[config-ref] update octavia config options for Ocata

Change-Id: Ifb82578ff5d7f8c3fff0c066a456abf5a9ca8c09
2017-02-24 06:19:06 +09:00 · 2017-02-24 06:19:06 +09:00 · 4ddcb2c207
parent e25984d201
commit 4ddcb2c207
3 changed files with 143 additions and 14 deletions
--- a/doc/config-reference/source/tables/octavia-common.rst
+++ b/doc/config-reference/source/tables/octavia-common.rst
@ -30,8 +30,8 @@
     - (String) The handler that the API communicates with
   * - ``api_paste_config`` = ``api-paste.ini``
     - (String) The API paste config file to use
-   * - ``auth_strategy`` = ``keystone``
-     - (String) The type of authentication to use
+   * - ``auth_strategy`` = ``noauth``
+     - (String) The auth strategy for API requests.
   * - ``bind_host`` = ``127.0.0.1``
     - (IP) The host IP to bind to
   * - ``bind_port`` = ``9876``
@ -48,11 +48,13 @@
     - (String) The maximum number of items returned in a single response. The string 'infinite' or a negative integer value means 'no limit'
   * - **[amphora_agent]**
     -
+   * - ``agent_request_read_timeout`` = ``120``
+     - (Integer) The time in seconds to allow a request from the controller to run before terminating the socket.
   * - ``agent_server_ca`` = ``/etc/octavia/certs/client_ca.pem``
     - (String) The ca which signed the client certificates
   * - ``agent_server_cert`` = ``/etc/octavia/certs/server.pem``
     - (String) The server certificate for the agent.py server to use
-   * - ``agent_server_network_dir`` = ``/etc/netns/amphora-haproxy/network/interfaces.d/``
+   * - ``agent_server_network_dir`` = ``None``
     - (String) The directory where new network interfaces are located
   * - ``agent_server_network_file`` = ``None``
     - (String) The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir.
@ -72,6 +74,8 @@
     - (String) Name of the Barbican authentication method to use
   * - ``ca_certificate`` = ``/etc/ssl/certs/ssl-cert-snakeoil.pem``
     - (String) Absolute path to the CA Certificate for signing. Defaults to env[OS_OCTAVIA_TLS_CA_CERT].
+   * - ``ca_certificates_file`` = ``None``
+     - (String) CA certificates file path
   * - ``ca_private_key`` = ``/etc/ssl/private/ssl-cert-snakeoil.key``
     - (String) Absolute path to the Private Key for signing. Defaults to env[OS_OCTAVIA_TLS_CA_KEY].
   * - ``ca_private_key_passphrase`` = ``None``
@ -80,10 +84,16 @@
     - (String) Name of the cert generator to use
   * - ``cert_manager`` = ``barbican_cert_manager``
     - (String) Name of the cert manager to use
+   * - ``endpoint`` = ``None``
+     - (String) A new endpoint to override the endpoint in the keystone catalog.
   * - ``endpoint_type`` = ``publicURL``
     - (String) The endpoint_type to be used for barbican service.
+   * - ``insecure`` = ``False``
+     - (Boolean) Disable certificate validation on SSL connections
   * - ``region_name`` = ``None``
     - (String) Region in Identity service catalog to use for communication with the barbican service.
+   * - ``service_name`` = ``None``
+     - (String) The name of the certificate service in the keystonecatalog
   * - ``signing_digest`` = ``sha256``
     - (String) Certificate signing digest. Defaults to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or "sha256".
   * - ``storage_path`` = ``/var/lib/octavia/certificates/``
@ -114,8 +124,6 @@
     - (String) SSH key name used to boot the Amphora
   * - ``amphora_driver`` = ``amphora_noop_driver``
     - (String) Name of the amphora driver to use
-   * - ``cert_generator`` = ``local_cert_generator``
-     - (String) Name of the cert generator to use
   * - ``client_ca`` = ``/etc/octavia/certs/ca_01.pem``
     - (String) Client CA for the amphora agent to use
   * - ``compute_driver`` = ``compute_noop_driver``
@ -146,7 +154,7 @@
     - (String) Base directory for cert storage.
   * - ``base_path`` = ``/var/lib/octavia``
     - (String) Base directory for amphora files.
-   * - ``bind_host`` = ``0.0.0.0``
+   * - ``bind_host`` = ``::``
     - (IP) The host IP to bind to
   * - ``bind_port`` = ``9443``
     - (Port number) The port to bind to
@ -162,6 +170,8 @@
     - (String) Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k
   * - ``haproxy_template`` = ``None``
     - (String) Custom haproxy template.
+   * - ``lb_network_interface`` = ``o-hm0``
+     - (String) Network interface through which to reach amphora, only required if using IPv6 link local addresses.
