From 7111f7af210f7b5424e76896882af22a08a009df Mon Sep 17 00:00:00 2001 From: Maxim Kulkin Date: Tue, 12 Nov 2013 18:15:33 +0400 Subject: [PATCH] More config schema cleanup --- rubick/schemas/glance_api/glance_api.conf.yml | 347 ++++++------------ rubick/schemas/keystone/2013.1.3.yml | 4 +- rubick/schemas/keystone/2013.1.4.yml | 4 +- rubick/schemas/keystone/2013.2.0.yml | 116 +++--- rubick/schemas/keystone/keystone.conf.yml | 166 +-------- rubick/schemas/rabbitmq/rabbitmq.conf.yml | 4 +- 6 files changed, 199 insertions(+), 442 deletions(-) diff --git a/rubick/schemas/glance_api/glance_api.conf.yml b/rubick/schemas/glance_api/glance_api.conf.yml index 9f1810e..ffbb40b 100644 --- a/rubick/schemas/glance_api/glance_api.conf.yml +++ b/rubick/schemas/glance_api/glance_api.conf.yml @@ -3,404 +3,339 @@ added: - name: verbose - type: string - default: 'False' + type: boolean + default: false help: 'Show more verbose log output (sets INFO log level output)' - comment: 'New param' - name: debug - type: string - default: 'False' + type: boolean + default: false help: 'Show debugging output in logs (sets DEBUG log level output)' - comment: 'New param' - name: default_store type: string default: 'file' help: "Which backend scheme should Glance use by default is not specified in a request to add a new image to Glance? Known schemes are determined by the known_stores option below. Default: 'file'" - comment: 'New param' - name: known_stores - type: string - default: 'glance.store.filesystem.Store,' + type: string_list + default: ['glance.store.filesystem.Store'] help: 'List of which store classes and store class locations are currently known to glance at startup.' - comment: 'New param' - name: image_size_cap - type: string - default: '1099511627776' + type: integer + default: 1099511627776 help: 'Maximum image size (in bytes) that may be uploaded through the Glance API server. Defaults to 1 TB. WARNING: this value should only be increased after careful consideration and must be set to a value under 8 EB (9223372036854775808).' - comment: 'New param' - name: bind_host type: host default: '0.0.0.0' help: 'Address to bind the API server' - comment: 'New param' - name: bind_port - type: string - default: '9292' + type: port + default: 9292 help: 'Port the bind the API server to' - comment: 'New param' - name: log_file - type: string + type: file default: '/var/log/glance/api.log' help: 'Log to this file. Make sure you do not set the same log file for both the API and registry servers!' - comment: 'New param' - name: backlog - type: string - default: '4096' + type: integer + default: 4096 help: 'Backlog requests when creating socket' - comment: 'New param' - name: tcp_keepidle - type: string - default: '600' + type: integer + default: 600 help: 'TCP_KEEPIDLE value in seconds when creating socket. Not supported on OS X.' - comment: 'New param' - name: sql_connection type: string default: 'sqlite:///glance.sqlite' help: 'SQLAlchemy connection string for the reference implementation registry server. Any valid SQLAlchemy connection string is fine. See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine' - comment: 'New param' - name: sql_idle_timeout - type: string - default: '3600' + type: integer + default: 3600 help: "MySQL uses a default `wait_timeout` of 8 hours, after which it will drop idle connections. This can result in 'MySQL Gone Away' exceptions. If you notice this, you can lower this value to ensure that SQLAlchemy reconnects before MySQL can drop the connection." - comment: 'New param' - name: workers - type: string - default: '1' + type: integer + default: 1 help: 'Number of Glance API worker processes to start. On machines with more than one CPU increasing this value may improve performance (especially if using SSL with compression turned on). It is typically recommended to set this value to the number of CPUs present on your machine.' - comment: 'New param' - name: admin_role type: string default: 'admin' help: 'Role used to identify an authenticated user as administrator' - comment: 'New param' - name: allow_anonymous_access - type: string - default: 'False' + type: boolean + default: false help: 'Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware.' - comment: 'New param' - name: enable_v1_api - type: string - default: 'True' + type: boolean + default: true help: 'Allow access to version 1 of glance api' - comment: 'New param' - name: enable_v2_api - type: string - default: 'True' + type: boolean + default: true help: 'Allow access to version 2 of glance api' - comment: 'New param' - name: show_image_direct_url - type: string - default: 'False' + type: boolean + default: false help: "Return the URL that references where the data is stored on the backend storage system. For example, if using the file system store a URL of 'file:///path/to/image' will be returned to the user in the 'direct_url' meta-data field. The default value is false." - comment: 'New param' - name: send_identity_headers - type: string - default: 'False' + type: boolean + default: false help: 