# Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. keystone_conf: DEFAULT: verbose: "{{ verbose }}" debug: "{{ debug }}" admin_token: "{{ auth_admin_token }}" bind_host: "0.0.0.0" # The port number which the public service listens on public_port: "{{ auth_public_port }}" # The port number which the public admin listens on admin_port: "{{ auth_port }}" public_endpoint: "{{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_public_port }}/" admin_endpoint: "{{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_port }}/" log_file: "keystone.log" log_dir: /var/log/keystone rabbit_hosts: "{{ rabbit_hosts }}" rabbit_userid: "{{ rabbit_userid }}" rabbit_password: "{{ rabbit_password }}" rpc_backend: "{{ rpc_backend }}" memcache: servers: "{{ internal_vip_address }}:{{ memcached_port }}" max_compare_and_set_retry: 16 cache: backend: "dogpile.cache.memcached" backend_argument: "url:{{ internal_vip_address }}:{{ memcached_port }}" config_prefix: "cache.keystone" distributed_lock: True expiration_time: 5400 enabled: "true" revoke: expiration_buffer: 1800 caching: "true" auth: methods: "{{ auth_methods }}" database: connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8" idle_timeout: 200 min_pool_size: 5 max_pool_size: 10 pool_timeout: 200 identity: driver: "{{ keystone_identity_driver|default('keystone.identity.backends.sql.Identity') }}" assignment: driver: keystone.assignment.backends.sql.Assignment caching: true ldap: url: "ldap://{{ keystone_ldap_server|default('localhost') }}" user: "{{ keystone_ldap_user_bind|default('root') }}" password: "{{ keystone_ldap_user_bind_password|default('secrete') }}" suffix: "{{ keystone_ldap_suffix|default('cn=example,cn=com') }}" use_dumb_member: "{{ keystone_ldap_use_dumb_member|default('false') }}" dumb_member: "{{ keystone_ldap_dumb_member|default('cn=dumb,dc=nonexistent') }}" allow_subtree_delete: "{{ keystone_ldap_allow_subtree_delete|default('false') }}" query_scope: "{{ keystone_ldap_query_scope|default('one') }}" page_size: "{{ keystone_ldap_page_size|default('0') }}" debug_level: "{{ keystone_ldap_debug_level|default('') }}" chase_referrals: "{{ keystone_ldap_chase_referrals|default('True') }}" user_tree_dn: "{{ keystone_ldap_user_tree_dn|default('') }}" user_filter: "{{ keystone_ldap_user_filter|default('') }}" user_objectclass: "{{ keystone_ldap_user_objectclass|default('inetOrgPerson') }}" user_id_attribute: "{{ keystone_ldap_user_id_attribute|default('cn') }}" user_name_attribute: "{{ keystone_ldap_user_name_attribute|default('sn') }}" user_mail_attribute: "{{ keystone_ldap_user_mail_attribute|default('email') }}" user_pass_attribute: "{{ keystone_ldap_user_pass_attribute|default('userPassword')}}" user_enabled_attribute: "{{ keystone_ldap_user_enabled_attribute|default('enabled') }}" user_enabled_mask: "{{ keystone_ldap_user_enabled_mask|default('0') }}" user_enabled_default: "{{ keystone_ldap_user_enabled_default|default('True') }}" user_attribute_ignore: "{{ keystone_ldap_user_attribute_ignore|default('default_project_id,tenants') }}" user_default_project_id_attribute: "{{ keystone_ldap_user_default_project_id_attribute|default('') }}" user_allow_create: "{{ keystone_ldap_user_allow_create|default('true') }}" user_allow_update: "{{ keystone_ldap_user_allow_update|default('true') }}" user_allow_delete: "{{ keystone_ldap_user_allow_delete|default('true') }}" user_enabled_emulation: "{{ keystone_ldap_user_enabled_emulation|default('false') }}" user_enabled_emulation_dn: "{{ keystone_ldap_user_enabled_emulation_dn|default('') }}" user_additional_attribute_mapping: "{{ keystone_ldap_user_additional_attribute_mapping|default('') }}" group_tree_dn: "{{ keystone_ldap_|default('') }}" group_filter: "{{ keystone_ldap_group_filter|default('') }}" group_objectclass: "{{ keystone_ldap_group_objectclass|default('groupOfNames') }}" group_id_attribute: "{{ keystone_ldap_group_id_attribute|default('cn') }}" group_name_attribute: "{{ keystone_ldap_group_name_attribute|default('ou') }}" group_member_attribute: "{{ keystone_ldap_group_member_attribute|default('member') }}" group_desc_attribute: "{{ keystone_ldap_group_desc_attribute|default('description') }}" group_attribute_ignore: "{{ keystone_ldap_group_attribute_ignore|default('') }}" group_allow_create: "{{ keystone_ldap_group_allow_create|default('true') }}" group_allow_update: "{{ keystone_ldap_group_allow_update|default('true') }}" group_allow_delete: "{{ keystone_ldap_group_allow_delete|default('true') }}" group_additional_attribute_mapping: "{{ keystone_ldap_group_additional_attribute_mapping|default('') }}" tls_cacertfile: "{{ keystone_ldap_tls_cacertfile|default('') }}" tls_cacertdir: "{{ keystone_ldap_tls_cacertdir|default('') }}" use_tls: "{{ keystone_ldap_use_tls|default('false') }}" tls_req_cert: "{{ keystone_ldap_tls_req_cert|default('demand') }}" token: enforce_token_bind: "permissive" revocation_cache_time: 3600 expiration: 43200 caching: "true" cache_time: "5400" provider: "{{ token_provider }}" keystone_paste_ini: filter:debug: paste.filter_factory: "keystone.common.wsgi:Debug.factory" filter:build_auth_context: paste.filter_factory: "keystone.middleware:AuthContextMiddleware.factory" filter:token_auth: paste.filter_factory: "keystone.middleware:TokenAuthMiddleware.factory" filter:admin_token_auth: paste.filter_factory: "keystone.middleware:AdminTokenAuthMiddleware.factory" filter:xml_body: paste.filter_factory: "keystone.middleware:XmlBodyMiddleware.factory" filter:xml_body_v2: paste.filter_factory: "keystone.middleware:XmlBodyMiddlewareV2.factory" filter:xml_body_v3: paste.filter_factory: "keystone.middleware:XmlBodyMiddlewareV3.factory" filter:json_body: paste.filter_factory: "keystone.middleware:JsonBodyMiddleware.factory" filter:user_crud_extension: paste.filter_factory: "keystone.contrib.user_crud:CrudExtension.factory" filter:crud_extension: paste.filter_factory: "keystone.contrib.admin_crud:CrudExtension.factory" filter:ec2_extension: paste.filter_factory: "keystone.contrib.ec2:Ec2Extension.factory" filter:ec2_extension_v3: paste.filter_factory: "keystone.contrib.ec2:Ec2ExtensionV3.factory" filter:federation_extension: paste.filter_factory: "keystone.contrib.federation.routers:FederationExtension.factory" filter:oauth1_extension: paste.filter_factory: "keystone.contrib.oauth1.routers:OAuth1Extension.factory" filter:s3_extension: paste.filter_factory: "keystone.contrib.s3:S3Extension.factory" filter:endpoint_filter_extension: paste.filter_factory: "keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory" filter:simple_cert_extension: paste.filter_factory: "keystone.contrib.simple_cert:SimpleCertExtension.factory" filter:revoke_extension: paste.filter_factory: "keystone.contrib.revoke.routers:RevokeExtension.factory" filter:url_normalize: paste.filter_factory: "keystone.middleware:NormalizingFilter.factory" filter:sizelimit: paste.filter_factory: "keystone.middleware:RequestBodySizeLimiter.factory" filter:stats_monitoring: paste.filter_factory: "keystone.contrib.stats:StatsMiddleware.factory" filter:stats_reporting: paste.filter_factory: "keystone.contrib.stats:StatsExtension.factory" filter:access_log: paste.filter_factory: "keystone.contrib.access:AccessLogMiddleware.factory" app:public_service: paste.app_factory: "keystone.service:public_app_factory" app:service_v3: paste.app_factory: "keystone.service:v3_app_factory" app:admin_service: paste.app_factory: "keystone.service:admin_app_factory" pipeline:public_api: pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service" pipeline:admin_api: pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service" pipeline:api_v3: pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3" app:public_version_service: paste.app_factory: "keystone.service:public_version_app_factory" app:admin_version_service: paste.app_factory: "keystone.service:admin_version_app_factory" pipeline:public_version_api: pipeline: "sizelimit url_normalize xml_body public_version_service" pipeline:admin_version_api: pipeline: "sizelimit url_normalize xml_body admin_version_service" composite:main: use: "egg:Paste#urlmap" /v2.0: "public_api" /v3: "api_v3" /: "public_version_api" composite:admin: use: "egg:Paste#urlmap" /v2.0: "admin_api" /v3: "api_v3" /: "admin_version_api"