openstack/openstack-manuals
Code Issues Proposed changes

Update config-ref with keystone_autoken options

Browse Source 
The auth_token middleware options were not tracked yet. This patch adds
the mapping information, generates the tables and include them in the
config-reference.

This patch also moves the api_rate_limit nova option in the api section.

Closes-Bug: #1254568
Change-Id: I0e34cc8e0a56336118aa933e4018c38c9dcacf9b
This commit is contained in:
Gauvain Pocentek 2014-04-21 09:46:49 +02:00
parent 13c103902d
commit ee1c854256
22 changed files with 1135 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
doc/common/tables/cinder-auth_token.xml Normal file
View File

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_cinder_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Memcached servers or None for in process cache.</td>
</tr>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

134
doc/common/tables/glance-auth_token.xml Normal file
View File

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_glance_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Memcached servers or None for in process cache.</td>
</tr>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

134
doc/common/tables/heat-auth_token.xml Normal file
View File

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_heat_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Memcached servers or None for in process cache.</td>
</tr>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

134
doc/common/tables/keystone-auth_token.xml Normal file
View File

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_keystone_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Memcached servers or None for in process cache.</td>
</tr>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

134
doc/common/tables/neutron-auth_token.xml Normal file
View File

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_neutron_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Memcached servers or None for in process cache.</td>
</tr>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

4
doc/common/tables/nova-api.xml
View File

@ -18,6 +18,10 @@
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>api_rate_limit = False</td>
<td>(BoolOpt) Whether to use per-user rate limiting for the api. This option is only used by v2 api. Rate limiting is removed from v3 api.</td>
</tr>
<tr>
<td>enable_new_services = True</td>
<td>(BoolOpt) Services to be added to the available pool on create</td>

127
doc/common/tables/nova-auth_token.xml Normal file
View File

@ -0,0 +1,127 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_nova_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

4
doc/common/tables/nova-authentication.xml
View File

@ -18,10 +18,6 @@
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>api_rate_limit = False</td>
<td>(BoolOpt) Whether to use per-user rate limiting for the api. This option is only used by v2 api. Rate limiting is removed from v3 api.</td>
</tr>
<tr>
<td>auth_strategy = noauth</td>
<td>(StrOpt) The strategy to use for auth: noauth or keystone.</td>

134
doc/common/tables/trove-auth_token.xml Normal file
View File

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in the tools directory of this
repository -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all" xml:id="config_table_trove_auth_token">
<caption>Description of configuration options for auth_token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[DEFAULT]</th>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Memcached servers or None for in process cache.</td>
</tr>
<tr>
<th colspan="2">[keystone_authtoken]</th>
</tr>
<tr>
<td>admin_password = None</td>
<td>(StrOpt) Keystone account password</td>
</tr>
<tr>
<td>admin_tenant_name = admin</td>
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
</tr>
<tr>
<td>admin_token = None</td>
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
</tr>
<tr>
<td>admin_user = None</td>
<td>(StrOpt) Keystone account username</td>
</tr>
<tr>
<td>auth_admin_prefix = </td>
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
</tr>
<tr>
<td>auth_host = 127.0.0.1</td>
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_port = 35357</td>
<td>(IntOpt) Port of the admin Identity API endpoint</td>
</tr>
<tr>
<td>auth_protocol = https</td>
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
</tr>
<tr>
<td>auth_uri = None</td>
<td>(StrOpt) Complete public Identity API endpoint</td>
</tr>
<tr>
<td>auth_version = None</td>
<td>(StrOpt) API version of the admin Identity API endpoint</td>
</tr>
<tr>
<td>cache = None</td>
<td>(StrOpt) Env key for the swift cache</td>
</tr>
<tr>
<td>cafile = None</td>
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
</tr>
<tr>
<td>certfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>delay_auth_decision = False</td>
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
</tr>
<tr>
<td>http_connect_timeout = None</td>
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
</tr>
<tr>
<td>http_request_max_retries = 3</td>
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
</tr>
<tr>
<td>include_service_catalog = True</td>
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
</tr>
<tr>
<td>insecure = False</td>
<td>(BoolOpt) Verify HTTPS connections.</td>
</tr>
<tr>
<td>keyfile = None</td>
<td>(StrOpt) Required if Keystone server requires client certificate</td>
</tr>
<tr>
<td>memcache_secret_key = None</td>
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
</tr>
<tr>
<td>memcache_security_strategy = None</td>
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
</tr>
<tr>
<td>memcached_servers = None</td>
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
</tr>
<tr>
<td>revocation_cache_time = 300</td>
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
</tr>
<tr>
<td>signing_dir = None</td>
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
</tr>
<tr>
<td>token_cache_time = 300</td>
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
</tr>
</tbody>
</table>
</para>

