Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [DEFAULT]
- log_file = /var/log/keystone/keystone.log
- admin_token = e808e9dcd8170753e3e2
- # A "shared secret" between keystone and other openstack services
- # admin_token = ADMIN
- # The IP address of the network interface to listen on
- # bind_host = 0.0.0.0
- # The port number which the public service listens on
- # public_port = 5000
- # The port number which the public admin listens on
- # admin_port = 35357
- # The base endpoint URLs for keystone that are advertised to clients
- # (NOTE: this does NOT affect how keystone listens for connections)
- # public_endpoint = http://localhost:%(public_port)d/
- # admin_endpoint = http://localhost:%(admin_port)d/
- # The port number which the OpenStack Compute service listens on
- # compute_port = 8774
- # Path to your policy definition containing identity actions
- # policy_file = policy.json
- # Rule to check if no matching policy definition is found
- # FIXME(dolph): This should really be defined as [policy] default_rule
- # policy_default_rule = admin_required
- # Role for migrating membership relationships
- # During a SQL upgrade, the following values will be used to create a new role
- # that will replace records in the user_tenant_membership table with explicit
- # role grants. After migration, the member_role_id will be used in the API
- # add_user_to_project, and member_role_name will be ignored.
- # member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab
- # member_role_name = _member_
- # === Logging Options ===
- # Print debugging output
- # (includes plaintext request logging, potentially including passwords)
- # debug = False
- # Print more verbose output
- # verbose = False
- # Name of log file to output to. If not set, logging will go to stdout.
- # log_file = keystone.log
- # The directory to keep log files in (will be prepended to --logfile)
- # log_dir = /var/log/keystone
- # Use syslog for logging.
- # use_syslog = False
- # syslog facility to receive log lines
- # syslog_log_facility = LOG_USER
- # If this option is specified, the logging configuration file specified is
- # used and overrides any other logging options specified. Please see the
- # Python logging module documentation for details on logging configuration
- # files.
- # log_config = logging.conf
- # A logging.Formatter log message format string which may use any of the
- # available logging.LogRecord attributes.
- # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
- # Format string for %(asctime)s in log records.
- # log_date_format = %Y-%m-%d %H:%M:%S
- # onready allows you to send a notification when the process is ready to serve
- # For example, to have it notify using systemd, one could set shell command:
- # onready = systemd-notify --ready
- # or a module with notify() method:
- # onready = keystone.common.systemd
- [sql]
- connection = mysql://keystone:keystone@localhost/keystone
- # The SQLAlchemy connection string used to connect to the database
- # connection = sqlite:///keystone.db
- # the timeout before idle sql connections are reaped
- # idle_timeout = 200
- [identity]
- driver = keystone.identity.backends.sql.Identity
- # driver = keystone.identity.backends.sql.Identity
- # This references the domain to use for all Identity API v2 requests (which are
- # not aware of domains). A domain with this ID will be created for you by
- # keystone-manage db_sync in migration 008. The domain referenced by this ID
- # cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API.
- # There is nothing special about this domain, other than the fact that it must
- # exist to order to maintain support for your v2 clients.
- # default_domain_id = default
- [trust]
- # driver = keystone.trust.backends.sql.Trust
- # delegation and impersonation features can be optionally disabled
- # enabled = True
- [catalog]
- template_file = /etc/keystone/default_catalog.templates
- driver = keystone.catalog.backends.sql.Catalog
- # dynamic, sql-based backend (supports API/CLI-based management commands)
- # driver = keystone.catalog.backends.sql.Catalog
- # static, file-based backend (does *NOT* support any management commands)
- # driver = keystone.catalog.backends.templated.TemplatedCatalog
- # template_file = default_catalog.templates
- [token]
- driver = keystone.token.backends.sql.Token
- # driver = keystone.token.backends.kvs.Token
- # Amount of time a token should remain valid (in seconds)
- # expiration = 86400
- [policy]
- # driver = keystone.policy.backends.sql.Policy
- [ec2]
- driver = keystone.contrib.ec2.backends.sql.Ec2
- # driver = keystone.contrib.ec2.backends.kvs.Ec2
- [ssl]
- #enable = True
- #certfile = /etc/keystone/ssl/certs/keystone.pem
- #keyfile = /etc/keystone/ssl/private/keystonekey.pem
- #ca_certs = /etc/keystone/ssl/certs/ca.pem
- #cert_required = True
- [signing]
- #token_format = PKI
- #certfile = /etc/keystone/ssl/certs/signing_cert.pem
- #keyfile = /etc/keystone/ssl/private/signing_key.pem
- #ca_certs = /etc/keystone/ssl/certs/ca.pem
- #key_size = 1024
- #valid_days = 3650
- #ca_password = None
- [ldap]
- # url = ldap://localhost
- # user = dc=Manager,dc=example,dc=com
- # password = None
- # suffix = cn=example,cn=com
- # use_dumb_member = False
- # allow_subtree_delete = False
- # dumb_member = cn=dumb,dc=example,dc=com
- # Maximum results per page; a value of zero ('0') disables paging (default)
- # page_size = 0
- # The LDAP dereferencing option for queries. This can be either 'never',
- # 'searching', 'always', 'finding' or 'default'. The 'default' option falls
- # back to using default dereferencing configured by your ldap.conf.
