openstack/keystone
Code Issues Proposed changes

Merge "Update docs for stevedore drivers"

Browse Source
This commit is contained in:
Jenkins 2015-08-27 10:25:57 +00:00 committed by Gerrit Code Review
commit e68c59a98f
7 changed files with 42 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/source/apache-httpd.rst
View File

@ -74,20 +74,20 @@ between processes.
.. WARNING:: .. WARNING::
The KVS (``keystone.token.persistence.backends.kvs.Token``) token The KVS (``kvs``) token persistence driver cannot be shared between
persistence driver cannot be shared between processes so must not be used processes so must not be used when running keystone under HTTPD (the tokens
when running keystone under HTTPD (the tokens will not be shared between will not be shared between the processes of the server and validation will
the processes of the server and validation will fail). fail).
For SQL, in ``/etc/keystone/keystone.conf`` set:: For SQL, in ``/etc/keystone/keystone.conf`` set::
[token] [token]
driver = keystone.token.persistence.backends.sql.Token driver = sql
For memcached, in ``/etc/keystone/keystone.conf`` set:: For memcached, in ``/etc/keystone/keystone.conf`` set::
[token] [token]
driver = keystone.token.persistence.backends.memcache.Token driver = memcache
All servers that are storing tokens need a shared backend. This means that All servers that are storing tokens need a shared backend. This means that
either all servers use the same database server or use a common memcached pool. either all servers use the same database server or use a common memcached pool.

62
doc/source/configuration.rst
View File

@ -336,8 +336,8 @@ wish to make use of other generator algorithms that have a different trade-off
of attributes. A different generator can be installed by configuring the of attributes. A different generator can be installed by configuring the
following property: following property:
* ``generator`` - identity mapping generator. Defaults to * ``generator`` - identity mapping generator. Defaults to ``sha256``
``keystone.identity.generators.sha256.Generator`` (implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
.. WARNING:: .. WARNING::
@ -371,7 +371,7 @@ How to Implement an Authentication Plugin
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All authentication plugins must extend the All authentication plugins must extend the
``keystone.auth.core.AuthMethodHandler`` class and implement the :class:`keystone.auth.core.AuthMethodHandler` class and implement the
``authenticate()`` method. The ``authenticate()`` method expects the following ``authenticate()`` method. The ``authenticate()`` method expects the following
parameters. parameters.
@ -394,7 +394,7 @@ return the payload in the form of a dictionary for the next authentication
step. step.
If authentication is unsuccessful, the ``authenticate()`` method must raise a If authentication is unsuccessful, the ``authenticate()`` method must raise a
``keystone.exception.Unauthorized`` exception. :class:`keystone.exception.Unauthorized` exception.
Simply add the new plugin name to the ``methods`` list along with your plugin Simply add the new plugin name to the ``methods`` list along with your plugin
class configuration in the ``[auth]`` sections of the configuration file to class configuration in the ``[auth]`` sections of the configuration file to
@ -427,30 +427,28 @@ provides three non-test persistence backends. These can be set with the
The drivers Keystone provides are: The drivers Keystone provides are:
* ``keystone.token.persistence.backends.memcache_pool.Token`` - The pooled * ``memcache_pool`` - The pooled memcached token persistence engine. This
memcached token persistence engine. This backend supports the concept of backend supports the concept of pooled memcache client object (allowing for
pooled memcache client object (allowing for the re-use of the client the re-use of the client objects). This backend has a number of extra tunable
objects). This backend has a number of extra tunable options in the options in the ``[memcache]`` section of the config. Implemented by
``[memcache]`` section of the config. :class:`keystone.token.persistence.backends.memcache_pool.Token`
* ``keystone.token.persistence.backends.sql.Token`` - The SQL-based (default) * ``sql`` - The SQL-based (default) token persistence engine. Implemented by
token persistence engine. :class:`keystone.token.persistence.backends.sql.Token`
* ``keystone.token.persistence.backends.memcache.Token`` - The memcached based * ``memcache`` - The memcached based token persistence backend. This backend
token persistence backend. This backend relies on ``dogpile.cache`` and relies on ``dogpile.cache`` and stores the token data in a set of memcached
stores the token data in a set of memcached servers. The servers URLs are servers. The servers URLs are specified in the ``[memcache]\servers``
specified in the ``[memcache]\servers`` configuration option in the Keystone configuration option in the Keystone config. Implemented by
config. :class:`keystone.token.persistence.backends.memcache.Token`
.. WARNING:: .. WARNING::
It is recommended you use the It is recommended you use the ``memcache_pool`` backend instead of
``keystone.token.persistence.backends.memcache_pool.Token`` backend instead ``memcache`` as the token persistence driver if you are deploying Keystone
of ``keystone.token.persistence.backends.memcache.Token`` as the token under eventlet instead of Apache + mod_wsgi. This recommendation is due to
persistence driver if you are deploying Keystone under eventlet instead of known issues with the use of ``thread.local`` under eventlet that can allow
Apache + mod_wsgi. This recommendation is due to known issues with the use the leaking of memcache client objects and consumption of extra sockets.
of ``thread.local`` under eventlet that can allow the leaking of memcache
client objects and consumption of extra sockets.
Token Provider Token Provider
@ -461,8 +459,8 @@ Keystone supports customizable token provider and it is specified in the
PKI token providers. However, users may register their own token provider by PKI token providers. However, users may register their own token provider by
configuring the following property. configuring the following property.
* ``provider`` - token provider driver. Defaults to * ``provider`` - token provider driver. Defaults to ``uuid``. Implemented by
``keystone.token.providers.uuid.Provider`` :class:`keystone.token.providers.uuid.Provider`
UUID, PKI, PKIZ, or Fernet? UUID, PKI, PKIZ, or Fernet?
@ -852,7 +850,7 @@ A dynamic database-backed driver fully supporting persistent configuration.
.. code-block:: ini .. code-block:: ini
[catalog] [catalog]
driver = keystone.catalog.backends.sql.Catalog driver = sql
.. NOTE:: .. NOTE::
@ -888,7 +886,7 @@ catalog will not change very much over time.
.. code-block:: ini .. code-block:: ini
[catalog] [catalog]
driver = keystone.catalog.backends.templated.Catalog driver = templated
template_file = /opt/stack/keystone/etc/default_catalog.templates template_file = /opt/stack/keystone/etc/default_catalog.templates
The value of ``template_file`` is expected to be an absolute path to your The value of ``template_file`` is expected to be an absolute path to your
@ -1252,7 +1250,7 @@ Ensure that your ``keystone.conf`` is configured to use a SQL driver:
.. code-block:: ini .. code-block:: ini
[identity] [identity]
driver = keystone.identity.backends.sql.Identity driver = sql
You may also want to configure your ``[database]`` settings to better reflect You may also want to configure your ``[database]`` settings to better reflect
your environment: your environment:
@ -1699,16 +1697,16 @@ enable this option, you must have the following ``keystone.conf`` options set:
.. code-block:: ini .. code-block:: ini
[identity] [identity]
driver = keystone.identity.backends.ldap.Identity driver = ldap
[resource] [resource]
driver = keystone.resource.backends.sql.Resource driver = sql
[assignment] [assignment]
driver = keystone.assignment.backends.sql.Assignment driver = sql
[role] [role]
driver = keystone.assignment.role_backends.sql.Role driver = sql
With the above configuration, Keystone will only lookup identity related With the above configuration, Keystone will only lookup identity related
information such users, groups, and group membership from the directory, while information such users, groups, and group membership from the directory, while

