openstack-manuals/doc/common/tables/nova-ca.xml

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
  <!-- Warning: Do not edit this file. It is automatically
     generated and your changes will be overwritten.
     The tool to do so lives in openstack-doc-tools repository. -->
  <table rules="all" xml:id="config_table_nova_ca">
    <caption>Description of CA and SSL configuration options</caption>
    <col width="50%"/>
    <col width="50%"/>
    <thead>
      <tr>
        <th>Configuration option = Default value</th>
        <th>Description</th>
      </tr>
    </thead>
    <tbody>
      <tr>
        <th colspan="2">[DEFAULT]</th>
      </tr>
      <tr>
        <td><option>ca_file</option> = <replaceable>cacert.pem</replaceable></td>
        <td>(StrOpt) Filename of root CA</td>
      </tr>
      <tr>
        <td><option>ca_path</option> = <replaceable>$state_path/CA</replaceable></td>
        <td>(StrOpt) Where we keep our root CA</td>
      </tr>
      <tr>
        <td><option>cert</option> = <replaceable>self.pem</replaceable></td>
        <td>(StrOpt) SSL certificate file</td>
      </tr>
      <tr>
        <td><option>cert_manager</option> = <replaceable>nova.cert.manager.CertManager</replaceable></td>
        <td>(StrOpt) Full class name for the Manager for cert</td>
      </tr>
      <tr>
        <td><option>cert_topic</option> = <replaceable>cert</replaceable></td>
        <td>(StrOpt) The topic cert nodes listen on</td>
      </tr>
      <tr>
        <td><option>crl_file</option> = <replaceable>crl.pem</replaceable></td>
        <td>(StrOpt) Filename of root Certificate Revocation List</td>
      </tr>
      <tr>
        <td><option>key_file</option> = <replaceable>private/cakey.pem</replaceable></td>
        <td>(StrOpt) Filename of private key</td>
      </tr>
      <tr>
        <td><option>keys_path</option> = <replaceable>$state_path/keys</replaceable></td>
        <td>(StrOpt) Where we keep our keys</td>
      </tr>
      <tr>
        <td><option>project_cert_subject</option> = <replaceable>/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s</replaceable></td>
        <td>(StrOpt) Subject for certificate for projects, %s for project, timestamp</td>
      </tr>
      <tr>
        <td><option>ssl_ca_file</option> = <replaceable>None</replaceable></td>
        <td>(StrOpt) CA certificate file to use to verify connecting clients</td>
      </tr>
      <tr>
        <td><option>ssl_cert_file</option> = <replaceable>None</replaceable></td>
        <td>(StrOpt) SSL certificate of API server</td>
      </tr>
      <tr>
        <td><option>ssl_key_file</option> = <replaceable>None</replaceable></td>
        <td>(StrOpt) SSL private key of API server</td>
      </tr>
      <tr>
        <td><option>use_project_ca</option> = <replaceable>False</replaceable></td>
        <td>(BoolOpt) Should we use a CA for each project?</td>
      </tr>
      <tr>
        <td><option>user_cert_subject</option> = <replaceable>/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s</replaceable></td>
        <td>(StrOpt) Subject for certificate for users, %s for project, user, timestamp</td>
      </tr>
      <tr>
        <th colspan="2">[ssl]</th>
      </tr>
      <tr>
        <td><option>ca_file</option> = <replaceable>None</replaceable></td>
        <td>(StrOpt) CA certificate file to use to verify connecting clients.</td>
      </tr>
      <tr>
        <td><option>cert_file</option> = <replaceable>None</replaceable></td>
        <td>(StrOpt) Certificate file to use when starting the server securely.</td>
      </tr>
      <tr>
        <td><option>key_file</option> = <replaceable>None</replaceable></td>
        <td>(StrOpt) Private key file to use when starting the server securely.</td>
      </tr>
    </tbody>
  </table>
</para>