- # alias_dereferencing = default
- # The LDAP scope for queries, this can be either 'one'
- # (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
- # query_scope = one
- # user_tree_dn = ou=Users,dc=example,dc=com
- # user_filter =
- # user_objectclass = inetOrgPerson
- # user_domain_id_attribute = businessCategory
- # user_id_attribute = cn
- # user_name_attribute = sn
- # user_mail_attribute = email
- # user_pass_attribute = userPassword
- # user_enabled_attribute = enabled
- # user_enabled_mask = 0
- # user_enabled_default = True
- # user_attribute_ignore = tenant_id,tenants
- # user_allow_create = True
- # user_allow_update = True
- # user_allow_delete = True
- # user_enabled_emulation = False
- # user_enabled_emulation_dn =
- # tenant_tree_dn = ou=Groups,dc=example,dc=com
- # tenant_filter =
- # tenant_objectclass = groupOfNames
- # tenant_domain_id_attribute = businessCategory
- # tenant_id_attribute = cn
- # tenant_member_attribute = member
- # tenant_name_attribute = ou
- # tenant_desc_attribute = desc
- # tenant_enabled_attribute = enabled
- # tenant_attribute_ignore =
- # tenant_allow_create = True
- # tenant_allow_update = True
- # tenant_allow_delete = True
- # tenant_enabled_emulation = False
- # tenant_enabled_emulation_dn =
- # role_tree_dn = ou=Roles,dc=example,dc=com
- # role_filter =
- # role_objectclass = organizationalRole
- # role_id_attribute = cn
- # role_name_attribute = ou
- # role_member_attribute = roleOccupant
- # role_attribute_ignore =
- # role_allow_create = True
- # role_allow_update = True
- # role_allow_delete = True
- # group_tree_dn =
- # group_filter =
- # group_objectclass = groupOfNames
- # group_id_attribute = cn
- # group_name_attribute = ou
- # group_member_attribute = member
- # group_desc_attribute = desc
- # group_attribute_ignore =
- # group_allow_create = True
- # group_allow_update = True
- # group_allow_delete = True
- [auth]
- methods = password,token
- password = keystone.auth.plugins.password.Password
- token = keystone.auth.plugins.token.Token
- [filter:debug]
- paste.filter_factory = keystone.common.wsgi:Debug.factory
- [filter:token_auth]
- paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
- [filter:admin_token_auth]
- paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
- [filter:xml_body]
- paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
- [filter:json_body]
- paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
- [filter:user_crud_extension]
- paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
- [filter:crud_extension]
- paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
- [filter:ec2_extension]
- paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
- [filter:s3_extension]
- paste.filter_factory = keystone.contrib.s3:S3Extension.factory
- [filter:url_normalize]
- paste.filter_factory = keystone.middleware:NormalizingFilter.factory
- [filter:sizelimit]
- paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
- [filter:stats_monitoring]
- paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
- [filter:stats_reporting]
- paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
- [filter:access_log]
- paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
- [app:public_service]
- paste.app_factory = keystone.service:public_app_factory
- [app:service_v3]
- paste.app_factory = keystone.service:v3_app_factory
- [app:admin_service]
- paste.app_factory = keystone.service:admin_app_factory
- [pipeline:public_api]
- pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
- [pipeline:admin_api]
- pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
- [pipeline:api_v3]
- pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
- [app:public_version_service]
- paste.app_factory = keystone.service:public_version_app_factory
- [app:admin_version_service]
- paste.app_factory = keystone.service:admin_version_app_factory
- [pipeline:public_version_api]
- pipeline = access_log sizelimit stats_monitoring url_normalize xml_body public_version_service
- [pipeline:admin_version_api]
- pipeline = access_log sizelimit stats_monitoring url_normalize xml_body admin_version_service
- [composite:main]
- use = egg:Paste#urlmap
- /v2.0 = public_api
- /v3 = api_v3
- / = public_version_api
- [composite:admin]
- use = egg:Paste#urlmap
- /v2.0 = admin_api
- /v3 = api_v3
- / = admin_version_api
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement