95 lines
2.7 KiB
Django/Jinja
95 lines
2.7 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ keystone_logging_debug }}
|
|
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
# NOTE(elemoine) log_dir alone does not work for Keystone
|
|
log_file = /var/log/kolla/keystone/keystone.log
|
|
use_stderr = True
|
|
|
|
[oslo_middleware]
|
|
enable_proxy_headers_parsing = True
|
|
|
|
{% if keystone_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ keystone_policy_file }}
|
|
{% endif %}
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
|
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
|
max_pool_size = {{ database_max_pool_size }}
|
|
max_retries = -1
|
|
|
|
{% if keystone_domain_directory.stat.exists %}
|
|
[identity]
|
|
domain_specific_drivers_enabled = true
|
|
domain_config_dir = /etc/keystone/domains
|
|
{% endif %}
|
|
|
|
[token]
|
|
revoke_by_id = False
|
|
provider = {{ keystone_token_provider }}
|
|
expiration = {{ fernet_token_expiry }}
|
|
allow_expired_window = {{ fernet_token_allow_expired_window }}
|
|
|
|
[fernet_tokens]
|
|
# Keystone docs note:
|
|
# max_active_keys =
|
|
# ((token_expiration + allow_expired_window) / rotation_frequency) + 2
|
|
# https://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html
|
|
#
|
|
# Use (x + y - 1) / y to round up integer division.
|
|
max_active_keys = {{ ((fernet_token_expiry | int +
|
|
fernet_token_allow_expired_window | int +
|
|
fernet_key_rotation_interval | int - 1) //
|
|
fernet_key_rotation_interval | int) + 2 }}
|
|
|
|
[cache]
|
|
backend = oslo_cache.memcache_pool
|
|
enabled = True
|
|
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
[oslo_messaging_notifications]
|
|
transport_url = {{ notify_transport_url }}
|
|
{% if keystone_enabled_notification_topics %}
|
|
driver = messagingv2
|
|
topics = {{ keystone_enabled_notification_topics | map(attribute='name') | join(',') }}
|
|
{% else %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
{% if om_enable_rabbitmq_tls | bool %}
|
|
[oslo_messaging_rabbit]
|
|
ssl = true
|
|
ssl_ca_file = {{ om_rabbitmq_cacert }}
|
|
{% endif %}
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|
|
|
|
{% if enable_grafana | bool %}
|
|
[cors]
|
|
allowed_origin = {{ grafana_public_endpoint }}
|
|
{% endif %}
|
|
|
|
{% if enable_keystone_federation %}
|
|
[federation]
|
|
{% for dashboard in keystone_trusted_dashboards %}
|
|
trusted_dashboard = {{ dashboard }}
|
|
{% endfor %}
|
|
|
|
sso_callback_template = /etc/keystone/sso_callback_template.html
|
|
|
|
[openid]
|
|
remote_id_attribute = {{ keystone_remote_id_attribute_oidc }}
|
|
|
|
[auth]
|
|
methods = password,token,openid,application_credential
|
|
{% endif %}
|