apevec pushed to openstack-nova (master). "update keystone_authtoken section in sample conf (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Mon May 4 17:34:32 UTC 2015 

>From 69755b4a072edff0957ee256290395600edbab9e Mon Sep 17 00:00:00 2001
From: Alan Pevec <alan.pevec at redhat.com>
Date: Mon, 4 May 2015 19:17:15 +0200
Subject: update keystone_authtoken section in sample conf

Previous version was generated with an old version of keystonemiddleware

Change-Id: I62124a5e73d15666bf69b67b0242337a826a99be

diff --git a/nova.conf.sample b/nova.conf.sample
index afff5bc..84847b3 100644
--- a/nova.conf.sample
+++ b/nova.conf.sample
@@ -2540,143 +2540,161 @@
 [keystone_authtoken]
 
 #
-# Options defined in keystonemiddleware.auth_token
+# From keystonemiddleware.auth_token
 #
 
 # Complete public Identity API endpoint. (string value)
-#auth_uri=<None>
+#auth_uri = <None>
 
-# API version of the admin Identity API endpoint. (string
-# value)
-#auth_version=<None>
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
 
-# Do not handle authorization requests within the middleware,
-# but delegate the authorization decision to downstream WSGI
-# components. (boolean value)
-#delay_auth_decision=false
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision = false
 
-# Request timeout value for communicating with Identity API
-# server. (integer value)
-#http_connect_timeout=<None>
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout = <None>
 
-# How many times are we trying to reconnect when communicating
-# with Identity API Server. (integer value)
-#http_request_max_retries=3
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
+#http_request_max_retries = 3
 
 # Env key for the swift cache. (string value)
-#cache=<None>
+#cache = <None>
 
-# Required if identity server requires client certificate
-# (string value)
-#certfile=<None>
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
 
-# Required if identity server requires client certificate
-# (string value)
-#keyfile=<None>
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
 
-# A PEM encoded Certificate Authority to use when verifying
-# HTTPs connections. Defaults to system CAs. (string value)
-#cafile=<None>
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
 
 # Verify HTTPS connections. (boolean value)
-#insecure=false
+#insecure = false
 
-# Directory used to cache files related to PKI tokens. (string
-# value)
-#signing_dir=<None>
+# Directory used to cache files related to PKI tokens. (string value)
+#signing_dir = <None>
 
-# Optionally specify a list of memcached server(s) to use for
-# caching. If left undefined, tokens will instead be cached
-# in-process. (list value)
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
 # Deprecated group/name - [DEFAULT]/memcache_servers
-#memcached_servers=<None>
+#memcached_servers = <None>
 
-# In order to prevent excessive effort spent validating
-# tokens, the middleware caches previously-seen tokens for a
-# configurable duration (in seconds). Set to -1 to disable
-# caching completely. (integer value)
-#token_cache_time=300
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set
+# to -1 to disable caching completely. (integer value)
+#token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens
-# is retrieved from the Identity service (in seconds). A high
-# number of revocation events combined with a low cache
-# duration may significantly reduce performance. (integer
-# value)
-#revocation_cache_time=10
+# Determines the frequency at which the list of revoked tokens is retrieved
+# from the Identity service (in seconds). A high number of revocation events
+# combined with a low cache duration may significantly reduce performance.
+# (integer value)
+#revocation_cache_time = 10
 
-# (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. Acceptable
-# values are MAC or ENCRYPT.  If MAC, token data is
-# authenticated (with HMAC) in the cache. If ENCRYPT, token
-# data is encrypted and authenticated in the cache. If the
-# value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-#memcache_security_strategy=<None>
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. Acceptable values are MAC or ENCRYPT.  If MAC,
+# token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data
+# is encrypted and authenticated in the cache. If the value is not one of these
+# options or empty, auth_token will raise an exception on initialization.
+# (string value)
+#memcache_security_strategy = <None>
 
