[lxc-devel] [lxd/master] Server documentation fixes
stgraber on Github
lxc-bot at linuxcontainers.org
Tue Aug 13 21:04:38 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190813/10a9a04a/attachment-0001.bin>
-------------- next part --------------
From 6bb85e867e0154e71a5053e3e8ee8e8461032bd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 12 Aug 2019 00:20:59 -0400
Subject: [PATCH 1/3] doc/server: Fix defaults for rbac
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/server.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/doc/server.md b/doc/server.md
index 955f307748..9ae505fac3 100644
--- a/doc/server.md
+++ b/doc/server.md
@@ -35,13 +35,13 @@ images.remote\_cache\_expiry | integer | 10 | -
maas.api.key | string | - | maas\_network | API key to manage MAAS
maas.api.url | string | - | maas\_network | URL of the MAAS server
maas.machine | string | hostname | maas\_network | Name of this LXD host in MAAS
-rbac.agent.url | string | | rbac | The Candid agent url as provided during RBAC registration
-rbac.agent.username | string | | rbac | The Candid agent username as provided during RBAC registration
-rbac.agent.public\_key | string | | rbac | The Candid agent public key as provided during RBAC registration
-rbac.agent.private\_key | string | | rbac | The Candid agent private key as provided during RBAC registration
-rbac.api.expiry | integer | | rbac | RBAC macaroon expiry in seconds
-rbac.api.key | string | | rbac | Public key of the RBAC server (required for HTTP-only servers)
-rbac.api.url | string | | rbac | URL of the external RBAC server
+rbac.agent.url | string | - | rbac | The Candid agent url as provided during RBAC registration
+rbac.agent.username | string | - | rbac | The Candid agent username as provided during RBAC registration
+rbac.agent.public\_key | string | - | rbac | The Candid agent public key as provided during RBAC registration
+rbac.agent.private\_key | string | - | rbac | The Candid agent private key as provided during RBAC registration
+rbac.api.expiry | integer | - | rbac | RBAC macaroon expiry in seconds
+rbac.api.key | string | - | rbac | Public key of the RBAC server (required for HTTP-only servers)
+rbac.api.url | string | - | rbac | URL of the external RBAC server
Those keys can be set using the lxc tool with:
From 59553e0cfe5671d4b991b48296bba28efdb9a4d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 13 Aug 2019 16:42:43 -0400
Subject: [PATCH 2/3] doc/server: Add missing key namespaces
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/server.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/doc/server.md b/doc/server.md
index 9ae505fac3..7766cb9a1a 100644
--- a/doc/server.md
+++ b/doc/server.md
@@ -4,9 +4,13 @@ The server configuration is a simple set of key and values.
The key/value configuration is namespaced with the following namespaces
currently supported:
+ - `backups` (backups configuration)
+ - `candid` (Candid authentication integration)
+ - `cluster` (cluster configuration)
- `core` (core daemon configuration)
- `images` (image configuration)
- `maas` (MAAS integration)
+ - `rbac` (Role Based Access Control integration)
Key | Type | Default | API extension | Description
:-- | :--- | :------ | :------------ | :----------
From 8f6cc18c59e83fb68182c4c44f0dd8d455833567 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 13 Aug 2019 16:39:44 -0400
Subject: [PATCH 3/3] doc/server: Add scope column
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/server.md | 73 +++++++++++++++++++++++++++------------------------
1 file changed, 39 insertions(+), 34 deletions(-)
diff --git a/doc/server.md b/doc/server.md
index 7766cb9a1a..18628dd7c8 100644
--- a/doc/server.md
+++ b/doc/server.md
@@ -12,43 +12,48 @@ currently supported:
- `maas` (MAAS integration)
- `rbac` (Role Based Access Control integration)
-Key | Type | Default | API extension | Description
-:-- | :--- | :------ | :------------ | :----------
-backups.compression\_algorithm | string | gzip | backup\_compression | Compression algorithm to use for new images (bzip2, gzip, lzma, xz or none)
-candid.api.key | string | - | candid\_config\_key | Public key of the candid server (required for HTTP-only servers)
-candid.api.url | string | - | candid\_authentication | URL of the the external authentication endpoint using Candid
-candid.expiry | integer | 3600 | candid\_config | Candid macaroon expiry in seconds
-candid.domains | string | - | candid\_config | Comma-separated list of allowed Candid domains (empty string means all domains are valid)
-cluster.https\_address | string | - | clustering\_server\_address | Address the server should using for clustering traffic
-cluster.offline\_threshold | integer | 20 | clustering | Number of seconds after which an unresponsive node is considered offline
-cluster.images\_minimal\_replica | integer | 3 | clustering\_image\_replication | Minimal numbers of cluster members with a copy of a particular image (set 1 for no replication, -1 for all members)
-core.debug\_address | string | - | pprof\_http | Address to bind the pprof debug server to (HTTP)
-core.https\_address | string | - | - | Address to bind for the remote API (HTTPS)
-core.https\_allowed\_credentials | boolean | - | - | Whether to set Access-Control-Allow-Credentials http header value to "true"
-core.https\_allowed\_headers | string | - | - | Access-Control-Allow-Headers http header value
-core.https\_allowed\_methods | string | - | - | Access-Control-Allow-Methods http header value
-core.https\_allowed\_origin | string | - | - | Access-Control-Allow-Origin http header value
-core.proxy\_https | string | - | - | https proxy to use, if any (falls back to HTTPS\_PROXY environment variable)
-core.proxy\_http | string | - | - | http proxy to use, if any (falls back to HTTP\_PROXY environment variable)
