Merge pull request #235 from cloudnull/keystone-updates
removed unused files, and converted keystone to not use the template generator
This commit is contained in:
Dave Wilde
@@ -1,20 +0,0 @@
|
||||
WSGIDaemonProcess keystone user=keystone group=nogroup processes=3 threads=10
|
||||
<VirtualHost *:5000>
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/keystone/keystone-error.log
|
||||
CustomLog /var/log/keystone/keystone-access.log combined
|
||||
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
|
||||
WSGIProcessGroup keystone
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:35357>
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/keystone/keystone-admin-error.log
|
||||
CustomLog /var/log/keystone/keystone-admin-access.log combined
|
||||
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
|
||||
WSGIProcessGroup keystone
|
||||
|
||||
</VirtualHost>
|
||||
@@ -1,2 +0,0 @@
|
||||
Listen *:5000
|
||||
Listen *:35357
|
||||
@@ -13,22 +13,13 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Setup Keystone Config
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/keystone/{{ item }}"
|
||||
owner: "{{ system_user }}"
|
||||
group: "{{ system_group }}"
|
||||
with_items:
|
||||
- default_catalog.templates
|
||||
- policy.json
|
||||
|
||||
- name: Generate Keystone Config
|
||||
template:
|
||||
src: "template_gen"
|
||||
dest: "/etc/keystone/{{ item.file }}"
|
||||
src: "{{ item.src }}"
|
||||
dest: "/etc/keystone/{{ item.dest }}"
|
||||
owner: "{{ system_user }}"
|
||||
group: "{{ system_group }}"
|
||||
with_items:
|
||||
- { file: keystone.conf, var: "{{ keystone_conf }}" }
|
||||
- { file: keystone-paste.ini, var: "{{ keystone_paste_ini }}" }
|
||||
- { dest: "keystone.conf", src: "keystone.conf.j2" }
|
||||
- { dest: "policy.json", src: "policy.json.j2" }
|
||||
- { dest: "keystone-paste.ini", src: "keystone-paste.ini.j2" }
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
# config for templated.Catalog, using camelCase because I don't want to do
|
||||
# translations for keystone compat
|
||||
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0
|
||||
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.name = Identity Service
|
||||
|
||||
# fake compute service for now to help novaclient tests work
|
||||
catalog.RegionOne.compute.publicURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
|
||||
catalog.RegionOne.compute.adminURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
|
||||
catalog.RegionOne.compute.internalURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
|
||||
catalog.RegionOne.compute.name = Compute Service
|
||||
|
||||
catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
|
||||
catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
|
||||
catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
|
||||
catalog.RegionOne.volume.name = Volume Service
|
||||
|
||||
catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud
|
||||
catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin
|
||||
catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud
|
||||
catalog.RegionOne.ec2.name = EC2 Service
|
||||
|
||||
catalog.RegionOne.image.publicURL = http://localhost:9292/v1
|
||||
catalog.RegionOne.image.adminURL = http://localhost:9292/v1
|
||||
catalog.RegionOne.image.internalURL = http://localhost:9292/v1
|
||||
catalog.RegionOne.image.name = Image Service
|
||||
@@ -0,0 +1,112 @@
|
||||
# Keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
||||
|
||||
[filter:build_auth_context]
|
||||
paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory
|
||||
|
||||
[filter:token_auth]
|
||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
||||
|
||||
[filter:admin_token_auth]
|
||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