4
doc/source/extension_development.rst
View File

@ -70,7 +70,7 @@ must follow the config file conventions and introduce a dedicated section.
Example:: Example::
[example] [example]
driver = keystone.contrib.example.backends.sql.mySQLClass driver = sql
[my_other_extension] [my_other_extension]
extension_flag = False extension_flag = False
@ -81,7 +81,7 @@ extensions are disabled.
Example:: Example::
[example] [example]
#driver = keystone.contrib.example.backends.sql.mySQLClass #driver = sql
[my_other_extension] [my_other_extension]
#extension_flag = False #extension_flag = False

2
doc/source/extensions/endpoint_filter.rst
View File

@ -24,7 +24,7 @@ To enable the endpoint filter extension:
in ``keystone.conf``. For example:: in ``keystone.conf``. For example::
[catalog] [catalog]
driver = keystone.contrib.endpoint_filter.backends.catalog_sql.EndpointFilterCatalog driver = catalog_sql
2. Add the ``endpoint_filter_extension`` filter to the ``api_v3`` pipeline in 2. Add the ``endpoint_filter_extension`` filter to the ``api_v3`` pipeline in
``keystone-paste.ini``. This must be added after ``json_body`` and before ``keystone-paste.ini``. This must be added after ``json_body`` and before

2
doc/source/extensions/endpoint_policy.rst
View File

@ -21,7 +21,7 @@ To enable the endpoint policy extension:
``[endpoint_policy]`` section in ``keystone.conf``. For example:: ``[endpoint_policy]`` section in ``keystone.conf``. For example::
[endpoint_policy] [endpoint_policy]
driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy driver = sql
2. Add the ``endpoint_policy_extension`` policy to the ``api_v3`` pipeline in 2. Add the ``endpoint_policy_extension`` policy to the ``api_v3`` pipeline in
``keystone-paste.ini``. This must be added after ``json_body`` and before ``keystone-paste.ini``. This must be added after ``json_body`` and before

2
doc/source/extensions/oauth1.rst
View File

@ -23,7 +23,7 @@ To enable the OAuth1 extension:
1. Optionally, add the oauth1 extension driver to the ``[oauth1]`` section in ``keystone.conf``. For example:: 1. Optionally, add the oauth1 extension driver to the ``[oauth1]`` section in ``keystone.conf``. For example::
[oauth1] [oauth1]
driver = keystone.contrib.oauth1.backends.sql.OAuth1 driver = sql
2. Add the ``oauth1`` authentication method to the ``[auth]`` section in ``keystone.conf``:: 2. Add the ``oauth1`` authentication method to the ``[auth]`` section in ``keystone.conf``::

2
doc/source/extensions/revoke.rst
View File

@ -27,7 +27,7 @@ Enabling the Revocation Extension
in ``keystone.conf``. For example:: in ``keystone.conf``. For example::
[revoke] [revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke driver = sql
2. Add the required ``filter`` to the ``pipeline`` in ``keystone-paste.ini``. 2. Add the required ``filter`` to the ``pipeline`` in ``keystone-paste.ini``.
This must be added after ``json_body`` and before the last entry in the This must be added after ``json_body`` and before the last entry in the