Adding storage, keystone_authtoken sections to sample config

Added storage section for elk config and keystone_authtoken section for keystone related configurations Change-Id: Iba3e1c97bfd58fb39c6f9208e31014dde8658f2f Closes-Bug: #1565737
2016-04-04 12:27:53 +01:00 · 2016-04-04 12:27:53 +01:00 · 153279105e
parent 04a3c8983a
commit 153279105e
6 changed files with 231 additions and 66 deletions
--- a/README.rst
+++ b/README.rst
@ -71,6 +71,13 @@ To get information about optional additional parameters:

  freezer-db-init -h

+Freezer index number of replicas:
+
+The number of replicas of the freezer index can be configured by changing
+the parameter number_of_replicas in the configuration file. This should be done
+before running freezer-db-init script. More information about elasticsearch
+replicas can be found here https://www.elastic.co/guide/en/elasticsearch/guide/current/replica-shards.html
+
 1.5 run simple instance
 -----------------------
 ::
@ -89,6 +96,7 @@ To get information about optional additional parameters:
 1.7 example running freezer-api with apache2
 --------------------------------
 ::
+
 # sudo vi /etc/apache2/sites-enabled/freezer-api.conf
    <VirtualHost ...>
        WSGIDaemonProcess freezer-api processes=2 threads=2 user=freezer
@ -110,7 +118,6 @@ To get information about optional additional parameters:
        </Directory>
    </VirtualHost>

-
 2. Devstack Plugin
 ==================

--- a/devstack/lib/freezer-api
+++ b/devstack/lib/freezer-api
@ -87,10 +87,11 @@ function configure_freezer_api {
    [ ! -d $FREEZER_API_LOG_DIR ] &&  sudo mkdir -m 755 -p $FREEZER_API_LOG_DIR
    sudo chown $USER $FREEZER_API_LOG_DIR

-    sudo cp $FREEZER_API_DIR/etc/freezer-api.conf $FREEZER_API_CONF_DIR
+    sudo cp $FREEZER_API_DIR/etc/freezer-api.conf.sample $FREEZER_API_CONF_DIR/freezer-api.conf

    iniset $FREEZER_API_CONF 'storage' db elasticsearch
    iniset $FREEZER_API_CONF 'storage' index freezer
+    iniset $FREEZER_API_CONF 'storage' number_of_replicas 0
    iniset $FREEZER_API_CONF 'storage' hosts http://$SERVICE_HOST:9200

    iniset $FREEZER_API_CONF 'keystone_authtoken' auth_protocol $KEYSTONE_AUTH_PROTOCOL
--- a/etc/freezer-api.conf
+++ b/etc/freezer-api.conf
@ -1,60 +0,0 @@
-# (c) Copyright 2014,2015 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-verbose = false
-
-# Show debugging output in logs (sets DEBUG log level output)
-#debug = False
-
-# Log to this file. Make sure you do not set the same log file for both the API
-# and registry servers!
-#
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
-# sent to stdout as a fallback.
-log_file = freezer-api.log
-
-# ================= Syslog Options ============================
-
-# Send logs to syslog (/dev/log) instead of to file specified
-# by `log_file`
-use_syslogd = false
-
-# Facility to use. If unset defaults to LOG_USER.
-#syslog_log_facility = LOG_LOCAL0
-
-[keystone_authtoken]
-auth_protocol = http
-auth_host = keystone_host
-auth_port = 35357
-admin_user = freezer
-admin_password = freezer
-admin_tenant_name = service
-include_service_catalog = False
-delay_auth_decision = False
-
-
-[storage]
-# supported db engine. currently elasticsearch only
-db=elasticsearch
-hosts='http://elasticsearch_host:9200'
-# freezer-db-init uses the following parameter to set the number of replicas
-number_of_replicas=2
-
-#use_ssl=False
-#ca_certs=''
-#use_ssl=False
-#timeout=60
-#retries=20
--- a/etc/freezer-api.conf.sample
+++ b/etc/freezer-api.conf.sample
@ -7,8 +7,8 @@
 # IP address to listen on. Default is 0.0.0.0 (IP address value)
 #bind_host = 0.0.0.0

-# Port number to listen on. Default is 9090 (integer value)
-# Minimum value: 1
+# Port number to listen on. Default is 9090 (port value)
+# Minimum value: 0
 # Maximum value: 65535
 #bind_port = 9090

