Add [keystone_authtoken] to ironic.conf.sample
Update the auto-generation of our sample config file by exporting a variable to oslo.config.generator such that it will include the keystone_authtoken section when building our config. Change-Id: I8f0d93846cd948059ac6cbc6ec4024257e2c3f27 Closes-bug: 1271308
This commit is contained in:
parent
3af35b4093
commit
1f9917cc02
|
@ -567,6 +567,17 @@
|
||||||
#key_file=<None>
|
#key_file=<None>
|
||||||
|
|
||||||
|
|
||||||
|
[matchmaker_ring]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options defined in ironic.openstack.common.rpc.matchmaker_ring
|
||||||
|
#
|
||||||
|
|
||||||
|
# Matchmaker ring file (JSON) (string value)
|
||||||
|
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
|
||||||
|
#ringfile=/etc/oslo/matchmaker_ring.json
|
||||||
|
|
||||||
|
|
||||||
[rpc_notifier2]
|
[rpc_notifier2]
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -610,6 +621,126 @@
|
||||||
#password=<None>
|
#password=<None>
|
||||||
|
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options defined in keystoneclient.middleware.auth_token
|
||||||
|
#
|
||||||
|
|
||||||
|
# Prefix to prepend at the beginning of the path (string
|
||||||
|
# value)
|
||||||
|
#auth_admin_prefix=
|
||||||
|
|
||||||
|
# Host providing the admin Identity API endpoint (string
|
||||||
|
# value)
|
||||||
|
#auth_host=127.0.0.1
|
||||||
|
|
||||||
|
# Port of the admin Identity API endpoint (integer value)
|
||||||
|
#auth_port=35357
|
||||||
|
|
||||||
|
# Protocol of the admin Identity API endpoint(http or https)
|
||||||
|
# (string value)
|
||||||
|
#auth_protocol=https
|
||||||
|
|
||||||
|
# Complete public Identity API endpoint (string value)
|
||||||
|
#auth_uri=<None>
|
||||||
|
|
||||||
|
# API version of the admin Identity API endpoint (string
|
||||||
|
# value)
|
||||||
|
#auth_version=<None>
|
||||||
|
|
||||||
|
# Do not handle authorization requests within the middleware,
|
||||||
|
# but delegate the authorization decision to downstream WSGI
|
||||||
|
# components (boolean value)
|
||||||
|
#delay_auth_decision=false
|
||||||
|
|
||||||
|
# Request timeout value for communicating with Identity API
|
||||||
|
# server. (boolean value)
|
||||||
|
#http_connect_timeout=<None>
|
||||||
|
|
||||||
|
# How many times are we trying to reconnect when communicating
|
||||||
|
# with Identity API Server. (integer value)
|
||||||
|
#http_request_max_retries=3
|
||||||
|
|
||||||
|
# Allows to pass in the name of a fake http_handler callback
|
||||||
|
# function used instead of httplib.HTTPConnection or
|
||||||
|
# httplib.HTTPSConnection. Useful for unit testing where
|
||||||
|
# network is not available. (string value)
|
||||||
|
#http_handler=<None>
|
||||||
|
|
||||||
|
# Single shared secret with the Keystone configuration used
|
||||||
|
# for bootstrapping a Keystone installation, or otherwise
|
||||||
|
# bypassing the normal authentication process. (string value)
|
||||||
|
#admin_token=<None>
|
||||||
|
|
||||||
|
# Keystone account username (string value)
|
||||||
|
#admin_user=<None>
|
||||||
|
|
||||||
|
# Keystone account password (string value)
|
||||||
|
#admin_password=<None>
|
||||||
|
|
||||||
|
# Keystone service account tenant name to validate user tokens
|
||||||
|
# (string value)
|
||||||
|
#admin_tenant_name=admin
|
||||||
|
|
||||||
|
# Env key for the swift cache (string value)
|
||||||
|
#cache=<None>
|
||||||
|
|
||||||
|
# Required if Keystone server requires client certificate
|
||||||
|
# (string value)
|
||||||
|
#certfile=<None>
|
||||||
|
|
||||||
|
# Required if Keystone server requires client certificate
|
||||||
|
# (string value)
|
||||||
|
#keyfile=<None>
|
||||||
|
|
||||||
|
# A PEM encoded Certificate Authority to use when verifying
|
||||||
|
# HTTPs connections. Defaults to system CAs. (string value)
|
||||||
|
#cafile=<None>
|
||||||
|
|
||||||
|
# Verify HTTPS connections. (boolean value)
|
||||||
|
#insecure=false
|
||||||
|
|
||||||
|
# Directory used to cache files related to PKI tokens (string
|
||||||
|
# value)
|
||||||
|
#signing_dir=<None>
|
||||||
|
|
||||||
|
# If defined, the memcache server(s) to use for caching (list
|
||||||
|
# value)
|
||||||
|
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||||
|
#memcached_servers=<None>
|
||||||
|
|
||||||
|
# In order to prevent excessive requests and validations, the
|
||||||
|
# middleware uses an in-memory cache for the tokens the
|
||||||
|
# Keystone API returns. This is only valid if memcache_servers
|
||||||
|
# is defined. Set to -1 to disable caching completely.
|
||||||
|
# (integer value)
|
||||||
|
#token_cache_time=300
|
||||||
|
|
||||||
|
# Value only used for unit testing (integer value)
|
||||||
|
#revocation_cache_time=1
|
||||||
|
|
||||||
|
# (optional) if defined, indicate whether token data should be
|
||||||
|
# authenticated or authenticated and encrypted. Acceptable
|
||||||
|
# values are MAC or ENCRYPT. If MAC, token data is
|
||||||
|
# authenticated (with HMAC) in the cache. If ENCRYPT, token
|
||||||
|
# data is encrypted and authenticated in the cache. If the
|
||||||
|
# value is not one of these options or empty, auth_token will
|
||||||
|
# raise an exception on initialization. (string value)
|
||||||
|
#memcache_security_strategy=<None>
|
||||||
|
|
||||||
|
# (optional, mandatory if memcache_security_strategy is
|
||||||
|
# defined) this string is used for key derivation. (string
|
||||||
|
# value)
|
||||||
|
#memcache_secret_key=<None>
|
||||||
|
|
||||||
|
# (optional) indicate whether to set the X-Service-Catalog
|
||||||
|
# header. If False, middleware will not ask for service
|
||||||
|
# catalog on token validation and will not set the X-Service-
|
||||||
|
# Catalog header. (boolean value)
|
||||||
|
#include_service_catalog=true
|
||||||
|
|
||||||
|
|
||||||
[glance]
|
[glance]
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -654,17 +785,6 @@
|
||||||
#auth_strategy=keystone
|
#auth_strategy=keystone
|
||||||
|
|
||||||
|
|
||||||
[matchmaker_ring]
|
|
||||||
|
|
||||||
#
|
|
||||||
# Options defined in ironic.openstack.common.rpc.matchmaker_ring
|
|
||||||
#
|
|
||||||
|
|
||||||
# Matchmaker ring file (JSON) (string value)
|
|
||||||
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
|
|
||||||
#ringfile=/etc/oslo/matchmaker_ring.json
|
|
||||||
|
|
||||||
|
|
||||||
[pxe]
|
[pxe]
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
export IRONIC_CONFIG_GENERATOR_EXTRA_MODULES=keystoneclient.middleware.auth_token
|
Loading…
Reference in New Issue