</td>
</tr>
<tr>
<td><option>enabled</option> = <replaceable>True</replaceable></td>

3
doc/config-reference/ch_identityconfigure.xml
View File

@ -60,11 +60,11 @@ options. For installation prerequisites and step-by-step walkthroughs, see the
<xi:include href="../common/tables/keystone-ca.xml"/>
<xi:include href="../common/tables/keystone-catalog.xml"/>
<xi:include href="../common/tables/keystone-common.xml"/>
<xi:include href="../common/tables/keystone-cors.xml"/>
<xi:include href="../common/tables/keystone-credential.xml"/>
<xi:include href="../common/tables/keystone-database.xml"/>
<xi:include href="../common/tables/keystone-debug.xml"/>
<xi:include href="../common/tables/keystone-domain.xml"/>
<xi:include href="../common/tables/keystone-ec2.xml"/>
<xi:include href="../common/tables/keystone-federation.xml"/>
<xi:include href="../common/tables/keystone-fernet_tokens.xml"/>
<xi:include href="../common/tables/keystone-identity.xml"/>
@ -75,7 +75,6 @@ options. For installation prerequisites and step-by-step walkthroughs, see the
<xi:include href="../common/tables/keystone-memcache.xml"/>
<xi:include href="../common/tables/keystone-oauth.xml"/>
<xi:include href="../common/tables/keystone-os_inherit.xml"/>
<xi:include href="../common/tables/keystone-oslo_middleware.xml"/>
<xi:include href="../common/tables/keystone-policy.xml"/>
<xi:include href="../common/tables/keystone-revoke.xml"/>
<xi:include href="../common/tables/keystone-role.xml"/>

