From 8e1339e661cebd70e3e1df63cc03f2b0e5e4375d Mon Sep 17 00:00:00 2001 From: Litao Gao Date: Thu, 28 May 2020 01:39:23 +0000 Subject: [PATCH] openstack-barbican-api: cleanup unused files Issue-ID: INF-135 Signed-off-by: Litao Gao Change-Id: I8f0d6c2e2ae7d5da5bdd8f776b8f2b435ea3852b --- .../recipes-devtools/python/python-barbican_git.bb | 5 - .../openstack-barbican-api/files/LICENSE | 204 --- .../files/barbican-api-paste.ini | 65 - .../openstack-barbican-api/files/barbican.conf | 1411 -------------------- .../files/gunicorn-config.py | 26 - .../files/openstack-barbican-api.service | 19 - .../openstack-barbican-api.bb | 82 -- 7 files changed, 1812 deletions(-) delete mode 100644 meta-stx/recipes-support/openstack-barbican-api/files/LICENSE delete mode 100644 meta-stx/recipes-support/openstack-barbican-api/files/barbican-api-paste.ini delete mode 100644 meta-stx/recipes-support/openstack-barbican-api/files/barbican.conf delete mode 100644 meta-stx/recipes-support/openstack-barbican-api/files/gunicorn-config.py delete mode 100644 meta-stx/recipes-support/openstack-barbican-api/files/openstack-barbican-api.service delete mode 100644 meta-stx/recipes-support/openstack-barbican-api/openstack-barbican-api.bb diff --git a/meta-stx/recipes-devtools/python/python-barbican_git.bb b/meta-stx/recipes-devtools/python/python-barbican_git.bb index 6eabfbe..46aae34 100644 --- a/meta-stx/recipes-devtools/python/python-barbican_git.bb +++ b/meta-stx/recipes-devtools/python/python-barbican_git.bb @@ -124,11 +124,6 @@ DEPENDS += " \ python-pip \ python-pbr-native \ " -# Stx config files -DEPENDS += " \ - openstack-barbican-api \ - " - RDEPENDS_${SRCNAME} = "${PN} \ ${SRCNAME}-setup \ diff --git a/meta-stx/recipes-support/openstack-barbican-api/files/LICENSE b/meta-stx/recipes-support/openstack-barbican-api/files/LICENSE deleted file mode 100644 index b3201ab..0000000 --- a/meta-stx/recipes-support/openstack-barbican-api/files/LICENSE +++ /dev/null @@ -1,204 +0,0 @@ - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don`t include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/meta-stx/recipes-support/openstack-barbican-api/files/barbican-api-paste.ini b/meta-stx/recipes-support/openstack-barbican-api/files/barbican-api-paste.ini deleted file mode 100644 index 979f2b4..0000000 --- a/meta-stx/recipes-support/openstack-barbican-api/files/barbican-api-paste.ini +++ /dev/null @@ -1,65 +0,0 @@ -[composite:main] -use = egg:Paste#urlmap -/: barbican_version -/v1: barbican-api-keystone - -# Use this pipeline for Barbican API - versions no authentication -[pipeline:barbican_version] -pipeline = cors http_proxy_to_wsgi versionapp - -# Use this pipeline for Barbican API - DEFAULT no authentication -[pipeline:barbican_api] -pipeline = cors http_proxy_to_wsgi unauthenticated-context apiapp - -#Use this pipeline to activate a repoze.profile middleware and HTTP port, -# to provide profiling information for the REST API processing. -[pipeline:barbican-profile] -pipeline = cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp - -#Use this pipeline for keystone auth -[pipeline:barbican-api-keystone] -pipeline = cors http_proxy_to_wsgi authtoken context apiapp - -#Use this pipeline for keystone auth with audit feature -[pipeline:barbican-api-keystone-audit] -pipeline = http_proxy_to_wsgi authtoken context audit apiapp - -[app:apiapp] -paste.app_factory = barbican.api.app:create_main_app - -[app:versionapp] -paste.app_factory = barbican.api.app:create_version_app - -[filter:simple] -paste.filter_factory = barbican.api.middleware.simple:SimpleFilter.factory - -[filter:unauthenticated-context] -paste.filter_factory = barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:context] -paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory - -[filter:audit] -paste.filter_factory = keystonemiddleware.audit:filter_factory -audit_map_file = /etc/barbican/api_audit_map.conf - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:profile] -use = egg:repoze.profile -log_filename = myapp.profile -cachegrind_filename = cachegrind.out.myapp -discard_first_request = true -path = /__profile__ -flush_at_shutdown = true -unwind = false - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = barbican - -[filter:http_proxy_to_wsgi] -paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory -[server:main] -use = egg:gunicorn#main diff --git a/meta-stx/recipes-support/openstack-barbican-api/files/barbican.conf b/meta-stx/recipes-support/openstack-barbican-api/files/barbican.conf deleted file mode 100644 index ce70e37..0000000 --- a/meta-stx/recipes-support/openstack-barbican-api/files/barbican.conf +++ /dev/null @@ -1,1411 +0,0 @@ -# -## Copyright (C) 2019 Wind River Systems, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -[DEFAULT] - -# -# From barbican.common.config -# - -# Role used to identify an authenticated user as administrator. -# (string value) -#admin_role = admin - -# Allow unauthenticated users to access the API with read-only -# privileges. This only applies when using ContextMiddleware. (boolean -# value) -#allow_anonymous_access = false - -# Maximum allowed http request size against the barbican-api. (integer -# value) -#max_allowed_request_size_in_bytes = 15000 - -# Maximum allowed secret size in bytes. (integer value) -#max_allowed_secret_in_bytes = 10000 - -# Host name, for use in HATEOAS-style references Note: Typically this -# would be the load balanced endpoint that clients would use to -# communicate back with this service. If a deployment wants to derive -# host from wsgi request instead then make this blank. Blank