||||
|
||||
[filter:xml_body]
|
||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
||||
|
||||
[filter:xml_body_v2]
|
||||
paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory
|
||||
|
||||
[filter:xml_body_v3]
|
||||
paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory
|
||||
|
||||
[filter:json_body]
|
||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
||||
|
||||
[filter:user_crud_extension]
|
||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||
|
||||
[filter:crud_extension]
|
||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
||||
|
||||
[filter:ec2_extension]
|
||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
||||
|
||||
[filter:ec2_extension_v3]
|
||||
paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory
|
||||
|
||||
[filter:federation_extension]
|
||||
paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory
|
||||
|
||||
[filter:oauth1_extension]
|
||||
paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory
|
||||
|
||||
[filter:s3_extension]
|
||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
||||
|
||||
[filter:endpoint_filter_extension]
|
||||
paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
|
||||
|
||||
[filter:simple_cert_extension]
|
||||
paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory
|
||||
|
||||
[filter:revoke_extension]
|
||||
paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
|
||||
|
||||
[filter:url_normalize]
|
||||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
||||
|
||||
[filter:sizelimit]
|
||||
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
|
||||
|
||||
[filter:stats_monitoring]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
||||
|
||||
[filter:stats_reporting]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
||||
|
||||
[filter:access_log]
|
||||
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
|
||||
|
||||
[app:public_service]
|
||||
paste.app_factory = keystone.service:public_app_factory
|
||||
|
||||
[app:service_v3]
|
||||
paste.app_factory = keystone.service:v3_app_factory
|
||||
|
||||
[app:admin_service]
|
||||
paste.app_factory = keystone.service:admin_app_factory
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
paste.app_factory = keystone.service:public_version_app_factory
|
||||
|
||||
[app:admin_version_service]
|
||||
paste.app_factory = keystone.service:admin_version_app_factory
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = sizelimit url_normalize xml_body public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = sizelimit url_normalize xml_body admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = public_api
|
||||
/v3 = api_v3
|
||||
/ = public_version_api
|
||||
|
||||
[composite:admin]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = admin_api
|
||||
/v3 = api_v3
|
||||
/ = admin_version_api
|
||||
105
rpc_deployment/roles/keystone_common/templates/keystone.conf.j2
Normal file
105
rpc_deployment/roles/keystone_common/templates/keystone.conf.j2
Normal file
@@ -0,0 +1,105 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
admin_token = {{ auth_admin_token }}
|
||||
bind_host = 0.0.0.0
|
||||
# The port number which the public service listens on
|
||||
public_port = {{ auth_public_port }}
|
||||
# The port number which the public admin listens on
|
||||
admin_port = {{ auth_port }}
|
||||
public_endpoint = {{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_public_port }}/
|
||||
admin_endpoint = {{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_port }}/
|
||||
log_file = keystone.log
|
||||
log_dir = /var/log/keystone
|
||||
rabbit_hosts = {{ rabbit_hosts }}
|
||||
rabbit_userid = {{ rabbit_userid }}
|
||||
rabbit_password = {{ rabbit_password }}
|
||||
rpc_backend = {{ rpc_backend }}