   * - ``respawn_count`` = ``2``
     - (Integer) The respawn count for haproxy's upstart script
   * - ``respawn_interval`` = ``2``
@ -173,7 +183,9 @@
   * - ``server_ca`` = ``/etc/octavia/certs/server_ca.pem``
     - (String) The ca which signed the server certificates
   * - ``use_upstart`` = ``True``
-     - (Boolean) If False, use sysvinit.
+     - (Boolean) DEPRECATED: If False, use sysvinit. This is now automatically discovered  and configured.
+   * - ``user_group`` = ``nogroup``
+     - (String) The user group for haproxy to run under inside the amphora.
   * - **[health_manager]**
     -
   * - ``bind_ip`` = ``127.0.0.1``
@ -198,6 +210,18 @@
     - (Integer) sets the value of the heartbeat recv buffer
   * - ``status_update_threads`` = ``50``
     - (Integer) Number of threads performing amphora status update.
+   * - **[healthcheck]**
+     -
+   * - ``backends`` =
+     - (List) Additional backends that can perform health checks and report that information back as part of a request.
+   * - ``detailed`` = ``False``
+     - (Boolean) Show more detailed information as part of the response
+   * - ``disable_by_file_path`` = ``None``
+     - (String) Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin.
+   * - ``disable_by_file_paths`` =
+     - (List) Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin.
+   * - ``path`` = ``/healthcheck``
+     - (String) DEPRECATED: The path to respond to healtcheck requests on.
   * - **[house_keeping]**
     -
   * - ``amphora_expiry_age`` = ``604800``
@ -278,6 +302,42 @@
     - (Integer) The maximum body size for each request, in bytes.
   * - ``secure_proxy_ssl_header`` = ``X-Forwarded-Proto``
     - (String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.
+   * - **[oslo_policy]**
+     -
+   * - ``policy_default_rule`` = ``default``
+     - (String) Default rule. Enforced when a requested rule is not found.
+   * - ``policy_dirs`` = ``['policy.d']``
+     - (Multi-valued) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
+   * - ``policy_file`` = ``policy.json``
+     - (String) The file that defines policies.
+   * - **[quotas]**
+     -
+   * - ``default_health_monitor_quota`` = ``-1``
+     - (Integer) Default per project health monitor quota.
+   * - ``default_listener_quota`` = ``-1``
+     - (Integer) Default per project listener quota.
+   * - ``default_load_balancer_quota`` = ``-1``
+     - (Integer) Default per project load balancer quota.
+   * - ``default_member_quota`` = ``-1``
+     - (Integer) Default per project member quota.
+   * - ``default_pool_quota`` = ``-1``
+     - (Integer) Default per project pool quota.
+   * - **[service_auth]**
+     -
+   * - ``auth_section`` = ``None``
+     - (Unknown) Config Section from which to load plugin specific options
+   * - ``auth_type`` = ``None``
+     - (Unknown) Authentication type to load
+   * - ``cafile`` = ``None``
+     - (String) PEM encoded Certificate Authority to use when verifying HTTPs connections.
+   * - ``certfile`` = ``None``
+     - (String) PEM encoded client certificate cert file
+   * - ``insecure`` = ``False``
+     - (Boolean) Verify HTTPS connections.
+   * - ``keyfile`` = ``None``
+     - (String) PEM encoded client certificate key file
+   * - ``timeout`` = ``None``
+     - (Integer) Timeout value for http requests
   * - **[task_flow]**
     -
   * - ``engine`` = ``serial``
--- a/doc/config-reference/source/tables/octavia-redis.rst
+++ b/doc/config-reference/source/tables/octavia-redis.rst
@ -29,8 +29,8 @@
   * - ``sentinel_group_name`` = ``oslo-messaging-zeromq``
     - (String) Redis replica set name.
   * - ``sentinel_hosts`` =
-     - (List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g. [host:port, host1:port ... ] Replaced by [DEFAULT]/transport_url
+     - (List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, host1:port ... ] Replaced by [DEFAULT]/transport_url
   * - ``socket_timeout`` = ``10000``
-     - (Integer) Timeout in ms on blocking socket operations
+     - (Integer) Timeout in ms on blocking socket operations.
   * - ``wait_timeout`` = ``2000``
     - (Integer) Time in ms to wait between connection attempts.