1
doc/config-reference/block-storage/section_misc.xml
View File

@ -10,6 +10,7 @@
<filename>cinder.conf</filename> file.
</para>
<xi:include href="../../common/tables/cinder-auth_token.xml"/>
<xi:include href="../../common/tables/cinder-connection.xml"/>
<xi:include href="../../common/tables/cinder-huawei.xml"/>
<xi:include href="../../common/tables/cinder-nas.xml"/>

1
doc/config-reference/ch_databaseserviceconfigure.xml
View File

@ -16,6 +16,7 @@
Database Service configuration options.</para>
<xi:include href="../common/tables/trove-api.xml"/>
<xi:include href="../common/tables/trove-auth_token.xml"/>
<xi:include href="../common/tables/trove-backup.xml"/>
<xi:include href="../common/tables/trove-common.xml"/>
<xi:include href="../common/tables/trove-compute.xml"/>

1
doc/config-reference/ch_imageservice.xml
View File

@ -26,6 +26,7 @@
<para>You can modify many options in the OpenStack Image Service.
The following tables provide a comprehensive list.</para>
<xi:include href="../common/tables/glance-auth_token.xml"/>
<xi:include href="../common/tables/glance-common.xml"/>
<xi:include href="../common/tables/glance-db.xml"/>
<xi:include href="../common/tables/glance-imagecache.xml"/>

1
doc/config-reference/ch_orchestrationconfigure.xml
View File

@ -19,6 +19,7 @@
<para>The following tables provide a comprehensive list of the Orchestration
configuration options.</para>
<xi:include href="../common/tables/heat-auth_token.xml"/>
<xi:include href="../common/tables/heat-common.xml"/>
<xi:include href="../common/tables/heat-crypt.xml"/>
<xi:include href="../common/tables/heat-database.xml"/>

1
doc/config-reference/compute/section_compute-options-reference.xml
View File

@ -10,6 +10,7 @@
<xi:include href="../../common/tables/nova-api.xml"/>
<xi:include href="../../common/tables/nova-apiv3.xml"/>
<xi:include href="../../common/tables/nova-authentication.xml"/>
<xi:include href="../../common/tables/nova-auth_token.xml"/>
<xi:include href="../../common/tables/nova-availabilityzones.xml"/>
<xi:include href="../../common/tables/nova-baremetal.xml"/>
<xi:include href="../../common/tables/nova-ca.xml"/>

6
doc/config-reference/networking/section_networking-options-reference.xml
View File

@ -27,6 +27,12 @@
<xi:include href="../../common/tables/neutron-api.xml"/>
</section>
<section xml:id="networking-options-auth_token">
<title>Token authentication</title>
<para>Use the following options to alter token authentication settings.</para>
<xi:include href="../../common/tables/neutron-auth_token.xml"/>
</section>
<section xml:id="networking-options-compute">
<title>Compute</title>
<para>Use the following options to alter Compute-related settings.</para>

27
tools/autogenerate-config-flagmappings/cinder.flagmappings
View File

@ -141,6 +141,7 @@ max_age quota
max_gigabytes storage
max_header_line api
max_luns_per_storage_group emc
memcached_servers auth_token
migration_create_volume_timeout_secs storage
monkey_patch common
monkey_patch_modules common
@ -411,6 +412,32 @@ fc-zone-manager/zone_driver zoning_manager
fc-zone-manager/zoning_policy zoning
keymgr/api_class keymgr
keymgr/fixed_key keymgr
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
matchmaker_ring/ringfile rpc
ssl/ca_file ssl
ssl/cert_file ssl

27
tools/autogenerate-config-flagmappings/glance.flagmappings
View File

@ -77,6 +77,7 @@ logging_exception_prefix logging
matchmaker_heartbeat_freq matchmaker
matchmaker_heartbeat_ttl matchmaker
max_header_line wsgi
memcached_servers auth_token
metadata_encryption_key common
mongodb_store_db gridfs
mongodb_store_uri gridfs
@ -212,6 +213,32 @@ database/sqlite_synchronous db
database/use_db_reconnect db
image_format/container_formats common
image_format/disk_formats common
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
matchmaker_ring/ringfile matchmaker
paste_deploy/config_file paste
paste_deploy/flavor paste