|
||||
|
||||
[memcache]
|
||||
servers = {{ internal_vip_address }}:{{ memcached_port }}
|
||||
max_compare_and_set_retry = 16
|
||||
|
||||
[cache]
|
||||
backend = dogpile.cache.memcached
|
||||
backend_argument = url:{{ internal_vip_address }}:{{ memcached_port }}
|
||||
config_prefix = cache.keystone
|
||||
distributed_lock = True
|
||||
expiration_time = 5400
|
||||
enabled = true
|
||||
|
||||
[revoke]
|
||||
expiration_buffer = 1800
|
||||
caching = true
|
||||
|
||||
[auth]
|
||||
methods = {{ auth_methods }}
|
||||
|
||||
[database]
|
||||
connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
|
||||
idle_timeout = 200
|
||||
min_pool_size = 5
|
||||
max_pool_size = 10
|
||||
pool_timeout = 200
|
||||
|
||||
[identity]
|
||||
driver = {{ keystone_identity_driver|default('keystone.identity.backends.sql.Identity') }}
|
||||
|
||||
[assignment]
|
||||
driver = keystone.assignment.backends.sql.Assignment
|
||||
caching = true
|
||||
|
||||
[ldap]
|
||||
url = ldap://{{ keystone_ldap_server|default('localhost') }}
|
||||
user = {{ keystone_ldap_user_bind|default('root') }}
|
||||
password = {{ keystone_ldap_user_bind_password|default('secrete') }}
|
||||
suffix = {{ keystone_ldap_suffix|default('cn=example,cn=com') }}
|
||||
use_dumb_member = {{ keystone_ldap_use_dumb_member|default('false') }}
|
||||
dumb_member = {{ keystone_ldap_dumb_member|default('cn=dumb,dc=nonexistent') }}
|
||||
allow_subtree_delete = {{ keystone_ldap_allow_subtree_delete|default('false') }}
|
||||
query_scope = {{ keystone_ldap_query_scope|default('one') }}
|
||||
page_size = {{ keystone_ldap_page_size|default('0') }}
|
||||
debug_level = {{ keystone_ldap_debug_level|default('') }}
|
||||
chase_referrals = {{ keystone_ldap_chase_referrals|default('True') }}
|
||||
user_tree_dn = {{ keystone_ldap_user_tree_dn|default('') }}
|
||||
user_filter = {{ keystone_ldap_user_filter|default('') }}
|
||||
user_objectclass = {{ keystone_ldap_user_objectclass|default('inetOrgPerson') }}
|
||||
user_id_attribute = {{ keystone_ldap_user_id_attribute|default('cn') }}
|
||||
user_name_attribute = {{ keystone_ldap_user_name_attribute|default('sn') }}
|
||||
user_mail_attribute = {{ keystone_ldap_user_mail_attribute|default('email') }}
|
||||
user_pass_attribute = {{ keystone_ldap_user_pass_attribute|default('userPassword')}}
|
||||
user_enabled_attribute = {{ keystone_ldap_user_enabled_attribute|default('enabled') }}
|
||||
user_enabled_mask = {{ keystone_ldap_user_enabled_mask|default('0') }}
|
||||
user_enabled_default = {{ keystone_ldap_user_enabled_default|default('True') }}
|
||||
user_attribute_ignore = {{ keystone_ldap_user_attribute_ignore|default('default_project_id,tenants') }}
|
||||
user_default_project_id_attribute = {{ keystone_ldap_user_default_project_id_attribute|default('') }}
|
||||
user_allow_create = {{ keystone_ldap_user_allow_create|default('true') }}
|
||||
user_allow_update = {{ keystone_ldap_user_allow_update|default('true') }}
|
||||
user_allow_delete = {{ keystone_ldap_user_allow_delete|default('true') }}
|
||||
user_enabled_emulation = {{ keystone_ldap_user_enabled_emulation|default('false') }}
|
||||
user_enabled_emulation_dn = {{ keystone_ldap_user_enabled_emulation_dn|default('') }}
|
||||
user_additional_attribute_mapping = {{ keystone_ldap_user_additional_attribute_mapping|default('') }}
|
||||
group_tree_dn = {{ keystone_ldap_|default('') }}
|
||||
group_filter = {{ keystone_ldap_group_filter|default('') }}
|
||||
group_objectclass = {{ keystone_ldap_group_objectclass|default('groupOfNames') }}
|
||||
group_id_attribute = {{ keystone_ldap_group_id_attribute|default('cn') }}
|
||||
group_name_attribute = {{ keystone_ldap_group_name_attribute|default('ou') }}
|
||||