'Send headers containing user and tenant information when making requests to the v1 glance registry. This allows the registry to function as if a user is authenticated without the need to authenticate a user itself using the auth_token middleware. The default value is false.' - comment: 'New param' - name: container_formats - type: string - default: 'ami,ari,aki,bare,ovf' + type: string_list + default: ['ami', 'ari', 'aki', 'bare', 'ovf'] help: "Supported values for the 'container_format' image attribute" - comment: 'New param' - name: disk_formats - type: string - default: 'ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso' + type: string_list + default: ['ami', 'ari', 'aki', 'vhd', 'vmdk', 'raw', 'qcow2', 'vdi', 'iso'] help: "Supported values for the 'disk_format' image attribute" - comment: 'New param' - name: lock_path - type: string - default: 'None' + type: directory + default: ~ help: 'Directory to use for lock files. Default to a temp directory (string value). This setting needs to be the same for both glance-scrubber and glance-api.' comment: 'New param' - name: property_protection_file - type: string - default: '' + type: file + default: ~ help: "Property Protections config file This file contains the rules for property protections and the roles associated with it. If this config value is not specified, by default, property protections won't be enforced. If a value is specified and the file is not found, then an HTTPInternalServerError will be thrown." - comment: 'New param' - name: user_storage_quota - type: string - default: '0' + type: integer + default: 0 help: 'Set a system wide quota for every user. This value is the total number of bytes that a user can use across all storage systems. A value of 0 means unlimited.' - comment: 'New param' - name: use_syslog - type: string - default: 'False' + type: boolean + default: false help: 'Send logs to syslog (/dev/log) instead of to file specified by `log_file`' - comment: 'New param' - name: syslog_log_facility type: string default: 'LOG_LOCAL0' help: 'Facility to use. If unset defaults to LOG_USER.' - comment: 'New param' - name: cert_file - type: string + type: file default: '/path/to/certfile' help: 'Certificate file to use when starting API server securely' - comment: 'New param' - name: key_file - type: string + type: file default: '/path/to/keyfile' help: 'Private key file to use when starting API server securely' - comment: 'New param' - name: ca_file - type: string + type: file default: '/path/to/cafile' help: 'CA certificate file to use to verify connecting clients' - comment: 'New param' - name: metadata_encryption_key type: string default: '<16, 24 or 32 char registry metadata key>' help: "AES key for encrypting store 'location' metadata, including -- if used -- Swift or S3 credentials Should be set to a random string of length 16, 24 or 32 bytes" - comment: 'New param' - name: registry_host type: host default: '0.0.0.0' help: 'Address to find the registry server' - comment: 'New param' - name: registry_port - type: string - default: '9191' + type: port + default: 9191 help: 'Port the registry server is listening on' - comment: 'New param' - name: registry_client_protocol type: string default: 'http' help: 'What protocol to use when connecting to the registry server? Set to https for secure HTTP communication' - comment: 'New param' - name: registry_client_key_file - type: string + type: file default: '/path/to/key/file' help: 'The path to the key file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file' - comment: 'New param' - name: registry_client_cert_file - type: string + type: file default: '/path/to/cert/file' help: 'The path to the cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file' - comment: 'New param' - name: registry_client_ca_file - type: string + type: file default: '/path/to/ca/file' help: 'The path to the certifying authority cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file' - comment: 'New param' - name: registry_client_insecure - type: string - default: 'False' + type: boolean + default: false help: "When using SSL in connections to the registry server, do not require validation via a certifying authority. This is the registry's equivalent of specifying --insecure on the command line using glanceclient for the API Default: False" - comment: 'New param' - name: registry_client_timeout - type: string - default: '600' + type: integer + default: 600 help: "The period of time, in seconds, that the API server will wait for a registry request to complete. A value of '0' implies no timeout. Default: 600" - comment: 'New param' - name: db_auto_create - type: string - default: 'False' + type: boolean + default: false help: 'Whether to automatically create the database tables. Default: False' - comment: 'New param' - name: sqlalchemy_debug - type: string - default: 'True' + type: boolean + default: true help: 'Enable DEBUG log messages from sqlalchemy which prints every database query and response. Default: False' - comment: 'New param' - name: notifier_strategy