Merge "Update docs for stevedore drivers"

This commit is contained in:
Jenkins 2015-08-27 10:25:57 +00:00 committed by Gerrit Code Review
commit e68c59a98f
7 changed files with 42 additions and 44 deletions

View File

@ -74,20 +74,20 @@ between processes.
.. WARNING::
The KVS (``keystone.token.persistence.backends.kvs.Token``) token
persistence driver cannot be shared between processes so must not be used
when running keystone under HTTPD (the tokens will not be shared between
the processes of the server and validation will fail).
The KVS (``kvs``) token persistence driver cannot be shared between
processes so must not be used when running keystone under HTTPD (the tokens
will not be shared between the processes of the server and validation will
fail).
For SQL, in ``/etc/keystone/keystone.conf`` set::
[token]
driver = keystone.token.persistence.backends.sql.Token
driver = sql
For memcached, in ``/etc/keystone/keystone.conf`` set::
[token]
driver = keystone.token.persistence.backends.memcache.Token
driver = memcache
All servers that are storing tokens need a shared backend. This means that
either all servers use the same database server or use a common memcached pool.

View File

@ -336,8 +336,8 @@ wish to make use of other generator algorithms that have a different trade-off
of attributes. A different generator can be installed by configuring the
following property:
* ``generator`` - identity mapping generator. Defaults to
``keystone.identity.generators.sha256.Generator``
* ``generator`` - identity mapping generator. Defaults to ``sha256``
(implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
.. WARNING::
@ -371,7 +371,7 @@ How to Implement an Authentication Plugin
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All authentication plugins must extend the
``keystone.auth.core.AuthMethodHandler`` class and implement the
:class:`keystone.auth.core.AuthMethodHandler` class and implement the
``authenticate()`` method. The ``authenticate()`` method expects the following
parameters.
@ -394,7 +394,7 @@ return the payload in the form of a dictionary for the next authentication
step.
If authentication is unsuccessful, the ``authenticate()`` method must raise a
``keystone.exception.Unauthorized`` exception.
:class:`keystone.exception.Unauthorized` exception.
Simply add the new plugin name to the ``methods`` list along with your plugin
class configuration in the ``[auth]`` sections of the configuration file to
@ -427,30 +427,28 @@ provides three non-test persistence backends. These can be set with the
The drivers Keystone provides are:
* ``keystone.token.persistence.backends.memcache_pool.Token`` - The pooled
memcached token persistence engine. This backend supports the concept of
pooled memcache client object (allowing for the re-use of the client
objects). This backend has a number of extra tunable options in the
``[memcache]`` section of the config.
* ``memcache_pool`` - The pooled memcached token persistence engine. This
backend supports the concept of pooled memcache client object (allowing for
the re-use of the client objects). This backend has a number of extra tunable
options in the ``[memcache]`` section of the config. Implemented by
:class:`keystone.token.persistence.backends.memcache_pool.Token`
* ``keystone.token.persistence.backends.sql.Token`` - The SQL-based (default)
token persistence engine.
* ``sql`` - The SQL-based (default) token persistence engine. Implemented by
:class:`keystone.token.persistence.backends.sql.Token`
* ``keystone.token.persistence.backends.memcache.Token`` - The memcached based
token persistence backend. This backend relies on ``dogpile.cache`` and
stores the token data in a set of memcached servers. The servers URLs are
specified in the ``[memcache]\servers`` configuration option in the Keystone
config.
* ``memcache`` - The memcached based token persistence backend. This backend
relies on ``dogpile.cache`` and stores the token data in a set of memcached
servers. The servers URLs are specified in the ``[memcache]\servers``
configuration option in the Keystone config. Implemented by
:class:`keystone.token.persistence.backends.memcache.Token`
.. WARNING::
It is recommended you use the
``keystone.token.persistence.backends.memcache_pool.Token`` backend instead
of ``keystone.token.persistence.backends.memcache.Token`` as the token
persistence driver if you are deploying Keystone under eventlet instead of
Apache + mod_wsgi. This recommendation is due to known issues with the use
of ``thread.local`` under eventlet that can allow the leaking of memcache
client objects and consumption of extra sockets.
It is recommended you use the ``memcache_pool`` backend instead of
``memcache`` as the token persistence driver if you are deploying Keystone
under eventlet instead of Apache + mod_wsgi. This recommendation is due to
known issues with the use of ``thread.local`` under eventlet that can allow
the leaking of memcache client objects and consumption of extra sockets.
Token Provider
@ -461,8 +459,8 @@ Keystone supports customizable token provider and it is specified in the
PKI token providers. However, users may register their own token provider by
configuring the following property.
* ``provider`` - token provider driver. Defaults to
``keystone.token.providers.uuid.Provider``
* ``provider`` - token provider driver. Defaults to ``uuid``. Implemented by
:class:`keystone.token.providers.uuid.Provider`
UUID, PKI, PKIZ, or Fernet?
@ -852,7 +850,7 @@ A dynamic database-backed driver fully supporting persistent configuration.
.. code-block:: ini
[catalog]
driver = keystone.catalog.backends.sql.Catalog
driver = sql
.. NOTE::
@ -888,7 +886,7 @@ catalog will not change very much over time.
.. code-block:: ini
[catalog]
driver = keystone.catalog.backends.templated.Catalog
driver = templated
template_file = /opt/stack/keystone/etc/default_catalog.templates
The value of ``template_file`` is expected to be an absolute path to your
@ -1252,7 +1250,7 @@ Ensure that your ``keystone.conf`` is configured to use a SQL driver:
.. code-block:: ini
[identity]
driver = keystone.identity.backends.sql.Identity
driver = sql
You may also want to configure your ``[database]`` settings to better reflect
your environment:
@ -1699,16 +1697,16 @@ enable this option, you must have the following ``keystone.conf`` options set:
.. code-block:: ini
[identity]
driver = keystone.identity.backends.ldap.Identity
driver = ldap
[resource]
driver = keystone.resource.backends.sql.Resource
driver = sql
[assignment]
driver = keystone.assignment.backends.sql.Assignment
driver = sql
[role]
driver = keystone.assignment.role_backends.sql.Role
driver = sql
With the above configuration, Keystone will only lookup identity related
information such users, groups, and group membership from the directory, while

