From abf7b9efcfd4138872b78c45fb958f453e705553 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 11 Aug 2021 09:27:05 +0900 Subject: [PATCH] Add conf file for oslo-config-generator This change introduces the config file for the oslo-config-generator command, so that users can easily generate octavia.conf.example without tox. Note this change adds parameters of oslo.policy and oslo.middleware which were missing previously. Change-Id: I5ea921cf8d63b28c5143f95dbb47802d5018d7a4 --- devstack/plugin.sh | 4 - etc/config/octavia-config-generator.conf | 15 + etc/octavia.conf | 777 ----------------------- requirements.txt | 2 +- setup.cfg | 2 - tox.ini | 9 +- 6 files changed, 18 insertions(+), 791 deletions(-) create mode 100644 etc/config/octavia-config-generator.conf delete mode 100644 etc/octavia.conf diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 43cf9ff60b..b6851845b5 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -289,10 +289,6 @@ function octavia_configure { sudo mkdir -m 700 -p $OCTAVIA_RUN_DIR safe_chown $STACK_USER $OCTAVIA_RUN_DIR - if ! [ -e $OCTAVIA_CONF ] ; then - cp $OCTAVIA_DIR/etc/octavia.conf $OCTAVIA_CONF - fi - if ! [ -e $OCTAVIA_AUDIT_MAP ] ; then cp $OCTAVIA_DIR/etc/audit/octavia_api_audit_map.conf.sample $OCTAVIA_AUDIT_MAP fi diff --git a/etc/config/octavia-config-generator.conf b/etc/config/octavia-config-generator.conf new file mode 100644 index 0000000000..50ba5e0ffa --- /dev/null +++ b/etc/config/octavia-config-generator.conf @@ -0,0 +1,15 @@ +[DEFAULT] +output_file = etc/octavia/octavia.conf.sample +wrap_width = 79 +summarize = true +namespace = octavia +namespace = oslo.db +namespace = oslo.log +namespace = oslo.messaging +namespace = oslo.middleware.cors +namespace = oslo.middleware.http_proxy_to_wsgi +namespace = oslo.middleware.healthcheck +namespace = oslo.policy +namespace = keystonemiddleware.audit +namespace = keystonemiddleware.auth_token +namespace = cotyledon diff --git a/etc/octavia.conf b/etc/octavia.conf deleted file mode 100644 index 608eb3da92..0000000000 --- a/etc/octavia.conf +++ /dev/null @@ -1,777 +0,0 @@ -[DEFAULT] -# Print debugging output (set logging level to DEBUG instead of default WARNING level). -# debug = False - -# Plugin options are hot_plug_plugin (Hot-pluggable controller plugin) -# octavia_plugins = hot_plug_plugin - -# Hostname to be used by the host machine for services running on it. -# The default value is the hostname of the host machine. -# host = - -# AMQP Transport URL -# For Single Host, specify one full transport URL: -# transport_url = rabbit://:@127.0.0.1:5672/ -# For HA, specify queue nodes in cluster, comma delimited: -# transport_url = rabbit://:@server01,:@server02/ -# transport_url = - -# How long in seconds to wait for octavia worker to exit before killing them. -# graceful_shutdown_timeout = 60 - -[api_settings] -# bind_host = 127.0.0.1 -# bind_port = 9876 - -# How should authentication be handled (keystone, noauth) -# auth_strategy = keystone - -# allow_pagination = True -# allow_sorting = True -# pagination_max_limit = 1000 -# Base URI for the API for use in pagination links. -# This will be autodetected from the request if not overridden here. -# Example: -# api_base_uri = http://localhost:9876 -# api_base_uri = - -# Enable/disable ability for users to create TLS Terminated listeners -# allow_tls_terminated_listeners = True - -# Enable/disable ability for users to create PING type Health Monitors -# allow_ping_health_monitors = True - -# Enable/disable PROMETHEUS listeners -# allow_prometheus_listeners = True - -# Dictionary of enabled provider driver names and descriptions -# A comma separated list of dictionaries of the enabled provider driver names -# and descriptions. -# enabled_provider_drivers = amphora:The Octavia Amphora driver.,octavia: \ -# Deprecated alias of the Octavia Amphora driver. - -# Default provider driver -# default_provider_driver = amphora - -# The minimum health monitor delay interval for UDP-CONNECT Health Monitor type -# udp_connect_min_interval_health_monitor = 3 - -# Boolean to enable/disable oslo middleware /healthcheck in the Octavia API -# healthcheck_enabled = False - -# The interval healthcheck plugins should cache results, in seconds. -# healthcheck_refresh_interval = 5 - -# Default cipher string for new TLS-terminated listeners -# Cipher strings are