--- a/tools/autogenerate-config-flagmappings/octavia.flagmappings
+++ b/tools/autogenerate-config-flagmappings/octavia.flagmappings
@ -29,11 +29,19 @@ logging_user_identity_format disable
 octavia_plugins common
 pagination_max_limit common
 publish_errors disable
+rate_limit_burst disable
+rate_limit_except_level disable
+rate_limit_interval disable
+rpc_ack_timeout_base disable
+rpc_ack_timeout_multiplier disable
 rpc_backend disable
-rpc_cast_timeout disable
 rpc_conn_pool_size disable
+rpc_message_ttl disable
 rpc_poll_timeout disable
 rpc_response_timeout disable
+rpc_retry_attempts disable
+rpc_thread_pool_size disable
+rpc_use_acks disable
 rpc_zmq_bind_address disable
 rpc_zmq_bind_port_retries disable
 rpc_zmq_contexts disable
@ -44,17 +52,26 @@ rpc_zmq_max_port disable
 rpc_zmq_min_port disable
 rpc_zmq_serialization disable
 rpc_zmq_topic_backlog disable
+subscribe_on disable
 syslog_log_facility disable
 transport_url disable
+use_dynamic_connections disable
 use_pub_sub disable
 use_router_proxy disable
 use_stderr disable
 use_syslog disable
 verbose disable
 watch_log_file disable
+zmq_failover_connections disable
 zmq_immediate disable
+zmq_linger disable
 zmq_target_expire disable
 zmq_target_update disable
+zmq_tcp_keepalive disable
+zmq_tcp_keepalive_cnt disable
+zmq_tcp_keepalive_idle disable
+zmq_tcp_keepalive_intvl disable
+amphora_agent/agent_request_read_timeout common
 amphora_agent/agent_server_ca common
 amphora_agent/agent_server_cert common
 amphora_agent/agent_server_network_dir common
@ -65,12 +82,16 @@ anchor/url common
 anchor/username common
 certificates/barbican_auth common
 certificates/ca_certificate common
+certificates/ca_certificates_file common
 certificates/ca_private_key common
 certificates/ca_private_key_passphrase common
 certificates/cert_generator common
 certificates/cert_manager common
+certificates/endpoint common
 certificates/endpoint_type common
+certificates/insecure common
 certificates/region_name common
+certificates/service_name common
 certificates/signing_digest common
 certificates/storage_path common
 controller_worker/amp_active_retries common
@ -85,7 +106,6 @@ controller_worker/amp_secgroup_list common
 controller_worker/amp_ssh_access_allowed common
 controller_worker/amp_ssh_key_name common
 controller_worker/amphora_driver common
-controller_worker/cert_generator common
 controller_worker/client_ca common
 controller_worker/compute_driver common
 controller_worker/loadbalancer_topology common
@ -139,12 +159,14 @@ haproxy_amphora/connection_retry_interval common
 haproxy_amphora/haproxy_cmd common
 haproxy_amphora/haproxy_stick_size common
 haproxy_amphora/haproxy_template common
+haproxy_amphora/lb_network_interface common
 haproxy_amphora/respawn_count common
 haproxy_amphora/respawn_interval common
 haproxy_amphora/rest_request_conn_timeout common
 haproxy_amphora/rest_request_read_timeout common
 haproxy_amphora/server_ca common
 haproxy_amphora/use_upstart common
+haproxy_amphora/user_group common
 health_manager/bind_ip common
 health_manager/bind_port common
 health_manager/controller_ip_port_list common
@ -156,6 +178,11 @@ health_manager/heartbeat_key common
 health_manager/heartbeat_timeout common
 health_manager/sock_rlimit common
 health_manager/status_update_threads common
+healthcheck/backends common
+healthcheck/detailed common
+healthcheck/disable_by_file_path common
+healthcheck/disable_by_file_paths common
+healthcheck/path common
 house_keeping/amphora_expiry_age common
 house_keeping/cert_expiry_buffer common
 house_keeping/cert_interval common
@ -206,10 +233,10 @@ keystone_authtoken/memcache_use_advanced_pool disable
 keystone_authtoken/memcached_servers disable
 keystone_authtoken/region_name disable
 keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/service_token_roles disable
+keystone_authtoken/service_token_roles_required disable
 keystone_authtoken/signing_dir disable
 keystone_authtoken/token_cache_time disable
-keystone_authtoken_v3/admin_project_domain auth_token
-keystone_authtoken_v3/admin_user_domain auth_token
 matchmaker_redis/check_timeout redis
 matchmaker_redis/host redis
 matchmaker_redis/password redis
@ -249,9 +276,11 @@ oslo_messaging_amqp/connection_retry_interval_max disable
 oslo_messaging_amqp/container_name disable
 oslo_messaging_amqp/default_notification_exchange disable
