144 lines
4.6 KiB
YAML
144 lines
4.6 KiB
YAML
options:
|
|
debug:
|
|
default: "false"
|
|
type: string
|
|
description: "Enable verbose logging"
|
|
verbose:
|
|
default: "false"
|
|
type: string
|
|
description: "Enable debug logging"
|
|
openstack-origin:
|
|
default: distro
|
|
type: "string"
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Cloud Archive release pocket.
|
|
|
|
Supported Cloud Archive sources include: cloud:precise-folsom,
|
|
cloud:precise-folsom/updates, cloud:precise-folsom/staging,
|
|
cloud:precise-folsom/proposed.
|
|
|
|
Note that updating this setting to a source that is known to
|
|
provide a later version of OpenStack will trigger a software
|
|
upgrade.
|
|
config-file:
|
|
default: "/etc/keystone/keystone.conf"
|
|
type: string
|
|
description: "Location of keystone configuration file"
|
|
log-level:
|
|
default: WARNING
|
|
type: string
|
|
description: Log level (WARNING, INFO, DEBUG, ERROR)
|
|
service-port:
|
|
default: 5000
|
|
type: int
|
|
description: "Port the bind the API server to"
|
|
admin-port:
|
|
default: 35357
|
|
type: int
|
|
description: "Port the bind the Admin API server to"
|
|
keystone-admin-role:
|
|
default: "Admin"
|
|
type: string
|
|
description: "Role that allows admin operations (access to all operations)"
|
|
keystone-service-admin-role:
|
|
default: "KeystoneServiceAdmin"
|
|
type: string
|
|
description: "Role that allows acting as service admin"
|
|
admin-user:
|
|
default: admin
|
|
type: string
|
|
description: "Default admin user to create and manage"
|
|
admin-password:
|
|
default: None
|
|
type: string
|
|
description: "Admin password. To be used *for testing only*. Randomly generated by default."
|
|
admin-token:
|
|
default: None
|
|
type: string
|
|
description: "Admin token. If set, this token will be used for all services instead of being generated per service."
|
|
admin-role:
|
|
default: 'Admin'
|
|
type: string
|
|
description: 'Admin role to be associated with admin and service users'
|
|
token-expiry:
|
|
default: "2017-02-05T00:00"
|
|
type: string
|
|
description: "Expiration date of generated admin tokens"
|
|
service-tenant:
|
|
default: "services"
|
|
type: string
|
|
description: "Name of tenant to associate service credentials."
|
|
# Database settings used to request access via shared-db-relation-* relations
|
|
database:
|
|
default: "keystone"
|
|
type: string
|
|
description: "Database name"
|
|
database-user:
|
|
default: "keystone"
|
|
type: string
|
|
description: "Database username"
|
|
region:
|
|
default: RegionOne
|
|
type: string
|
|
description: "OpenStack Region(s) - separate multiple regions with single space"
|
|
use-syslog:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
By default, all services will log into their corresponding log files.
|
|
Setting this to True will force all services to log to the syslog.
|
|
# HA configuration settings
|
|
vip:
|
|
type: string
|
|
description: "Virtual IP to use to front keystone in ha configuration"
|
|
vip_iface:
|
|
type: string
|
|
default: eth0
|
|
description: "Network Interface where to place the Virtual IP"
|
|
vip_cidr:
|
|
type: int
|
|
default: 24
|
|
description: "Netmask that will be used for the Virtual IP"
|
|
ha-bindiface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface on which HA cluster will bind to communication
|
|
with the other members of the HA Cluster.
|
|
ha-mcastport:
|
|
type: int
|
|
default: 5403
|
|
description: |
|
|
Default multicast port number that will be used to communicate between
|
|
HA Cluster nodes.
|
|
# PKI enablement and configuration (Grizzly and beyond)
|
|
enable-pki:
|
|
default: "false"
|
|
type: string
|
|
description: "Enable PKI token signing (Grizzly and beyond)"
|
|
https-service-endpoints:
|
|
default: "False"
|
|
type: string
|
|
description: "Manage SSL certificates for all service endpoints."
|
|
use-https:
|
|
default: "no"
|
|
type: string
|
|
description: "Use SSL for Keystone itself. Set to 'yes' to enable it."
|
|
ssl_cert:
|
|
type: string
|
|
description: |
|
|
SSL certificate to install and use for API ports. Setting this value
|
|
and ssl_key will enable reverse proxying, point Keystone's entry in the
|
|
Keystone catalog to use https, and override any certficiate and key
|
|
issued by Keystone (if it is configured to do so).
|
|
ssl_key:
|
|
type: string
|
|
description: SSL key to use with certificate specified as ssl_cert.
|
|
ssl_ca:
|
|
type: string
|
|
description: |
|
|
SSL CA to use with the certificate and key provided - this is only
|
|
required if you are providing a privately signed ssl_cert and ssl_key.
|