-core.proxy\_ignore\_hosts | string | - | - | hosts which don't need the proxy for use (similar format to NO\_PROXY, e.g. 1.2.3.4,1.2.3.5, falls back to NO\_PROXY environment variable)
-core.trust\_password | string | - | - | Password to be provided by clients to setup a trust
-images.auto\_update\_cached | boolean | true | - | Whether to automatically update any image that LXD caches
-images.auto\_update\_interval | integer | 6 | - | Interval in hours at which to look for update to cached images (0 disables it)
-images.compression\_algorithm | string | gzip | - | Compression algorithm to use for new images (bzip2, gzip, lzma, xz or none)
-images.remote\_cache\_expiry | integer | 10 | - | Number of days after which an unused cached remote image will be flushed
-maas.api.key | string | - | maas\_network | API key to manage MAAS
-maas.api.url | string | - | maas\_network | URL of the MAAS server
-maas.machine | string | hostname | maas\_network | Name of this LXD host in MAAS
-rbac.agent.url | string | - | rbac | The Candid agent url as provided during RBAC registration
-rbac.agent.username | string | - | rbac | The Candid agent username as provided during RBAC registration
-rbac.agent.public\_key | string | - | rbac | The Candid agent public key as provided during RBAC registration
-rbac.agent.private\_key | string | - | rbac | The Candid agent private key as provided during RBAC registration
-rbac.api.expiry | integer | - | rbac | RBAC macaroon expiry in seconds
-rbac.api.key | string | - | rbac | Public key of the RBAC server (required for HTTP-only servers)
-rbac.api.url | string | - | rbac | URL of the external RBAC server
+Key | Type | Scope | Default | API extension | Description
+:-- | :--- | :---- | :------ | :------------ | :----------
+backups.compression\_algorithm | string | global | gzip | backup\_compression | Compression algorithm to use for new images (bzip2, gzip, lzma, xz or none)
+candid.api.key | string | global | - | candid\_config\_key | Public key of the candid server (required for HTTP-only servers)
+candid.api.url | string | global | - | candid\_authentication | URL of the the external authentication endpoint using Candid
+candid.expiry | integer | global | 3600 | candid\_config | Candid macaroon expiry in seconds
+candid.domains | string | global | - | candid\_config | Comma-separated list of allowed Candid domains (empty string means all domains are valid)
+cluster.https\_address | string | local | - | clustering\_server\_address | Address the server should using for clustering traffic
+cluster.offline\_threshold | integer | global | 20 | clustering | Number of seconds after which an unresponsive node is considered offline
+cluster.images\_minimal\_replica | integer | global | 3 | clustering\_image\_replication | Minimal numbers of cluster members with a copy of a particular image (set 1 for no replication, -1 for all members)
+core.debug\_address | string | local | - | pprof\_http | Address to bind the pprof debug server to (HTTP)
+core.https\_address | string | local | - | - | Address to bind for the remote API (HTTPS)
+core.https\_allowed\_credentials | boolean | global | - | - | Whether to set Access-Control-Allow-Credentials http header value to "true"
+core.https\_allowed\_headers | string | global | - | - | Access-Control-Allow-Headers http header value
+core.https\_allowed\_methods | string | global | - | - | Access-Control-Allow-Methods http header value
+core.https\_allowed\_origin | string | global | - | - | Access-Control-Allow-Origin http header value
+core.proxy\_https | string | global | - | - | https proxy to use, if any (falls back to HTTPS\_PROXY environment variable)
+core.proxy\_http | string | global | - | - | http proxy to use, if any (falls back to HTTP\_PROXY environment variable)
+core.proxy\_ignore\_hosts | string | global | - | - | hosts which don't need the proxy for use (similar format to NO\_PROXY, e.g. 1.2.3.4,1.2.3.5, falls back to NO\_PROXY environment variable)
+core.trust\_password | string | global | - | - | Password to be provided by clients to setup a trust
+images.auto\_update\_cached | boolean | global | true | - | Whether to automatically update any image that LXD caches
+images.auto\_update\_interval | integer | global | 6 | - | Interval in hours at which to look for update to cached images (0 disables it)
+images.compression\_algorithm | string | global | gzip | - | Compression algorithm to use for new images (bzip2, gzip, lzma, xz or none)
+images.remote\_cache\_expiry | integer | global | 10 | - | Number of days after which an unused cached remote image will be flushed
+maas.api.key | string | global | - | maas\_network | API key to manage MAAS
+maas.api.url | string | global | - | maas\_network | URL of the MAAS server
+maas.machine | string | local | hostname | maas\_network | Name of this LXD host in MAAS
+rbac.agent.url | string | global | - | rbac | The Candid agent url as provided during RBAC registration
+rbac.agent.username | string | global | - | rbac | The Candid agent username as provided during RBAC registration
+rbac.agent.public\_key | string | global | - | rbac | The Candid agent public key as provided during RBAC registration
+rbac.agent.private\_key | string | global | - | rbac | The Candid agent private key as provided during RBAC registration
+rbac.api.expiry | integer | global | - | rbac | RBAC macaroon expiry in seconds
+rbac.api.key | string | global | - | rbac | Public key of the RBAC server (required for HTTP-only servers)
+rbac.api.url | string | global | - | rbac | URL of the external RBAC server
Those keys can be set using the lxc tool with:
```bash
lxc config set <key> <value>
```
+
+When operating as part of a cluster, the keys marked with a `global`
+scope will immediately be applied to all the cluster members. Those keys
+with a `local` scope must be set on a per member basis using the
+`--target` option of the command line tool.
More information about the lxc-devel
mailing list