Adding storage, keystone_authtoken sections to sample config
Added storage section for elk config and keystone_authtoken section for keystone related configurations Change-Id: Iba3e1c97bfd58fb39c6f9208e31014dde8658f2f Closes-Bug: #1565737
This commit is contained in:
parent
04a3c8983a
commit
153279105e
|
@ -71,6 +71,13 @@ To get information about optional additional parameters:
|
|||
|
||||
freezer-db-init -h
|
||||
|
||||
Freezer index number of replicas:
|
||||
|
||||
The number of replicas of the freezer index can be configured by changing
|
||||
the parameter number_of_replicas in the configuration file. This should be done
|
||||
before running freezer-db-init script. More information about elasticsearch
|
||||
replicas can be found here https://www.elastic.co/guide/en/elasticsearch/guide/current/replica-shards.html
|
||||
|
||||
1.5 run simple instance
|
||||
-----------------------
|
||||
::
|
||||
|
@ -89,6 +96,7 @@ To get information about optional additional parameters:
|
|||
1.7 example running freezer-api with apache2
|
||||
--------------------------------
|
||||
::
|
||||
|
||||
# sudo vi /etc/apache2/sites-enabled/freezer-api.conf
|
||||
<VirtualHost ...>
|
||||
WSGIDaemonProcess freezer-api processes=2 threads=2 user=freezer
|
||||
|
@ -110,7 +118,6 @@ To get information about optional additional parameters:
|
|||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
|
||||
2. Devstack Plugin
|
||||
==================
|
||||
|
||||
|
|
|
@ -87,10 +87,11 @@ function configure_freezer_api {
|
|||
[ ! -d $FREEZER_API_LOG_DIR ] && sudo mkdir -m 755 -p $FREEZER_API_LOG_DIR
|
||||
sudo chown $USER $FREEZER_API_LOG_DIR
|
||||
|
||||
sudo cp $FREEZER_API_DIR/etc/freezer-api.conf $FREEZER_API_CONF_DIR
|
||||
sudo cp $FREEZER_API_DIR/etc/freezer-api.conf.sample $FREEZER_API_CONF_DIR/freezer-api.conf
|
||||
|
||||
iniset $FREEZER_API_CONF 'storage' db elasticsearch
|
||||
iniset $FREEZER_API_CONF 'storage' index freezer
|
||||
iniset $FREEZER_API_CONF 'storage' number_of_replicas 0
|
||||
iniset $FREEZER_API_CONF 'storage' hosts http://$SERVICE_HOST:9200
|
||||
|
||||
iniset $FREEZER_API_CONF 'keystone_authtoken' auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
# (c) Copyright 2014,2015 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
[DEFAULT]
