From 0bd3791e15d4328b587b6339dcd84ea682c562fd Mon Sep 17 00:00:00 2001 From: Abhishek Kekane Date: Fri, 3 Sep 2021 13:36:57 +0000 Subject: [PATCH] Refresh Glance example configs for Xena milestone 3 Change-Id: Ib0d69c875ed6291b0ab2b82e737d201f7041bbc8 --- etc/glance-api.conf | 335 ++++++++++++++++++++++++++++++++++++--- etc/glance-cache.conf | 60 ++++++- etc/glance-manage.conf | 5 - etc/glance-scrubber.conf | 65 ++++++-- 4 files changed, 425 insertions(+), 40 deletions(-) diff --git a/etc/glance-api.conf b/etc/glance-api.conf index 91421ce3d2..5cb9648cce 100644 --- a/etc/glance-api.conf +++ b/etc/glance-api.conf @@ -1260,6 +1260,105 @@ #rpc_ping_enabled = false +[barbican] + +# +# From castellan.config +# + +# Use this endpoint to connect to Barbican, for example: +# "http://localhost:9311/" (string value) +#barbican_endpoint = + +# Version of the Barbican API, for example: "v1" (string value) +#barbican_api_version = + +# Use this endpoint to connect to Keystone (string value) +# Deprecated group/name - [key_manager]/auth_url +#auth_endpoint = http://localhost/identity/v3 + +# Number of seconds to wait before retrying poll for key creation completion +# (integer value) +#retry_delay = 1 + +# Number of times to retry poll for key creation completion (integer value) +#number_of_retries = 60 + +# Specifies if insecure TLS (https) requests. If False, the server's certificate +# will not be validated, if True, we can set the verify_ssl_path config +# meanwhile. (boolean value) +#verify_ssl = true + +# A path to a bundle or CA certs to check against, or None for requests to +# attempt to locate and use certificates which verify_ssh is True. If verify_ssl +# is False, this is ignored. (string value) +#verify_ssl_path = + +# Specifies the type of endpoint. Allowed values are: public, private, and +# admin (string value) +# Possible values: +# public - +# internal - +# admin - +#barbican_endpoint_type = public + +# Specifies the region of the chosen endpoint. (string value) +#barbican_region_name = + +# +# When True, if sending a user token to a REST API, also send a service token. +# +# Nova often reuses the user token provided to the nova-api to talk to other +# REST +# APIs, such as Cinder, Glance and Neutron. It is possible that while the user +# token was valid when the request was made to Nova, the token may expire before +# it reaches the other service. To avoid any failures, and to make it clear it +# is +# Nova calling the service on the user's behalf, we include a service token +# along +# with the user token. Should the user's token have expired, a valid service +# token ensures the REST API request will still be accepted by the keystone +# middleware. +# (boolean value) +#send_service_user_token = false + + +[barbican_service_user] + +# +# From castellan.config +# + +# PEM encoded Certificate Authority to use when verifying HTTPs connections. +# (string value) +#cafile = + +# PEM encoded client certificate cert file (string value) +#certfile = + +# PEM encoded client certificate key file (string value) +#keyfile = + +# Verify HTTPS connections. (boolean value) +#insecure = false + +# Timeout value for http requests (integer value) +#timeout = + +# Collect per-API call timing information. (boolean value) +#collect_timing = false + +# Log requests to multiple loggers. (boolean value) +#split_loggers = false + +# Authentication type to load (string value) +# Deprecated group/name - [barbican_service_user]/auth_plugin +#auth_type = + +# Config Section from which to load plugin specific options (string value) +#auth_section = + + [cinder] # @@ -1291,6 +1390,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_catalog_info = volumev3::publicURL @@ -1316,6 +1417,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # * cinder_catalog_info # # (string value) @@ -1430,6 +1533,8 @@ # * cinder_store_user_name # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_auth_address = @@ -1437,8 +1542,9 @@ # # User name to authenticate against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following non-domain-related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid user name @@ -1447,15 +1553,34 @@ # * cinder_store_auth_address # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_user_name = +# +# Domain of the user to authenticate against cinder. +# +# Possible values: +# * A valid domain name for the user specified by ``cinder_store_user_name`` +# +# Related options: +# * cinder_store_auth_address +# * cinder_store_password +# * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_name +# +# (string value) +#cinder_store_user_domain_name = Default + # # Password for the user authenticating against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid password for the user specified by ``cinder_store_user_name`` @@ -1464,6 +1589,8 @@ # * cinder_store_auth_address # * cinder_store_user_name # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_password = @@ -1474,8 +1601,9 @@ # If this configuration option is not set, the project in current context is # used. # -# This must be used with all the following related options. If any of these are -# not specified, the project of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid project name @@ -1484,10 +1612,29 @@ # * ``cinder_store_auth_address`` # * ``cinder_store_user_name`` # * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` # # (string value) #cinder_store_project_name = +# +# Domain of the project where the image volume is stored in cinder. +# +# Possible values: +# * A valid domain name of the project specified by +# ``cinder_store_project_name`` +# +# Related options: +# * ``cinder_store_auth_address`` +# * ``cinder_store_user_name`` +# * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` +# +# (string value) +#cinder_store_project_domain_name = Default + # # Path to the rootwrap configuration file to use for running commands as root. # @@ -1633,11 +1780,6 @@ # Connections which have been present in the connection pool longer than this # number of seconds will be replaced with a new one the next time they are # checked out from the pool. (integer value) -# Deprecated group/name - [DATABASE]/idle_timeout -# Deprecated group/name - [database]/idle_timeout -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout #connection_recycle_time = 3600 # Maximum number of SQL connections to keep open in a pool. Setting a value of 0 @@ -3129,6 +3271,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_catalog_info = volumev3::publicURL @@ -3154,6 +3298,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # * cinder_catalog_info # # (string value) @@ -3268,6 +3414,8 @@ # * cinder_store_user_name # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_auth_address = @@ -3275,8 +3423,9 @@ # # User name to authenticate against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following non-domain-related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid user name @@ -3285,15 +3434,34 @@ # * cinder_store_auth_address # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_user_name = +# +# Domain of the user to authenticate against cinder. +# +# Possible values: +# * A valid domain name for the user specified by ``cinder_store_user_name`` +# +# Related options: +# * cinder_store_auth_address +# * cinder_store_password +# * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_name +# +# (string value) +#cinder_store_user_domain_name = Default + # # Password for the user authenticating against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid password for the user specified by ``cinder_store_user_name`` @@ -3302,6 +3470,8 @@ # * cinder_store_auth_address # * cinder_store_user_name # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_password = @@ -3312,8 +3482,9 @@ # If this configuration option is not set, the project in current context is # used. # -# This must be used with all the following related options. If any of these are -# not specified, the project of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid project name @@ -3322,10 +3493,29 @@ # * ``cinder_store_auth_address`` # * ``cinder_store_user_name`` # * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` # # (string value) #cinder_store_project_name = +# +# Domain of the project where the image volume is stored in cinder. +# +# Possible values: +# * A valid domain name of the project specified by +# ``cinder_store_project_name`` +# +# Related options: +# * ``cinder_store_auth_address`` +# * ``cinder_store_user_name`` +# * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` +# +# (string value) +#cinder_store_project_domain_name = Default + # # Path to the rootwrap configuration file to use for running commands as root. # @@ -4659,6 +4849,83 @@ #disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop +[key_manager] + +# +# From castellan.config +# + +# Specify the key manager implementation. Options are "barbican" and "vault". +# Default is "barbican". Will support the values earlier set using +# [key_manager]/api_class for some time. (string value) +# Deprecated group/name - [key_manager]/api_class +#backend = barbican + +# The type of authentication credential to create. Possible values are 'token', +# 'password', 'keystone_token', and 'keystone_password'. Required if no context +# is passed to the credential factory. (string value) +#auth_type = + +# Token for authentication. Required for 'token' and 'keystone_token' auth_type +# if no context is passed to the credential factory. (string value) +#token = + +# Username for authentication. Required for 'password' auth_type. Optional for +# the 'keystone_password' auth_type. (string value) +#username = + +# Password for authentication. Required for 'password' and 'keystone_password' +# auth_type. (string value) +#password = + +# Use this endpoint to connect to Keystone. (string value) +#auth_url = + +# User ID for authentication. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#user_id = + +# User's domain ID for authentication. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#user_domain_id = + +# User's domain name for authentication. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#user_domain_name = + +# Trust ID for trust scoping. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#trust_id = + +# Domain ID for domain scoping. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#domain_id = + +# Domain name for domain scoping. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#domain_name = + +# Project ID for project scoping. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#project_id = + +# Project name for project scoping. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#project_name = + +# Project's domain ID for project. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#project_domain_id = + +# Project's domain name for project. Optional for 'keystone_token' and +# 'keystone_password' auth_type. (string value) +#project_domain_name = + +# Allow fetching a new token if the current one is going to expire. Optional for +# 'keystone_token' and 'keystone_password' auth_type. (boolean value) +#reauthenticate = true + + [keystone_authtoken] # @@ -5700,6 +5967,38 @@ #conversion_format = raw +[vault] + +# +# From castellan.config +# + +# root token for vault (string value) +#root_token_id = + +# AppRole role_id for authentication with vault (string value) +#approle_role_id = + +# AppRole secret_id for authentication with vault (string value) +#approle_secret_id = + +# Mountpoint of KV store in Vault to use, for example: secret (string value) +#kv_mountpoint = secret + +# Version of KV store in Vault to use, for example: 2 (integer value) +#kv_version = 2 + +# Use this endpoint to connect to Vault, for example: "http://127.0.0.1:8200" +# (string value) +#vault_url = http://127.0.0.1:8200 + +# Absolute path to ca cert file (string value) +#ssl_ca_crt_file = + +# SSL Enabled/Disabled (boolean value) +#use_ssl = false + + [wsgi] # @@ -5723,4 +6022,4 @@ # same interpreter running Glance itself. However, in some situations # (i.e. uwsgi) this may not actually point to a python interpreter # itself. (string value) -#python_interpreter = /opt/stack/glance/.tox/genconfig/bin/python +#python_interpreter = /home/ubuntu/glance/.tox/genconfig/bin/python diff --git a/etc/glance-cache.conf b/etc/glance-cache.conf index 7406087d87..0e4d7dd808 100644 --- a/etc/glance-cache.conf +++ b/etc/glance-cache.conf @@ -879,6 +879,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_catalog_info = volumev3::publicURL @@ -904,6 +906,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # * cinder_catalog_info # # (string value) @@ -1018,6 +1022,8 @@ # * cinder_store_user_name # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_auth_address = @@ -1025,8 +1031,9 @@ # # User name to authenticate against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following non-domain-related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid user name @@ -1035,15 +1042,34 @@ # * cinder_store_auth_address # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_user_name = +# +# Domain of the user to authenticate against cinder. +# +# Possible values: +# * A valid domain name for the user specified by ``cinder_store_user_name`` +# +# Related options: +# * cinder_store_auth_address +# * cinder_store_password +# * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_name +# +# (string value) +#cinder_store_user_domain_name = Default + # # Password for the user authenticating against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid password for the user specified by ``cinder_store_user_name`` @@ -1052,6 +1078,8 @@ # * cinder_store_auth_address # * cinder_store_user_name # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_password = @@ -1062,8 +1090,9 @@ # If this configuration option is not set, the project in current context is # used. # -# This must be used with all the following related options. If any of these are -# not specified, the project of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid project name @@ -1072,10 +1101,29 @@ # * ``cinder_store_auth_address`` # * ``cinder_store_user_name`` # * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` # # (string