Update config-ref with keystone_autoken options
The auth_token middleware options were not tracked yet. This patch adds the mapping information, generates the tables and include them in the config-reference. This patch also moves the api_rate_limit nova option in the api section. Closes-Bug: #1254568 Change-Id: I0e34cc8e0a56336118aa933e4018c38c9dcacf9b
This commit is contained in:
parent
13c103902d
commit
ee1c854256
134
doc/common/tables/cinder-auth_token.xml
Normal file
134
doc/common/tables/cinder-auth_token.xml
Normal file
@ -0,0 +1,134 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_cinder_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Memcached servers or None for in process cache.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
134
doc/common/tables/glance-auth_token.xml
Normal file
134
doc/common/tables/glance-auth_token.xml
Normal file
@ -0,0 +1,134 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_glance_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Memcached servers or None for in process cache.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
134
doc/common/tables/heat-auth_token.xml
Normal file
134
doc/common/tables/heat-auth_token.xml
Normal file
@ -0,0 +1,134 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_heat_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Memcached servers or None for in process cache.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
134
doc/common/tables/keystone-auth_token.xml
Normal file
134
doc/common/tables/keystone-auth_token.xml
Normal file
@ -0,0 +1,134 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_keystone_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Memcached servers or None for in process cache.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
134
doc/common/tables/neutron-auth_token.xml
Normal file
134
doc/common/tables/neutron-auth_token.xml
Normal file
@ -0,0 +1,134 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_neutron_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Memcached servers or None for in process cache.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
@ -18,6 +18,10 @@
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>api_rate_limit = False</td>
|
||||
<td>(BoolOpt) Whether to use per-user rate limiting for the api. This option is only used by v2 api. Rate limiting is removed from v3 api.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enable_new_services = True</td>
|
||||
<td>(BoolOpt) Services to be added to the available pool on create</td>
|
||||
|
127
doc/common/tables/nova-auth_token.xml
Normal file
127
doc/common/tables/nova-auth_token.xml
Normal file
@ -0,0 +1,127 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_nova_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
@ -18,10 +18,6 @@
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>api_rate_limit = False</td>
|
||||
<td>(BoolOpt) Whether to use per-user rate limiting for the api. This option is only used by v2 api. Rate limiting is removed from v3 api.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_strategy = noauth</td>
|
||||
<td>(StrOpt) The strategy to use for auth: noauth or keystone.</td>
|
||||
|
134
doc/common/tables/trove-auth_token.xml
Normal file
134
doc/common/tables/trove-auth_token.xml
Normal file
@ -0,0 +1,134 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!-- Warning: Do not edit this file. It is automatically
|
||||
generated and your changes will be overwritten.
|
||||
The tool to do so lives in the tools directory of this
|
||||
repository -->
|
||||
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
||||
<table rules="all" xml:id="config_table_trove_auth_token">
|
||||
<caption>Description of configuration options for auth_token</caption>
|
||||
<col width="50%"/>
|
||||
<col width="50%"/>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Configuration option = Default value</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th colspan="2">[DEFAULT]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Memcached servers or None for in process cache.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="2">[keystone_authtoken]</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_password = None</td>
|
||||
<td>(StrOpt) Keystone account password</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_tenant_name = admin</td>
|
||||
<td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_token = None</td>
|
||||
<td>(StrOpt) Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>admin_user = None</td>
|
||||
<td>(StrOpt) Keystone account username</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_admin_prefix = </td>
|
||||
<td>(StrOpt) Prefix to prepend at the beginning of the path</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_host = 127.0.0.1</td>
|
||||
<td>(StrOpt) Host providing the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_port = 35357</td>
|
||||
<td>(IntOpt) Port of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_protocol = https</td>
|
||||
<td>(StrOpt) Protocol of the admin Identity API endpoint(http or https)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_uri = None</td>
|
||||
<td>(StrOpt) Complete public Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>auth_version = None</td>
|
||||
<td>(StrOpt) API version of the admin Identity API endpoint</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cache = None</td>
|
||||
<td>(StrOpt) Env key for the swift cache</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>cafile = None</td>
|
||||
<td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>certfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>delay_auth_decision = False</td>
|
||||
<td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>enforce_token_bind = permissive</td>
|
||||
<td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_connect_timeout = None</td>
|
||||
<td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>http_request_max_retries = 3</td>
|
||||
<td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>include_service_catalog = True</td>
|
||||
<td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>insecure = False</td>
|
||||
<td>(BoolOpt) Verify HTTPS connections.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>keyfile = None</td>
|
||||
<td>(StrOpt) Required if Keystone server requires client certificate</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_secret_key = None</td>
|
||||
<td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcache_security_strategy = None</td>
|
||||
<td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>memcached_servers = None</td>
|
||||
<td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>revocation_cache_time = 300</td>
|
||||
<td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>signing_dir = None</td>
|
||||
<td>(StrOpt) Directory used to cache files related to PKI tokens</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>token_cache_time = 300</td>
|
||||
<td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</para>
|
@ -10,6 +10,7 @@
|
||||
<filename>cinder.conf</filename> file.