@ -106,3 +106,212 @@

 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
+
+
+[keystone_authtoken]
+
+#
+# From freezer-api
+#
+
+# Complete public Identity API endpoint. (string value)
+#auth_uri = <None>
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision = false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout = <None>
+
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
+#http_request_max_retries = 3
+
+# Env key for the swift cache. (string value)
+#cache = <None>
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
+# Directory used to cache files related to PKI tokens. (string value)
+#signing_dir = <None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [DEFAULT]/memcache_servers
+#memcached_servers = <None>
+
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set
+# to -1 to disable caching completely. (integer value)
+#token_cache_time = 300
+
+# Determines the frequency at which the list of revoked tokens is retrieved
+# from the Identity service (in seconds). A high number of revocation events
+# combined with a low cache duration may significantly reduce performance.
+# (integer value)
+#revocation_cache_time = 10
+
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
+
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
+#memcache_secret_key = <None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry = 300
+
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
+#enforce_token_bind = permissive
+
+# If true, the revocation list will be checked for cached tokens. This requires
+# that PKI tokens are configured on the identity server. (boolean value)
+#check_revocations_for_cached = false
+
+# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
+# or multiple. The algorithms are those supported by Python standard
+# hashlib.new(). The hashes will be tried in the order given, so put the
+# preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+#hash_algorithms = md5
+
+# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
+# (string value)
+#auth_admin_prefix =
+
+# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+#auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (integer value)
+#auth_port = 35357
+
+# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+# Allowed values: http, https
+#auth_protocol = https
+
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
+#identity_uri = <None>
+
+# This option is deprecated and may be removed in a future release. Single
+# shared secret with the Keystone configuration used for bootstrapping a
+# Keystone installation, or otherwise bypassing the normal authentication
+# process. This option should not be used, use `admin_user` and
+# `admin_password` instead. (string value)
+#admin_token = <None>
+
+# Service username. (string value)
+#admin_user = <None>
+
+# Service user password. (string value)
+#admin_password = <None>
+
+# Service tenant name. (string value)
+#admin_tenant_name = admin
+
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (unknown value)
+#auth_section = <None>
+
+
+[storage]
+
+#
+# From freezer-api
+#
+
+# specify the storage db to use (default: elasticsearch (string value)
+#db = elasticsearch
+
+# specify the storage hosts (deprecated, use "hosts" (string value)
+#endpoint =
+
+# specify the storage hosts (string value)
+#hosts = http://localhost:9200
+
+# specify the name of the elasticsearch index (string value)
+#index = freezer
+
+# specify the connection timeout (integer value)
+#timeout = 60
+
+# number of retries to allow before raising and error (integer value)
+#retries = 20
+
+# explicitly turn on SSL (boolean value)
+#use_ssl = false
+
+# turn on SSL certs verification (boolean value)
+#verify_certs = false
+
+# path to CA certs on disk (string value)
+#ca_certs = <None>
+
+# Number of replicas for elk cluster. Default is 2. Use 0 for no replicas
+# (integer value)
+#number_of_replicas = 2
--- a/freezer_api/common/config.py
+++ b/freezer_api/common/config.py
@ -1,5 +1,5 @@
 """
-(c) Copyright 2014,2015 Hewlett-Packard Development Company, L.P.
+(c) Copyright 2015-2016 Hewlett-Packard Enterprise Company L.P.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@ -20,6 +20,8 @@ from oslo_config import cfg
 from oslo_log import log

 from freezer_api import __version__ as FREEZER_API_VERSION
+from freezer_api.storage import driver
+from keystonemiddleware import opts

 CONF = cfg.CONF

@ -69,7 +71,9 @@ def setup_logging():

 def list_opts():
    _OPTS = {
-        None: api_common_opts()
+        None: api_common_opts(),
+        'storage': driver.storage_opts,
+        opts.auth_token_opts[0][0]: opts.auth_token_opts[0][1]
    }
    return _OPTS.items()

--- a/freezer_api/storage/driver.py
+++ b/freezer_api/storage/driver.py
@ -56,6 +56,10 @@ storage_opts = [
    cfg.StrOpt('ca_certs',
               default=None,
               help='path to CA certs on disk'),
+    cfg.IntOpt('number_of_replicas',
+               default=2,
+               help='Number of replicas for elk cluster. Default is 2. '
+                    'Use 0 for no replicas')
 ]

 CONF = cfg.CONF