# icehouse ############################################################################### # [ WARNING ] # Configuration file maintained by Juju. Local changes may be overwritten. ############################################################################### [DEFAULT] admin_token = {{ token }} admin_port = {{ admin_port }} public_port = {{ public_port }} use_syslog = {{ use_syslog }} log_config = /etc/keystone/logging.conf debug = {{ debug }} verbose = {{ verbose }} public_endpoint = {{ public_endpoint }} admin_endpoint = {{ admin_endpoint }} bind_host = {{ bind_host }} public_workers = {{ workers }} admin_workers = {{ workers }} [database] {% if database_host -%} connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} {% else -%} connection = sqlite:////var/lib/keystone/keystone.db {% endif -%} connection_recycle_time = 200 [identity] driver = keystone.identity.backends.{{ identity_backend }}.Identity [credential] driver = keystone.credential.backends.sql.Credential [trust] driver = keystone.trust.backends.sql.Trust [os_inherit] [catalog] driver = keystone.catalog.backends.sql.Catalog [endpoint_filter] [token] driver = keystone.token.backends.sql.Token provider = keystone.token.providers.uuid.Provider expiration = {{ token_expiration }} {% include "parts/section-signing" %} [cache] [policy] driver = keystone.policy.backends.sql.Policy [ec2] driver = keystone.contrib.ec2.backends.sql.Ec2 [assignment] driver = keystone.assignment.backends.{{ assignment_backend }}.Assignment [oauth1] [auth] methods = external,password,token,oauth1 password = keystone.auth.plugins.password.Password token = keystone.auth.plugins.token.Token oauth1 = keystone.auth.plugins.oauth1.OAuth [paste_deploy] config_file = keystone-paste.ini [extra_headers] Distribution = Ubuntu [ldap] {% if identity_backend == 'ldap' -%} url = {{ ldap_server }} user = {{ ldap_user }} password = {{ ldap_password }} suffix = {{ ldap_suffix }} {% if ldap_config_flags -%} {% for key, value in ldap_config_flags.items() -%} {{ key }} = {{ value }} {% endfor -%} {% endif -%} {% if ldap_readonly -%} user_allow_create = False user_allow_update = False user_allow_delete = False tenant_allow_create = False tenant_allow_update = False tenant_allow_delete = False role_allow_create = False role_allow_update = False role_allow_delete = False group_allow_create = False group_allow_update = False group_allow_delete = False {% endif -%} {% endif -%}