27
tools/autogenerate-config-flagmappings/heat.flagmappings
View File

@ -53,6 +53,7 @@ max_nested_stack_depth quota
max_resources_per_stack quota
max_stacks_per_tenant quota
max_template_size quota
memcached_servers auth_token
notification_driver amqp
notification_topics amqp
onready notification
@ -191,6 +192,32 @@ heat_api_cloudwatch/cert_file cloudwatch_api
heat_api_cloudwatch/key_file cloudwatch_api
heat_api_cloudwatch/max_header_line cloudwatch_api
heat_api_cloudwatch/workers cloudwatch_api
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
matchmaker_redis/host redis
matchmaker_redis/password redis
matchmaker_redis/port redis

27
tools/autogenerate-config-flagmappings/keystone.flagmappings
View File

@ -47,6 +47,7 @@ max_request_body_size api
max_token_size api
member_role_id api
member_role_name api
memcached_servers auth_token
notification_driver amqp
notification_topics amqp
onready notification
@ -154,6 +155,32 @@ identity/domain_specific_drivers_enabled identity
identity/driver identity
identity/list_limit identity
identity/max_password_length identity
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
kvs/backends kvs
kvs/config_prefix kvs
kvs/default_lock_timeout kvs

27
tools/autogenerate-config-flagmappings/neutron.flagmappings
View File

@ -91,6 +91,7 @@ max_request_body_size api
max_routes quotas
max_subnet_host_routes common
measure_interval metering_agent
memcached_servers auth_token
meta_flavor_driver_mappings metadata
metadata_backlog metadata
metadata_port metadata
@ -454,6 +455,32 @@ heleoslb/sync_interval embrane_lb
hyperv/force_hyperv_utils_v1 hyperv_agent
ipsec/config_base_dir vpn
ipsec/ipsec_status_check_interval vpn
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
l2pop/agent_boot_time ml2_l2pop
matchmaker_redis/host redis
matchmaker_redis/password redis

28
tools/autogenerate-config-flagmappings/nova.flagmappings
View File

@ -9,7 +9,7 @@ allowed_rpc_exception_modules testing
amqp_auto_delete rpc rpc_all
amqp_durable_queues rpc rpc_all
api_paste_config wsgi
api_rate_limit authentication
api_rate_limit api
auth_strategy authentication
auto_assign_floating_ip network
backdoor_port testing
@ -512,6 +512,32 @@ hyperv/vswitch_name hyperv
image_file_url/filesystems glance
keymgr/api_class keymgr
keymgr/fixed_key keymgr
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
libvirt/block_migration_flag hypervisor
libvirt/checksum_base_images libvirt
libvirt/checksum_interval_seconds libvirt

27
tools/autogenerate-config-flagmappings/trove.flagmappings
View File

@ -100,6 +100,7 @@ max_backups_per_user quota
max_header_line api
max_instances_per_user quota
max_volumes_per_user quota
memcached_servers auth_token
mount_options guestagent
network_label_regex logging
notification_driver amqp
@ -207,6 +208,32 @@ couchbase/mount_point db_couchbase
couchbase/tcp_ports db_couchbase
couchbase/udp_ports db_couchbase
couchbase/usage_timeout db_couchbase
keystone_authtoken/admin_password auth_token
keystone_authtoken/admin_tenant_name auth_token
keystone_authtoken/admin_token auth_token
keystone_authtoken/admin_user auth_token
keystone_authtoken/auth_admin_prefix auth_token
keystone_authtoken/auth_host auth_token
keystone_authtoken/auth_port auth_token
keystone_authtoken/auth_protocol auth_token
keystone_authtoken/auth_uri auth_token
keystone_authtoken/auth_version auth_token
keystone_authtoken/cache auth_token
keystone_authtoken/cafile auth_token
keystone_authtoken/certfile auth_token
keystone_authtoken/delay_auth_decision auth_token
keystone_authtoken/enforce_token_bind auth_token
keystone_authtoken/http_connect_timeout auth_token
keystone_authtoken/http_request_max_retries auth_token
keystone_authtoken/include_service_catalog auth_token
keystone_authtoken/insecure auth_token
keystone_authtoken/keyfile auth_token
keystone_authtoken/memcache_secret_key auth_token
keystone_authtoken/memcache_security_strategy auth_token
keystone_authtoken/memcached_servers auth_token
keystone_authtoken/revocation_cache_time auth_token
keystone_authtoken/signing_dir auth_token
keystone_authtoken/token_cache_time auth_token
matchmaker_redis/host redis
matchmaker_redis/password redis
matchmaker_redis/port redis