 oslo_messaging_amqp/default_notify_timeout disable
+oslo_messaging_amqp/default_reply_retry disable
 oslo_messaging_amqp/default_reply_timeout disable
 oslo_messaging_amqp/default_rpc_exchange disable
 oslo_messaging_amqp/default_send_timeout disable
+oslo_messaging_amqp/default_sender_link_timeout disable
 oslo_messaging_amqp/group_request_prefix disable
 oslo_messaging_amqp/idle_timeout disable
 oslo_messaging_amqp/link_retry_delay disable
@ -259,6 +288,7 @@ oslo_messaging_amqp/multicast_address disable
 oslo_messaging_amqp/notify_address_prefix disable
 oslo_messaging_amqp/notify_server_credit disable
 oslo_messaging_amqp/password disable
+oslo_messaging_amqp/pre_settled disable
 oslo_messaging_amqp/reply_link_credit disable
 oslo_messaging_amqp/rpc_address_prefix disable
 oslo_messaging_amqp/rpc_server_credit disable
@ -273,6 +303,16 @@ oslo_messaging_amqp/ssl_key_password disable
 oslo_messaging_amqp/trace disable
 oslo_messaging_amqp/unicast_address disable
 oslo_messaging_amqp/username disable
+oslo_messaging_kafka/conn_pool_min_size disable
+oslo_messaging_kafka/conn_pool_ttl disable
+oslo_messaging_kafka/consumer_group disable
+oslo_messaging_kafka/kafka_consumer_timeout disable
+oslo_messaging_kafka/kafka_default_host disable
+oslo_messaging_kafka/kafka_default_port disable
+oslo_messaging_kafka/kafka_max_fetch_bytes disable
+oslo_messaging_kafka/pool_size disable
+oslo_messaging_kafka/producer_batch_size disable
+oslo_messaging_kafka/producer_batch_timeout disable
 oslo_messaging_notifications/driver disable
 oslo_messaging_notifications/topics disable
 oslo_messaging_notifications/transport_url disable
@ -286,6 +326,7 @@ oslo_messaging_rabbit/default_notification_exchange disable
 oslo_messaging_rabbit/default_notification_retry_attempts disable
 oslo_messaging_rabbit/default_rpc_exchange disable
 oslo_messaging_rabbit/default_rpc_retry_attempts disable
+oslo_messaging_rabbit/default_serializer_type disable
 oslo_messaging_rabbit/fake_rabbit disable
 oslo_messaging_rabbit/frame_max disable
 oslo_messaging_rabbit/heartbeat_interval disable
@ -335,8 +376,13 @@ oslo_messaging_rabbit/socket_timeout disable
 oslo_messaging_rabbit/ssl disable
 oslo_messaging_rabbit/ssl_options disable
 oslo_messaging_rabbit/tcp_user_timeout disable
-oslo_messaging_zmq/rpc_cast_timeout disable
+oslo_messaging_zmq/rpc_ack_timeout_base disable
+oslo_messaging_zmq/rpc_ack_timeout_multiplier disable
+oslo_messaging_zmq/rpc_message_ttl disable
 oslo_messaging_zmq/rpc_poll_timeout disable
+oslo_messaging_zmq/rpc_retry_attempts disable
+oslo_messaging_zmq/rpc_thread_pool_size disable
+oslo_messaging_zmq/rpc_use_acks disable
 oslo_messaging_zmq/rpc_zmq_bind_address disable
 oslo_messaging_zmq/rpc_zmq_bind_port_retries disable
 oslo_messaging_zmq/rpc_zmq_contexts disable
@ -347,13 +393,36 @@ oslo_messaging_zmq/rpc_zmq_max_port disable
 oslo_messaging_zmq/rpc_zmq_min_port disable
 oslo_messaging_zmq/rpc_zmq_serialization disable
 oslo_messaging_zmq/rpc_zmq_topic_backlog disable
+oslo_messaging_zmq/subscribe_on disable
+oslo_messaging_zmq/use_dynamic_connections disable
 oslo_messaging_zmq/use_pub_sub disable
 oslo_messaging_zmq/use_router_proxy disable
+oslo_messaging_zmq/zmq_failover_connections disable
 oslo_messaging_zmq/zmq_immediate disable
+oslo_messaging_zmq/zmq_linger disable
 oslo_messaging_zmq/zmq_target_expire disable
 oslo_messaging_zmq/zmq_target_update disable
+oslo_messaging_zmq/zmq_tcp_keepalive disable
+oslo_messaging_zmq/zmq_tcp_keepalive_cnt disable
+oslo_messaging_zmq/zmq_tcp_keepalive_idle disable
+oslo_messaging_zmq/zmq_tcp_keepalive_intvl disable
 oslo_middleware/enable_proxy_headers_parsing common
 oslo_middleware/max_request_body_size common
 oslo_middleware/secure_proxy_ssl_header common
+oslo_policy/policy_default_rule common
+oslo_policy/policy_dirs common
+oslo_policy/policy_file common
+quotas/default_health_monitor_quota common
+quotas/default_listener_quota common
+quotas/default_load_balancer_quota common
+quotas/default_member_quota common
+quotas/default_pool_quota common
+service_auth/auth_section common
+service_auth/auth_type common
+service_auth/cafile common
+service_auth/certfile common
+service_auth/insecure common
+service_auth/keyfile common
+service_auth/timeout common
 task_flow/engine common
 task_flow/max_workers common