in OpenSSL format, see https://www.openssl.org/docs/man1.1.1/man1/ciphers.html -# This example is the "Broad Compatibility" cipher string from OWASP, -# see https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html -# default_listener_ciphers = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 - -# Default cipher string for new TLS-enabled pools, in OpenSSL format. -# Cipher strings are in OpenSSL format, see https://www.openssl.org/docs/man1.1.1/man1/ciphers.html -# This example is the "Broad Compatibility" cipher string from OWASP, -# see https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html -# default_pool_ciphers = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 - -# Colon-separated list of disallowed ciphers. Ciphers specified here will not be -# allowed on listeners, pools, or the default values for either. -# tls_cipher_prohibit_list = - -# List of default TLS versions to be used on new TLS-terminated -# listeners. Available versions: SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 -# default_listener_tls_versions = TLSv1.2, TLSv1.3 - -# List of default TLS versions to be used on new TLS-enabled -# pools. Available versions: SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 -# default_pool_tls_versions = TLSv1.2, TLSv1.3 - -# Minimum TLS version to allow for listeners, pools, or the defaults for -# either. Available versions: SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 -# minimum_tls_version = - -# List of default ALPN protocols to be used on new TLS-terminated -# listeners. Available protocols: http/1.0, http/1.1, h2 -# default_listener_alpn_protocols = h2, http/1.1, http/1.0 - -# List of default ALPN protocols to be used on new TLS-terminated -# pools. Available protocols: http/1.0, http/1.1, h2 -# default_pool_alpn_protocols = h2, http/1.1, http/1.0 - - -[database] -# This line MUST be changed to actually run the plugin. -# Example: -# connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia -# Replace 127.0.0.1 above with the IP address of the database used by the -# main octavia server. (Leave it as is if the database runs on this host.) - -# connection = mysql+pymysql:// - -# NOTE: In deployment the [database] section and its connection attribute may -# be set in the corresponding core plugin '.ini' file. However, it is suggested -# to put the [database] section and its connection attribute in this -# configuration file. - -[health_manager] -# bind_ip = 127.0.0.1 -# bind_port = 5555 -# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555 -# controller_ip_port_list = -# failover_threads = 10 -# health_update_threads will default to the number of processors on the host -# health_update_threads = -# stats_update_threads will default to the number of processors on the host -# stats_update_threads = -# heartbeat_interval = 10 -# heartbeat_key = -# heartbeat_timeout = 60 -# health_check_interval = 3 -# sock_rlimit = 0 -# Stop failovers if the count of simultaneously failed -# amphora reaches this number (circuit breaker). This may prevent large -# scale accidental failover events, like in the case of -# network failures or read-only database issues. -# failover_threshold = - -[keystone_authtoken] -# This group of config options are imported from keystone middleware. Thus the -# option names should match the names declared in the middleware. -# The www_authenticate_uri is the public endpoint and is returned in headers on a 401 -# www_authenticate_uri = https://localhost:5000/v3 -# The auth_url is the admin endpoint actually used for validating tokens -# auth_url = https://localhost:5000/v3 -# username = octavia -# password = password -# project_name = service - -# Domain names must be set, these are *not* default but work for most clouds -# project_domain_name = Default -# user_domain_name = Default - -# insecure = False -# cafile = - -[certificates] -# Certificate Generator options are local_cert_generator -# cert_generator = local_cert_generator - -# For local certificate signing: -# ca_certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem -# ca_private_key = /etc/ssl/private/ssl-cert-snakeoil.key -# ca_private_key_passphrase = -# server_certs_key_passphrase = insecure-key-do-not-use-this-key -# signing_digest = sha256 -# cert_validity_time = 2592000 # 30 days = 30d * 24h * 60m * 60s = 2592000s -# storage_path = /var/lib/octavia/certificates/ - -# For the TLS management -# Certificate Manager options are local_cert_manager -# barbican_cert_manager -# castellan_cert_manager -# cert_manager = barbican_cert_manager -# For Barbican authentication (if using any Barbican based cert class) -# barbican_auth = barbican_acl_auth - -# Settings for the key manager endpoint (such as Barbican) - -# Region in Identity service catalog to use for communication with the key manager service. -# region_name = - -# Endpoint type to use for communication with the key manager service. -# endpoint_type = publicURL - -# CA certificates file to verify key manager connections when TLS is enabled -# ca_certificates_file = - -# Disable certificate validation on SSL connections -# insecure = False - -[compute] -# The maximum attempts to retry an action with the compute service. -# max_retries = 15 - -# Seconds to wait before retrying an action with the compute service. -# retry_interval = 1 - -# The seconds to backoff retry attempts -# retry_backoff = 1 - -# The maximum interval in seconds between retry attempts -# retry_max = 10 - -[networking] -# The maximum attempts to retry an action with the networking service. -# max_retries = 15 - -# Seconds to wait before retrying an action with the networking service. -# retry_interval = 1 - -# The seconds to backoff retry attempts -# retry_backoff = 1 - -# The maximum interval in seconds between retry attempts -# retry_max = 10 - -# The maximum time to wait, in seconds, for a port to detach from an amphora -# port_detach_timeout = 300 - -# Allow/disallow specific network object types when creating VIPs. -# allow_vip_network_id = True -# allow_vip_subnet_id = True -# allow_vip_port_id = True - -# List of network_ids that are valid for VIP creation. -# If this field empty, no validation is performed. -# valid_vip_networks = - -# List of reserved IP addresses that cannot be used for member addresses -# The default is the nova metadata service address -# reserved_ips = ['169.254.169.254'] - -# When True, users can use network resources they cannot normally see as VIP -# or member subnets. Making this True may allow users to access resources on -# subnets they do not normally have access to via neutron RBAC policies. -# allow_invisible_resource_usage = False - -[haproxy_amphora] -# base_path = /var/lib/octavia -# base_cert_dir = /var/lib/octavia/certs -# Absolute path to a custom HAProxy template file -# haproxy_template = -# connection_logging = True -# connection_max_retries = 120 -# connection_retry_interval = 5 -# build_rate_limit = -1 -# build_active_retries = 120 -# build_retry_interval = 5 - -# Maximum number of entries that can fit in the stick table. -# The size supports "k", "m", "g" suffixes. -# haproxy_stick_size = 10k - -# REST Driver specific -# bind_host = 0.0.0.0 -# bind_port = 9443 -# -# This setting is only needed with IPv6 link-local addresses (fe80::/64) are -# used for communication between Octavia and its Amphora, if IPv4 or other IPv6 -# addresses are used it can be ignored. -# lb_network_interface = o-hm0 -# -# haproxy_cmd = /usr/sbin/haproxy -# respawn_count = 2 -# respawn_interval = 2 -# client_cert = /etc/octavia/certs/client.pem -# server_ca = /etc/octavia/certs/server_ca.pem -# -# This setting is deprecated. It is now automatically discovered. -# use_upstart = True -# -# rest_request_conn_timeout = 10 -# rest_request_read_timeout = 60 -# -# These "active" timeouts are used once the amphora should already -# be fully up and active. These values are lower than the other values to -# facilitate "fail fast" scenarios like failovers -# active_connection_max_retries = 15 -# active_connection_retry_interval = 2 - -# These "failover" timeouts are used during the failover process to probe -# amphorae that are part of the load balancer being failed over. -# These values are very low to facilitate "fail fast" should an amphora -# not respond in a failure situation. -# failover_connection_max_retries = 2 -# failover_connection_retry_interval = 5 - -# The user flow log format for HAProxy. -# {{ project_id }} and {{ lb_id }} will be automatically substituted by the -# controller when configuring HAProxy if they are present in the string. -# user_log_format = '{{ project_id }} {{ lb_id }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc' - -# API