View File

@ -70,7 +70,7 @@ must follow the config file conventions and introduce a dedicated section.
Example::
[example]
driver = keystone.contrib.example.backends.sql.mySQLClass
driver = sql
[my_other_extension]
extension_flag = False
@ -81,7 +81,7 @@ extensions are disabled.
Example::
[example]
#driver = keystone.contrib.example.backends.sql.mySQLClass
#driver = sql
[my_other_extension]
#extension_flag = False

View File

@ -24,7 +24,7 @@ To enable the endpoint filter extension:
in ``keystone.conf``. For example::
[catalog]
driver = keystone.contrib.endpoint_filter.backends.catalog_sql.EndpointFilterCatalog
driver = catalog_sql
2. Add the ``endpoint_filter_extension`` filter to the ``api_v3`` pipeline in
``keystone-paste.ini``. This must be added after ``json_body`` and before

View File

@ -21,7 +21,7 @@ To enable the endpoint policy extension:
``[endpoint_policy]`` section in ``keystone.conf``. For example::
[endpoint_policy]
driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy
driver = sql
2. Add the ``endpoint_policy_extension`` policy to the ``api_v3`` pipeline in
``keystone-paste.ini``. This must be added after ``json_body`` and before

View File

@ -23,7 +23,7 @@ To enable the OAuth1 extension:
1. Optionally, add the oauth1 extension driver to the ``[oauth1]`` section in ``keystone.conf``. For example::
[oauth1]
driver = keystone.contrib.oauth1.backends.sql.OAuth1
driver = sql
2. Add the ``oauth1`` authentication method to the ``[auth]`` section in ``keystone.conf``::

View File

@ -27,7 +27,7 @@ Enabling the Revocation Extension
in ``keystone.conf``. For example::
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke
driver = sql
2. Add the required ``filter`` to the ``pipeline`` in ``keystone-paste.ini``.
This must be added after ``json_body`` and before the last entry in the