190 lines
9.6 KiB
YAML
190 lines
9.6 KiB
YAML
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
keystone_conf:
|
|
DEFAULT:
|
|
verbose: "{{ verbose }}"
|
|
debug: "{{ debug }}"
|
|
admin_token: "{{ auth_admin_token }}"
|
|
bind_host: "0.0.0.0"
|
|
# The port number which the public service listens on
|
|
public_port: "{{ auth_public_port }}"
|
|
# The port number which the public admin listens on
|
|
admin_port: "{{ auth_port }}"
|
|
public_endpoint: "{{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_public_port }}/"
|
|
admin_endpoint: "{{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_port }}/"
|
|
log_file: "keystone.log"
|
|
log_dir: /var/log/keystone
|
|
rabbit_hosts: "{{ rabbit_hosts }}"
|
|
rabbit_userid: "{{ rabbit_userid }}"
|
|
rabbit_password: "{{ rabbit_password }}"
|
|
rpc_backend: "{{ rpc_backend }}"
|
|
memcache:
|
|
servers: "{{ internal_vip_address }}:{{ memcached_port }}"
|
|
max_compare_and_set_retry: 16
|
|
cache:
|
|
backend: "dogpile.cache.memcached"
|
|
backend_argument: "url:{{ internal_vip_address }}:{{ memcached_port }}"
|
|
config_prefix: "cache.keystone"
|
|
distributed_lock: True
|
|
expiration_time: 5400
|
|
enabled: "true"
|
|
revoke:
|
|
expiration_buffer: 1800
|
|
caching: "true"
|
|
auth:
|
|
methods: "{{ auth_methods }}"
|
|
database:
|
|
connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
|
|
idle_timeout: 200
|
|
min_pool_size: 5
|
|
max_pool_size: 10
|
|
pool_timeout: 200
|
|
identity:
|
|
driver: "{{ keystone_identity_driver|default('keystone.identity.backends.sql.Identity') }}"
|
|
assignment:
|
|
driver: keystone.assignment.backends.sql.Assignment
|
|
caching: true
|
|
ldap:
|
|
url: "ldap://{{ keystone_ldap_server|default('localhost') }}"
|
|
user: "{{ keystone_ldap_user_bind|default('root') }}"
|
|
password: "{{ keystone_ldap_user_bind_password|default('secrete') }}"
|
|
suffix: "{{ keystone_ldap_suffix|default('cn=example,cn=com') }}"
|
|
use_dumb_member: "{{ keystone_ldap_use_dumb_member|default('false') }}"
|
|
dumb_member: "{{ keystone_ldap_dumb_member|default('cn=dumb,dc=nonexistent') }}"
|
|
allow_subtree_delete: "{{ keystone_ldap_allow_subtree_delete|default('false') }}"
|
|
query_scope: "{{ keystone_ldap_query_scope|default('one') }}"
|
|
page_size: "{{ keystone_ldap_page_size|default('0') }}"
|
|
debug_level: "{{ keystone_ldap_debug_level|default('') }}"
|
|
chase_referrals: "{{ keystone_ldap_chase_referrals|default('True') }}"
|
|
user_tree_dn: "{{ keystone_ldap_user_tree_dn|default('') }}"
|
|
user_filter: "{{ keystone_ldap_user_filter|default('') }}"
|
|
user_objectclass: "{{ keystone_ldap_user_objectclass|default('inetOrgPerson') }}"
|
|
user_id_attribute: "{{ keystone_ldap_user_id_attribute|default('cn') }}"
|
|
user_name_attribute: "{{ keystone_ldap_user_name_attribute|default('sn') }}"
|
|
user_mail_attribute: "{{ keystone_ldap_user_mail_attribute|default('email') }}"
|
|
user_pass_attribute: "{{ keystone_ldap_user_pass_attribute|default('userPassword')}}"
|
|
user_enabled_attribute: "{{ keystone_ldap_user_enabled_attribute|default('enabled') }}"
|
|
user_enabled_mask: "{{ keystone_ldap_user_enabled_mask|default('0') }}"
|
|
user_enabled_default: "{{ keystone_ldap_user_enabled_default|default('True') }}"
|
|
user_attribute_ignore: "{{ keystone_ldap_user_attribute_ignore|default('default_project_id,tenants') }}"
|
|
user_default_project_id_attribute: "{{ keystone_ldap_user_default_project_id_attribute|default('') }}"
|
|
user_allow_create: "{{ keystone_ldap_user_allow_create|default('true') }}"
|
|
user_allow_update: "{{ keystone_ldap_user_allow_update|default('true') }}"
|
|
user_allow_delete: "{{ keystone_ldap_user_allow_delete|default('true') }}"
|
|
user_enabled_emulation: "{{ keystone_ldap_user_enabled_emulation|default('false') }}"
|
|
user_enabled_emulation_dn: "{{ keystone_ldap_user_enabled_emulation_dn|default('') }}"
|
|
user_additional_attribute_mapping: "{{ keystone_ldap_user_additional_attribute_mapping|default('') }}"
|
|
group_tree_dn: "{{ keystone_ldap_|default('') }}"
|
|
group_filter: "{{ keystone_ldap_group_filter|default('') }}"
|
|
group_objectclass: "{{ keystone_ldap_group_objectclass|default('groupOfNames') }}"
|
|
group_id_attribute: "{{ keystone_ldap_group_id_attribute|default('cn') }}"
|
|
group_name_attribute: "{{ keystone_ldap_group_name_attribute|default('ou') }}"
|
|
group_member_attribute: "{{ keystone_ldap_group_member_attribute|default('member') }}"
|
|
group_desc_attribute: "{{ keystone_ldap_group_desc_attribute|default('description') }}"