value) #cinder_store_project_name = +# +# Domain of the project where the image volume is stored in cinder. +# +# Possible values: +# * A valid domain name of the project specified by +# ``cinder_store_project_name`` +# +# Related options: +# * ``cinder_store_auth_address`` +# * ``cinder_store_user_name`` +# * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` +# +# (string value) +#cinder_store_project_domain_name = Default + # # Path to the rootwrap configuration file to use for running commands as root. # diff --git a/etc/glance-manage.conf b/etc/glance-manage.conf index 50eefcfc71..fea4985bc9 100644 --- a/etc/glance-manage.conf +++ b/etc/glance-manage.conf @@ -185,11 +185,6 @@ # Connections which have been present in the connection pool longer than this # number of seconds will be replaced with a new one the next time they are # checked out from the pool. (integer value) -# Deprecated group/name - [DATABASE]/idle_timeout -# Deprecated group/name - [database]/idle_timeout -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout #connection_recycle_time = 3600 # Maximum number of SQL connections to keep open in a pool. Setting a value of 0 diff --git a/etc/glance-scrubber.conf b/etc/glance-scrubber.conf index c2676181b1..33166067d6 100644 --- a/etc/glance-scrubber.conf +++ b/etc/glance-scrubber.conf @@ -795,11 +795,6 @@ # Connections which have been present in the connection pool longer than this # number of seconds will be replaced with a new one the next time they are # checked out from the pool. (integer value) -# Deprecated group/name - [DATABASE]/idle_timeout -# Deprecated group/name - [database]/idle_timeout -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout #connection_recycle_time = 3600 # Maximum number of SQL connections to keep open in a pool. Setting a value of 0 @@ -986,6 +981,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_catalog_info = volumev3::publicURL @@ -1011,6 +1008,8 @@ # * cinder_store_user_name # * cinder_store_project_name # * cinder_store_password +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # * cinder_catalog_info # # (string value) @@ -1125,6 +1124,8 @@ # * cinder_store_user_name # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_auth_address = @@ -1132,8 +1133,9 @@ # # User name to authenticate against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following non-domain-related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid user name @@ -1142,15 +1144,34 @@ # * cinder_store_auth_address # * cinder_store_password # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_user_name = +# +# Domain of the user to authenticate against cinder. +# +# Possible values: +# * A valid domain name for the user specified by ``cinder_store_user_name`` +# +# Related options: +# * cinder_store_auth_address +# * cinder_store_password +# * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_name +# +# (string value) +#cinder_store_user_domain_name = Default + # # Password for the user authenticating against cinder. # -# This must be used with all the following related options. If any of these are -# not specified, the user of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid password for the user specified by ``cinder_store_user_name`` @@ -1159,6 +1180,8 @@ # * cinder_store_auth_address # * cinder_store_user_name # * cinder_store_project_name +# * cinder_store_project_domain_name +# * cinder_store_user_domain_name # # (string value) #cinder_store_password = @@ -1169,8 +1192,9 @@ # If this configuration option is not set, the project in current context is # used. # -# This must be used with all the following related options. If any of these are -# not specified, the project of the current context is used. +# This must be used with all the following related options. +# If any of these are not specified (except domain-related options), +# the user of the current context is used. # # Possible values: # * A valid project name @@ -1179,10 +1203,29 @@ # * ``cinder_store_auth_address`` # * ``cinder_store_user_name`` # * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` # # (string value) #cinder_store_project_name = +# +# Domain of the project where the image volume is stored in cinder. +# +# Possible values: +# * A valid domain name of the project specified by +# ``cinder_store_project_name`` +# +# Related options: +# * ``cinder_store_auth_address`` +# * ``cinder_store_user_name`` +# * ``cinder_store_password`` +# * ``cinder_store_project_domain_name`` +# * ``cinder_store_user_domain_name`` +# +# (string value) +#cinder_store_project_domain_name = Default + # # Path to the rootwrap configuration file to use for running commands as root. #