messaging / database commit retries -# This is many times the controller worker retries waiting for the API to -# complete a database commit for a message received over the queue. -# api_db_commit_retry_attempts = 15 -# api_db_commit_retry_initial_delay = 1 -# api_db_commit_retry_backoff = 1 -# api_db_commit_retry_max = 5 - -# Default connection_limit for listeners, this value is used when setting "-1" -# or when unsetting "connection_limit" with the listener API. -# default_connection_limit = 50000 - -[controller_worker] -# workers = 1 -# amp_active_retries = 30 -# amp_active_wait_sec = 10 -# Glance parameters to extract image ID to use for amphora. Only one of -# parameters is needed. Using tags is the recommended way to refer to images. -# amp_image_tag = -# Optional owner ID used to restrict glance images to one owner ID. -# This is a recommended security setting. -# amp_image_owner_id = -# Nova parameters to use when booting amphora -# amp_flavor_id = -# Upload the ssh key as the service_auth user described elsewhere in this config. -# Leaving this variable blank will install no ssh key on the amphora. -# amp_ssh_key_name = -# Defines the timezone to use as represented in /usr/share/zoneinfo. -# Default is UTC. -# amp_timezone = - -# Networks to attach to the Amphorae examples: -# - One primary network -# - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666 -# - Multiple networks -# - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666 -# - All networks defined in the list will be attached to each amphora -# amp_boot_network_list = - -# amp_secgroup_list = -# client_ca = /etc/octavia/certs/ca_01.pem - -# Amphora driver options are amphora_noop_driver, -# amphora_haproxy_rest_driver -# -# amphora_driver = amphora_haproxy_rest_driver -# -# Compute driver options are compute_noop_driver -# compute_nova_driver -# -# compute_driver = compute_nova_driver -# -# Network driver options are network_noop_driver -# allowed_address_pairs_driver -# -# network_driver = allowed_address_pairs_driver -# -# Volume driver options are volume_noop_driver -# volume_cinder_driver -# -# volume_driver = volume_noop_driver -# -# Image driver options are image_noop_driver -# image_glance_driver -# -# image_driver = image_glance_driver -# -# Distributor driver options are distributor_noop_driver -# single_VIP_amphora -# -# distributor_driver = distributor_noop_driver -# -# Statistics update driver options are stats_db -# stats_logger -# Multiple values may be specified as a comma-separated list. -# statistics_drivers = stats_db - -# Load balancer topology options are SINGLE, ACTIVE_STANDBY -# loadbalancer_topology = SINGLE - -# user_data_config_drive = False - -# amphora_delete_retries = 5 -# amphora_delete_retry_interval = 5 - -# Change to False to disable octavia event notifications. -# See oslo_messaging_notifications section for additional -# requirements. -# event_notifications = True - -[task_flow] -# TaskFlow engine options are: -# - serial: Runs all tasks on a single thread. -# - parallel: Schedules tasks onto different threads to allow -# for running non-dependent tasks simultaneously -# -# engine = parallel -# max_workers = 5 -# -# This setting prevents the controller worker from reverting taskflow flows. -# This will leave resources in an inconsistent state and should only be used -# for debugging purposes. -# disable_revert = False - -# Persistence database, which will be used to store tasks states. -# Database connection url with db name (string value) -#persistence_connection = sqlite:// - -# If True, enables TaskFlow jobboard. -# jobboard_enabled = False - -# Jobboard backend driver that will monitor job state. (string value) -# Possible values: -# - redis_taskflow_driver: Driver that will use Redis to store job states. -# - zookeeper_taskflow_driver: Driver that will use Zookeeper to store job -# states. -#jobboard_backend_driver = redis_taskflow_driver - -# Jobboard backend server host(s). (list value) -#jobboard_backend_hosts = 127.0.0.1 - -# Jobboard backend server port (port value) -# Minimum value: 0 -# Maximum value: 65535 -#jobboard_backend_port = 6379 - -# Jobboard backend server password (string value) -#jobboard_backend_password = - -# Jobboard name that should be used to store taskflow job id and -# claims for it. (string value) -#jobboard_backend_namespace = octavia_jobboard - -# Sentinel name if it is used for Redis. -#jobboard_redis_sentinel = None - -# Redis jobboard backend ssl configuration options. (dict value) -# SSL is disabled by default -#jobboard_redis_backend_ssl_options = ssl:False,ssl_ca_certs:None,ssl_cert_reqs:required,ssl_certfile:None,ssl_keyfile:None - -# Zookeeper jobboard backend ssl configuration options. (dict value) -# SSL is disabled by default -#jobboard_zookeeper_ssl_options = use_ssl:False,certfile:None,keyfile:None,keyfile_password:None,verify_certs:True - -# For backends like redis claiming jobs requiring setting the expiry - -# how many seconds the claim should be retained for. (integer value) -#jobboard_expiration_time = 30 - -# If for analysis required saving logbooks info, set this parameter to -# True. By default remove logbook from persistence backend when job -# completed. (boolean value) -#jobboard_save_logbook = false - -[oslo_messaging] -# Queue Consumer Thread Pool Size -# rpc_thread_pool_size = 2 - -# Topic (i.e. Queue) Name -# topic = octavia_prov - -[oslo_middleware] -# HTTPProxyToWSGI middleware enabled -# enable_proxy_headers_parsing = False - -[house_keeping] - -# Cleanup interval for Deleted amphora -# cleanup_interval = 30 -# Amphora expiry age in seconds. Default is 1 week -# amphora_expiry_age = 604800 - -# Load balancer expiry age in seconds. Default is 1 week -# load_balancer_expiry_age = 604800 - -[amphora_agent] -# agent_server_ca = /etc/octavia/certs/client_ca.pem -# agent_server_cert = /etc/octavia/certs/server.pem - -# Defaults for agent_server_network_dir when not specified here are: -# Ubuntu: /etc/netns/amphora-haproxy/network/interfaces.d/ -# Centos/fedora/rhel: /etc/netns/amphora-haproxy/sysconfig/network-scripts/ -# -# agent_server_network_dir = - -# agent_request_read_timeout = 180 - -# Minimum TLS protocol, eg: TLS, TLSv1.1, TLSv1.2, TLSv1.3 (if available) -# agent_tls_protocol = TLSv1.2 - -# This setting is deprecated. Amphora default UDP driver is keepalived_lvs -# -# amphora_udp_driver = keepalived_lvs - -##### Log offloading -# -# Note: The admin and tenant logs can point to the same endpoints. -# -# List of log server ip and port pairs for Administrative logs. -# Additional hosts are backup to the primary server. If none are -# specified, remote logging is disabled. -# Example 192.0.2.1:10514, 2001:db8:1::10:10514' -# -# admin_log_targets = -# -# List of log server ip and port pairs for tenant traffic logs. -# Additional hosts are backup to the primary server. If none are -# specified, remote logging is disabled. -# Example 192.0.2.1:10514, 2001:db8:2::15:10514' -# -# tenant_log_targets = - -# Sets the syslog LOG_LOCAL[0-7] facility number for amphora log offloading. -# user_log_facility will receive the traffic flow logs. -# administrative_log_facility will receive the amphora processes logs. -# Note: Some processes only support LOG_LOCAL, so we are restricted to the -# LOG_LOCAL facilities. -# -# user_log_facility = 0 -# administrative_log_facility = 1 - -# The log forwarding protocol to use. One of TCP or UDP. -# log_protocol = UDP - -# The maximum attempts to retry connecting to the logging host. -# log_retry_count = 5 - -# The time, in seconds, to wait between retries connecting to the logging host. -# log_retry_interval = 2 - -# The queue size (messages) to buffer log messages. -# log_queue_size = 10000 - -# Controller local path to a custom logging configuration template. -# Currently this is an rsyslog configuration file template. -# logging_template_override = - -# When True, the amphora will forward all of the system logs (except tenant -# traffice logs) to the admin log target(s). When False, only amphora specific -# admin logs will be forwarded. -# forward_all_logs = False - -# When True, no logs will be written to the amphora filesystem. When False, -# log files will be written to the local filesystem. -# disable_local_log_storage = False - -[keepalived_vrrp] -# Amphora Role/Priority advertisement interval in seconds -# vrrp_advert_int = 1 - -# Service health check interval and success/fail count -# vrrp_check_interval = 5 -# vrrp_fail_count = 2 -# vrrp_success_count = 2 - -# Amphora MASTER gratuitous ARP refresh settings -# vrrp_garp_refresh_interval = 5 -# vrrp_garp_refresh_count = 2 - -[service_auth] -# memcached_servers = -# cafile = /opt/stack/data/ca-bundle.pem -# project_domain_name = Default -# project_name = admin -# user_domain_name = Default -# password = password -# username = admin -# auth_type = password -# auth_url = http://localhost:5555/ - -[nova] -# The name of the nova service in the keystone catalog -# service_name = -# Custom nova endpoint if override is necessary -# endpoint = - -# Region in Identity service catalog to use for communication with the -# OpenStack services. -# region_name = - -# Endpoint type in Identity service catalog to use for communication with -# the OpenStack services. -# endpoint_type = publicURL - -# CA certificates file to verify neutron connections when TLS is enabled -# ca_certificates_file = - -# Disable certificate validation on SSL connections -# insecure = False - -# If non-zero, generate a random name of the length provided for each amphora, -# in the format "a[A-Z0-9]*". -# Otherwise, the default name format will be used: "amphora-{UUID}". -# random_amphora_name_length = 0 -# -# Availability zone to use for creating Amphorae -# availability_zone = - -# Enable anti-affinity in nova -# enable_anti_affinity = False -# Set the anti-affinity policy to what is suitable. -# Nova supports: anti-affinity and soft-anti-affinity -# anti_affinity_policy = anti-affinity - -[cinder] -# The name of the cinder service in the keystone catalog -# service_name = -# Custom cinder endpoint if override is necessary -# endpoint = - -# Region in Identity service catalog to use for communication with the -# OpenStack services. -# region_name = - -# Endpoint type in Identity service catalog to use for communication with -# the OpenStack services. -# endpoint_type = publicURL - -# Availability zone to use for creating Volume -# availability_zone = - -# CA certificates file to verify cinder connections when TLS is enabled -# insecure = False -# ca_certificates_file = - -# Size of root volume in GB for Amphora Instance when use Cinder -# In some storage backends such as ScaleIO, the size of volume is multiple of 8 -# volume_size = 16 - -# Volume type to be used for Amphora Instance root disk -# If not specified, default_volume_type from cinder.conf will be used -# volume_type = - -# Interval time to wait until volume becomes available -# volume_create_retry_interval = 5 - -# Timeout to wait for volume creation success -# volume_create_timeout = 300 - -# Maximum number of retries to create volume -# volume_create_max_retries = 5 - -[glance] -# The name of the glance service in the keystone catalog -# service_name = -# Custom glance endpoint if override is necessary -# endpoint = - -# Region in Identity service catalog to use for communication with the -# OpenStack services. -# region_name = - -# Endpoint type in Identity service catalog to use for communication with -# the OpenStack services. -# endpoint_type = publicURL - -# CA certificates file to verify neutron connections when TLS is enabled -# insecure = False -# ca_certificates_file = - -[neutron] -# The name of the neutron service in the keystone catalog -# service_name = -# Custom neutron endpoint if override is necessary -# endpoint = - -# Region in Identity service catalog to use for communication with the -# OpenStack services. -# region_name = - -# Endpoint type in Identity service catalog to use for communication with -# the OpenStack services. -# endpoint_type = publicURL - -# CA certificates file to verify neutron connections when TLS is enabled -# insecure = False -# ca_certificates_file = - -[quotas] -# default_load_balancer_quota = -1 -# default_listener_quota = -1 -# default_member_quota = -1 -# default_pool_quota = -1 -# default_health_monitor_quota = -1 -# default_l7policy_quota = -1 -# default_l7rule_quota = -1 - -[audit] -# Enable auditing of API requests. -# enabled = False - -# Path to audit map file for octavia-api service. Used only -# when API audit is enabled. -# audit_map_file = /etc/octavia/octavia_api_audit_map.conf - -# Comma separated list of REST API HTTP methods to be -# ignored during audit. For example: auditing will not be done -# on any GET or POST requests if this is set to "GET,POST". It -# is used only when API audit is enabled. -# ignore_req_list = - -[audit_middleware_notifications] -# Note: This section comes from openstack/keystonemiddleware -# It is included here for documentation convenience and