1 # Copyright 2015 OpenStack Foundation.
3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
4 # not use this file except in compliance with the License. You may obtain
5 # a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 # License for the specific language governing permissions and limitations
15 from oslo_config import cfg
17 from neutron._i18n import _
18 from neutron.common import utils
22 cfg.StrOpt('metadata_proxy_socket',
23 default='$state_path/metadata_proxy',
24 help=_('Location for Metadata Proxy UNIX domain socket.')),
25 cfg.StrOpt('metadata_proxy_user',
27 help=_("User (uid or name) running metadata proxy after "
28 "its initialization (if empty: agent effective "
30 cfg.StrOpt('metadata_proxy_group',
32 help=_("Group (gid or name) running metadata proxy after "
33 "its initialization (if empty: agent effective "
39 cfg.BoolOpt('metadata_proxy_watch_log',
40 help=_("Enable/Disable log watch by metadata proxy. It "
41 "should be disabled when metadata_proxy_user/group "
42 "is not allowed to read/write its log file and "
43 "copytruncate logrotate option must be used if "
44 "logrotate is enabled on metadata proxy log "
45 "files. Option default value is deduced from "
46 "metadata_proxy_user: watch log is enabled if "
47 "metadata_proxy_user is agent effective user "
52 METADATA_PROXY_HANDLER_OPTS = [
53 cfg.StrOpt('auth_ca_cert',
54 help=_("Certificate Authority public key (CA cert) "
56 cfg.StrOpt('nova_metadata_ip', default='127.0.0.1',
57 help=_("IP address used by Nova metadata server.")),
58 cfg.PortOpt('nova_metadata_port',
60 help=_("TCP Port used by Nova metadata server.")),
61 cfg.StrOpt('metadata_proxy_shared_secret',
63 help=_('When proxying metadata requests, Neutron signs the '
64 'Instance-ID header with a shared secret to prevent '
65 'spoofing. You may select any string for a secret, '
66 'but it must match here and in the configuration used '
67 'by the Nova Metadata Server. NOTE: Nova uses the same '
68 'config key, but in [neutron] section.'),
70 cfg.StrOpt('nova_metadata_protocol',
72 choices=['http', 'https'],
73 help=_("Protocol to access nova metadata, http or https")),
74 cfg.BoolOpt('nova_metadata_insecure', default=False,
75 help=_("Allow to perform insecure SSL (https) requests to "
77 cfg.StrOpt('nova_client_cert',
79 help=_("Client certificate for nova metadata api server.")),
80 cfg.StrOpt('nova_client_priv_key',
82 help=_("Private key of client certificate."))
85 DEDUCE_MODE = 'deduce'
89 SOCKET_MODES = (DEDUCE_MODE, USER_MODE, GROUP_MODE, ALL_MODE)
92 UNIX_DOMAIN_METADATA_PROXY_OPTS = [
93 cfg.StrOpt('metadata_proxy_socket_mode',
96 help=_("Metadata Proxy UNIX domain socket mode, 4 values "
98 "'deduce': deduce mode from metadata_proxy_user/group "
100 "'user': set metadata proxy socket mode to 0o644, to "
101 "use when metadata_proxy_user is agent effective user "
103 "'group': set metadata proxy socket mode to 0o664, to "
104 "use when metadata_proxy_group is agent effective "
106 "'all': set metadata proxy socket mode to 0o666, to use "
108 cfg.IntOpt('metadata_workers',
109 default=utils.cpu_count() // 2,
110 help=_('Number of separate worker processes for metadata '
111 'server (defaults to half of the number of CPUs)')),
112 cfg.IntOpt('metadata_backlog',
114 help=_('Number of backlog requests to configure the '
115 'metadata server socket with'))