is needed -# to override default config value which is 'http://localhost:9311' -# (string value) -#host_href = http://localhost:9311 - -# SQLAlchemy connection string for the reference implementation -# registry server. Any valid SQLAlchemy connection string is fine. -# See: -# http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine. -# Note: For absolute addresses, use '////' slashes after 'sqlite:'. -# (string value) -#sql_connection = sqlite:///barbican.sqlite - -# Period in seconds after which SQLAlchemy should reestablish its -# connection to the database. MySQL uses a default `wait_timeout` of 8 -# hours, after which it will drop idle connections. This can result in -# 'MySQL Gone Away' exceptions. If you notice this, you can lower this -# value to ensure that SQLAlchemy reconnects before MySQL can drop the -# connection. (integer value) -#sql_idle_timeout = 3600 - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -#sql_max_retries = 60 - -# Interval between retries of opening a SQL connection. (integer -# value) -#sql_retry_interval = 1 - -# Create the Barbican database on service startup. (boolean value) -#db_auto_create = true - -# Maximum page size for the 'limit' paging URL parameter. (integer -# value) -#max_limit_paging = 100 - -# Default page size for the 'limit' paging URL parameter. (integer -# value) -#default_limit_paging = 10 - -# Accepts a class imported from the sqlalchemy.pool module, and -# handles the details of building the pool for you. If commented out, -# SQLAlchemy will select based on the database dialect. Other options -# are QueuePool (for SQLAlchemy-managed connections) and NullPool (to -# disabled SQLAlchemy management of connections). See -# http://docs.sqlalchemy.org/en/latest/core/pooling.html for more -# details (string value) -#sql_pool_class = QueuePool - -# Show SQLAlchemy pool-related debugging output in logs (sets DEBUG -# log level output) if specified. (boolean value) -#sql_pool_logging = false - -# Size of pool used by SQLAlchemy. This is the largest number of -# connections that will be kept persistently in the pool. Can be set -# to 0 to indicate no size limit. To disable pooling, use a NullPool -# with sql_pool_class instead. Comment out to allow SQLAlchemy to -# select the default. (integer value) -#sql_pool_size = 5 - -# # The maximum overflow size of the pool used by SQLAlchemy. When the -# number of checked-out connections reaches the size set in -# sql_pool_size, additional connections will be returned up to this -# limit. It follows then that the total number of simultaneous -# connections the pool will allow is sql_pool_size + -# sql_pool_max_overflow. Can be set to -1 to indicate no overflow -# limit, so no limit will be placed on the total number of concurrent -# connections. Comment out to allow SQLAlchemy to select the default. -# (integer value) -#sql_pool_max_overflow = 10 - -# Enable eventlet backdoor. Acceptable values are 0, , and -# :, where 0 results in listening on a random tcp port -# number; results in listening on the specified port number -# (and not enabling backdoor if that port is in use); and -# : results in listening on the smallest unused port -# number within the specified range of port numbers. The chosen port -# is displayed in the service's log file. (string value) -#backdoor_port = - -# Enable eventlet backdoor, using the provided path as a unix socket -# that can receive connections. This option is mutually exclusive with -# 'backdoor_port' in that only one should be provided. If both are -# provided then the existence of this option overrides the usage of -# that option. (string value) -#backdoor_socket = - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -# Note: This option can be changed without restarting. -#debug = false - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, log-date-format). -# (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Enable journald for logging. If running in a systemd environment you -# may wish to enable journal support. Doing so will use the journal -# native protocol which includes structured metadata in addition to -# log messages.This option is ignored if log_config_append is set. -# (boolean value) -#use_journal = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Use JSON formatting for logging. This option is ignored if -# log_config_append is set. (boolean value) -#use_json = false - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = false - -# Log output to Windows Event Log. (boolean value) -#use_eventlog = false - -# The amount of time before the log files are rotated. This option is -# ignored unless log_rotation_type is setto "interval". (integer -# value) -#log_rotate_interval = 1 - -# Rotation interval type. The time of the last file change (or the -# time when the service was started) is used when scheduling the next -# rotation. (string value) -# Possible values: -# Seconds - -# Minutes - -# Hours - -# Days - -# Weekday - -# Midnight - -#log_rotate_interval_type = days - -# Maximum number of rotated log files. (integer value) -#max_logfile_count = 30 - -# Log file maximum size in MB. This option is ignored if -# "log_rotation_type" is not set to "size". (integer value) -#max_logfile_size_mb = 200 - -# Log rotation type. (string value) -# Possible values: -# interval - Rotate logs at predefined time intervals. -# size - Rotate logs once they reach a predefined size. -# none - Do not rotate log files. -#log_rotation_type = none - -# Format string to use for log messages with context. Used by -# oslo_log.formatters.ContextFormatter (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# Used by oslo_log.formatters.ContextFormatter (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. Used by oslo_log.formatters.ContextFormatter -# (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. Used by -# oslo_log.formatters.ContextFormatter (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. Used by -# oslo_log.formatters.ContextFormatter (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Interval, number of seconds, of log rate limiting. (integer value) -#rate_limit_interval = 0 - -# Maximum number of logged messages per rate_limit_interval. (integer -# value) -#rate_limit_burst = 0 - -# Log level name used by rate limiting: CRITICAL, ERROR, INFO, -# WARNING, DEBUG or empty string. Logs with level greater or equal to -# rate_limit_except_level are not filtered. An empty string means that -# all levels are filtered. (string value) -#rate_limit_except_level = CRITICAL - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size = 30 - -# The pool size limit for connections expiration policy (integer -# value) -#conn_pool_min_size = 2 - -# The time-to-live in sec of idle connections in the pool (integer -# value) -#conn_pool_ttl = 1200 - -# Size of executor thread pool when executor is threading or eventlet. -# (integer value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# The network address and optional user credentials for connecting to -# the messaging backend, in URL format. The expected format is: -# -# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query -# -# Example: rabbit://rabbitmq:password@127.0.0.1:5672// -# -# For full details on the fields in the URL see the documentation of -# oslo_messaging.TransportURL at -# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html -# (string value) -#transport_url = rabbit:// - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the transport_url -# option. (string value) -#control_exchange = openstack - -# -# From oslo.service.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should we run -# them here? (boolean value) -#run_external_periodic_tasks = true - -# -# From oslo.service.wsgi -# - -# File name for the paste.deploy config for api service (string value) -#api_paste_config = api-paste.ini - -# A python format string that is used as the template to generate log -# lines. The following values can beformatted into it: client_ip, -# date_time, request_line, status_code, body_length, wall_seconds. -# (string value) -#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f - -# Sets the value of TCP_KEEPIDLE in seconds for each server socket. -# Not supported on OS X. (integer value) -#tcp_keepidle = 600 - -# Size of the pool of greenthreads used by wsgi (integer value) -#wsgi_default_pool_size = 100 - -# Maximum line size of message headers to be accepted. max_header_line -# may need to be increased when using large tokens (typically those -# generated when keystone is configured to use PKI tokens with big -# service catalogs). (integer value) -#max_header_line = 16384 - -# If False, closes the client socket connection explicitly. (boolean -# value) -#wsgi_keep_alive = true - -# Timeout for client connections' socket operations. If an incoming -# connection is idle for this number of seconds it will be closed. A -# value of '0' means wait forever. (integer value) -#client_socket_timeout = 900 - - -[certificate] - -# -# From barbican.certificate.plugin -# - -# Extension namespace to search for plugins. (string value) -#namespace = barbican.certificate.plugin - -# List of certificate plugins to load. (multi valued) -#enabled_certificate_plugins = simple_certificate - - -[certificate_event] - -# -# From barbican.certificate.plugin -# - -# Extension namespace to search for eventing plugins. (string value) -#namespace = barbican.certificate.event.plugin - -# List of certificate plugins to load. (multi valued) -#enabled_certificate_event_plugins = simple_certificate_event - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. Format: -# "://[:]", no trailing slash. Example: -# https://horizon.example.com (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Project-Id,X-Identity-Status,X-User-Id,X-Storage-Token,X-Domain-Id,X-User-Domain-Id,X-Project-Domain-Id,X-Roles - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Project-Id,X-Identity-Status,X-User-Id,X-Storage-Token,X-Domain-Id,X-User-Domain-Id,X-Project-Domain-Id,X-Roles - - -[crypto] - -# -# From barbican.plugin.crypto -# - -# Extension namespace to search for plugins. (string value) -#namespace = barbican.crypto.plugin - -# List of crypto plugins to load. (multi valued) -#enabled_crypto_plugins = simple_crypto - - -[dogtag_plugin] - -# -# From barbican.plugin.dogtag -# - -# Path to PEM file for authentication (string value) -#pem_path = /etc/barbican/kra_admin_cert.pem - -# Hostname for the Dogtag instance (string value) -#dogtag_host = localhost - -# Port for the Dogtag instance (port value) -# Minimum value: 0 -# Maximum value: 65535 -#dogtag_port = 8443 - -# Path to the NSS certificate database (string value) -#nss_db_path = /etc/barbican/alias - -# Password for the NSS certificate databases (string value) -#nss_password = - -# Profile for simple CMC requests (string value) -#simple_cmc_profile = caOtherCert - -# List of automatically approved enrollment profiles (string value) -#auto_approved_profiles = caServerCert - -# Time in days for CA entries to expire (string value) -#ca_expiration_time = 1 - -# Working directory for Dogtag plugin (string value) -#plugin_working_dir = /etc/barbican/dogtag - -# User