-# (Optional, mandatory if memcache_security_strategy is
-# defined) This string is used for key derivation. (string
-# value)
-#memcache_secret_key=<None>
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
+#memcache_secret_key = <None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry = 300
 
-# (Optional) Number of seconds memcached server is considered
-# dead before it is tried again. (integer value)
-#memcache_pool_dead_retry=300
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a memcache
+# server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a memcache
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcache client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
+#enforce_token_bind = permissive
+
+# If true, the revocation list will be checked for cached tokens. This requires
+# that PKI tokens are configured on the identity server. (boolean value)
+#check_revocations_for_cached = false
+
+# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
+# or multiple. The algorithms are those supported by Python standard
+# hashlib.new(). The hashes will be tried in the order given, so put the
+# preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+#hash_algorithms = md5
+
+# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
+# (string value)
+#auth_admin_prefix =
+
+# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+#auth_host = 127.0.0.1
 
-# (Optional) Maximum total number of open connections to every
-# memcached server. (integer value)
-#memcache_pool_maxsize=10
+# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (integer value)
+#auth_port = 35357
 
-# (Optional) Socket timeout in seconds for communicating with
-# a memcache server. (integer value)
-#memcache_pool_socket_timeout=3
+# Protocol of the admin Identity API endpoint (http or https). Deprecated, use
+# identity_uri. (string value)
+#auth_protocol = https
 
-# (Optional) Number of seconds a connection to memcached is
-# held unused in the pool before it is closed. (integer value)
-#memcache_pool_unused_timeout=60
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
+#identity_uri = <None>
 
-# (Optional) Number of seconds that an operation will wait to
-# get a memcache client connection from the pool. (integer
-# value)
-#memcache_pool_conn_get_timeout=10
+# This option is deprecated and may be removed in a future release. Single
+# shared secret with the Keystone configuration used for bootstrapping a
+# Keystone installation, or otherwise bypassing the normal authentication
+# process. This option should not be used, use `admin_user` and
+# `admin_password` instead. (string value)
+#admin_token = <None>
 
-# (Optional) Use the advanced (eventlet safe) memcache client
-# pool. The advanced pool will only work under python 2.x.
-# (boolean value)
-#memcache_use_advanced_pool=false
-
-# (Optional) Indicate whether to set the X-Service-Catalog
-# header. If False, middleware will not ask for service
-# catalog on token validation and will not set the X-Service-
-# Catalog header. (boolean value)
-#include_service_catalog=true
-
-# Used to control the use and type of token binding. Can be
-# set to: "disabled" to not check token binding. "permissive"
-# (default) to validate binding information if the bind type
-# is of a form known to the server and ignore it if not.
-# "strict" like "permissive" but if the bind type is unknown
-# the token will be rejected. "required" any form of token
-# binding is needed to be allowed. Finally the name of a
-# binding method that must be present in tokens. (string
-# value)
-#enforce_token_bind=permissive
-
-# If true, the revocation list will be checked for cached
-# tokens. This requires that PKI tokens are configured on the
-# identity server. (boolean value)
-#check_revocations_for_cached=false
-
-# Hash algorithms to use for hashing PKI tokens. This may be a
-# single algorithm or multiple. The algorithms are those
-# supported by Python standard hashlib.new(). The hashes will
-# be tried in the order given, so put the preferred one first
-# for performance. The result of the first hash will be stored
-# in the cache. This will typically be set to multiple values
-# only while migrating from a less secure algorithm to a more
-# secure one. Once all the old tokens are expired this option
-# should be set to a single value for better performance.
-# (list value)
-#hash_algorithms=md5
+# Service username. (string value)
+#admin_user = <None>
+
+# Service user password. (string value)
+#admin_password = <None>
+
+# Service tenant name. (string value)
+#admin_tenant_name = admin
 
 
 [libvirt]
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/openstack-nova.git/commit/?h=master&id=69755b4a072edff0957ee256290395600edbab9e

More information about the scm-commits mailing list