|
||||
# Show more verbose log output (sets INFO log level output)
|
||||
verbose = false
|
||||
|
||||
# Show debugging output in logs (sets DEBUG log level output)
|
||||
#debug = False
|
||||
|
||||
# Log to this file. Make sure you do not set the same log file for both the API
|
||||
# and registry servers!
|
||||
#
|
||||
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
||||
# sent to stdout as a fallback.
|
||||
log_file = freezer-api.log
|
||||
|
||||
# ================= Syslog Options ============================
|
||||
|
||||
# Send logs to syslog (/dev/log) instead of to file specified
|
||||
# by `log_file`
|
||||
use_syslogd = false
|
||||
|
||||
# Facility to use. If unset defaults to LOG_USER.
|
||||
#syslog_log_facility = LOG_LOCAL0
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_protocol = http
|
||||
auth_host = keystone_host
|
||||
auth_port = 35357
|
||||
admin_user = freezer
|
||||
admin_password = freezer
|
||||
admin_tenant_name = service
|
||||
include_service_catalog = False
|
||||
delay_auth_decision = False
|
||||
|
||||
|
||||
[storage]
|
||||
# supported db engine. currently elasticsearch only
|
||||
db=elasticsearch
|
||||
hosts='http://elasticsearch_host:9200'
|
||||
# freezer-db-init uses the following parameter to set the number of replicas
|
||||
number_of_replicas=2
|
||||
|
||||
#use_ssl=False
|
||||
#ca_certs=''
