kolla-ansible/ansible/roles/keystone/templates/keystone.conf.j2

[DEFAULT]
debug = {{ keystone_logging_debug }}
{% if enable_cadf_notifications | bool %}
notification_format = cadf
{% endif %}

transport_url = {{ rpc_transport_url }}

# NOTE(elemoine) log_dir alone does not work for Keystone
log_file = /var/log/kolla/keystone/keystone.log
use_stderr = True

[oslo_middleware]
enable_proxy_headers_parsing = True

[database]
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
max_retries = -1

{% if keystone_domain_directory.stat.exists %}
[identity]
domain_specific_drivers_enabled = true
domain_config_dir = /etc/keystone/domains
{% endif %}

[token]
revoke_by_id = False
{% if keystone_token_provider == 'uuid' %}
provider = uuid
{% elif keystone_token_provider == 'fernet' %}
provider = {{ keystone_token_provider }}
expiration = {{ fernet_token_expiry }}

[fernet_tokens]
max_active_keys = {{ (groups['keystone'] | length) + 1 }}
{% endif %}

[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if enable_cadf_notifications | bool %}
driver = messagingv2
{% endif %}

{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
{% if enable_elasticsearch | bool %}
connection_string = elasticsearch://{{ elasticsearch_address }}:{{ elasticsearch_port }}
{% endif %}
{% endif %}

{% if enable_grafana | bool %}
[cors]
allowed_origin = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ grafana_server_port }}
{% endif %}