keystone.conf 2.71 KB
Newer Older
David Ames's avatar
David Ames committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# ocata
###############################################################################
# [ WARNING ]
# Configuration file maintained by Juju. Local changes may be overwritten.
###############################################################################
[DEFAULT]
admin_token = {{ token }}
use_syslog = {{ use_syslog }}
log_config_append = {{ log_config }}
debug = {{ debug }}
public_endpoint = {{ public_endpoint }}
admin_endpoint = {{ admin_endpoint }}

[database]
{% if database_host -%}
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
{% else -%}
connection = sqlite:////var/lib/keystone/keystone.db
{% endif -%}
idle_timeout = 200

[identity]
driver = {{ identity_backend }}
{% if default_domain_id -%}
default_domain_id = {{ default_domain_id }}
{% endif -%}

{% if api_version == 3 -%}
domain_specific_drivers_enabled = True
domain_config_dir = {{ domain_config_dir }}
{% endif -%}

[credential]
driver = sql

[trust]
driver = sql

[os_inherit]

[catalog]
driver = sql

[endpoint_filter]

[token]
driver = sql
{% if token_provider == 'pki' -%}
provider = keystone.token.providers.pki.Provider
{% elif token_provider == 'pkiz' -%}
provider = keystone.token.providers.pkiz.Provider
{% else -%}
53
provider = uuid
David Ames's avatar
David Ames committed
54
55
56
57
58
{% endif -%}
expiration = {{ token_expiration }}

{% include "parts/section-signing" %}

Liam Young's avatar
Liam Young committed
59
{% include "section-oslo-cache" %}
David Ames's avatar
David Ames committed
60
61
62
63
64
65
66
67
68
69

[policy]
driver = sql

[assignment]
driver = {{ assignment_backend }}

[oauth1]

[auth]
70
methods = external,password,token,oauth1,mapped,openid
David Ames's avatar
David Ames committed
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
password = keystone.auth.plugins.password.Password
token = keystone.auth.plugins.token.Token
oauth1 = keystone.auth.plugins.oauth1.OAuth

[paste_deploy]
config_file = {{ paste_config_file }}

[extra_headers]
Distribution = Ubuntu

[ldap]
{% if identity_backend == 'ldap' -%}
url = {{ ldap_server }}
user = {{ ldap_user }}
password = {{ ldap_password }}
suffix = {{ ldap_suffix }}

{% if ldap_config_flags -%}
{% for key, value in ldap_config_flags.iteritems() -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif -%}

{% if ldap_readonly -%}
user_allow_create = False
user_allow_update = False
user_allow_delete = False

tenant_allow_create = False
tenant_allow_update = False
tenant_allow_delete = False

role_allow_create = False
role_allow_update = False
role_allow_delete = False

group_allow_create = False
group_allow_update = False
group_allow_delete = False
{% endif -%}
{% endif -%}

{% if api_version == 3 -%}
[resource]
admin_project_domain_name = {{ admin_domain_name }}
admin_project_name = admin
{% endif -%}
118
119

{% include "parts/section-federation" %}