group_member_attribute = {{ keystone_ldap_group_member_attribute|default('member') }}
|
||||
group_desc_attribute = {{ keystone_ldap_group_desc_attribute|default('description') }}
|
||||
group_attribute_ignore = {{ keystone_ldap_group_attribute_ignore|default('') }}
|
||||
group_allow_create = {{ keystone_ldap_group_allow_create|default('true') }}
|
||||
group_allow_update = {{ keystone_ldap_group_allow_update|default('true') }}
|
||||
group_allow_delete = {{ keystone_ldap_group_allow_delete|default('true') }}
|
||||
group_additional_attribute_mapping = {{ keystone_ldap_group_additional_attribute_mapping|default('') }}
|
||||
tls_cacertfile = {{ keystone_ldap_tls_cacertfile|default('') }}
|
||||
tls_cacertdir = {{ keystone_ldap_tls_cacertdir|default('') }}
|
||||
use_tls = {{ keystone_ldap_use_tls|default('false') }}
|
||||
tls_req_cert = {{ keystone_ldap_tls_req_cert|default('demand') }}
|
||||
|
||||
[token]
|
||||
enforce_token_bind = permissive
|
||||
revocation_cache_time = 3600
|
||||
expiration = 43200
|
||||
caching = true
|
||||
cache_time = 5400
|
||||
provider = {{ token_provider }}
|
||||
@@ -1,20 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
# Changes to this file are found within the vars/config_vars
|
||||
|
||||
{% for key, value in item.var.items() %}
|
||||
|
||||
[{{ key }}]
|
||||
{% for _key, _value in value.items() %}
|
||||
{% if _value is string %}
|
||||
{{ _key }}={{ _value }}
|
||||
{% elif _value is number %}
|
||||
{{ _key }}={{ _value }}
|
||||
{% elif _value is iterable %}
|
||||
{{ _key }}={{ _value|join(", ") }}
|
||||
{% else %}
|
||||
# Value type skipped as it was indeterminable
|
||||
# {{ _value }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
{% endfor %}
|
||||
@@ -1,189 +0,0 @@
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
keystone_conf:
|
||||
DEFAULT:
|
||||
verbose: "{{ verbose }}"
|
||||
debug: "{{ debug }}"
|
||||
admin_token: "{{ auth_admin_token }}"
|
||||
bind_host: "0.0.0.0"
|
||||
# The port number which the public service listens on
|
||||
public_port: "{{ auth_public_port }}"
|
||||
# The port number which the public admin listens on
|
||||
admin_port: "{{ auth_port }}"
|
||||
public_endpoint: "{{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_public_port }}/"
|
||||
admin_endpoint: "{{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_port }}/"
|
||||
log_file: "keystone.log"
|
||||
log_dir: /var/log/keystone
|
||||
rabbit_hosts: "{{ rabbit_hosts }}"
|
||||
rabbit_userid: "{{ rabbit_userid }}"
|
||||
rabbit_password: "{{ rabbit_password }}"
|
||||
rpc_backend: "{{ rpc_backend }}"
|
||||
memcache:
|
||||
servers: "{{ internal_vip_address }}:{{ memcached_port }}"
|
||||
max_compare_and_set_retry: 16
|
||||
cache:
|
||||
backend: "dogpile.cache.memcached"
|
||||
backend_argument: "url:{{ internal_vip_address }}:{{ memcached_port }}"
|
||||
config_prefix: "cache.keystone"
|
||||
distributed_lock: True
|
||||
expiration_time: 5400
|
||||
enabled: "true"
|
||||
revoke:
|
||||
expiration_buffer: 1800
|
||||
caching: "true"
|
||||
auth:
|
||||
methods: "{{ auth_methods }}"
|
||||
database:
|
||||
connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
|
||||
idle_timeout: 200
|
||||
min_pool_size: 5
|
||||
max_pool_size: 10
|
||||
pool_timeout: 200
|
||||
identity:
|
||||
driver: "{{ keystone_identity_driver|default('keystone.identity.backends.sql.Identity') }}"
|
||||
assignment:
|
||||
driver: keystone.assignment.backends.sql.Assignment
|
||||
caching: true
|
||||
ldap:
|
||||
url: "ldap://{{ keystone_ldap_server|default('localhost') }}"
|
||||
user: "{{ keystone_ldap_user_bind|default('root') }}"
|
||||
password: "{{ keystone_ldap_user_bind_password|default('secrete') }}"
|
||||
suffix: "{{ keystone_ldap_suffix|default('cn=example,cn=com') }}"
