2011-09-13 19:01:45 +00:00
|
|
|
[DEFAULT]
|
|
|
|
# Show more verbose log output (sets INFO log level output)
|
|
|
|
verbose = False
|
|
|
|
|
|
|
|
# Show debugging output in logs (sets DEBUG log level output)
|
|
|
|
debug = False
|
|
|
|
|
|
|
|
# Which backend store should Keystone use by default.
|
|
|
|
# Default: 'sqlite'
|
|
|
|
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
|
|
|
|
default_store = sqlite
|
|
|
|
|
|
|
|
# Log to this file. Make sure you do not set the same log
|
|
|
|
# file for both the API and registry servers!
|
2011-09-27 02:50:43 +00:00
|
|
|
log_file = %DEST%/keystone/keystone.log
|
2011-09-13 19:01:45 +00:00
|
|
|
|
|
|
|
# List of backends to be configured
|
|
|
|
backends = keystone.backends.sqlalchemy
|
|
|
|
#For LDAP support, add: ,keystone.backends.ldap
|
|
|
|
|
|
|
|
# Dictionary Maps every service to a header.Missing services would get header
|
|
|
|
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
|
|
|
|
service-header-mappings = {
|
|
|
|
'nova' : 'X-Server-Management-Url',
|
|
|
|
'swift' : 'X-Storage-Url',
|
|
|
|
'cdn' : 'X-CDN-Management-Url'}
|
|
|
|
|
2011-11-23 18:10:53 +00:00
|
|
|
#List of extensions currently supported
|
|
|
|
extensions= osksadm,oskscatalog
|
|
|
|
|
2011-09-13 19:01:45 +00:00
|
|
|
# Address to bind the API server
|
|
|
|
# TODO Properties defined within app not available via pipeline.
|
|
|
|
service_host = 0.0.0.0
|
|
|
|
|
|
|
|
# Port the bind the API server to
|
|
|
|
service_port = 5000
|
|
|
|
|
2011-11-23 18:10:53 +00:00
|
|
|
# SSL for API server
|
|
|
|
service_ssl = False
|
|
|
|
|
2011-09-13 19:01:45 +00:00
|
|
|
# Address to bind the Admin API server
|
|
|
|
admin_host = 0.0.0.0
|
|
|
|
|
|
|
|
# Port the bind the Admin API server to
|
2011-09-30 22:52:18 +00:00
|
|
|
admin_port = 35357
|
2011-09-13 19:01:45 +00:00
|
|
|
|
2011-11-23 18:10:53 +00:00
|
|
|
# SSL for API Admin server
|
|
|
|
admin_ssl = False
|
|
|
|
|
|
|
|
# Keystone certificate file (modify as needed)
|
|
|
|
# Only required if *_ssl is set to True
|
|
|
|
certfile = /etc/keystone/ssl/certs/keystone.pem
|
|
|
|
|
|
|
|
# Keystone private key file (modify as needed)
|
|
|
|
# Only required if *_ssl is set to True
|
|
|
|
keyfile = /etc/keystone/ssl/private/keystonekey.pem
|
|
|
|
|
|
|
|
# Keystone trusted CA certificates (modify as needed)
|
|
|
|
# Only required if *_ssl is set to True
|
|
|
|
ca_certs = /etc/keystone/ssl/certs/ca.pem
|
|
|
|
|
|
|
|
# Client certificate required
|
|
|
|
# Only relevant if *_ssl is set to True
|
|
|
|
cert_required = True
|
|
|
|
|
2011-09-13 19:01:45 +00:00
|
|
|
#Role that allows to perform admin operations.
|
2011-11-23 18:10:53 +00:00
|
|
|
keystone-admin-role = Admin
|
2011-09-13 19:01:45 +00:00
|
|
|
|
|
|
|
#Role that allows to perform service admin operations.
|
2011-09-23 03:24:27 +00:00
|
|
|
keystone-service-admin-role = KeystoneServiceAdmin
|
2011-09-13 19:01:45 +00:00
|
|
|
|
2011-11-23 18:10:53 +00:00
|
|
|
#Tells whether password user need to be hashed in the backend
|
|
|
|
hash-password = True
|
|
|
|
|
2011-09-13 19:01:45 +00:00
|
|
|
[keystone.backends.sqlalchemy]
|
|
|
|
# SQLAlchemy connection string for the reference implementation registry
|
|
|
|
# server. Any valid SQLAlchemy connection string is fine.
|
|
|
|
# See: http://bit.ly/ideIpI
|
2011-09-14 03:07:44 +00:00
|
|
|
sql_connection = %SQL_CONN%
|
2011-09-13 19:01:45 +00:00
|
|
|
backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
|
|
|
|
'User', 'Credentials', 'EndpointTemplates', 'Token',
|
|
|
|
'Service']
|
|
|
|
|
|
|
|
# Period in seconds after which SQLAlchemy should reestablish its connection
|
|
|
|
# to the database.
|
|
|
|
sql_idle_timeout = 30
|
|
|
|
|
|
|
|
[pipeline:admin]
|
|
|
|
pipeline =
|
2011-11-23 18:10:53 +00:00
|
|
|
urlrewritefilter
|
|
|
|
admin_api
|
2011-09-13 19:01:45 +00:00
|
|
|
|
|
|
|
[pipeline:keystone-legacy-auth]
|
|
|
|
pipeline =
|
2011-11-23 18:10:53 +00:00
|
|
|
urlrewritefilter
|
2011-09-13 19:01:45 +00:00
|
|
|
legacy_auth
|
|
|
|
RAX-KEY-extension
|
|
|
|
service_api
|
|
|
|
|
|
|
|
[app:service_api]
|
|
|
|
paste.app_factory = keystone.server:service_app_factory
|
|
|
|
|
|
|
|
[app:admin_api]
|
|
|
|
paste.app_factory = keystone.server:admin_app_factory
|
|
|
|
|
|
|
|
[filter:urlrewritefilter]
|
|
|
|
paste.filter_factory = keystone.middleware.url:filter_factory
|
|
|
|
|
|
|
|
[filter:legacy_auth]
|
|
|
|
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
|
|
|
|
|
|
|
|
[filter:RAX-KEY-extension]
|
|
|
|
paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory
|
2011-11-23 18:10:53 +00:00
|
|
|
|
|
|
|
[filter:debug]
|
|
|
|
paste.filter_factory = keystone.common.wsgi:debug_filter_factory
|