|
||||
</para>
|
||||
|
||||
<xi:include href="../../common/tables/cinder-auth_token.xml"/>
|
||||
<xi:include href="../../common/tables/cinder-connection.xml"/>
|
||||
<xi:include href="../../common/tables/cinder-huawei.xml"/>
|
||||
<xi:include href="../../common/tables/cinder-nas.xml"/>
|
||||
|
@ -16,6 +16,7 @@
|
||||
Database Service configuration options.</para>
|
||||
|
||||
<xi:include href="../common/tables/trove-api.xml"/>
|
||||
<xi:include href="../common/tables/trove-auth_token.xml"/>
|
||||
<xi:include href="../common/tables/trove-backup.xml"/>
|
||||
<xi:include href="../common/tables/trove-common.xml"/>
|
||||
<xi:include href="../common/tables/trove-compute.xml"/>
|
||||
|
@ -26,6 +26,7 @@
|
||||
|
||||
<para>You can modify many options in the OpenStack Image Service.
|
||||
The following tables provide a comprehensive list.</para>
|
||||
<xi:include href="../common/tables/glance-auth_token.xml"/>
|
||||
<xi:include href="../common/tables/glance-common.xml"/>
|
||||
<xi:include href="../common/tables/glance-db.xml"/>
|
||||
<xi:include href="../common/tables/glance-imagecache.xml"/>
|
||||
|
@ -19,6 +19,7 @@
|
||||
<para>The following tables provide a comprehensive list of the Orchestration
|
||||
configuration options.</para>
|
||||
|
||||
<xi:include href="../common/tables/heat-auth_token.xml"/>
|
||||
<xi:include href="../common/tables/heat-common.xml"/>
|
||||
<xi:include href="../common/tables/heat-crypt.xml"/>
|
||||
<xi:include href="../common/tables/heat-database.xml"/>
|
||||
|
@ -10,6 +10,7 @@
|
||||
<xi:include href="../../common/tables/nova-api.xml"/>
|
||||
<xi:include href="../../common/tables/nova-apiv3.xml"/>
|
||||
<xi:include href="../../common/tables/nova-authentication.xml"/>
|
||||
<xi:include href="../../common/tables/nova-auth_token.xml"/>
|
||||
<xi:include href="../../common/tables/nova-availabilityzones.xml"/>
|
||||
<xi:include href="../../common/tables/nova-baremetal.xml"/>
|
||||
<xi:include href="../../common/tables/nova-ca.xml"/>
|
||||
|
@ -27,6 +27,12 @@
|
||||
<xi:include href="../../common/tables/neutron-api.xml"/>
|
||||
</section>
|
||||
|
||||
<section xml:id="networking-options-auth_token">
|
||||
<title>Token authentication</title>
|
||||
<para>Use the following options to alter token authentication settings.</para>
|
||||
<xi:include href="../../common/tables/neutron-auth_token.xml"/>
|
||||
</section>
|
||||
|
||||
<section xml:id="networking-options-compute">
|
||||
<title>Compute</title>
|
||||
<para>Use the following options to alter Compute-related settings.</para>
|
||||
|
@ -141,6 +141,7 @@ max_age quota
|
||||
max_gigabytes storage
|
||||
max_header_line api
|
||||
max_luns_per_storage_group emc
|
||||
memcached_servers auth_token
|
||||
migration_create_volume_timeout_secs storage
|
||||
monkey_patch common
|
||||
monkey_patch_modules common
|
||||
@ -411,6 +412,32 @@ fc-zone-manager/zone_driver zoning_manager
|
||||
fc-zone-manager/zoning_policy zoning
|
||||
keymgr/api_class keymgr
|
||||
keymgr/fixed_key keymgr
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
matchmaker_ring/ringfile rpc
|
||||
ssl/ca_file ssl
|
||||
ssl/cert_file ssl
|
||||
|
@ -77,6 +77,7 @@ logging_exception_prefix logging
|
||||
matchmaker_heartbeat_freq matchmaker
|
||||
matchmaker_heartbeat_ttl matchmaker
|
||||
max_header_line wsgi
|
||||
memcached_servers auth_token
|
||||
metadata_encryption_key common
|
||||
mongodb_store_db gridfs
|
||||
mongodb_store_uri gridfs
|
||||
@ -212,6 +213,32 @@ database/sqlite_synchronous db
|
||||
database/use_db_reconnect db
|
||||
image_format/container_formats common
|
||||
image_format/disk_formats common
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
matchmaker_ring/ringfile matchmaker
|
||||
paste_deploy/config_file paste
|
||||
paste_deploy/flavor paste
|
||||
|
@ -53,6 +53,7 @@ max_nested_stack_depth quota
|
||||
max_resources_per_stack quota
|
||||
max_stacks_per_tenant quota
|
||||
max_template_size quota
|
||||
memcached_servers auth_token
|
||||
notification_driver amqp
|
||||
notification_topics amqp
|
||||
onready notification
|
||||
@ -191,6 +192,32 @@ heat_api_cloudwatch/cert_file cloudwatch_api
|
||||