|
||||
use_dumb_member: "{{ keystone_ldap_use_dumb_member|default('false') }}"
|
||||
dumb_member: "{{ keystone_ldap_dumb_member|default('cn=dumb,dc=nonexistent') }}"
|
||||
allow_subtree_delete: "{{ keystone_ldap_allow_subtree_delete|default('false') }}"
|
||||
query_scope: "{{ keystone_ldap_query_scope|default('one') }}"
|
||||
page_size: "{{ keystone_ldap_page_size|default('0') }}"
|
||||
debug_level: "{{ keystone_ldap_debug_level|default('') }}"
|
||||
chase_referrals: "{{ keystone_ldap_chase_referrals|default('True') }}"
|
||||
user_tree_dn: "{{ keystone_ldap_user_tree_dn|default('') }}"
|
||||
user_filter: "{{ keystone_ldap_user_filter|default('') }}"
|
||||
user_objectclass: "{{ keystone_ldap_user_objectclass|default('inetOrgPerson') }}"
|
||||
user_id_attribute: "{{ keystone_ldap_user_id_attribute|default('cn') }}"
|
||||
user_name_attribute: "{{ keystone_ldap_user_name_attribute|default('sn') }}"
|
||||
user_mail_attribute: "{{ keystone_ldap_user_mail_attribute|default('email') }}"
|
||||
user_pass_attribute: "{{ keystone_ldap_user_pass_attribute|default('userPassword')}}"
|
||||
user_enabled_attribute: "{{ keystone_ldap_user_enabled_attribute|default('enabled') }}"
|
||||
user_enabled_mask: "{{ keystone_ldap_user_enabled_mask|default('0') }}"
|
||||
user_enabled_default: "{{ keystone_ldap_user_enabled_default|default('True') }}"
|
||||
user_attribute_ignore: "{{ keystone_ldap_user_attribute_ignore|default('default_project_id,tenants') }}"
|
||||
user_default_project_id_attribute: "{{ keystone_ldap_user_default_project_id_attribute|default('') }}"
|
||||
user_allow_create: "{{ keystone_ldap_user_allow_create|default('true') }}"
|
||||
user_allow_update: "{{ keystone_ldap_user_allow_update|default('true') }}"
|
||||
user_allow_delete: "{{ keystone_ldap_user_allow_delete|default('true') }}"
|
||||
user_enabled_emulation: "{{ keystone_ldap_user_enabled_emulation|default('false') }}"
|
||||
user_enabled_emulation_dn: "{{ keystone_ldap_user_enabled_emulation_dn|default('') }}"
|
||||
user_additional_attribute_mapping: "{{ keystone_ldap_user_additional_attribute_mapping|default('') }}"
|
||||
group_tree_dn: "{{ keystone_ldap_|default('') }}"
|
||||
group_filter: "{{ keystone_ldap_group_filter|default('') }}"
|
||||
group_objectclass: "{{ keystone_ldap_group_objectclass|default('groupOfNames') }}"
|
||||
group_id_attribute: "{{ keystone_ldap_group_id_attribute|default('cn') }}"
|
||||
group_name_attribute: "{{ keystone_ldap_group_name_attribute|default('ou') }}"
|
||||
group_member_attribute: "{{ keystone_ldap_group_member_attribute|default('member') }}"
|
||||
group_desc_attribute: "{{ keystone_ldap_group_desc_attribute|default('description') }}"
|
||||
group_attribute_ignore: "{{ keystone_ldap_group_attribute_ignore|default('') }}"
|
||||
group_allow_create: "{{ keystone_ldap_group_allow_create|default('true') }}"
|
||||
group_allow_update: "{{ keystone_ldap_group_allow_update|default('true') }}"
|
||||
group_allow_delete: "{{ keystone_ldap_group_allow_delete|default('true') }}"
|
||||
group_additional_attribute_mapping: "{{ keystone_ldap_group_additional_attribute_mapping|default('') }}"
|
||||
tls_cacertfile: "{{ keystone_ldap_tls_cacertfile|default('') }}"
|
||||
tls_cacertdir: "{{ keystone_ldap_tls_cacertdir|default('') }}"
|
||||
use_tls: "{{ keystone_ldap_use_tls|default('false') }}"
|
||||
tls_req_cert: "{{ keystone_ldap_tls_req_cert|default('demand') }}"
|
||||
token:
|
||||
enforce_token_bind: "permissive"
|
||||
revocation_cache_time: 3600
|
||||
expiration: 43200
|
||||
caching: "true"
|
||||
cache_time: "5400"
|
||||
provider: "{{ token_provider }}"
|
||||
|
||||
keystone_paste_ini:
|
||||
filter:debug:
|
||||
paste.filter_factory: "keystone.common.wsgi:Debug.factory"