|
|
group_attribute_ignore: "{{ keystone_ldap_group_attribute_ignore|default('') }}"
|
|
group_allow_create: "{{ keystone_ldap_group_allow_create|default('true') }}"
|
|
group_allow_update: "{{ keystone_ldap_group_allow_update|default('true') }}"
|
|
group_allow_delete: "{{ keystone_ldap_group_allow_delete|default('true') }}"
|
|
group_additional_attribute_mapping: "{{ keystone_ldap_group_additional_attribute_mapping|default('') }}"
|
|
tls_cacertfile: "{{ keystone_ldap_tls_cacertfile|default('') }}"
|
|
tls_cacertdir: "{{ keystone_ldap_tls_cacertdir|default('') }}"
|
|
use_tls: "{{ keystone_ldap_use_tls|default('false') }}"
|
|
tls_req_cert: "{{ keystone_ldap_tls_req_cert|default('demand') }}"
|
|
token:
|
|
enforce_token_bind: "permissive"
|
|
revocation_cache_time: 3600
|
|
expiration: 43200
|
|
caching: "true"
|
|
cache_time: "5400"
|
|
provider: "{{ token_provider }}"
|
|
|
|
keystone_paste_ini:
|
|
filter:debug:
|
|
paste.filter_factory: "keystone.common.wsgi:Debug.factory"
|
|
filter:build_auth_context:
|
|
paste.filter_factory: "keystone.middleware:AuthContextMiddleware.factory"
|
|
filter:token_auth:
|
|
paste.filter_factory: "keystone.middleware:TokenAuthMiddleware.factory"
|
|
filter:admin_token_auth:
|
|
paste.filter_factory: "keystone.middleware:AdminTokenAuthMiddleware.factory"
|
|
filter:xml_body:
|
|
paste.filter_factory: "keystone.middleware:XmlBodyMiddleware.factory"
|
|
filter:xml_body_v2:
|
|
paste.filter_factory: "keystone.middleware:XmlBodyMiddlewareV2.factory"
|
|
filter:xml_body_v3:
|
|
paste.filter_factory: "keystone.middleware:XmlBodyMiddlewareV3.factory"
|
|
filter:json_body:
|
|
paste.filter_factory: "keystone.middleware:JsonBodyMiddleware.factory"
|
|
filter:user_crud_extension:
|
|
paste.filter_factory: "keystone.contrib.user_crud:CrudExtension.factory"
|
|
filter:crud_extension:
|
|
paste.filter_factory: "keystone.contrib.admin_crud:CrudExtension.factory"
|
|
filter:ec2_extension:
|
|
paste.filter_factory: "keystone.contrib.ec2:Ec2Extension.factory"
|
|
filter:ec2_extension_v3:
|
|
paste.filter_factory: "keystone.contrib.ec2:Ec2ExtensionV3.factory"
|
|
filter:federation_extension:
|
|
paste.filter_factory: "keystone.contrib.federation.routers:FederationExtension.factory"
|
|
filter:oauth1_extension:
|
|
paste.filter_factory: "keystone.contrib.oauth1.routers:OAuth1Extension.factory"
|
|
filter:s3_extension:
|
|
paste.filter_factory: "keystone.contrib.s3:S3Extension.factory"
|
|
filter:endpoint_filter_extension:
|
|
paste.filter_factory: "keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory"
|
|
filter:simple_cert_extension:
|
|
paste.filter_factory: "keystone.contrib.simple_cert:SimpleCertExtension.factory"
|
|
filter:revoke_extension:
|
|
paste.filter_factory: "keystone.contrib.revoke.routers:RevokeExtension.factory"
|
|
filter:url_normalize:
|
|
paste.filter_factory: "keystone.middleware:NormalizingFilter.factory"
|
|
filter:sizelimit:
|
|
paste.filter_factory: "keystone.middleware:RequestBodySizeLimiter.factory"
|
|
filter:stats_monitoring:
|
|
paste.filter_factory: "keystone.contrib.stats:StatsMiddleware.factory"
|
|
filter:stats_reporting:
|
|
paste.filter_factory: "keystone.contrib.stats:StatsExtension.factory"
|
|
filter:access_log:
|
|
paste.filter_factory: "keystone.contrib.access:AccessLogMiddleware.factory"
|
|
app:public_service:
|
|
paste.app_factory: "keystone.service:public_app_factory"
|
|
app:service_v3:
|
|
paste.app_factory: "keystone.service:v3_app_factory"
|
|
app:admin_service:
|
|
paste.app_factory: "keystone.service:admin_app_factory"
|
|
pipeline:public_api:
|
|
pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service"
|
|
pipeline:admin_api:
|
|
pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service"
|
|
pipeline:api_v3:
|
|
pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3"
|
|
app:public_version_service:
|
|
paste.app_factory: "keystone.service:public_version_app_factory"
|
|
app:admin_version_service:
|
|
paste.app_factory: "keystone.service:admin_version_app_factory"
|
|
pipeline:public_version_api:
|
|
pipeline: "sizelimit url_normalize xml_body public_version_service"
|
|
pipeline:admin_version_api:
|
|
pipeline: "sizelimit url_normalize xml_body admin_version_service"
|
|
composite:main:
|
|
use: "egg:Paste#urlmap"
|
|
/v2.0: "public_api"
|
|
/v3: "api_v3"
|
|
/: "public_version_api"
|
|
composite:admin:
|
|
use: "egg:Paste#urlmap"
|
|
/v2.0: "admin_api"
|
|
/v3: "api_v3"
|
|
/: "admin_version_api"
|