friendly plugin name (string value) -#plugin_name = Dogtag KRA - -# Retries when storing or generating secrets (integer value) -#retries = 3 - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete "public" Identity API endpoint. This endpoint should not be -# an "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to -# authenticate. Although this endpoint should ideally be unversioned, -# client support in the wild varies. If you're using a versioned v2 -# endpoint here, then this should *not* be the same endpoint the -# service user utilizes for validating tokens, because normal end -# users may not be able to reach that endpoint. (string value) -# Deprecated group/name - [keystone_authtoken]/auth_uri -#www_authenticate_uri = - -# DEPRECATED: Complete "public" Identity API endpoint. This endpoint -# should not be an "admin" endpoint, as it should be accessible by all -# end users. Unauthenticated clients are redirected to this endpoint -# to authenticate. Although this endpoint should ideally be -# unversioned, client support in the wild varies. If you're using a -# versioned v2 endpoint here, then this should *not* be the same -# endpoint the service user utilizes for validating tokens, because -# normal end users may not be able to reach that endpoint. This option -# is deprecated in favor of www_authenticate_uri and will be removed -# in the S release. (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: The auth_uri option is deprecated in favor of -# www_authenticate_uri and will be removed in the S release. -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) -#auth_version = - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Request environment key where the Swift cache object is stored. When -# auth_token middleware is deployed with a Swift cache, use this -# option to have the middleware share a caching backend with swift. -# Otherwise, use the ``memcached_servers`` option instead. (string -# value) -#cache = - -# Required if identity server requires client certificate (string -# value) -#certfile = - -# Required if identity server requires client certificate (string -# value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# DEPRECATED: Directory used to cache files related to PKI tokens. -# This option has been deprecated in the Ocata release and will be -# removed in the P release. (string value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token data is -# encrypted and authenticated in the cache. If the value is not one of -# these options or empty, auth_token will raise an exception on -# initialization. (string value) -# Possible values: -# None - -# MAC - -# ENCRYPT - -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcached server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcached client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may -# be a single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will be tried -# in the order given, so put the preferred one first for performance. -# The result of the first hash will be stored in the cache. This will -# typically be set to multiple values only while migrating from a less -# secure algorithm to a more secure one. Once all the old tokens are -# expired this option should be set to a single value for better -# performance. (list value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#hash_algorithms = md5 - -# A choice of roles that must be present in a service token. Service -# tokens are allowed to request that an expired token can be used and -# so this check should tightly control that only actual services -# should be sending this token. Roles here are applied as an ANY check -# so any role in this list must be present. For backwards -# compatibility reasons this currently only affects the allow_expired -# check. (list value) -#service_token_roles = service - -# For backwards compatibility reasons we must let valid service tokens -# pass that don't pass the service_token_roles check as valid. Setting -# this true will become the default in a future release and should be -# enabled if possible. (boolean value) -#service_token_roles_required = false - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (string -# value) -#auth_section = - - -[keystone_notifications] - -# -# From barbican.common.config -# - -# True enables keystone notification listener functionality. (boolean -# value) -#enable = false - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the transport_url -# option. (string value) -#control_exchange = keystone - -# Keystone notification queue topic name. This name needs to match one -# of values mentioned in Keystone deployment's 'notification_topics' -# configuration e.g. notification_topics=notifications, -# barbican_notificationsMultiple servers may listen on a topic and -# messages will be dispatched to one of the servers in a round-robin -# fashion. That's why Barbican service should have its own dedicated -# notification queue so that it receives all of Keystone -# notifications. (string value) -#topic = notifications - -# True enables requeue feature in case of notification processing -# error. Enable this only when underlying transport supports this -# feature. (boolean value) -#allow_requeue = false - -# Version of tasks invoked via notifications (string value) -#version = 1.0 - -# Define the number of max threads to be used for notification server -# processing functionality. (integer value) -#thread_pool_size = 10 - - -[kmip_plugin] - -# -# From barbican.plugin.secret_store.kmip -# - -# Username for authenticating with KMIP server (string value) -#username = - -# Password for authenticating with KMIP server (string value) -#password = - -# Address of the KMIP server (string value) -#host = localhost - -# Port for the KMIP server (port value) -# Minimum value: 0 -# Maximum value: 65535 -#port = 5696 - -# SSL version, maps to the module ssl's constants (string value) -#ssl_version = PROTOCOL_TLSv1_2 - -# File path to concatenated "certification authority" certificates -# (string value) -#ca_certs = - -# File path to local client certificate (string value) -#certfile = - -# File path to local client certificate keyfile (string value) -#keyfile = - -# Only support PKCS#1 encoding of asymmetric keys (boolean value) -#pkcs1_only = false - -# User friendly plugin name (string value) -#plugin_name = KMIP HSM - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# Name for the AMQP container. must be globally unique. Defaults to a -# generated UUID (string value) -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace = false - -# Attempt to connect via SSL. If no other ssl-related parameters are -# given, it will use the system's CA-bundle to verify the server's -# certificate. (boolean value) -#ssl = false - -# CA certificate PEM file used to verify the server's certificate -# (string value) -#ssl_ca_file = - -# Self-identifying certificate PEM file for client authentication -# (string value) -#ssl_cert_file = - -# Private key PEM file used to sign ssl_cert_file certificate -# (optional) (string value) -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -#ssl_key_password = - -# By default SSL checks that the name in the server's certificate -# matches the hostname in the transport_url. In some configurations it -# may be preferable to use the virtual hostname instead, for example -# if the server uses the Server Name Indication TLS extension -# (rfc6066) to provide a certificate per virtual host. Set -# ssl_verify_vhost to True if the server's SSL certificate uses the -# virtual host name instead of the DNS name. (boolean value) -#ssl_verify_vhost = false - -# Space separated list of acceptable SASL mechanisms (string value) -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string -# value) -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -#sasl_config_name = - -# SASL realm to use if no realm present in username (string value) -#sasl_default_realm = - -# Seconds to pause before attempting to re-connect. (integer value) -# Minimum value: 1 -#connection_retry_interval = 1 - -# Increase the connection_retry_interval by this many seconds after -# each unsuccessful failover attempt. (integer value) -# Minimum value: 0 -#connection_retry_backoff = 2 - -# Maximum limit for connection_retry_interval + -# connection_retry_backoff (integer value) -# Minimum value: 1 -#connection_retry_interval_max = 30 - -# Time to pause between re-connecting an AMQP 1.0 link that failed due -# to a recoverable error. (integer value) -# Minimum value: 1 -#link_retry_delay = 10 - -# The maximum number of attempts to re-send a reply message which -# failed due to a recoverable error. (integer value) -# Minimum value: -1 -#default_reply_retry = 0 - -# The deadline for an rpc reply message delivery. (integer value) -# Minimum value: 5 -#default_reply_timeout = 30 - -# The deadline for an rpc cast or call message delivery. Only used -# when caller does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_send_timeout = 30 - -# The deadline for a sent notification message delivery. Only used -# when caller does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_notify_timeout = 30 - -# The duration to schedule a purge of idle sender links. Detach link -# after expiry. (integer value) -# Minimum value: 1 -#default_sender_link_timeout = 600 - -# Indicates the addressing mode used by the driver. -# Permitted values: -# 'legacy' - use legacy non-routable addressing -# 'routable' - use routable addresses -# 'dynamic' - use legacy addresses if the message bus does not -# support routing otherwise use routable addressing (string value) -#addressing_mode = dynamic - -# Enable virtual host support for those message buses that do not -# natively support virtual hosting (such as qpidd). When set to true -# the virtual host name will be added to all message bus addresses, -# effectively creating a private 'subnet' per virtual host. Set to -# False if the message bus supports virtual hosting using the -# 'hostname' field in the AMQP 1.0 Open performative as the name of -# the virtual host. (boolean value) -#pseudo_vhost = true - -# address prefix used when sending to a specific server (string value) -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -#group_request_prefix = unicast - -# Address prefix for all generated RPC addresses (string value) -#rpc_address_prefix = openstack.org/om/rpc - -# Address prefix for all generated Notification addresses (string -# value) -#notify_address_prefix = openstack.org/om/notify - -# Appended to the address prefix when sending a fanout message. Used -# by the message bus to identify fanout messages. (string value) -#multicast_address = multicast - -# Appended to the address prefix when sending to a particular -# RPC/Notification server. Used by the message bus to identify -# messages sent to a single destination. (string value) -#unicast_address = unicast - -# Appended to the address prefix when sending to a group of consumers. -# Used by the message bus to identify messages that should be -# delivered in a round-robin fashion across consumers. (string value) -#anycast_address = anycast - -# Exchange name used in notification addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_notification_exchange if set -# else control_exchange if set -# else 'notify' (string value) -#default_notification_exchange = - -# Exchange name used in RPC addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_rpc_exchange if set -# else control_exchange if set -# else 'rpc' (string value) -#default_rpc_exchange = - -# Window size for incoming RPC Reply messages. (integer value) -# Minimum value: 1 -#reply_link_credit = 200 - -# Window size for incoming RPC Request messages (integer value) -# Minimum value: 1 -#rpc_server_credit = 100 - -# Window size for incoming Notification messages (integer value) -# Minimum value: 1 -#notify_server_credit = 100 - -# Send messages of this type pre-settled. -# Pre-settled messages will not receive acknowledgement -# from the peer. Note well: pre-settled messages may be -# silently discarded if the delivery fails. -# Permitted values: -# 'rpc-call' - send RPC Calls pre-settled -# 'rpc-reply'- send RPC Replies pre-settled -# 'rpc-cast' - Send RPC Casts pre-settled -# 'notify' - Send Notifications pre-settled -# (multi valued) -#pre_settled = rpc-cast -#pre_settled = rpc-reply - - -[oslo_messaging_kafka] - -# -# From oslo.messaging -# - -# Max fetch bytes of Kafka consumer (integer value) -#kafka_max_fetch_bytes = 1048576 - -# Default timeout(s) for Kafka consumers (floating point value) -#kafka_consumer_timeout = 1.0 - -# DEPRECATED: Pool Size for Kafka Consumers (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#pool_size = 10 - -# DEPRECATED: The pool size limit for connections expiration policy -# (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_min_size = 2 - -# DEPRECATED: The time-to-live in sec of idle connections in the pool -# (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_ttl = 1200 - -# Group id for Kafka consumer. Consumers in one group will coordinate -# message consumption (string value) -#consumer_group = oslo_messaging_consumer - -# Upper bound on the delay for KafkaProducer batching in seconds -# (floating point value) -#producer_batch_timeout = 0.0 - -# Size of batch for the producer async send (integer value) -#producer_batch_size = 16384 - -# Enable asynchronous consumer commits (boolean value) -#enable_auto_commit = false - -# The maximum number of records returned in a poll call (integer -# value) -#max_poll_records = 500 - -# Protocol used to communicate with brokers (string value) -# Possible values: -# PLAINTEXT - -# SASL_PLAINTEXT - -# SSL - -# SASL_SSL - -#security_protocol = PLAINTEXT - -# Mechanism when security protocol is SASL (string value) -#sasl_mechanism = PLAIN - -# CA certificate PEM file used to verify the server certificate -# (string value) -#ssl_cafile = - - -[oslo_messaging_notifications] - -# -# From oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible values are -# messaging, messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver = - -# A URL representing the messaging driver to use for notifications. If -# not set, we fall back to the same configuration used for RPC. -# (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics = notifications - -# The maximum number of attempts to re-send a notification message -# which failed to be delivered due to a recoverable error. 0 - No -# retry, -1 - indefinite (integer value) -#retry = -1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete = false - -# Connect over SSL. (boolean value) -# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl -#ssl = false - -# SSL version to use (valid only if SSL enabled). Valid values are -# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be -# available on some distributions. (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version -#ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile -#ssl_key_file = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile -#ssl_cert_file = - -# SSL certification authority file (valid only if SSL enabled). -# (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs -#ssl_ca_file = - -# How long to wait before reconnecting in response to an AMQP consumer -# cancel notification. (floating point value) -#kombu_reconnect_delay = 1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression -# will not be used. This option may not be available in future -# versions. (string value) -#kombu_compression = - -# How long to wait a missing client before abandoning to send it its -# replies. This value should not be longer than rpc_response_timeout. -# (integer value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout = 60 - -# Determines how the next RabbitMQ node is chosen in case the one we -# are currently connected to becomes unavailable. Takes effect only if -# more than one RabbitMQ node is provided in config. (string value) -# Possible values: -# round-robin - -# shuffle - -#kombu_failover_strategy = round-robin - -# The RabbitMQ login method. (string value) -# Possible values: -# PLAIN - -# AMQPLAIN - -# RABBIT-CR-DEMO - -#rabbit_login_method = AMQPLAIN - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. -# (integer value) -#rabbit_retry_backoff = 2 - -# Maximum interval of RabbitMQ connection retries. Default is 30 -# seconds. (integer value) -#rabbit_interval_max = 30 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, -# queue mirroring is no longer controlled by the x-ha-policy argument -# when declaring a queue. If you just want to make sure that all -# queues (except those with auto-generated names) are mirrored across -# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha- -# mode": "all"}' " (boolean