type: string default: 'noop' help: 'Notifications can be sent when images are create, updated or deleted. There are three methods of sending notifications, logging (via the log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid message queue), or noop (no notifications sent, the default)' - comment: 'New param' - name: rabbit_host type: host default: 'localhost' help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_port - type: string - default: '5672' + type: port + default: 5672 help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_use_ssl - type: string - default: 'false' + type: boolean + default: false help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_userid type: string default: 'guest' help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_password type: string default: 'guest' help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_virtual_host type: string default: '/' help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_notification_exchange type: string default: 'glance' help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_notification_topic type: string default: 'notifications' help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: rabbit_durable_queues - type: string - default: 'False' + type: boolean + default: false help: 'Configuration options if sending notifications via rabbitmq (these are the defaults)' - comment: 'New param' - name: qpid_notification_exchange type: string default: 'glance' help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_notification_topic type: string default: 'notifications' help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_host type: host default: 'localhost' help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_port - type: string - default: '5672' + type: port + default: 5672 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_username type: string default: '' help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_password type: string default: '' help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_sasl_mechanisms type: string default: '' help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_reconnect_timeout - type: string - default: '0' + type: integer + default: 0 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_reconnect_limit - type: string - default: '0' + type: integer + default: 0 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_reconnect_interval_min - type: string - default: '0' + type: integer + default: 0 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_reconnect_interval_max - type: string - default: '0' + type: integer + default: 0 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_reconnect_interval - type: string - default: '0' + type: integer + default: 0 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_heartbeat - type: string - default: '5' + type: integer + default: 5 help: 'Configuration options if sending notifications via Qpid (these are the defaults)' - comment: 'New param' - name: qpid_protocol type: string default: 'tcp' help: "Configuration options if sending notifications via Qpid (these are the defaults) Set to 'ssl' to enable SSL" - comment: 'New param' - name: qpid_tcp_nodelay - type: string - default: 'True' + type: boolean + default: true help: "Configuration options if sending notifications via Qpid (these are the defaults) Set to 'ssl' to enable SSL" - comment: 'New param' - name: filesystem_store_datadir - type: string + type: directory default: '/var/lib/glance/images/' help: 'Directory that the Filesystem backend store writes image data to' - comment: 'New param' - name: filesystem_store_metadata_file - type: string - default: 'None' + type: file + default: ~ help: 'A path to a JSON file that contains metadata describing the storage system. When show_multiple_locations is True the information in this file will be returned with any location that is contained in this store.' comment: 'New param' @@ -408,221 +343,184 @@ type: string default: '2' help: "Version of the authentication service to use Valid versions are '2' for keystone and '1' for swauth and rackspace" - comment: 'New param' - name: swift_store_auth_address type: string default: '127.0.0.1:5000/v2.0/' help: "Address where the Swift authentication service lives Valid schemes are 'http://' and 'https://' If no scheme specified, default to 'https://' For swauth, use something like '127.0.0.1:8080/v1.0/'" - comment: 'New param' - name: swift_store_user type: string default: 'jdoe:jdoe' help: "User to authenticate against the Swift authentication service If you use Swift authentication service, set it to 'account':'user' where 'account' is a Swift storage account and 'user' is a user in that account" - comment: 'New param' - name: swift_store_key type: string default: 'a86850deb2742ec3cb41518e26aa2d89' help: 'Auth key for the user authenticating against the Swift authentication service' - comment: 'New param' - name: swift_store_container type: string default: 'glance' help: 'Container within the account that the account should use for