ccf153981f
The default_domain_id is used to specify a domain when the client hasn't explicitly set one. It defaults to 'default' which is fine for liberty and previous because the id of the default domain is, oddly, 'default' rather than a uuid. On Mitaka and higher it is a uuid so when keystone assumes the default domains id is 'default' it fails. Change-Id: Iaa5e6a07a229815cf2281858cb68a4e120aa2af3 Closes-Bug: 1626889
119 lines
3.0 KiB
Plaintext
119 lines
3.0 KiB
Plaintext
# kilo
|
|
###############################################################################
|
|
# [ WARNING ]
|
|
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
###############################################################################
|
|
[DEFAULT]
|
|
admin_token = {{ token }}
|
|
use_syslog = {{ use_syslog }}
|
|
log_config = /etc/keystone/logging.conf
|
|
debug = {{ debug }}
|
|
verbose = {{ verbose }}
|
|
public_endpoint = {{ public_endpoint }}
|
|
admin_endpoint = {{ admin_endpoint }}
|
|
|
|
[eventlet_server]
|
|
admin_bind_host = {{ bind_host }}
|
|
public_bind_host = {{ bind_host }}
|
|
public_workers = {{ workers }}
|
|
admin_workers = {{ workers }}
|
|
admin_port = {{ admin_port }}
|
|
public_port = {{ public_port }}
|
|
|
|
[database]
|
|
{% if database_host -%}
|
|
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
|
{% else -%}
|
|
connection = sqlite:////var/lib/keystone/keystone.db
|
|
{% endif -%}
|
|
idle_timeout = 200
|
|
|
|
[identity]
|
|
driver = keystone.identity.backends.{{ identity_backend }}.Identity
|
|
{% if default_domain_id -%}
|
|
default_domain_id = {{ default_domain_id }}
|
|
{% endif -%}
|
|
|
|
[credential]
|
|
driver = keystone.credential.backends.sql.Credential
|
|
|
|
[trust]
|
|
driver = keystone.trust.backends.sql.Trust
|
|
|
|
[os_inherit]
|
|
|
|
[catalog]
|
|
driver = keystone.catalog.backends.sql.Catalog
|
|
|
|
[endpoint_filter]
|
|
|
|
[token]
|
|
driver = keystone.token.persistence.backends.sql.Token
|
|
{% if token_provider == 'pki' -%}
|
|
provider = keystone.token.providers.pki.Provider
|
|
{% elif token_provider == 'pkiz' -%}
|
|
provider = keystone.token.providers.pkiz.Provider
|
|
{% else -%}
|
|
provider = keystone.token.providers.uuid.Provider
|
|
{% endif -%}
|
|
expiration = {{ token_expiration }}
|
|
|
|
{% include "parts/section-signing" %}
|
|
|
|
[cache]
|
|
|
|
[policy]
|
|
driver = keystone.policy.backends.sql.Policy
|
|
|
|
[ec2]
|
|
driver = keystone.contrib.ec2.backends.sql.Ec2
|
|
|
|
[assignment]
|
|
driver = keystone.assignment.backends.{{ assignment_backend }}.Assignment
|
|
|
|
[oauth1]
|
|
|
|
[auth]
|
|
methods = external,password,token,oauth1
|
|
password = keystone.auth.plugins.password.Password
|
|
token = keystone.auth.plugins.token.Token
|
|
oauth1 = keystone.auth.plugins.oauth1.OAuth
|
|
|
|
[paste_deploy]
|
|
config_file = /etc/keystone/keystone-paste.ini
|
|
|
|
[extra_headers]
|
|
Distribution = Ubuntu
|
|
|
|
[ldap]
|
|
{% if identity_backend == 'ldap' -%}
|
|
url = {{ ldap_server }}
|
|
user = {{ ldap_user }}
|
|
password = {{ ldap_password }}
|
|
suffix = {{ ldap_suffix }}
|
|
|
|
{% if ldap_config_flags -%}
|
|
{% for key, value in ldap_config_flags.iteritems() -%}
|
|
{{ key }} = {{ value }}
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
|
|
{% if ldap_readonly -%}
|
|
user_allow_create = False
|
|
user_allow_update = False
|
|
user_allow_delete = False
|
|
|
|
tenant_allow_create = False
|
|
tenant_allow_update = False
|
|
tenant_allow_delete = False
|
|
|
|
role_allow_create = False
|
|
role_allow_update = False
|
|
role_allow_delete = False
|
|
|
|
group_allow_create = False
|
|
group_allow_update = False
|
|
group_allow_delete = False
|
|
{% endif -%}
|
|
{% endif -%}
|