diff --git a/doc/config-reference/source/tables/octavia-common.rst b/doc/config-reference/source/tables/octavia-common.rst index 4c0e8c5e43..90c4700d77 100644 --- a/doc/config-reference/source/tables/octavia-common.rst +++ b/doc/config-reference/source/tables/octavia-common.rst @@ -30,8 +30,8 @@ - (String) The handler that the API communicates with * - ``api_paste_config`` = ``api-paste.ini`` - (String) The API paste config file to use - * - ``auth_strategy`` = ``keystone`` - - (String) The type of authentication to use + * - ``auth_strategy`` = ``noauth`` + - (String) The auth strategy for API requests. * - ``bind_host`` = ``127.0.0.1`` - (IP) The host IP to bind to * - ``bind_port`` = ``9876`` @@ -48,11 +48,13 @@ - (String) The maximum number of items returned in a single response. The string 'infinite' or a negative integer value means 'no limit' * - **[amphora_agent]** - + * - ``agent_request_read_timeout`` = ``120`` + - (Integer) The time in seconds to allow a request from the controller to run before terminating the socket. * - ``agent_server_ca`` = ``/etc/octavia/certs/client_ca.pem`` - (String) The ca which signed the client certificates * - ``agent_server_cert`` = ``/etc/octavia/certs/server.pem`` - (String) The server certificate for the agent.py server to use - * - ``agent_server_network_dir`` = ``/etc/netns/amphora-haproxy/network/interfaces.d/`` + * - ``agent_server_network_dir`` = ``None`` - (String) The directory where new network interfaces are located * - ``agent_server_network_file`` = ``None`` - (String) The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir. @@ -72,6 +74,8 @@ - (String) Name of the Barbican authentication method to use * - ``ca_certificate`` = ``/etc/ssl/certs/ssl-cert-snakeoil.pem`` - (String) Absolute path to the CA Certificate for signing. Defaults to env[OS_OCTAVIA_TLS_CA_CERT]. + * - ``ca_certificates_file`` = ``None`` + - (String) CA certificates file path * - ``ca_private_key`` = ``/etc/ssl/private/ssl-cert-snakeoil.key`` - (String) Absolute path to the Private Key for signing. Defaults to env[OS_OCTAVIA_TLS_CA_KEY]. * - ``ca_private_key_passphrase`` = ``None`` @@ -80,10 +84,16 @@ - (String) Name of the cert generator to use * - ``cert_manager`` = ``barbican_cert_manager`` - (String) Name of the cert manager to use + * - ``endpoint`` = ``None`` + - (String) A new endpoint to override the endpoint in the keystone catalog. * - ``endpoint_type`` = ``publicURL`` - (String) The endpoint_type to be used for barbican service. + * - ``insecure`` = ``False`` + - (Boolean) Disable certificate validation on SSL connections * - ``region_name`` = ``None`` - (String) Region in Identity service catalog to use for communication with the barbican service. + * - ``service_name`` = ``None`` + - (String) The name of the certificate service in the keystonecatalog * - ``signing_digest`` = ``sha256`` - (String) Certificate signing digest. Defaults to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or "sha256". * - ``storage_path`` = ``/var/lib/octavia/certificates/`` @@ -114,8 +124,6 @@ - (String) SSH key name used to boot the Amphora * - ``amphora_driver`` = ``amphora_noop_driver`` - (String) Name of the amphora driver to use - * - ``cert_generator`` = ``local_cert_generator`` - - (String) Name of the cert generator to use * - ``client_ca`` = ``/etc/octavia/certs/ca_01.pem`` - (String) Client CA for the amphora agent to use * - ``compute_driver`` = ``compute_noop_driver`` @@ -146,7 +154,7 @@ - (String) Base directory for cert storage. * - ``base_path`` = ``/var/lib/octavia`` - (String) Base directory for amphora files. - * - ``bind_host`` = ``0.0.0.0`` + * - ``bind_host`` = ``::`` - (IP) The host IP to bind to * - ``bind_port`` = ``9443`` - (Port number) The port to bind to @@ -162,6 +170,8 @@ - (String) Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k * - ``haproxy_template`` = ``None`` - (String) Custom haproxy template. + * - ``lb_network_interface`` = ``o-hm0`` + - (String) Network interface through which to reach amphora, only required if using IPv6 link local addresses. * - ``respawn_count`` = ``2`` - (Integer) The respawn count for haproxy's upstart script * - ``respawn_interval`` = ``2`` @@ -173,7 +183,9 @@ * - ``server_ca`` = ``/etc/octavia/certs/server_ca.pem`` - (String) The ca which signed the server certificates * - ``use_upstart`` = ``True`` - - (Boolean) If False, use sysvinit. + - (Boolean) DEPRECATED: If False, use sysvinit. This is now automatically discovered and configured. + * - ``user_group`` = ``nogroup`` + - (String) The user group for haproxy to run under inside the amphora. * - **[health_manager]** - * - ``bind_ip`` = ``127.0.0.1`` @@ -198,6 +210,18 @@ - (Integer) sets the value of the heartbeat recv buffer * - ``status_update_threads`` = ``50`` - (Integer) Number of threads performing amphora status update. + * - **[healthcheck]** + - + * - ``backends`` = + - (List) Additional backends that can perform health checks and report that information back as part of a request. + * - ``detailed`` = ``False`` + - (Boolean) Show more detailed information as part of the response + * - ``disable_by_file_path`` = ``None`` + - (String) Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin. + * - ``disable_by_file_paths`` = + - (List) Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin. + * - ``path`` = ``/healthcheck`` + - (String) DEPRECATED: The path to respond to healtcheck requests on. * - **[house_keeping]** - * - ``amphora_expiry_age`` = ``604800`` @@ -278,6 +302,42 @@ - (Integer) The maximum body size for each request, in bytes. * - ``secure_proxy_ssl_header`` = ``X-Forwarded-Proto`` - (String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy. + * - **[oslo_policy]** + - + * - ``policy_default_rule`` = ``default`` + - (String) Default rule. Enforced when a requested rule is not found. + * - ``policy_dirs`` = ``['policy.d']`` + - (Multi-valued) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored. + * - ``policy_file`` = ``policy.json`` + - (String) The file that defines policies. + * - **[quotas]** + - + * - ``default_health_monitor_quota`` = ``-1`` + - (Integer) Default per project health monitor quota. + * - ``default_listener_quota`` = ``-1`` + - (Integer) Default per project listener quota. + * - ``default_load_balancer_quota`` = ``-1`` + - (Integer) Default per project load balancer quota. + * - ``default_member_quota`` = ``-1`` + - (Integer) Default per project member quota. + * - ``default_pool_quota`` = ``-1`` + - (Integer) Default per project pool quota. + * - **[service_auth]** + - + * - ``auth_section`` = ``None`` + - (Unknown) Config Section from which to load plugin specific options + * - ``auth_type`` = ``None`` + - (Unknown) Authentication type to load + * - ``cafile`` = ``None`` + - (String) PEM encoded Certificate Authority to use when verifying HTTPs connections. + * - ``certfile`` = ``None`` + - (String) PEM encoded client certificate cert file + * - ``insecure`` = ``False`` + - (Boolean) Verify HTTPS connections. + * - ``keyfile`` = ``None`` + - (String) PEM encoded client certificate key file + * - ``timeout`` = ``None`` + - (Integer) Timeout value for http requests * - **[task_flow]** - * - ``engine`` = ``serial`` diff --git a/doc/config-reference/source/tables/octavia-redis.rst b/doc/config-reference/source/tables/octavia-redis.rst index 508452e1b5..cad59dd48f 100644 --- a/doc/config-reference/source/tables/octavia-redis.rst +++ b/doc/config-reference/source/tables/octavia-redis.rst @@ -29,8 +29,8 @@ * - ``sentinel_group_name`` = ``oslo-messaging-zeromq`` - (String) Redis replica set name. * - ``sentinel_hosts`` = - - (List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g. [host:port, host1:port ... ] Replaced by [DEFAULT]/transport_url + - (List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, host1:port ... ] Replaced by [DEFAULT]/transport_url * - ``socket_timeout`` = ``10000`` - - (Integer) Timeout in ms on blocking socket operations + - (Integer) Timeout in ms on blocking socket operations. * - ``wait_timeout`` = ``2000`` - (Integer) Time in ms to wait between connection attempts. diff --git a/tools/autogenerate-config-flagmappings/octavia.flagmappings b/tools/autogenerate-config-flagmappings/octavia.flagmappings index 2408c83320..6d826bafb4 100644 --- a/tools/autogenerate-config-flagmappings/octavia.flagmappings +++ b/tools/autogenerate-config-flagmappings/octavia.flagmappings @@ -29,11 +29,19 @@ logging_user_identity_format disable octavia_plugins common pagination_max_limit common publish_errors disable +rate_limit_burst disable +rate_limit_except_level disable +rate_limit_interval disable +rpc_ack_timeout_base disable +rpc_ack_timeout_multiplier disable rpc_backend disable -rpc_cast_timeout disable rpc_conn_pool_size disable +rpc_message_ttl disable rpc_poll_timeout disable rpc_response_timeout disable +rpc_retry_attempts disable +rpc_thread_pool_size disable +rpc_use_acks disable rpc_zmq_bind_address disable rpc_zmq_bind_port_retries disable rpc_zmq_contexts disable @@ -44,17 +52,26 @@ rpc_zmq_max_port disable rpc_zmq_min_port disable rpc_zmq_serialization disable rpc_zmq_topic_backlog disable +subscribe_on disable syslog_log_facility disable transport_url disable +use_dynamic_connections disable use_pub_sub disable use_router_proxy disable use_stderr disable use_syslog disable verbose disable watch_log_file disable +zmq_failover_connections disable zmq_immediate disable +zmq_linger disable zmq_target_expire disable zmq_target_update disable +zmq_tcp_keepalive disable +zmq_tcp_keepalive_cnt disable +zmq_tcp_keepalive_idle disable +zmq_tcp_keepalive_intvl disable +amphora_agent/agent_request_read_timeout common amphora_agent/agent_server_ca common amphora_agent/agent_server_cert common amphora_agent/agent_server_network_dir common @@ -65,12 +82,16 @@ anchor/url common anchor/username common certificates/barbican_auth common certificates/ca_certificate common +certificates/ca_certificates_file common certificates/ca_private_key common certificates/ca_private_key_passphrase common certificates/cert_generator common certificates/cert_manager common +certificates/endpoint common certificates/endpoint_type common +certificates/insecure common certificates/region_name common +certificates/service_name common certificates/signing_digest common certificates/storage_path common controller_worker/amp_active_retries common @@ -85,7 +106,6 @@ controller_worker/amp_secgroup_list common controller_worker/amp_ssh_access_allowed common controller_worker/amp_ssh_key_name common controller_worker/amphora_driver common -controller_worker/cert_generator common controller_worker/client_ca common controller_worker/compute_driver common controller_worker/loadbalancer_topology common @@ -139,12 +159,14 @@ haproxy_amphora/connection_retry_interval common haproxy_amphora/haproxy_cmd common haproxy_amphora/haproxy_stick_size common haproxy_amphora/haproxy_template common +haproxy_amphora/lb_network_interface common haproxy_amphora/respawn_count common haproxy_amphora/respawn_interval common haproxy_amphora/rest_request_conn_timeout common haproxy_amphora/rest_request_read_timeout common haproxy_amphora/server_ca common haproxy_amphora/use_upstart common +haproxy_amphora/user_group common health_manager/bind_ip common health_manager/bind_port common health_manager/controller_ip_port_list common @@ -156,6 +178,11 @@ health_manager/heartbeat_key common health_manager/heartbeat_timeout common health_manager/sock_rlimit common health_manager/status_update_threads common +healthcheck/backends common +healthcheck/detailed common +healthcheck/disable_by_file_path common +healthcheck/disable_by_file_paths common +healthcheck/path common house_keeping/amphora_expiry_age common house_keeping/cert_expiry_buffer common house_keeping/cert_interval common @@ -206,10 +233,10 @@ keystone_authtoken/memcache_use_advanced_pool disable keystone_authtoken/memcached_servers disable keystone_authtoken/region_name disable keystone_authtoken/revocation_cache_time disable +keystone_authtoken/service_token_roles disable +keystone_authtoken/service_token_roles_required disable keystone_authtoken/signing_dir disable keystone_authtoken/token_cache_time disable -keystone_authtoken_v3/admin_project_domain auth_token -keystone_authtoken_v3/admin_user_domain auth_token matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis @@ -249,9 +276,11 @@ oslo_messaging_amqp/connection_retry_interval_max disable oslo_messaging_amqp/container_name disable oslo_messaging_amqp/default_notification_exchange disable oslo_messaging_amqp/default_notify_timeout disable +oslo_messaging_amqp/default_reply_retry disable oslo_messaging_amqp/default_reply_timeout disable oslo_messaging_amqp/default_rpc_exchange disable oslo_messaging_amqp/default_send_timeout disable +oslo_messaging_amqp/default_sender_link_timeout disable oslo_messaging_amqp/group_request_prefix disable oslo_messaging_amqp/idle_timeout disable oslo_messaging_amqp/link_retry_delay disable @@ -259,6 +288,7 @@ oslo_messaging_amqp/multicast_address disable oslo_messaging_amqp/notify_address_prefix disable oslo_messaging_amqp/notify_server_credit disable oslo_messaging_amqp/password disable +oslo_messaging_amqp/pre_settled disable oslo_messaging_amqp/reply_link_credit disable oslo_messaging_amqp/rpc_address_prefix disable oslo_messaging_amqp/rpc_server_credit disable @@ -273,6 +303,16 @@ oslo_messaging_amqp/ssl_key_password disable oslo_messaging_amqp/trace disable oslo_messaging_amqp/unicast_address disable oslo_messaging_amqp/username disable +oslo_messaging_kafka/conn_pool_min_size disable +oslo_messaging_kafka/conn_pool_ttl disable +oslo_messaging_kafka/consumer_group disable +oslo_messaging_kafka/kafka_consumer_timeout disable +oslo_messaging_kafka/kafka_default_host disable +oslo_messaging_kafka/kafka_default_port disable +oslo_messaging_kafka/kafka_max_fetch_bytes disable +oslo_messaging_kafka/pool_size disable +oslo_messaging_kafka/producer_batch_size disable +oslo_messaging_kafka/producer_batch_timeout disable oslo_messaging_notifications/driver disable oslo_messaging_notifications/topics disable oslo_messaging_notifications/transport_url disable @@ -286,6 +326,7 @@ oslo_messaging_rabbit/default_notification_exchange disable oslo_messaging_rabbit/default_notification_retry_attempts disable oslo_messaging_rabbit/default_rpc_exchange disable oslo_messaging_rabbit/default_rpc_retry_attempts disable +oslo_messaging_rabbit/default_serializer_type disable oslo_messaging_rabbit/fake_rabbit disable oslo_messaging_rabbit/frame_max disable oslo_messaging_rabbit/heartbeat_interval disable @@ -335,8 +376,13 @@ oslo_messaging_rabbit/socket_timeout disable oslo_messaging_rabbit/ssl disable oslo_messaging_rabbit/ssl_options disable oslo_messaging_rabbit/tcp_user_timeout disable -oslo_messaging_zmq/rpc_cast_timeout disable +oslo_messaging_zmq/rpc_ack_timeout_base disable +oslo_messaging_zmq/rpc_ack_timeout_multiplier disable +oslo_messaging_zmq/rpc_message_ttl disable oslo_messaging_zmq/rpc_poll_timeout disable +oslo_messaging_zmq/rpc_retry_attempts disable +oslo_messaging_zmq/rpc_thread_pool_size disable +oslo_messaging_zmq/rpc_use_acks disable oslo_messaging_zmq/rpc_zmq_bind_address disable oslo_messaging_zmq/rpc_zmq_bind_port_retries disable oslo_messaging_zmq/rpc_zmq_contexts disable @@ -347,13 +393,36 @@ oslo_messaging_zmq/rpc_zmq_max_port disable oslo_messaging_zmq/rpc_zmq_min_port disable oslo_messaging_zmq/rpc_zmq_serialization disable oslo_messaging_zmq/rpc_zmq_topic_backlog disable +oslo_messaging_zmq/subscribe_on disable +oslo_messaging_zmq/use_dynamic_connections disable oslo_messaging_zmq/use_pub_sub disable oslo_messaging_zmq/use_router_proxy disable +oslo_messaging_zmq/zmq_failover_connections disable oslo_messaging_zmq/zmq_immediate disable +oslo_messaging_zmq/zmq_linger disable oslo_messaging_zmq/zmq_target_expire disable oslo_messaging_zmq/zmq_target_update disable +oslo_messaging_zmq/zmq_tcp_keepalive disable +oslo_messaging_zmq/zmq_tcp_keepalive_cnt disable +oslo_messaging_zmq/zmq_tcp_keepalive_idle disable +oslo_messaging_zmq/zmq_tcp_keepalive_intvl disable oslo_middleware/enable_proxy_headers_parsing common oslo_middleware/max_request_body_size common oslo_middleware/secure_proxy_ssl_header common +oslo_policy/policy_default_rule common +oslo_policy/policy_dirs common +oslo_policy/policy_file common +quotas/default_health_monitor_quota common +quotas/default_listener_quota common +quotas/default_load_balancer_quota common +quotas/default_member_quota common +quotas/default_pool_quota common +service_auth/auth_section common +service_auth/auth_type common +service_auth/cafile common +service_auth/certfile common +service_auth/insecure common +service_auth/keyfile common +service_auth/timeout common task_flow/engine common task_flow/max_workers common