|
||||
#use_ssl=False
|
||||
#timeout=60
|
||||
#retries=20
|
|
@ -7,8 +7,8 @@
|
|||
# IP address to listen on. Default is 0.0.0.0 (IP address value)
|
||||
#bind_host = 0.0.0.0
|
||||
|
||||
# Port number to listen on. Default is 9090 (integer value)
|
||||
# Minimum value: 1
|
||||
# Port number to listen on. Default is 9090 (port value)
|
||||
# Minimum value: 0
|
||||
# Maximum value: 65535
|
||||
#bind_port = 9090
|
||||
|
||||
|
@ -106,3 +106,212 @@
|
|||
|
||||
# Enables or disables fatal status of deprecations. (boolean value)
|
||||
#fatal_deprecations = false
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
# From freezer-api
|
||||
#
|
||||
|
||||
# Complete public Identity API endpoint. (string value)
|
||||
#auth_uri = <None>
|
||||
|
||||
# API version of the admin Identity API endpoint. (string value)
|
||||
#auth_version = <None>
|
||||
|
||||
# Do not handle authorization requests within the middleware, but delegate the
|
||||
# authorization decision to downstream WSGI components. (boolean value)
|
||||
#delay_auth_decision = false
|
||||
|
||||
# Request timeout value for communicating with Identity API server. (integer
|
||||
# value)
|
||||
#http_connect_timeout = <None>
|
||||
|
||||
# How many times are we trying to reconnect when communicating with Identity
|
||||
# API Server. (integer value)
|
||||
#http_request_max_retries = 3
|
||||
|
||||
# Env key for the swift cache. (string value)
|
||||
#cache = <None>
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
#certfile = <None>
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
#keyfile = <None>
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
# Defaults to system CAs. (string value)
|
||||
#cafile = <None>
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
#insecure = false
|
||||
|
||||
# The region in which the identity server can be found. (string value)
|
||||
#region_name = <None>
|
||||
|
||||
# Directory used to cache files related to PKI tokens. (string value)
|
||||
#signing_dir = <None>
|
||||
|
||||
# Optionally specify a list of memcached server(s) to use for caching. If left
|
||||
# undefined, tokens will instead be cached in-process. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||
#memcached_servers = <None>
|
||||
|
||||
# In order to prevent excessive effort spent validating tokens, the middleware
|
||||
# caches previously-seen tokens for a configurable duration (in seconds). Set
|
||||
# to -1 to disable caching completely. (integer value)
|
||||
#token_cache_time = 300
|
||||
|
||||
# Determines the frequency at which the list of revoked tokens is retrieved
|
||||
# from the Identity service (in seconds). A high number of revocation events
|
||||
# combined with a low cache duration may significantly reduce performance.
|
||||
# (integer value)
|
||||
#revocation_cache_time = 10
|
||||
|
||||
# (Optional) If defined, indicate whether token data should be authenticated or
|
||||
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
|
||||
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
|
||||
# cache. If the value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
# Allowed values: None, MAC, ENCRYPT
|
||||
#memcache_security_strategy = None
|
||||
|
||||
# (Optional, mandatory if memcache_security_strategy is defined) This string is
|
||||
# used for key derivation. (string value)
|
||||
#memcache_secret_key = <None>
|
||||
|
||||
# (Optional) Number of seconds memcached server is considered dead before it is
|
||||
# tried again. (integer value)
|
||||
#memcache_pool_dead_retry = 300
|
||||
|
||||
# (Optional) Maximum total number of open connections to every memcached
|
||||
# server. (integer value)
|
||||
#memcache_pool_maxsize = 10
|
||||
|
||||
# (Optional) Socket timeout in seconds for communicating with a memcached
|
||||
# server. (integer value)
|
||||
#memcache_pool_socket_timeout = 3
|
||||
|
||||
# (Optional) Number of seconds a connection to memcached is held unused in the
|
||||
# pool before it is closed. (integer value)
|
||||
#memcache_pool_unused_timeout = 60
|
||||
|
||||
# (Optional) Number of seconds that an operation will wait to get a memcached
|
||||
# client connection from the pool. (integer value)
|
||||
#memcache_pool_conn_get_timeout = 10
|
||||
|
||||
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
|
||||
# advanced pool will only work under python 2.x. (boolean value)
|
||||
#memcache_use_advanced_pool = false
|
||||
|
||||
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
|
||||
# middleware will not ask for service catalog on token validation and will not
|
||||
# set the X-Service-Catalog header. (boolean value)
|
||||
#include_service_catalog = true
|
||||
|
||||
# Used to control the use and type of token binding. Can be set to: "disabled"
|
||||
# to not check token binding. "permissive" (default) to validate binding
|
||||
# information if the bind type is of a form known to the server and ignore it
|
||||
# if not. "strict" like "permissive" but if the bind type is unknown the token
|
||||
# will be rejected. "required" any form of token binding is needed to be
|
||||
# allowed. Finally the name of a binding method that must be present in tokens.
|
||||
# (string value)
|
||||
#enforce_token_bind = permissive
|
||||
|
||||
# If true, the revocation list will be checked for cached tokens. This requires
|
||||
# that PKI tokens are configured on the identity server. (boolean value)
|
||||
#check_revocations_for_cached = false
|
||||
|
||||
# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
|
||||
# or multiple. The algorithms are those supported by Python standard
|
||||
# hashlib.new(). The hashes will be tried in the order given, so put the
|
||||
# preferred one first for performance. The result of the first hash will be
|
||||
# stored in the cache. This will typically be set to multiple values only while
|
||||
# migrating from a less secure algorithm to a more secure one. Once all the old
|
||||
# tokens are expired this option should be set to a single value for better
|
||||
# performance. (list value)
|
||||
#hash_algorithms = md5
|
||||
|
||||
# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
|
||||
# (string value)
|
||||
#auth_admin_prefix =
|
||||
|
||||
# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
|
||||
# (string value)
|
||||
#auth_host = 127.0.0.1
|
||||
|
||||
# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
|
||||
# (integer value)
|
||||
#auth_port = 35357
|
||||
|
||||
# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
|
||||
# (string value)
|
||||
# Allowed values: http, https
|
||||
#auth_protocol = https
|
||||
|
||||
# Complete admin Identity API endpoint. This should specify the unversioned
|
||||
# root endpoint e.g. https://localhost:35357/ (string value)
|
||||
#identity_uri = <None>
|
||||
|
||||
# This option is deprecated and may be removed in a future release. Single
|
||||
# shared secret with the Keystone configuration used for bootstrapping a
|
||||
# Keystone installation, or otherwise bypassing the normal authentication
|
||||
# process. This option should not be used, use `admin_user` and
|
||||
# `admin_password` instead. (string value)
|
||||
#admin_token = <None>
|
||||
|
||||
# Service username. (string value)
|
||||
#admin_user = <None>
|
||||
|
||||
# Service user password. (string value)
|
||||
#admin_password = <None>
|
||||
|
||||
# Service tenant name. (string value)
|
||||
#admin_tenant_name = admin
|
||||
|
||||
# Authentication type to load (unknown value)
|
||||
# Deprecated group/name - [DEFAULT]/auth_plugin
|
||||
#auth_type = <None>
|
||||
|
||||
# Config Section from which to load plugin specific options (unknown value)
|
||||
#auth_section = <None>
|
||||
|
||||
|
||||
[storage]
|
||||
|
||||
#
|
||||
# From freezer-api
|
||||
#
|
||||
|
||||
# specify the storage db to use (default: elasticsearch (string value)
|
||||
#db = elasticsearch
|
||||
|
||||
# specify the storage hosts (deprecated, use "hosts" (string value)
|
||||
#endpoint =
|
||||
|
||||
# specify the storage hosts (string value)
|
||||
#hosts = http://localhost:9200
|
||||
|
||||
# specify the name of the elasticsearch index (string value)
|
||||
#index = freezer
|
||||
|
||||
# specify the connection timeout (integer value)
|
||||
#timeout = 60
|
||||
|
||||
# number of retries to allow before raising and error (integer value)
|
||||
#retries = 20
|
||||
|
||||
# explicitly turn on SSL (boolean value)
|
||||
#use_ssl = false
|
||||
|
||||
# turn on SSL certs verification (boolean value)
|
||||
#verify_certs = false
|
||||
|
||||
# path to CA certs on disk (string value)
|
||||
#ca_certs = <None>
|
||||
|
||||
# Number of replicas for elk cluster. Default is 2. Use 0 for no replicas
|
||||
# (integer value)
|
||||
#number_of_replicas = 2
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
"""
|
||||
(c) Copyright 2014,2015 Hewlett-Packard Development Company, L.P.
|
||||
(c) Copyright 2015-2016 Hewlett-Packard Enterprise Company L.P.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
@ -20,6 +20,8 @@ from oslo_config import cfg
|
|||
from oslo_log import log
|
||||
|
||||
from freezer_api import __version__ as FREEZER_API_VERSION
|
||||
from freezer_api.storage import driver
|
||||
from keystonemiddleware import opts
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
@ -69,7 +71,9 @@ def setup_logging():
|
|||
|
||||
def list_opts():
|
||||
_OPTS = {
|
||||
None: api_common_opts()
|
||||
None: api_common_opts(),
|
||||
'storage': driver.storage_opts,
|
||||
opts.auth_token_opts[0][0]: opts.auth_token_opts[0][1]
|
||||
}
|
||||
return _OPTS.items()
|
||||
|
||||
|
|
|
@ -56,6 +56,10 @@ storage_opts = [
|
|||
cfg.StrOpt('ca_certs',
|
||||
default=None,
|
||||
help='path to CA certs on disk'),
|
||||
cfg.IntOpt('number_of_replicas',
|
||||
default=2,
|
||||
help='Number of replicas for elk cluster. Default is 2. '
|
||||
'Use 0 for no replicas')
|
||||
]
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
|
Loading…
Reference in New Issue