storing images in Swift' - comment: 'New param' - name: swift_store_create_container_on_put - type: string - default: 'False' + type: boolean + default: false help: 'Do we create the container if it does not exist?' - comment: 'New param' - name: swift_store_large_object_size - type: string - default: '5120' + type: integer + default: 5120 help: 'What size, in MB, should Glance start chunking image files and do a large object manifest in Swift? By default, this is the maximum object size in Swift, which is 5GB' - comment: 'New param' - name: swift_store_large_object_chunk_size - type: string - default: '200' + type: integer + default: 200 help: 'When doing a large object manifest, what size, in MB, should Glance write chunks to Swift? This amount of data is written to a temporary disk buffer during the process of chunking the image file, and the default is 200MB' - comment: 'New param' - name: swift_enable_snet - type: string - default: 'False' + type: boolean + default: false help: "To use ServiceNET for authentication, prefix hostname of `swift_store_auth_address` with 'snet-'. Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/" - comment: 'New param' - name: swift_store_multi_tenant - type: string - default: 'False' + type: boolean + default: false help: 'If set to True enables multi-tenant storage mode which causes Glance images to be stored in tenant specific Swift accounts.' - comment: 'New param' - name: swift_store_admin_tenants - type: string - default: '' + type: string_list + default: [] help: 'A list of swift_proxy_server ACL strings that will be applied as both read and write ACLs to the containers created by Glance in multi-tenant mode. This grants the specified tenants/users read and write access to all newly created image objects. The standard swift_proxy_server ACL string formats are allowed, including: : : *: Multiple ACLs can be combined using a comma separated list, for example: swift_store_admin_tenants = service:glance,*:admin' - comment: 'New param' - name: swift_store_region type: string default: '' help: 'The region of the swift_proxy_server endpoint to be used for single tenant. This setting is only necessary if the tenant has multiple swift_proxy_server endpoints.' - comment: 'New param' - name: swift_store_ssl_compression - type: string - default: 'True' + type: boolean + default: true help: "If set to False, disables SSL layer compression of https swift_proxy_server requests. Setting to 'False' may improve performance for images which are already in a compressed format, eg qcow2. If set to True, enables SSL layer compression (provided it is supported by the target swift_proxy_server proxy)." - comment: 'New param' - name: s3_store_host type: string default: '127.0.0.1:8080/v1.0/' help: "Address where the S3 authentication service lives Valid schemes are 'http://' and 'https://' If no scheme specified, default to 'http://'" - comment: 'New param' - name: s3_store_access_key type: string default: '<20-char AWS access key>' help: 'User to authenticate against the S3 authentication service' - comment: 'New param' - name: s3_store_secret_key type: string default: '<40-char AWS secret key>' help: 'Auth key for the user authenticating against the S3 authentication service' - comment: 'New param' - name: s3_store_bucket type: string default: 'glance' help: "Container within the account that the account should use for storing images in S3. Note that S3 has a flat namespace, so you need a unique bucket name for your glance images. An easy way to do this is append your AWS access key to 'glance'. S3 buckets in AWS *must* be lowercased, so remember to lowercase your AWS access key if you use it in your bucket name below!" - comment: 'New param' - name: s3_store_create_bucket_on_put - type: string - default: 'False' + type: boolean + default: false help: 'Do we create the bucket if it does not exist?' - comment: 'New param' - name: s3_store_object_buffer_dir - type: string + type: directory default: '/path/to/dir' help: "When sending images to S3, the data will first be written to a temporary buffer on disk. By default the platform's temporary directory will be used. If required, an alternative directory can be specified here." - comment: 'New param' - name: s3_store_bucket_url_format type: string default: 'subdomain' help: "When forming a bucket url, boto will either set the bucket name as the subdomain or as the first token of the path. Amazon's S3 service will accept it as the subdomain, but Swift's S3 middleware requires it be in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'." - comment: 'New param' - name: rbd_store_ceph_conf - type: string + type: file default: '/etc/ceph/ceph.conf' help: 'Ceph configuration file path If using cephx authentication, this file should include a reference to the right keyring in a client. section' - comment: 'New param' - name: rbd_store_user type: string default: 'glance' help: 'RADOS user to authenticate as (only applicable if using cephx)' - comment: 'New param' - name: rbd_store_pool type: string default: 