|
||||
filter:build_auth_context:
|
||||
paste.filter_factory: "keystone.middleware:AuthContextMiddleware.factory"
|
||||
filter:token_auth:
|
||||
paste.filter_factory: "keystone.middleware:TokenAuthMiddleware.factory"
|
||||
filter:admin_token_auth:
|
||||
paste.filter_factory: "keystone.middleware:AdminTokenAuthMiddleware.factory"
|
||||
filter:xml_body:
|
||||
paste.filter_factory: "keystone.middleware:XmlBodyMiddleware.factory"
|
||||
filter:xml_body_v2:
|
||||
paste.filter_factory: "keystone.middleware:XmlBodyMiddlewareV2.factory"
|
||||
filter:xml_body_v3:
|
||||
paste.filter_factory: "keystone.middleware:XmlBodyMiddlewareV3.factory"
|
||||
filter:json_body:
|
||||
paste.filter_factory: "keystone.middleware:JsonBodyMiddleware.factory"
|
||||
filter:user_crud_extension:
|
||||
paste.filter_factory: "keystone.contrib.user_crud:CrudExtension.factory"
|
||||
filter:crud_extension:
|
||||
paste.filter_factory: "keystone.contrib.admin_crud:CrudExtension.factory"
|
||||
filter:ec2_extension:
|
||||
paste.filter_factory: "keystone.contrib.ec2:Ec2Extension.factory"
|
||||
filter:ec2_extension_v3:
|
||||
paste.filter_factory: "keystone.contrib.ec2:Ec2ExtensionV3.factory"
|
||||
filter:federation_extension:
|
||||
paste.filter_factory: "keystone.contrib.federation.routers:FederationExtension.factory"
|
||||
filter:oauth1_extension:
|
||||
paste.filter_factory: "keystone.contrib.oauth1.routers:OAuth1Extension.factory"
|
||||
filter:s3_extension:
|
||||
paste.filter_factory: "keystone.contrib.s3:S3Extension.factory"
|
||||
filter:endpoint_filter_extension:
|
||||
paste.filter_factory: "keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory"
|
||||
filter:simple_cert_extension:
|
||||
paste.filter_factory: "keystone.contrib.simple_cert:SimpleCertExtension.factory"
|
||||
filter:revoke_extension:
|
||||
paste.filter_factory: "keystone.contrib.revoke.routers:RevokeExtension.factory"
|
||||
filter:url_normalize:
|
||||
paste.filter_factory: "keystone.middleware:NormalizingFilter.factory"
|
||||
filter:sizelimit:
|
||||
paste.filter_factory: "keystone.middleware:RequestBodySizeLimiter.factory"
|
||||
filter:stats_monitoring:
|
||||
paste.filter_factory: "keystone.contrib.stats:StatsMiddleware.factory"
|
||||
filter:stats_reporting:
|
||||
paste.filter_factory: "keystone.contrib.stats:StatsExtension.factory"
|
||||
filter:access_log:
|
||||
paste.filter_factory: "keystone.contrib.access:AccessLogMiddleware.factory"
|
||||
app:public_service:
|
||||
paste.app_factory: "keystone.service:public_app_factory"
|
||||
app:service_v3:
|
||||
paste.app_factory: "keystone.service:v3_app_factory"
|
||||
app:admin_service:
|
||||
paste.app_factory: "keystone.service:admin_app_factory"
|
||||
pipeline:public_api:
|
||||
pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service"
|
||||
pipeline:admin_api:
|
||||
pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service"
|
||||
pipeline:api_v3:
|
||||
pipeline: "sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3"
|
||||
app:public_version_service:
|
||||
paste.app_factory: "keystone.service:public_version_app_factory"
|
||||
app:admin_version_service:
|
||||
paste.app_factory: "keystone.service:admin_version_app_factory"
|
||||
pipeline:public_version_api:
|
||||
pipeline: "sizelimit url_normalize xml_body public_version_service"
|
||||
pipeline:admin_version_api:
|
||||
pipeline: "sizelimit url_normalize xml_body admin_version_service"
|
||||
composite:main:
|
||||
use: "egg:Paste#urlmap"
|
||||
/v2.0: "public_api"
|
||||
/v3: "api_v3"
|
||||
/: "public_version_api"
|
||||
composite:admin:
|
||||
use: "egg:Paste#urlmap"
|
||||
/v2.0: "admin_api"
|
||||
/v3: "api_v3"
|
||||
/: "admin_version_api"
|
||||
Reference in New Issue
Block a user