diff options
author | Jenkins <jenkins@review.openstack.org> | 2014-01-22 12:14:50 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2014-01-22 12:14:50 +0000 |
commit | 977956b3d2251806ac39edef0533d9e93eca2fd3 (patch) | |
tree | a9e3f01278ab2edb20f8eac40f89ff43456238ed | |
parent | 21e1b1e96fc5722177d99d4b324d89b0f32b6875 (diff) | |
parent | 1f9917cc028540d24dca3c50d184ed87409b27eb (diff) | |
download | ironic-977956b3d2251806ac39edef0533d9e93eca2fd3.tar.gz |
Merge "Add [keystone_authtoken] to ironic.conf.sample"2014.1.b2
-rw-r--r-- | etc/ironic/ironic.conf.sample | 142 | ||||
-rw-r--r-- | tools/config/oslo.config.generator.rc | 1 |
2 files changed, 132 insertions, 11 deletions
diff --git a/etc/ironic/ironic.conf.sample b/etc/ironic/ironic.conf.sample index a07d102c2..75e7922f3 100644 --- a/etc/ironic/ironic.conf.sample +++ b/etc/ironic/ironic.conf.sample @@ -567,6 +567,17 @@ #key_file=<None> +[matchmaker_ring] + +# +# Options defined in ironic.openstack.common.rpc.matchmaker_ring +# + +# Matchmaker ring file (JSON) (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + [rpc_notifier2] # @@ -610,6 +621,126 @@ #password=<None> +[keystone_authtoken] + +# +# Options defined in keystoneclient.middleware.auth_token +# + +# Prefix to prepend at the beginning of the path (string +# value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint (string +# value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint(http or https) +# (string value) +#auth_protocol=https + +# Complete public Identity API endpoint (string value) +#auth_uri=<None> + +# API version of the admin Identity API endpoint (string +# value) +#auth_version=<None> + +# Do not handle authorization requests within the middleware, +# but delegate the authorization decision to downstream WSGI +# components (boolean value) +#delay_auth_decision=false + +# Request timeout value for communicating with Identity API +# server. (boolean value) +#http_connect_timeout=<None> + +# How many times are we trying to reconnect when communicating +# with Identity API Server. (integer value) +#http_request_max_retries=3 + +# Allows to pass in the name of a fake http_handler callback +# function used instead of httplib.HTTPConnection or +# httplib.HTTPSConnection. Useful for unit testing where +# network is not available. (string value) +#http_handler=<None> + +# Single shared secret with the Keystone configuration used +# for bootstrapping a Keystone installation, or otherwise +# bypassing the normal authentication process. (string value) +#admin_token=<None> + +# Keystone account username (string value) +#admin_user=<None> + +# Keystone account password (string value) +#admin_password=<None> + +# Keystone service account tenant name to validate user tokens +# (string value) +#admin_tenant_name=admin + +# Env key for the swift cache (string value) +#cache=<None> + +# Required if Keystone server requires client certificate +# (string value) +#certfile=<None> + +# Required if Keystone server requires client certificate +# (string value) +#keyfile=<None> + +# A PEM encoded Certificate Authority to use when verifying +# HTTPs connections. Defaults to system CAs. (string value) +#cafile=<None> + +# Verify HTTPS connections. (boolean value) +#insecure=false + +# Directory used to cache files related to PKI tokens (string +# value) +#signing_dir=<None> + +# If defined, the memcache server(s) to use for caching (list +# value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers=<None> + +# In order to prevent excessive requests and validations, the +# middleware uses an in-memory cache for the tokens the +# Keystone API returns. This is only valid if memcache_servers +# is defined. Set to -1 to disable caching completely. +# (integer value) +#token_cache_time=300 + +# Value only used for unit testing (integer value) +#revocation_cache_time=1 + +# (optional) if defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable +# values are MAC or ENCRYPT. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token +# data is encrypted and authenticated in the cache. If the +# value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +#memcache_security_strategy=<None> + +# (optional, mandatory if memcache_security_strategy is +# defined) this string is used for key derivation. (string +# value) +#memcache_secret_key=<None> + +# (optional) indicate whether to set the X-Service-Catalog +# header. If False, middleware will not ask for service +# catalog on token validation and will not set the X-Service- +# Catalog header. (boolean value) +#include_service_catalog=true + + [glance] # @@ -654,17 +785,6 @@ #auth_strategy=keystone -[matchmaker_ring] - -# -# Options defined in ironic.openstack.common.rpc.matchmaker_ring -# - -# Matchmaker ring file (JSON) (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - [pxe] # diff --git a/tools/config/oslo.config.generator.rc b/tools/config/oslo.config.generator.rc new file mode 100644 index 000000000..cf5117666 --- /dev/null +++ b/tools/config/oslo.config.generator.rc @@ -0,0 +1 @@ +export IRONIC_CONFIG_GENERATOR_EXTRA_MODULES=keystoneclient.middleware.auth_token |