'images' help: 'RADOS pool in which images are stored' - comment: 'New param' - name: rbd_store_chunk_size - type: string - default: '8' + type: integer + default: 8 help: 'Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two' - comment: 'New param' - name: sheepdog_store_address - type: string + type: host default: 'localhost' - comment: 'New param' - name: sheepdog_store_port - type: string - default: '7000' - comment: 'New param' + type: port + default: 7000 - name: sheepdog_store_chunk_size - type: string - default: '64' + type: integer + default: 64 help: 'Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two' - comment: 'New param' - name: cinder_catalog_info type: string default: 'volume:cinder:publicURL' help: 'Info to match when looking for cinder in the service catalog Format is : separated values of the form: :: ' - comment: 'New param' - name: cinder_endpoint_template type: string - default: 'None' + default: ~ help: 'Override service catalog lookup with template for cinder endpoint e.g. http://localhost:8776/v1/%(project_id)s ' - comment: 'New param' - name: os_region_name type: string - default: 'None' + default: ~ help: 'Region name of this node ' - comment: 'New param' - name: cinder_ca_certificates_file type: string - default: 'None' + default: ~ help: 'Location of ca certicates file to use for cinder client requests ' - comment: 'New param' - name: cinder_http_retries type: integer default: 3 help: 'Number of cinderclient retries on failed http calls ' - comment: 'New param' - name: cinder_api_insecure type: boolean default: false help: 'Allow to perform insecure SSL requests to cinder ' - comment: 'New param' - name: delayed_delete - type: string - default: 'False' + type: boolean + default: false help: 'Turn on/off delayed delete' - comment: 'New param' - name: scrub_time - type: string - default: '43200' + type: integer + default: 43200 help: 'Delayed delete time in seconds' - comment: 'New param' - name: scrubber_datadir - type: string + type: directory default: '/var/lib/glance/scrubber' help: 'Directory that the scrubber will use to remind itself of what to delete Make sure this is also set in glance-scrubber.conf' - comment: 'New param' - name: image_cache_dir - type: string + type: directory default: '/var/lib/glance/image-cache/' help: 'Base directory that the Image Cache uses' - comment: 'New param' - name: keystone_authtoken.auth_host type: host @@ -630,40 +528,33 @@ comment: 'New param' - name: keystone_authtoken.auth_port - type: string - default: '35357' - comment: 'New param' + type: port + default: 35357 - name: keystone_authtoken.auth_protocol type: string default: 'http' - comment: 'New param' - name: keystone_authtoken.admin_tenant_name type: string default: '%SERVICE_TENANT_NAME%' - comment: 'New param' - name: keystone_authtoken.admin_user type: string default: '%SERVICE_USER%' - comment: 'New param' - name: keystone_authtoken.admin_password type: string default: '%SERVICE_PASSWORD%' - comment: 'New param' - name: paste_deploy.config_file - type: string + type: file default: 'glance-api-paste.ini' help: 'Name of the paste configuration file that defines the available pipelines' - comment: 'New param' - name: paste_deploy.flavor type: string default: '' help: "Partial name of a pipeline in your paste configuration file with the service name removed. For example, if your paste section name is [pipeline:glance-api-keystone], you would configure the flavor below as 'keystone'." - comment: 'New param' # ==================================================== diff --git a/rubick/schemas/keystone/2013.1.3.yml b/rubick/schemas/keystone/2013.1.3.yml index 1711f00..9e2bb75 100644 --- a/rubick/schemas/keystone/2013.1.3.yml +++ b/rubick/schemas/keystone/2013.1.3.yml @@ -56,8 +56,8 @@ parameters: default: '_member_' - name: max_request_body_size - type: string - default: '114688' + type: integer + default: 114688 help: 'enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter)' - name: max_param_size diff --git a/rubick/schemas/keystone/2013.1.4.yml b/rubick/schemas/keystone/2013.1.4.yml index e4bf44c..64ad67a 100644 --- a/rubick/schemas/keystone/2013.1.4.yml +++ b/rubick/schemas/keystone/2013.1.4.yml @@ -56,8 +56,8 @@ parameters: default: '_member_' - name: max_request_body_size - type: string - default: '114688' + type: integer + default: 114688 help: 'enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter)' - name: max_param_size diff --git a/rubick/schemas/keystone/2013.2.0.yml b/rubick/schemas/keystone/2013.2.0.yml index fcd9658..cc1a356 100644 --- a/rubick/schemas/keystone/2013.2.0.yml +++ b/rubick/schemas/keystone/2013.2.0.yml @@ -58,28 +58,28 @@ parameters: help: 'Role for migrating membership relationships During a SQL upgrade, the following values will be used to create a new role that will replace records in the user_tenant_membership table with explicit role grants. After migration, the member_role_id will be used in the API add_user_to_project, and member_role_name will be ignored.' - name: max_request_body_size - type: string - default: '114688' + type: integer + default: 114688 help: 'enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter)' - name: max_param_size - type: string - default: '64' + type: integer + default: 64 help: 'limit the sizes of user & tenant ID/names' - name: max_token_size - type: string - default: '8192' + type: integer + default: 8192 help: 'similar to max_param_size, but provides an exception for token values' - name: debug - type: string - default: 'False' + type: boolean + default: false help: '=== Logging Options === Print debugging output (includes plaintext request logging, potentially including passwords)' - name: verbose - type: string - default: 'False' + type: boolean + default: false help: 'Print more verbose output' - name: log_file @@ -93,8 +93,8 @@ parameters: help: 'The directory to keep log files in (will be prepended to --logfile)' - name: use_syslog - type: string - default: 'False' + type: boolean + default: false help: 'Use syslog for logging.' - name: syslog_log_facility @@ -138,28 +138,28 @@ parameters: help: 'The messaging module to use, defaults to kombu.' - name: rpc_thread_pool_size - type: string - default: '64' + type: integer + default: 64 help: 'Size of RPC thread pool' - name: rpc_conn_pool_size - type: string - default: '30' + type: integer + default: 30 help: 'Size of RPC connection pool' - name: rpc_response_timeout - type: string - default: '60' + type: integer + default: 60 help: 'Seconds to wait for a response from call or multicall' - name: rpc_cast_timeout - type: string - default: '30' + type: integer + default: 30 help: 'Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.' - name: fake_rabbit - type: string - default: 'False' + type: boolean + default: false help: 'If True, use a fake RabbitMQ provider' - name: control_exchange @@ -173,8 +173,8 @@ parameters: help: 'The SQLAlchemy connection string used to connect to the database' - name: sql.idle_timeout - type: string - default: '200' + type: integer + default: 200 help: 'the timeout before idle sql connections are reaped' - name: oauth1.driver @@ -187,8 +187,8 @@ parameters: help: 'This references the domain to use for all Identity API v2 requests (which are not aware of domains). A domain with this ID will be created for you by keystone-manage db_sync in migration 008. The domain referenced by this ID cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. There is nothing special about this domain, other than the fact that it must exist to order to maintain support for your v2 clients.' - name: identity.domain_specific_drivers_enabled - type: string - default: 'False' + type: boolean + default: false help: 'A subset (or all) of domains can have their own identity driver, each with their own partial configuration file in a domain configuration directory. Only values specific to the domain need to be placed in the domain specific configuration file. This feature is disabled by default; set domain_specific_drivers_enabled to True to enable.' - name: identity.domain_config_dir @@ -197,13 +197,13 @@ parameters: help: 'A subset (or all) of domains can have their own identity driver, each with their own partial configuration file in a domain configuration directory. Only values specific to the domain need to be placed in the domain specific configuration file. This feature is disabled by default; set domain_specific_drivers_enabled to True to enable.' - name: identity.max_password_length - type: string - default: '4096' + type: integer + default: 4096 help: 'Maximum supported length for user passwords; decrease to improve performance.' - name: cache.enabled - type: string - default: 'False' + type: boolean + default: false help: 'Global cache functionality toggle.' - name: catalog.template_file @@ -211,8 +211,8 @@ parameters: default: 'default_catalog.templates' - name: endpoint_filter.return_all_endpoints_if_no_filter - type: string - default: 'True' + type: boolean + default: true help: 'extension for creating associations between project and endpoints in order to provide a tailored catalog for project-scoped token requests.' - name: token.provider @@ -221,8 +221,8 @@ parameters: help: 'Controls the token construction, validation, and revocation operations. Core providers are keystone.token.providers.[pki|uuid].Provider' - name: token.expiration - type: string - default: '86400' + type: integer + default: 86400 help: 'Amount of time a token should remain valid (in seconds)' - name: token.bind @@ -236,18 +236,18 @@ parameters: help: 'Enforcement policy on tokens presented to keystone with bind information. One of disabled, permissive, strict, required or a specifically required bind mode e.g. kerberos or x509 to require binding to that authentication.' - name: assignment.caching - type: string - default: 'True' + type: boolean + default: true help: 'Assignment specific caching toggle. This has no effect unless the global caching option is set to True' - name: assignment.cache_time - type: string - default: '' + type: integer + default: ~ help: 'Assignment