69
tools/autogenerate-config-flagmappings/keystone.flagmappings
View File

@ -1,7 +1,5 @@
admin_endpoint api
admin_token api
backdoor_port debug
compute_port api
control_exchange amqp
crypt_strength security
debug logging
@ -12,11 +10,11 @@ fatal_deprecations logging
instance_format logging
instance_uuid_format logging
list_limit api
log-config-append logging
log-date-format logging
log-dir logging
log-file logging
log-format logging
log_config_append logging
log_date_format logging
log_dir logging
log_file logging
log_format logging
logging_context_format_string logging
logging_debug_format_suffix logging
logging_default_format_string logging
@ -38,6 +36,7 @@ pydev_debug_host debug
pydev_debug_port debug
rpc_backend rpc
rpc_cast_timeout rpc
rpc_conn_pool_size rpc
rpc_response_timeout rpc
rpc_thread_pool_size rpc
rpc_zmq_bind_address zeromq
@ -50,11 +49,11 @@ rpc_zmq_topic_backlog zeromq
secure_proxy_ssl_header api
standard_threads debug
strict_password_check api
syslog-log-facility logging
syslog_log_facility logging
transport_url amqp
use-syslog logging
use-syslog-rfc-format logging
use_stderr logging
use_syslog logging
use_syslog_rfc_format logging
verbose logging
assignment/driver assignment
audit/namespace debug
@ -81,21 +80,56 @@ catalog/caching catalog
catalog/driver catalog
catalog/list_limit catalog
catalog/template_file catalog
cors/allow_credentials cors
cors/allow_headers cors
cors/allow_methods cors
cors/allowed_origin cors
cors/expose_headers cors
cors/max_age cors
cors.subdomain/allow_credentials cors
cors.subdomain/allow_headers cors
cors.subdomain/allow_methods cors
cors.subdomain/allowed_origin cors
cors.subdomain/expose_headers cors
cors.subdomain/max_age cors
credential/driver credential
database/backend database
database/connection database
database/connection_debug database
database/connection_trace database
database/db_inc_retry_interval database
database/db_max_retries database
database/db_max_retry_interval database
database/db_retry_interval database
database/idle_timeout database
database/max_overflow database
database/max_pool_size database
database/max_retries database
database/min_pool_size database
database/mysql_sql_mode database
database/pool_timeout database
database/retry_interval database
database/slave_connection database
database/sqlite_db database
database/sqlite_synchronous database
database/use_db_reconnect database
domain_config/cache_time domain
domain_config/caching domain
domain_config/driver domain
endpoint_filter/driver api
endpoint_filter/return_all_endpoints_if_no_filter api
endpoint_policy/driver api
endpoint_policy/enabled api
eventlet_server/admin_bind_host api
eventlet_server/admin_port api
eventlet_server/admin_workers api
eventlet_server/client_socket_timeout api
eventlet_server/public_bind_host api
eventlet_server/public_port api
eventlet_server/public_workers api
eventlet_server/tcp_keepalive api
eventlet_server/tcp_keepidle api
eventlet_server/wsgi_keep_alive api
eventlet_server_ssl/ca_certs ca
eventlet_server_ssl/cert_required ca
eventlet_server_ssl/certfile ca
@ -158,11 +192,6 @@ keystone_authtoken/memcached_servers common
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
keystone_ec2_token/cafile ec2
keystone_ec2_token/certfile ec2
keystone_ec2_token/insecure ec2
keystone_ec2_token/keyfile ec2
keystone_ec2_token/url ec2
kvs/backends kvs
kvs/config_prefix kvs
kvs/default_lock_timeout kvs
@ -264,6 +293,8 @@ oauth1/access_token_duration oauth
oauth1/driver oauth
oauth1/request_token_duration oauth
os_inherit/enabled os_inherit
oslo_concurrency/disable_process_locking common
oslo_concurrency/lock_path common
oslo_messaging_amqp/allow_insecure_clients rpc
oslo_messaging_amqp/broadcast_prefix rpc
oslo_messaging_amqp/container_name rpc
@ -288,13 +319,14 @@ oslo_messaging_qpid/qpid_sasl_mechanisms qpid
oslo_messaging_qpid/qpid_tcp_nodelay qpid
oslo_messaging_qpid/qpid_topology_version qpid
oslo_messaging_qpid/qpid_username qpid
oslo_messaging_qpid/rpc_conn_pool_size qpid
oslo_messaging_qpid/send_single_reply qpid
oslo_messaging_rabbit/amqp_auto_delete rabbitmq
oslo_messaging_rabbit/amqp_durable_queues rabbitmq
oslo_messaging_rabbit/fake_rabbit rabbitmq
oslo_messaging_rabbit/heartbeat_rate rabbitmq
oslo_messaging_rabbit/heartbeat_timeout_threshold rabbitmq
oslo_messaging_rabbit/kombu_reconnect_delay rabbitmq
oslo_messaging_rabbit/kombu_reconnect_timeout rabbitmq
oslo_messaging_rabbit/kombu_ssl_ca_certs rabbitmq
oslo_messaging_rabbit/kombu_ssl_certfile rabbitmq
oslo_messaging_rabbit/kombu_ssl_keyfile rabbitmq
@ -311,8 +343,9 @@ oslo_messaging_rabbit/rabbit_retry_interval rabbitmq
oslo_messaging_rabbit/rabbit_use_ssl rabbitmq
oslo_messaging_rabbit/rabbit_userid rabbitmq
oslo_messaging_rabbit/rabbit_virtual_host rabbitmq
oslo_messaging_rabbit/rpc_conn_pool_size rabbitmq
oslo_middleware/max_request_body_size oslo_middleware
oslo_messaging_rabbit/send_single_reply rabbitmq
oslo_middleware/max_request_body_size api
oslo_middleware/secure_proxy_ssl_header api
oslo_policy/policy_default_rule policy
oslo_policy/policy_dirs policy
oslo_policy/policy_file policy

1
tools/autogenerate-config-flagmappings/keystone.headers
View File

@ -1,6 +1,7 @@
assignment assignment
cache cache
catalog catalog
cors CORS
credential credential
domain domain
federation federation