75 lines
1.9 KiB
Plaintext
75 lines
1.9 KiB
Plaintext
#
|
|
# SAMPLE CONFIG FILE TO TEST SSL
|
|
#
|
|
# TO USE:
|
|
# in /bin, run:
|
|
# ./keystone -c ../etc/ssl.conf
|
|
# also run
|
|
# ./sampledata -c ../etc/ssl.conf
|
|
#
|
|
# Note: this uses the same database as the default conf file. The echo app
|
|
# is not designed to support SSL and won't work in this config.
|
|
#
|
|
# To verify the server is started:
|
|
# curl -k https://localhost:35357/
|
|
|
|
|
|
[DEFAULT]
|
|
verbose = False
|
|
debug = False
|
|
default_store = sqlite
|
|
log_file = keystone.ssl.log
|
|
log_dir = .
|
|
backends = keystone.backends.sqlalchemy
|
|
extensions= osksadm, oskscatalog, hpidm
|
|
service-header-mappings = {
|
|
'nova' : 'X-Server-Management-Url',
|
|
'swift' : 'X-Storage-Url',
|
|
'cdn' : 'X-CDN-Management-Url'}
|
|
service_host = 0.0.0.0
|
|
service_port = 5000
|
|
service_ssl = True
|
|
admin_host = 0.0.0.0
|
|
admin_port = 35357
|
|
admin_ssl = True
|
|
keystone-admin-role = Admin
|
|
keystone-service-admin-role = KeystoneServiceAdmin
|
|
hash-password = True
|
|
certfile = ../examples/ssl/certs/keystone.pem
|
|
keyfile = ../examples/ssl/private/keystonekey.pem
|
|
ca_certs = ../examples/ssl/certs/ca.pem
|
|
cert_required = True
|
|
|
|
[keystone.backends.sqlalchemy]
|
|
sql_connection = sqlite:///keystone.db
|
|
sql_idle_timeout = 30
|
|
backend_entities = ['Endpoints', 'Credentials', 'EndpointTemplates', 'Tenant', 'User', 'UserRoleAssociation', 'Role', 'Token', 'Service']
|
|
|
|
[pipeline:admin]
|
|
pipeline =
|
|
urlnormalizer
|
|
d5_compat
|
|
admin_api
|
|
|
|
[pipeline:keystone-legacy-auth]
|
|
pipeline =
|
|
urlnormalizer
|
|
legacy_auth
|
|
d5_compat
|
|
service_api
|
|
|
|
[app:service_api]
|
|
paste.app_factory = keystone.server:service_app_factory
|
|
|
|
[app:admin_api]
|
|
paste.app_factory = keystone.server:admin_app_factory
|
|
|
|
[filter:urlnormalizer]
|
|
paste.filter_factory = keystone.frontends.normalizer:filter_factory
|
|
|
|
[filter:d5_compat]
|
|
paste.filter_factory = keystone.frontends.d5_compat:filter_factory
|
|
|
|
[filter:legacy_auth]
|
|
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
|