may be out of date - -# Indicate whether to use oslo_messaging as the notifier. If set to False, -# the local logger will be used as the notifier. If set to True, the -# oslo_messaging package must also be present. Otherwise, the local will be -# used instead. -# use_oslo_messaging = True - -# The Driver to handle sending notifications. Possible values are messaging, -# messagingv2, routing, log, test, noop. If not specified, then value from -# oslo_messaging_notifications conf section is used. -# driver = - -# List of AMQP topics used for OpenStack notifications. If not specified, -# then value from oslo_messaging_notifications conf section is used. -# topics = - -# A URL representing messaging driver to use for notification. If not -# specified, we fall back to the same configuration used for RPC. -# transport_url = - -[oslo_messaging_notifications] -# This section comes from openstack/oslo.messaging and is used for -# event notifications, e.g. octavia.loadbalancer.create.end. - -# The default value for driver is None. Without setting this value, -# topics will not be created and notifications will not be sent. -# driver = messagingv2 - -# The value for topics is a list, and the default topic created is -# called notifications. Topics in this list will be created automatically -# by oslo.messaging. You can change the topic or add additional ones if -# needed -# topics = notifications, - -# oslo.messaging supports separate transport for notifications. If you -# would like to use a different transport, you may set this option. -# By default, the same transport URL as rpc messages will be used. -# transport_url = - -[driver_agent] -# status_socket_path = /var/run/octavia/status.sock -# stats_socket_path = /var/run/octavia/stats.sock -# get_socket_path = /var/run/octavia/get.sock - -# Maximum time to wait for a status message before checking for shutdown -# status_request_timeout = 5 - -# Maximum number of status processes per driver-agent -# status_max_processes = 50 - -# Maximum time to wait for a stats message before checking for shutdown -# stats_request_timeout = 5 - -# Maximum number of stats processes per driver-agent -# stats_max_processes = 50 - -# Percentage of max_processes (both status and stats) in use to start -# logging warning messages about an overloaded driver-agent. -# max_process_warning_percent = .75 - -# How long in seconds to wait for provider agents to exit before killing them. -# provider_agent_shutdown_timeout = 60 - -# List of enabled provider agents. -# enabled_provider_agents = - -[healthcheck] -# WARNING: Enabling the 'detailed' setting will expose sensitive details about -# the API process. Do not enabled this unless you are sure it will -# not pose a security risk to your API instances. -# We highly recommend you do not enable this. -# detailed = False - -# This is a list of oslo middleware healthcheck backend plugins to enable for -# the oslo middleware health check. -# -# Plugins provided by oslo middleware: -# disable_by_file -# disable_by_files_ports -# Plugins provided by Octavia: -# octavia_db_check -# -# backends = diff --git a/requirements.txt b/requirements.txt index 50c6172985..15b546ea32 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,7 +15,7 @@ futurist>=1.2.0 # Apache-2.0 requests>=2.23.0 # Apache-2.0 rfc3986>=1.2.0 # Apache-2.0 keystoneauth1>=3.4.0 # Apache-2.0 -keystonemiddleware>=4.17.0 # Apache-2.0 +keystonemiddleware>=9.5.0 # Apache-2.0 python-neutronclient>=6.7.0 # Apache-2.0 WebOb>=1.8.2 # MIT stevedore>=1.20.0 # Apache-2.0 diff --git a/setup.cfg b/setup.cfg index 0ff93ea04b..f50ec6f45e 100644 --- a/setup.cfg +++ b/setup.cfg @@ -25,8 +25,6 @@ classifier = packages = octavia data_files = - etc/octavia = - etc/octavia.conf share/octavia = LICENSE README.rst diff --git a/tox.ini b/tox.ini index f2c7a54c81..beeb496ea9 100644 --- a/tox.ini +++ b/tox.ini @@ -118,13 +118,8 @@ commands = {posargs} allowlist_externals = mkdir commands = mkdir -p etc/octavia - oslo-config-generator --output-file etc/octavia/octavia.conf.sample \ - --namespace octavia \ - --namespace oslo.db \ - --namespace oslo.log \ - --namespace oslo.messaging \ - --namespace keystonemiddleware.auth_token \ - --namespace cotyledon + oslo-config-generator \ + --config-file etc/config/octavia-config-generator.conf [testenv:genpolicy] allowlist_externals = mkdir