openstack/charm-keystone
Code Issues Proposed changes
a76a3d9599
charm-keystone/templates/queens/keystone.conf
Corey Bryant 152e5b6cfe Support configurable dogpile cache expiration 
The [cache]/expiration_time currently caches items for the default
of 600s and is not configurable via the charm. This change adds a
dogpile-cache-expiration config option that will default to 600s
so as not to cause any behavior changes by default.

Closes-Bug: #1899117
Change-Id: I639b2b77d5db69744897b6798613a797d05fe23b
Co-authored-by: Chris MacNaughton <chris.macnaughton@canonical.com>
2021-04-07 09:05:09 +02:00

140 lines
3.1 KiB
Plaintext
Raw Blame History

# ocata
###############################################################################
# [ WARNING ]
# Configuration file maintained by Juju. Local changes may be overwritten.
###############################################################################
[DEFAULT]
use_syslog = {{ use_syslog }}
log_config_append = {{ log_config }}
debug = {{ debug }}
public_endpoint = {{ public_endpoint }}
admin_endpoint = {{ admin_endpoint }}
[database]
{% if database_host -%}
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
{% else -%}
connection = sqlite:////var/lib/keystone/keystone.db
{% endif -%}
connection_recycle_time = 200
[identity]
driver = {{ identity_backend }}
{% if default_domain_id -%}
default_domain_id = {{ default_domain_id }}
{% endif -%}
{% if api_version == 3 -%}
domain_specific_drivers_enabled = True
domain_config_dir = {{ domain_config_dir }}
{% endif -%}
[credential]
driver = sql
[trust]
driver = sql
[os_inherit]
[catalog]
cache_time = {{ catalog_cache_expiration }}
driver = sql
[endpoint_filter]
[token]
{% if token_provider == 'fernet' -%}
provider = fernet
{% else -%}
provider = uuid
{% endif -%}
expiration = {{ token_expiration }}
{% if token_provider == 'fernet' -%}
[fernet_tokens]
max_active_keys = {{ fernet_max_active_keys }}
{% endif -%}
{% include "parts/section-signing" %}
{% include "section-oslo-cache" %}
# This goes in the section above, selectively
# Bug #1899117
expiration_time = {{ dogpile_cache_expiration }}
[policy]
driver = sql
[assignment]
driver = {{ assignment_backend }}
[oauth1]
{% if middlewares -%}
{% include "parts/section-middleware" %}
{% else %}
[auth]
methods = {{ auth_methods }}
password = keystone.auth.plugins.password.Password
{% endif %}
[paste_deploy]
config_file = {{ paste_config_file }}
[extra_headers]
Distribution = Ubuntu
[ldap]
{% if identity_backend == 'ldap' -%}
url = {{ ldap_server }}
user = {{ ldap_user }}
password = {{ ldap_password }}
suffix = {{ ldap_suffix }}
{% if ldap_config_flags -%}
{% for key, value in ldap_config_flags.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif -%}
{% if ldap_readonly -%}
user_allow_create = False
user_allow_update = False
user_allow_delete = False
tenant_allow_create = False
tenant_allow_update = False
tenant_allow_delete = False
role_allow_create = False
role_allow_update = False
role_allow_delete = False
group_allow_create = False
group_allow_update = False
group_allow_delete = False
{% endif -%}
{% endif -%}
{% if api_version == 3 %}
[resource]
admin_project_domain_name = {{ admin_domain_name }}
admin_project_name = admin
{% endif -%}
{% if password_security_compliance %}
[security_compliance]
{% for k, v in password_security_compliance.items() -%}
{{ k }} = {{ v }}
{% endfor -%}
{% endif -%}
{% include "parts/section-federation" %}
{% include "section-oslo-middleware" %}
# This goes in the section above, selectively
# Bug #1819134
max_request_body_size = 114688
View Git Blame Copy Permalink