179 lines
6.7 KiB
Django/Jinja
179 lines
6.7 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
[DEFAULT]
|
|
use_journal = True
|
|
# Disable stderr logging
|
|
use_stderr = False
|
|
debug = {{ debug }}
|
|
{% if keystone_public_endpoint is defined %}
|
|
public_endpoint = {{ keystone_public_endpoint }}
|
|
{% endif %}
|
|
fatal_deprecations = {{ keystone_fatal_deprecations }}
|
|
{% if keystone_sp != {} and (keystone_sp.cadf_notifications is defined) and (keystone_sp.cadf_notifications | bool) %}
|
|
{% set cadf_notifications = true %}
|
|
{% else %}
|
|
{% set cadf_notifications = false %}
|
|
{% endif %}
|
|
{% if cadf_notifications | bool %}
|
|
notification_format = cadf
|
|
{% if keystone_sp.cadf_notifications_opt_out is defined %}
|
|
{% for opt_out in keystone_sp.cadf_notifications_opt_out %}
|
|
notification_opt_out = {{ opt_out }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if keystone_oslomsg_rpc_configure %}
|
|
## Oslo.Messaging RPC
|
|
transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _keystone_oslomsg_rpc_vhost_conf }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if keystone_oslomsg_rpc_configure or keystone_oslomsg_notify_configure %}
|
|
[oslo_messaging_rabbit]
|
|
rabbit_quorum_queue = {{ keystone_oslomsg_rabbit_quorum_queues }}
|
|
rabbit_transient_quorum_queue = {{ keystone_oslomsg_rabbit_transient_quorum_queues }}
|
|
rabbit_qos_prefetch_count = {{ keystone_oslomsg_rabbit_qos_prefetch_count }}
|
|
use_queue_manager = {{ keystone_oslomsg_rabbit_queue_manager }}
|
|
{% if keystone_oslomsg_rabbit_queue_manager %}
|
|
hostname = {{ [ansible_facts['hostname'], keystone_service_name] | join('-') }}
|
|
{% endif %}
|
|
rabbit_stream_fanout = {{ keystone_oslomsg_rabbit_stream_fanout }}
|
|
rabbit_quorum_delivery_limit = {{ keystone_oslomsg_rabbit_quorum_delivery_limit }}
|
|
rabbit_quorum_max_memory_bytes = {{ keystone_oslomsg_rabbit_quorum_max_memory_bytes }}
|
|
{% endif %}
|
|
|
|
[oslo_messaging_notifications]
|
|
{% if keystone_oslomsg_notify_configure | bool %}
|
|
driver = messagingv2
|
|
{% set notification_driver = true %}
|
|
{% endif %}
|
|
{% if cadf_notifications | bool %}
|
|
driver = log
|
|
{% set notification_driver = true %}
|
|
{% endif %}
|
|
{% if notification_driver is not defined or notification_driver == false | bool %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
transport_url = {{ keystone_oslomsg_notify_transport }}://{% for host in keystone_oslomsg_notify_servers.split(',') %}{{ keystone_oslomsg_notify_userid }}:{{ keystone_oslomsg_notify_password }}@{{ host }}:{{ keystone_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _keystone_oslomsg_notify_vhost_conf }}{% if keystone_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_notify_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
{% if keystone_cache_servers | length > 0 %}
|
|
[cache]
|
|
backend = {{ keystone_cache_backend }}
|
|
{% if keystone_cache_backend in keystone_cache_backend_map['dogpile'] %}
|
|
# FIXME(lbragstad): Some strange behaviors have been reported when using
|
|
# multiple memcached instances with backend_argument. This has been documented
|
|
# in https://bugs.launchpad.net/oslo.cache/+bug/1743036
|
|
# For the time being, memcache_servers works with a single memcached instance
|
|
# and multiple instances.
|
|
memcache_servers = {{ keystone_cache_servers | join(',') }}
|
|
{% endif %}
|
|
config_prefix = cache.keystone
|
|
enabled = true
|
|
{% endif %}
|
|
|
|
|
|
[revoke]
|
|
driver = {{ keystone_revocation_driver }}
|
|
expiration_buffer = {{ keystone_revocation_expiration_buffer }}
|
|
cache_time = {{ keystone_revocation_cache_time }}
|
|
|
|
|
|
[auth]
|
|
methods = {{ keystone_auth_methods }}{% if keystone_sp_apache_mod_shib %},saml2{% endif %}{% if keystone_sp_apache_mod_auth_openidc %},openid{% endif %}
|
|
|
|
|
|
{% if keystone_database_enabled | bool %}
|
|
[database]
|
|
connection = {{ keystone_database_connection_string }}
|
|
max_overflow = {{ keystone_db_max_overflow }}
|
|
max_pool_size = {{ keystone_db_max_pool_size }}
|
|
pool_timeout = {{ keystone_db_pool_timeout }}
|
|
connection_recycle_time = {{ keystone_db_connection_recycle_time }}
|
|
{% endif %}
|
|
|
|
{% if 'fernet' in keystone_token_provider %}
|
|
[fernet_tokens]
|
|
key_repository = {{ keystone_fernet_tokens_key_repository }}
|
|
max_active_keys = {{ keystone_fernet_tokens_max_active_keys }}
|
|
{% endif %}
|
|
|
|
|
|
[identity]
|
|
{% if keystone_ldap.Default is not defined %}
|
|
driver = sql
|
|
{% endif %}
|
|
{% if keystone_ldap | length > 0 %}
|
|
domain_config_dir = {{ keystone_ldap_domain_config_dir }}
|
|
domain_specific_drivers_enabled = True
|
|
{% endif %}
|
|
|
|
|
|
[assignment]
|
|
driver = {{ keystone_assignment_driver }}
|
|
|
|
|
|
[resource]
|
|
cache_time = {{ keystone_resource_cache_time }}
|
|
driver = {{ keystone_resource_driver }}
|
|
|
|
|
|
[token]
|
|
enforce_token_bind = permissive
|
|
expiration = {{ keystone_token_expiration }}
|
|
cache_time = {{ keystone_token_cache_time }}
|
|
provider = {{ keystone_token_provider }}
|
|
|
|
{% if keystone_idp != {} %}
|
|
[saml]
|
|
certfile = "{{ keystone_idp.certfile }}"
|
|
keyfile = "{{ keystone_idp.keyfile }}"
|
|
idp_entity_id = "{{ keystone_idp.idp_entity_id }}"
|
|
idp_sso_endpoint = "{{ keystone_idp.idp_sso_endpoint }}"
|
|
idp_metadata_path = "{{ keystone_idp.idp_metadata_path }}"
|
|
{% if keystone_idp.organization_name is defined %}
|
|
idp_organization_name = {{ keystone_idp.organization_name }}
|
|
{% endif %}
|
|
{% if keystone_idp.organization_display_name is defined %}
|
|
idp_organization_display_name = {{ keystone_idp.organization_display_name }}
|
|
{% endif %}
|
|
{% if keystone_idp.organization_url is defined %}
|
|
idp_organization_url = {{ keystone_idp.organization_url }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_company is defined %}
|
|
idp_contact_company = {{ keystone_idp.contact_company }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_name is defined %}
|
|
idp_contact_name = {{ keystone_idp.contact_name }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_surname is defined %}
|
|
idp_contact_surname = {{ keystone_idp.contact_surname }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_email is defined %}
|
|
idp_contact_email = {{ keystone_idp.contact_email }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_telephone is defined %}
|
|
idp_contact_telephone = {{ keystone_idp.contact_telephone }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_type is defined %}
|
|
idp_contact_type = {{ keystone_idp.contact_type }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[credential]
|
|
key_repository = {{ keystone_credential_key_repository }}
|
|
|
|
{% if keystone_sp != {} %}
|
|
[federation]
|
|
{% if keystone_sp_apache_mod_auth_openidc %}
|
|
remote_id_attribute = HTTP_OIDC_ISS
|
|
{% elif keystone_sp_apache_mod_shib %}
|
|
remote_id_attribute = Shib-Identity-Provider
|
|
{% endif %}
|
|
{% if keystone_sp.trusted_dashboard_list is defined %}
|
|
{% for item in keystone_sp.trusted_dashboard_list %}
|
|
trusted_dashboard = {{ item }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|