value) -#rabbit_ha_queues = false - -# Positive integer representing duration in seconds for queue TTL -# (x-expires). Queues which are unused for the duration of the TTL are -# automatically deleted. The parameter affects only reply and fanout -# queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl = 1800 - -# Specifies the number of messages to prefetch. Setting to zero allows -# unlimited messages. (integer value) -#rabbit_qos_prefetch_count = 0 - -# Number of seconds after which the Rabbit broker is considered down -# if heartbeat's keep-alive fails (0 disable the heartbeat). -# EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - - -[oslo_middleware] - -# -# From oslo.middleware.http_proxy_to_wsgi -# - -# Whether the application is behind a proxy or not. This determines if -# the middleware should parse the headers or not. (boolean value) -#enable_proxy_headers_parsing = false - - -[oslo_policy] - -# -# From oslo.policy -# - -# This option controls whether or not to enforce scope when evaluating -# policies. If ``True``, the scope of the token used in the request is -# compared to the ``scope_types`` of the policy being enforced. If the -# scopes do not match, an ``InvalidScope`` exception will be raised. -# If ``False``, a message will be logged informing operators that -# policies are being invoked with mismatching scope. (boolean value) -#enforce_scope = false - -# The file that defines policies. (string value) -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -#policy_dirs = policy.d - -# Content Type to send and receive data for REST based policy check -# (string value) -# Possible values: -# application/x-www-form-urlencoded - -# application/json - -#remote_content_type = application/x-www-form-urlencoded - -# server identity verification for REST based policy check (boolean -# value) -#remote_ssl_verify_server_crt = false - -# Absolute path to ca cert file for REST based policy check (string -# value) -#remote_ssl_ca_crt_file = - -# Absolute path to client cert for REST based policy check (string -# value) -#remote_ssl_client_crt_file = - -# Absolute path client key file REST based policy check (string value) -#remote_ssl_client_key_file = - - -[p11_crypto_plugin] - -# -# From barbican.plugin.crypto.p11 -# - -# Path to vendor PKCS11 library (string value) -#library_path = - -# Password to login to PKCS11 session (string value) -#login = - -# Master KEK label (as stored in the HSM) (string value) -#mkek_label = - -# Master KEK length in bytes. (integer value) -#mkek_length = - -# Master HMAC Key label (as stored in the HSM) (string value) -#hmac_label = - -# HSM Slot ID (integer value) -#slot_id = 1 - -# Flag for Read/Write Sessions (boolean value) -#rw_session = true - -# Project KEK length in bytes. (integer value) -#pkek_length = 32 - -# Project KEK Cache Time To Live, in seconds (integer value) -#pkek_cache_ttl = 900 - -# Project KEK Cache Item Limit (integer value) -#pkek_cache_limit = 100 - -# Secret encryption mechanism (string value) -# Deprecated group/name - [p11_crypto_plugin]/algorithm -#encryption_mechanism = CKM_AES_CBC - -# HMAC Key Type (string value) -#hmac_key_type = CKK_AES - -# HMAC Key Generation Algorithm (string value) -#hmac_keygen_mechanism = CKM_AES_KEY_GEN - -# HMAC key wrap mechanism (string value) -#hmac_keywrap_mechanism = CKM_SHA256_HMAC - -# File to pull entropy for seeding RNG (string value) -#seed_file = - -# Amount of data to read from file for seed (integer value) -#seed_length = 32 - -# User friendly plugin name (string value) -#plugin_name = PKCS11 HSM - -# Generate IVs for CKM_AES_GCM mechanism. (boolean value) -# Deprecated group/name - [p11_crypto_plugin]/generate_iv -#aes_gcm_generate_iv = true - -# Always set CKA_SENSITIVE=CK_TRUE including CKA_EXTRACTABLE=CK_TRUE -# keys. (boolean value) -#always_set_cka_sensitive = true - - -[queue] - -# -# From barbican.common.config -# - -# True enables queuing, False invokes workers synchronously (boolean -# value) -#enable = false - -# Queue namespace (string value) -#namespace = barbican - -# Queue topic name (string value) -#topic = barbican.workers - -# Version of tasks invoked via queue (string value) -#version = 1.1 - -# Server name for RPC task processing server (string value) -#server_name = barbican.queue - -# Number of asynchronous worker processes (integer value) -#asynchronous_workers = 1 - - -[quotas] - -# -# From barbican.common.config -# - -# Number of secrets allowed per project (integer value) -#quota_secrets = -1 - -# Number of orders allowed per project (integer value) -#quota_orders = -1 - -# Number of containers allowed per project (integer value) -#quota_containers = -1 - -# Number of consumers allowed per project (integer value) -#quota_consumers = -1 - -# Number of CAs allowed per project (integer value) -#quota_cas = -1 - - -[retry_scheduler] - -# -# From barbican.common.config -# - -# Seconds (float) to wait before starting retry scheduler (floating -# point value) -#initial_delay_seconds = 10.0 - -# Seconds (float) to wait between periodic schedule events (floating -# point value) -#periodic_interval_max_seconds = 10.0 - - -[secretstore] - -# -# From barbican.plugin.secret_store -# - -# Extension namespace to search for plugins. (string value) -#namespace = barbican.secretstore.plugin - -# List of secret store plugins to load. (multi valued) -#enabled_secretstore_plugins = store_crypto - -# Flag to enable multiple secret store plugin backend support. Default -# is False (boolean value) -#enable_multiple_secret_stores = false - -# List of suffix to use for