heat_api_cloudwatch/key_file cloudwatch_api
|
||||
heat_api_cloudwatch/max_header_line cloudwatch_api
|
||||
heat_api_cloudwatch/workers cloudwatch_api
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
matchmaker_redis/host redis
|
||||
matchmaker_redis/password redis
|
||||
matchmaker_redis/port redis
|
||||
|
@ -47,6 +47,7 @@ max_request_body_size api
|
||||
max_token_size api
|
||||
member_role_id api
|
||||
member_role_name api
|
||||
memcached_servers auth_token
|
||||
notification_driver amqp
|
||||
notification_topics amqp
|
||||
onready notification
|
||||
@ -154,6 +155,32 @@ identity/domain_specific_drivers_enabled identity
|
||||
identity/driver identity
|
||||
identity/list_limit identity
|
||||
identity/max_password_length identity
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
kvs/backends kvs
|
||||
kvs/config_prefix kvs
|
||||
kvs/default_lock_timeout kvs
|
||||
|
@ -91,6 +91,7 @@ max_request_body_size api
|
||||
max_routes quotas
|
||||
max_subnet_host_routes common
|
||||
measure_interval metering_agent
|
||||
memcached_servers auth_token
|
||||
meta_flavor_driver_mappings metadata
|
||||
metadata_backlog metadata
|
||||
metadata_port metadata
|
||||
@ -454,6 +455,32 @@ heleoslb/sync_interval embrane_lb
|
||||
hyperv/force_hyperv_utils_v1 hyperv_agent
|
||||
ipsec/config_base_dir vpn
|
||||
ipsec/ipsec_status_check_interval vpn
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
l2pop/agent_boot_time ml2_l2pop
|
||||
matchmaker_redis/host redis
|
||||
matchmaker_redis/password redis
|
||||
|
@ -9,7 +9,7 @@ allowed_rpc_exception_modules testing
|
||||
amqp_auto_delete rpc rpc_all
|
||||
amqp_durable_queues rpc rpc_all
|
||||
api_paste_config wsgi
|
||||
api_rate_limit authentication
|
||||
api_rate_limit api
|
||||
auth_strategy authentication
|
||||
auto_assign_floating_ip network
|
||||
backdoor_port testing
|
||||
@ -512,6 +512,32 @@ hyperv/vswitch_name hyperv
|
||||
image_file_url/filesystems glance
|
||||
keymgr/api_class keymgr
|
||||
keymgr/fixed_key keymgr
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
libvirt/block_migration_flag hypervisor
|
||||
libvirt/checksum_base_images libvirt
|
||||
libvirt/checksum_interval_seconds libvirt
|
||||
|
@ -100,6 +100,7 @@ max_backups_per_user quota
|
||||
max_header_line api
|
||||
max_instances_per_user quota
|
||||
max_volumes_per_user quota
|
||||
memcached_servers auth_token
|
||||
mount_options guestagent
|
||||
network_label_regex logging
|
||||
notification_driver amqp
|
||||
@ -207,6 +208,32 @@ couchbase/mount_point db_couchbase
|
||||
couchbase/tcp_ports db_couchbase
|
||||
couchbase/udp_ports db_couchbase
|
||||
couchbase/usage_timeout db_couchbase
|
||||
keystone_authtoken/admin_password auth_token
|
||||
keystone_authtoken/admin_tenant_name auth_token
|
||||
keystone_authtoken/admin_token auth_token
|
||||
keystone_authtoken/admin_user auth_token
|
||||
keystone_authtoken/auth_admin_prefix auth_token
|
||||
keystone_authtoken/auth_host auth_token
|
||||
keystone_authtoken/auth_port auth_token
|
||||
keystone_authtoken/auth_protocol auth_token
|
||||
keystone_authtoken/auth_uri auth_token
|
||||
keystone_authtoken/auth_version auth_token
|
||||
keystone_authtoken/cache auth_token
|
||||
keystone_authtoken/cafile auth_token
|
||||
keystone_authtoken/certfile auth_token
|
||||
keystone_authtoken/delay_auth_decision auth_token
|
||||
keystone_authtoken/enforce_token_bind auth_token
|
||||
keystone_authtoken/http_connect_timeout auth_token
|
||||
keystone_authtoken/http_request_max_retries auth_token
|
||||
keystone_authtoken/include_service_catalog auth_token
|
||||
keystone_authtoken/insecure auth_token
|
||||
keystone_authtoken/keyfile auth_token
|
||||
keystone_authtoken/memcache_secret_key auth_token
|
||||
keystone_authtoken/memcache_security_strategy auth_token
|
||||
keystone_authtoken/memcached_servers auth_token
|
||||
keystone_authtoken/revocation_cache_time auth_token
|
||||
keystone_authtoken/signing_dir auth_token
|
||||
keystone_authtoken/token_cache_time auth_token
|
||||
matchmaker_redis/host redis
|
||||
matchmaker_redis/password redis
|
||||
matchmaker_redis/port redis
|
||||
|
Loading…
Reference in New Issue
Block a user