From 939be7322479ca7075fed6717b9698deb18bf16d Mon Sep 17 00:00:00 2001 From: John Griffith Date: Fri, 30 May 2014 15:59:52 +0000 Subject: [PATCH] Update cinder.conf This is mostly just a sanity check, we're revmoving this whole check from the gate, but we've had conflicting versions of the truth here and I'm trying to figure out why. This patch is a fresh run of generate_sample, which differs from https://review.openstack.org/#/c/96784/ Change-Id: Ia2d6ca01beb1d2c42084100990129dadbb32b22c (cherry picked from commit 8965f168f4d26999538cf4694691916c285d5689) --- etc/cinder/cinder.conf.sample | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample index d0f4eb55c..35ea8cd33 100644 --- a/etc/cinder/cinder.conf.sample +++ b/etc/cinder/cinder.conf.sample @@ -2016,7 +2016,7 @@ #auth_uri= # Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint eg. https://localhost:35357/ +# the unversioned root endpoint e.g. https://localhost:35357/ # (string value) #identity_uri= @@ -2037,9 +2037,12 @@ # with Identity API Server. (integer value) #http_request_max_retries=3 -# Single shared secret with the Keystone configuration used -# for bootstrapping a Keystone installation, or otherwise -# bypassing the normal authentication process. (string value) +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) #admin_token= # Keystone account username (string value) @@ -2091,7 +2094,7 @@ # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) -#revocation_cache_time=300 +#revocation_cache_time=10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable @@ -2124,6 +2127,23 @@ # value) #enforce_token_bind=permissive +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# Keystone server. (boolean value) +#check_revocations_for_cached=false + +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 + [matchmaker_ring] -- 2.45.2