looking up plugins which are supported -# with multiple backend support. (list value) -#stores_lookup_suffix = - - -[simple_crypto_plugin] - -# -# From barbican.plugin.crypto.simple -# - -# Key encryption key to be used by Simple Crypto Plugin (string value) -#kek = dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg= - -# User friendly plugin name (string value) -#plugin_name = Software Only Crypto - - -[snakeoil_ca_plugin] - -# -# From barbican.certificate.plugin.snakeoil -# - -# Path to CA certificate file (string value) -#ca_cert_path = - -# Path to CA certificate key file (string value) -#ca_cert_key_path = - -# Path to CA certificate chain file (string value) -#ca_cert_chain_path = - -# Path to CA chain pkcs7 file (string value) -#ca_cert_pkcs7_path = - -# Directory in which to store certs/keys for subcas (string value) -#subca_cert_key_directory = /etc/barbican/snakeoil-cas - - -[ssl] - -# -# From oslo.service.sslutils -# - -# CA certificate file to use to verify connecting clients. (string -# value) -# Deprecated group/name - [DEFAULT]/ssl_ca_file -#ca_file = - -# Certificate file to use when starting the server securely. (string -# value) -# Deprecated group/name - [DEFAULT]/ssl_cert_file -#cert_file = - -# Private key file to use when starting the server securely. (string -# value) -# Deprecated group/name - [DEFAULT]/ssl_key_file -#key_file = - -# SSL version to use (valid only if SSL enabled). Valid values are -# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be -# available on some distributions. (string value) -#version = - -# Sets the list of available ciphers. value should be a string in the -# OpenSSL cipher list format. (string value) -#ciphers = diff --git a/meta-stx/recipes-support/openstack-barbican-api/files/gunicorn-config.py b/meta-stx/recipes-support/openstack-barbican-api/files/gunicorn-config.py deleted file mode 100644 index 7e2b738..0000000 --- a/meta-stx/recipes-support/openstack-barbican-api/files/gunicorn-config.py +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2019 Wind River Systems, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import multiprocessing -bind = '0.0.0.0:9311' -user = 'barbican' -group = 'barbican' -timeout = 30 -backlog = 2048 -keepalive = 2 -workers = multiprocessing.cpu_count() * 2 -loglevel = 'info' -errorlog = '-' -accesslog = '-' diff --git a/meta-stx/recipes-support/openstack-barbican-api/files/openstack-barbican-api.service b/meta-stx/recipes-support/openstack-barbican-api/files/openstack-barbican-api.service deleted file mode 100644 index d1e9cc0..0000000 --- a/meta-stx/recipes-support/openstack-barbican-api/files/openstack-barbican-api.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Openstack Barbican API server -After=syslog.target network.target -Before=httpd.service - -[Service] -PIDFile=/run/barbican/pid -User=barbican -Group=barbican -RuntimeDirectory=barbican -RuntimeDirectoryMode=770 -ExecStart=/usr/bin/gunicorn --pid /run/barbican/pid -c /etc/barbican/gunicorn-config.py --paste /etc/barbican/barbican-api-paste.ini -ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s TERM $MAINPID -StandardError=syslog -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/meta-stx/recipes-support/openstack-barbican-api/openstack-barbican-api.bb b/meta-stx/recipes-support/openstack-barbican-api/openstack-barbican-api.bb deleted file mode 100644 index 9c9f8a1..0000000 --- a/meta-stx/recipes-support/openstack-barbican-api/openstack-barbican-api.bb +++ /dev/null @@ -1,82 +0,0 @@ -# -## Copyright (C) 2019 Wind River Systems, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=89aea4e17d99a7cacdbeed46a0096b10" - -SRC_URI = " \ - file://LICENSE \ - file://barbican.conf \ - file://gunicorn-config.py \ - file://barbican-api-paste.ini \ - file://openstack-barbican-api.service \ - " - -do_configure() { - : -} - - -do_compile() { - : -} - - -do_install() { - - install -m 0755 -d ${D}/${datadir}/starlingx/barbican/ - install -m 0755 -d ${D}/${datadir}/starlingx/barbican/backup/ - install -m 0755 -d ${D}/${systemd_system_unitdir}/ - install -m 0755 -d ${D}/var/log/barbican/ - install -m 0644 ${WORKDIR}/barbican.conf ${D}/${datadir}/starlingx/barbican - install -m 0644 ${WORKDIR}/barbican-api-paste.ini ${D}/${datadir}/starlingx/barbican - install -m 0644 ${WORKDIR}/gunicorn-config.py ${D}/${datadir}/starlingx/barbican - install -m 0644 ${WORKDIR}/openstack-barbican-api.service ${D}/${systemd_system_unitdir}/openstack-barbican-api.service -} - -pkg_postinst_ontarget_${PN}() { - - tar -C / -czpf /usr/share/starlingx/barbican/backup/barbican.$(date +%s).tar.gz ./etc/barbican - - if [ ! -f /usr/share/starlingx/barbican/backup/barbican.default.tar.gz ]; then - tar -C / -czpf /usr/share/starlingx/barbican/backup/barbican.default.tar.gz ./etc/barbican - fi; - - rm -rf /etc/barbican/ - - # Restore to default settings - tar -C / -xzpf /usr/share/starlingx/barbican/backup/barbican.default.tar.gz - - cp /usr/share/starlingx/barbican/barbican-api-paste.ini /etc/barbican/ - cp /usr/share/starlingx/barbican/barbican.conf /etc/barbican/ - cp /usr/share/starlingx/barbican/gunicorn-config.py /etc/barbican/ - systemctl daemon-reload -} - -pkg_prerm_ontarget_${PN}() { - tar -C / -czpf /usr/share/starlingx/barbican/backup/barbican.$(date +%s).tar.gz ./etc/barbican - rm -rf /etc/barbican/ - - # Restore to default settings - tar -C / -xzpf /usr/share/starlingx/barbican/backup/barbican.default.tar.gz -} - -FILES_${PN} = " \ - ${datadir}/starlingx/barbican/ \ - ${systemd_system_unitdir}/openstack-barbican-api.service \ - /var/log/barbican \ - " -- 2.16.6