specific cache time-to-live (TTL) in seconds.' - name: token.revocation_cache_time - type: string - default: '3600' + type: integer + default: 3600 help: 'Revocation-List specific cache time-to-live (TTL) in seconds.' - name: cache.config_prefix @@ -271,28 +271,28 @@ parameters: help: 'Proxy Classes to import that will affect the way the dogpile.cache backend functions. See the dogpile.cache documentation on changing-backend-behavior. Comma delimited list e.g. my.dogpile.proxy.Class, my.dogpile.proxyClass2' - name: cache.use_key_mangler - type: string - default: 'True' + type: boolean + default: true help: 'Use a key-mangling function (sha1) to ensure fixed length cache-keys. This is toggle-able for debugging purposes, it is highly recommended to always leave this set to True.' - name: cache.debug_cache_backend - type: string - default: 'False' + type: boolean + default: false help: 'Extra debugging from the cache backend (cache keys, get/set/delete/etc calls) This is only really useful if you need to see the specific cache-backend get/set/delete calls with the keys/values. Typically this should be left set to False.' - name: oauth1.request_token_duration - type: string - default: '28800' + type: integer + default: 28800 help: 'The Identity service may include expire attributes. If no such attribute is included, then the token lasts indefinitely. Specify how quickly the request token will expire (in seconds)' - name: oauth1.access_token_duration - type: string - default: '86400' + type: integer + default: 86400 help: 'The Identity service may include expire attributes. If no such attribute is included, then the token lasts indefinitely. Specify how quickly the request token will expire (in seconds) Specify how quickly the access token will expire (in seconds)' - name: ssl.enable - type: string - default: 'True' + type: boolean + default: true - name: signing.certfile type: string @@ -311,16 +311,16 @@ parameters: default: '/etc/keystone/pki/private/cakey.pem' - name: signing.key_size - type: string - default: '2048' + type: integer + default: 2048 - name: signing.valid_days - type: string - default: '3650' + type: integer + default: 3650 - name: ssl.cert_required - type: string - default: 'False' + type: boolean + default: false - name: signing.cert_subject type: string @@ -660,7 +660,7 @@ parameters: help: 'Modules of exceptions that are permitted to be recreated upon receiving exception data from an rpc call.' - name: cache.expiration_time - type: string - default: '600' + type: integer + default: 600 help: "Default TTL, in seconds, for any cached item in the dogpile.cache region. This applies to any cached method that doesn't have an explicit cache expiration time defined for it." diff --git a/rubick/schemas/keystone/keystone.conf.yml b/rubick/schemas/keystone/keystone.conf.yml index 4df1cad..8feaabf 100644 --- a/rubick/schemas/keystone/keystone.conf.yml +++ b/rubick/schemas/keystone/keystone.conf.yml @@ -67,8 +67,8 @@ comment: 'New param' - name: max_request_body_size - type: string - default: '114688' + type: integer + default: 114688 help: 'enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter)' comment: 'New param' @@ -802,77 +802,11 @@ help: 'Role for migrating membership relationships During a SQL upgrade, the following values will be used to create a new role that will replace records in the user_tenant_membership table with explicit role grants. After migration, the member_role_id will be used in the API add_user_to_project, and member_role_name will be ignored.' comment: 'Help string has changed' - - name: max_param_size - type: string - default: '64' - help: 'limit the sizes of user & tenant ID/names' - comment: 'Type has changed' - - - name: max_token_size - type: string - default: '8192' - help: 'similar to max_param_size, but provides an exception for token values' - comment: 'Type has changed' - - - name: debug - type: string - default: 'False' - help: '=== Logging Options === Print debugging output (includes plaintext request logging, potentially including passwords)' - comment: 'Type has changed' - - - name: verbose - type: string - default: 'False' - help: 'Print more verbose output' - comment: 'Type has changed' - - - name: use_syslog - type: string - default: 'False' - help: 'Use syslog for logging.' - comment: 'Type has changed' - - - name: rpc_thread_pool_size - type: string - default: '64' - help: 'Size of RPC thread pool' - comment: 'Type has changed' - - - name: rpc_conn_pool_size - type: string - default: '30' - help: 'Size of RPC connection pool' - comment: 'Type has changed' - - - name: rpc_response_timeout - type: string - default: '60' - help: 'Seconds to wait for a response from call or multicall' - comment: 'Type has changed' - - - name: rpc_cast_timeout - type: string - default: '30' - help: 'Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.' - comment: 'Type has changed' - - - name: fake_rabbit - type: string - default: 'False' - help: 'If True, use a fake RabbitMQ provider' - comment: 'Type has changed' - - - name: sql.idle_timeout - type: string - default: '200' - help: 'the timeout before idle sql connections are reaped' - comment: 'Type has changed' - - name: identity.domain_specific_drivers_enabled - type: string - default: 'False' + type: boolean + default: false help: 'A subset (or all) of domains can have their own identity driver, each with their own partial configuration file in a domain configuration directory. Only values specific to the domain need to be placed in the domain specific configuration file. This feature is disabled by default; set domain_specific_drivers_enabled to True to enable.' - comment: 'Type has changed' + comment: 'Help string has changed' - name: identity.domain_config_dir type: string @@ -880,91 +814,23 @@ help: 'A subset (or all) of domains can have their own identity driver, each with their own partial configuration file in a domain configuration directory. Only values specific to the domain need to be placed in the domain specific configuration file. This feature is disabled by default; set domain_specific_drivers_enabled to True to enable.' comment: 'Help string has changed' - - name: identity.max_password_length - type: string - default: '4096' - help: 'Maximum supported length for user passwords; decrease to improve performance.' - comment: 'Type has changed' - - - name: cache.enabled - type: string - default: 'False' - help: 'Global cache functionality toggle.' - comment: 'Type has changed' - - name: endpoint_filter.return_all_endpoints_if_no_filter - type: string - default: 'True' + type: boolean + default: true help: 'extension for creating associations between project and endpoints in order to provide a tailored catalog for project-scoped token requests.' - comment: 'Type has changed' - - - name: token.expiration - type: string - default: '86400' - help: 'Amount of time a token should remain valid (in seconds)' - comment: 'Type has changed' - - - name: assignment.caching - type: string - default: 'True' - help: 'Assignment specific caching toggle. This has no effect unless the global caching option is set to True' - comment: 'Type has changed' + comment: 'Help string has changed' - name: assignment.cache_time - type: string - default: '' + type: integer + default: ~ help: 'Assignment specific cache time-to-live (TTL) in seconds.' - comment: 'Type has changed' - - - name: token.revocation_cache_time - type: string - default: '3600' - help: 'Revocation-List specific cache time-to-live (TTL) in seconds.' - comment: 'Type has changed' - - - name: cache.use_key_mangler - type: string - default: 'True' - help: 'Use a key-mangling function (sha1) to ensure fixed length cache-keys. This is toggle-able for debugging purposes, it is highly recommended to always leave this set to True.' - comment: 'Type has changed' - - - name: cache.debug_cache_backend - type: string - default: 'False' - help: 'Extra debugging from the cache backend (cache keys, get/set/delete/etc calls) This is only really useful if you need to see the specific cache-backend get/set/delete calls with the keys/values. Typically this should be left set to False.' - comment: 'Type has changed' - - - name: oauth1.request_token_duration - type: string - default: '28800' - help: 'The Identity service may include expire attributes. If no such attribute is included, then the token lasts indefinitely. Specify how quickly the request token will expire (in seconds)' - comment: 'Type has changed' + comment: 'Default value has changed' - name: oauth1.access_token_duration - type: string - default: '86400' + type: integer + default: 86400 help: 'The Identity service may include expire attributes. If no such attribute is included, then the token lasts indefinitely. Specify how quickly the request token will expire (in seconds) Specify how quickly the access token will expire (in seconds)' - comment: 'Type has changed' - - - name: ssl.enable - type: string - default: 'True' - comment: 'Type has changed' - - - name: signing.key_size - type: string - default: '2048' - comment: 'Type has changed' - - - name: signing.valid_days - type: string - default: '3650' - comment: 'Type has changed' - - - name: ssl.cert_required - type: string - default: 'False' - comment: 'Type has changed' + comment: 'Help string has changed' - name: signing.cert_subject type: string @@ -990,8 +856,8 @@ comment: 'New param' - name: cache.expiration_time - type: string - default: '600' + type: integer + default: 600 help: "Default TTL, in seconds, for any cached item in the dogpile.cache region. This applies to any cached method that doesn't have an explicit cache expiration time defined for it." comment: 'New param' diff --git a/rubick/schemas/rabbitmq/rabbitmq.conf.yml b/rubick/schemas/rabbitmq/rabbitmq.conf.yml index e5c06cf..f8ddf8c 100644 --- a/rubick/schemas/rabbitmq/rabbitmq.conf.yml +++ b/rubick/schemas/rabbitmq/rabbitmq.conf.yml @@ -31,8 +31,8 @@ - name: disk_free_limit type: integer - default: 50000000 - comment: 'Default value has changed' + default: '50000000' + comment: 'New param' - name: log_levels type: string_list