keystone.conf

1. [DEFAULT]
2. log_file = /var/log/keystone/keystone.log
3. # A "shared secret" between keystone and other openstack services
4. # admin_token = ADMIN
5. admin_token = c055e416135e482082215aac91389a44
6.  
7. # The IP address of the network interface to listen on
8. # bind_host = 0.0.0.0
9. bind_host = 0.0.0.0
10.  
11. # The port number which the public service listens on
12. # public_port = 5000
13. public_port = 5000
14.  
15. # The port number which the public admin listens on
16. # admin_port = 35357
17. admin_port = 35357
18.  
19. # The base endpoint URLs for keystone that are advertised to clients
20. # (NOTE: this does NOT affect how keystone listens for connections)
21. public_endpoint = http://localhost:5000/
22. admin_endpoint = http://localhost:35357/
23.  
24. # The port number which the OpenStack Compute service listens on
25. # compute_port = 8774
26. compute_port = 8774
27.  
28. # Path to your policy definition containing identity actions
29. # policy_file = policy.json
30.  
31. # Rule to check if no matching policy definition is found
32. # FIXME(dolph): This should really be defined as [policy] default_rule
33. # policy_default_rule = admin_required
34.  
35. # Role for migrating membership relationships
36. # During a SQL upgrade, the following values will be used to create a new role
37. # that will replace records in the user_tenant_membership table with explicit
38. # role grants. After migration, the member_role_id will be used in the API
39. # add_user_to_project, and member_role_name will be ignored.
40. # member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab
41. # member_role_name = _member_
42.  
43. # === Logging Options ===
44. # Print debugging output
45. # (includes plaintext request logging, potentially including passwords)
46. # debug = False
47. debug = True
48.  
49. # Print more verbose output
50. # verbose = False
51. verbose = False
52.  
53. # Name of log file to output to. If not set, logging will go to stdout.
54. # log_file = keystone.log
55.  
56. # The directory to keep log files in (will be prepended to --logfile)
57. # log_dir = /var/log/keystone
58.  
59. # Use syslog for logging.
60. # use_syslog = False
61.  
62. # syslog facility to receive log lines
63. # syslog_log_facility = LOG_USER
64.  
65. # If this option is specified, the logging configuration file specified is
66. # used and overrides any other logging options specified. Please see the
67. # Python logging module documentation for details on logging configuration
68. # files.
69. # log_config = logging.conf
70.  
71. # A logging.Formatter log message format string which may use any of the
72. # available logging.LogRecord attributes.
73. # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
74.  
75. # Format string for %(asctime)s in log records.
76. # log_date_format = %Y-%m-%d %H:%M:%S
77.  
78. # onready allows you to send a notification when the process is ready to serve
79. # For example, to have it notify using systemd, one could set shell command:
80. # onready = systemd-notify --ready
81. # or a module with notify() method:
82. # onready = keystone.common.systemd
83.  
84. [sql]
85. connection = mysql://keystone_admin:32d5f35f313146ac@172.16.64.53/keystone
86. # The SQLAlchemy connection string used to connect to the database
87. #connection = sqlite:///keystone.db
88.  
89. # the timeout before idle sql connections are reaped
90. # idle_timeout = 200
91. idle_timeout = 200
92.  
93. [identity]
94. driver = keystone.identity.backends.ldap.Identity
95. #driver = keystone.identity.backends.sql.Identity
96.  
97. # This references the domain to use for all Identity API v2 requests (which are
98. # not aware of domains). A domain with this ID will be created for you by
99. # keystone-manage db_sync in migration 008. The domain referenced by this ID
100. # cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API.
101. # There is nothing special about this domain, other than the fact that it must
102. # exist to order to maintain support for your v2 clients.
103. # default_domain_id = default
104.  
105. [trust]
106. # driver = keystone.trust.backends.sql.Trust
107.  
108. # delegation and impersonation features can be optionally disabled
109. # enabled = True
110.  
111. [catalog]
112. template_file = /etc/keystone/default_catalog.templates
113. driver = keystone.catalog.backends.sql.Catalog
114. # dynamic, sql-based backend (supports API/CLI-based management commands)
115. # driver = keystone.catalog.backends.sql.Catalog
116.  
117. # static, file-based backend (does *NOT* support any management commands)
118. # driver = keystone.catalog.backends.templated.TemplatedCatalog
119.  
120. # template_file = default_catalog.templates
121.  
122. [token]
123. driver = keystone.token.backends.sql.Token
124. # driver = keystone.token.backends.kvs.Token
125.  
126. # Amount of time a token should remain valid (in seconds)
127. # expiration = 86400
128.  
129. [policy]
130. # driver = keystone.policy.backends.sql.Policy
131.  
132. [ec2]
133. driver = keystone.contrib.ec2.backends.sql.Ec2
134. # driver = keystone.contrib.ec2.backends.kvs.Ec2
135.  
136. [ssl]
137. #enable = True
138. #certfile = /etc/keystone/ssl/certs/keystone.pem
139. #keyfile = /etc/keystone/ssl/private/keystonekey.pem
140. #ca_certs = /etc/keystone/ssl/certs/ca.pem
141. #cert_required = True
142.  
