kolla-ansible/ansible/roles/keystone/templates/keystone.conf.j2

[DEFAULT]
debug = {{ keystone_logging_debug }}
{% if enable_cadf_notifications | bool %}
notification_format = cadf
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}

# NOTE(elemoine) log_dir alone does not work for Keystone
log_file = /var/log/kolla/keystone/keystone.log

secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO

[database]
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
max_retries = -1

{% if keystone_domain_cfg.stat.exists %}
[identity]
domain_specific_drivers_enabled = true
domain_config_dir = /etc/keystone/domains
{% endif %}

{% if keystone_token_provider == 'fernet' %}
[token]
provider = {{ keystone_token_provider }}
expiration = {{ fernet_token_expiry }}

[fernet_tokens]
max_active_keys = {{ (groups['keystone'] | length) + 1 }}
{% endif %}

[cache]
backend = oslo_cache.memcache_pool
enabled = True

{# For Kolla-Ansible, generate the memcache servers based on the list of
memcached servers in the inventory and memcached_servers should be un-set.
For Kolla-Kubernetes,  it is necessary to define the memcached_servers
variable in globals.yml to set it to the Kubernetes service for memcached. #}

{% if orchestration_engine == 'KUBERNETES' %}
memcache_servers = {{ memcached_servers }}
{% else %}
memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{%- endif %}

{% if enable_cadf_notifications | bool %}
[oslo_messaging_notifications]
driver = messagingv2
{% endif %}