143. [signing]
144. #token_format = PKI
145. token_format = PKI
146. #certfile = /etc/keystone/ssl/certs/signing_cert.pem
147. #keyfile = /etc/keystone/ssl/private/signing_key.pem
148. #ca_certs = /etc/keystone/ssl/certs/ca.pem
149. #key_size = 1024
150. #valid_days = 3650
151. #ca_password = None
152.  
153. [ldap]
154. url = ldap://localhost
155. user = cn=Manager,dc=ct ,dc=com
156. #user = cn=admin1,ou=Users,dc=ct,dc=com
157. #password = plargiloveyou
158. password = secret
159. suffix = dc=ct,dc=com
160. #use_dumb_member = True
161. # user = dc=Manager,dc=example,dc=com
162. # password = None
163. # suffix = cn=example,cn=com
164. # use_dumb_member = False
165. # allow_subtree_delete = False
166. #dumb_member = cn=Manager,dc=ct ,dc=com
167.  
168. # Maximum results per page; a value of zero ('0') disables paging (default)
169. # page_size = 0
170.  
171. # The LDAP dereferencing option for queries. This can be either 'never',
172. # 'searching', 'always', 'finding' or 'default'. The 'default' option falls
173. # back to using default dereferencing configured by your ldap.conf.
174. # alias_dereferencing = default
175.  
176. # The LDAP scope for queries, this can be either 'one'
177. # (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
178. # query_scope = one
179.  
180. user_tree_dn = ou=Users,dc=ct,dc=com
181. user_objectclass = inetOrgPerson
182. user_id_attribute = cn
183. user_name_attribute = cn
184. user_pass_attribute = userPassword
185. user_enabled_emulation = True
186. user_enabled_emulation_dn = cn=enabled_users,ou=Users,dc=ct,dc=com
187. user_allow_create = True
188. user_allow_update = True
189. user_allow_delete = True
190.  
191. #user_enabled_attribute = userAccountControl
192. #user_enabled_mask = 2
193. #user_enabled_default = 512
194. #user_domain_id_attribute = None
195.  
196. tenant_tree_dn = ou=Groups,dc=ct,dc=com
197. tenant_objectclass = groupOfNames
198. tenant_id_attribute = cn
199. tenant_domain_id_attribute = businessCategory
200. tenant_member_attribute = member
201. tenant_name_attribute = cn
202. #tenant_domain_id_attribute = None
203. tenant_allow_create = True
204. tenant_allow_update = True
205. tenant_allow_delete = True
206.  
207.  
208. role_tree_dn = ou=Roles,dc=ct,dc=com
209. role_objectclass = organizationalRole
210. role_member_attribute = roleOccupant
211. role_id_attribute = cn
212. role_name_attribute = cn
213. role_allow_create = True
214. role_allow_update = True
215. role_allow_delete = True
216.  
217. [auth]
218. methods = password,token
219. password = keystone.auth.plugins.password.Password
220. token = keystone.auth.plugins.token.Token
221.  
222. [filter:debug]
223. paste.filter_factory = keystone.common.wsgi:Debug.factory
224.  
225. [filter:token_auth]
226. paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
227.  
228. [filter:admin_token_auth]
229. paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
230.  
231. [filter:xml_body]
232. paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
233.  
234. [filter:json_body]
235. paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
236.  
237. [filter:user_crud_extension]
238. paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
239.  
240. [filter:crud_extension]
241. paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
242.  
243. [filter:ec2_extension]
244. paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
245.  
246. [filter:s3_extension]
247. paste.filter_factory = keystone.contrib.s3:S3Extension.factory
248.  
249. [filter:url_normalize]
250. paste.filter_factory = keystone.middleware:NormalizingFilter.factory
251.  
252. [filter:sizelimit]
253. paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
254.  
255. [filter:stats_monitoring]
256. paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
257.  
258. [filter:stats_reporting]
259. paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
260.  
261. [filter:access_log]
262. paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
263.  
264. [app:public_service]
265. paste.app_factory = keystone.service:public_app_factory
266.  
267. [app:service_v3]
268. paste.app_factory = keystone.service:v3_app_factory
269.  
270. [app:admin_service]
271. paste.app_factory = keystone.service:admin_app_factory
272.  
273. [pipeline:public_api]
274. pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
275.  
276. [pipeline:admin_api]
277. pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
278.  
279. [pipeline:api_v3]
280. pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
281.  
282. [app:public_version_service]
283. paste.app_factory = keystone.service:public_version_app_factory
284.  
285. [app:admin_version_service]
286. paste.app_factory = keystone.service:admin_version_app_factory
287.  
288. [pipeline:public_version_api]
289. pipeline = access_log sizelimit stats_monitoring url_normalize xml_body public_version_service
290.  
291. [pipeline:admin_version_api]
292. pipeline = access_log sizelimit stats_monitoring url_normalize xml_body admin_version_service
293.  
294. [composite:main]
295. use = egg:Paste#urlmap
296. /v2.0 = public_api
297. /v3 = api_v3
298. / = public_version_api
299.  
300. [composite:admin]
301. use = egg:Paste#urlmap
302. /v2.0 = admin_api
303. /v3 = api_v3
304. / = admin_version_api