openstack-ansible/playbooks/roles/os_keystone/templates/keystone.conf.j2

# {{ ansible_managed }}

[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
admin_token = {{ keystone_auth_admin_token }}
{% if keystone_public_endpoint is defined %}
public_endpoint = {{ keystone_public_endpoint }}
{% endif %}
admin_endpoint = {{ keystone_service_adminuri }}
fatal_deprecations = {{ keystone_fatal_deprecations }}

{% if keystone_ssl | bool and keystone_secure_proxy_ssl_header is defined %}
secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}
{% endif %}

log_file = keystone.log
log_dir = /var/log/keystone
rpc_backend = {{ keystone_rpc_backend }}

{% if 'memcache' in keystone_token_driver and 'fernet' not in keystone_token_provider %}
[memcache]
servers = {{ keystone_memcached_servers }}
max_compare_and_set_retry = {{ keystone_memcached_max_compare_and_set_retry }}
{% endif %}

{% if keystone_cache_backend_argument is defined %}
[cache]
backend = dogpile.cache.memcached
backend_argument = {{ keystone_cache_backend_argument }}
config_prefix = cache.keystone
distributed_lock = True
expiration_time = {{ keystone_cache_expiration_time }}
enabled = true
{% endif %}


[revoke]
caching = true
driver = {{ keystone_revocation_driver }}
expiration_buffer = {{ keystone_revocation_expiration_buffer }}
cache_time = {{ keystone_revocation_cache_time }}


[auth]
{% if keystone_sp is defined %}
methods = {{ keystone_auth_methods }},saml2
saml2 = keystone.auth.plugins.mapped.Mapped
{% else %}
methods = {{ keystone_auth_methods }}
{% endif %}

[database]
connection = mysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8
idle_timeout = {{ keystone_database_idle_timeout }}
min_pool_size = {{ keystone_database_min_pool_size }}
max_pool_size = {{ keystone_database_max_pool_size }}
pool_timeout = {{ keystone_database_pool_timeout }}


[fernet_tokens]
key_repository = {{ keystone_fernet_tokens_key_repository }}
max_active_keys = {{ keystone_fernet_tokens_max_active_keys }}


[identity]
driver = {{ keystone_identity_driver }}
{% if keystone_ldap is defined %}
domain_config_dir = {{ keystone_ldap_domain_config_dir }}
domain_specific_drivers_enabled = True
{% endif %}


[assignment]
driver = {{ keystone_assignment_driver }}


[resource]
cache_time = {{ keystone_resource_cache_time }}
caching = true
driver = {{ keystone_resource_driver }}


[token]
enforce_token_bind = permissive
expiration = {{ keystone_token_expiration }}
caching = true
cache_time = {{ keystone_token_cache_time }}
provider = {{ keystone_token_provider }}
{% if 'fernet' not in keystone_token_provider %}
driver = {{ keystone_token_driver }}
{% endif %}

{% if keystone_idp is defined %}
[saml]
certfile = "{{ keystone_idp.certfile }}"
keyfile = "{{ keystone_idp.keyfile }}"
idp_entity_id = "{{ keystone_idp.idp_entity_id }}"
idp_sso_endpoint = "{{ keystone_idp.idp_sso_endpoint }}"
idp_metadata_path = "{{ keystone_idp.idp_metadata_path }}"
{% if keystone_idp.organization_name is defined %}
idp_organization_name = {{ keystone_idp.organization_name }}
{% endif %}
{% if keystone_idp.organization_display_name is defined %}
idp_organization_display_name = {{ keystone_idp.organization_display_name }}
{% endif %}
{% if keystone_idp.organization_url is defined %}
idp_organization_url = {{ keystone_idp.organization_url }}
{% endif %}
{% if keystone_idp.contact_company is defined %}
idp_contact_company = {{ keystone_idp.contact_company }}
{% endif %}
{% if keystone_idp.contact_name is defined %}
idp_contact_name = {{ keystone_idp.contact_name }}
{% endif %}
{% if keystone_idp.contact_surname is defined %}
idp_contact_surname = {{ keystone_idp.contact_surname }}
{% endif %}
{% if keystone_idp.contact_email is defined %}
idp_contact_email = {{ keystone_idp.contact_email }}
{% endif %}
{% if keystone_idp.contact_telephone is defined %}
idp_contact_telephone = {{ keystone_idp.contact_telephone }}
{% endif %}
{% if keystone_idp.contact_type is defined %}
idp_contact_type = {{ keystone_idp.contact_type }}
{% endif %}
{% endif %}

[eventlet_server]
admin_bind_host = {{ keystone_bind_address }}
admin_port = {{ keystone_admin_port }}
public_port = {{ keystone_service_port }}

[oslo_messaging_rabbit]
rabbit_hosts = {{ rabbitmq_servers }}
rabbit_userid = {{ rabbitmq_userid }}
rabbit_password = {{ rabbitmq_password }}

{% if keystone_sp is defined %}
[federation]
remote_id_attribute = Shib-Identity-Provider
{% if keystone_sp.trusted_dashboard_list is defined %}
{% for item in keystone_sp.trusted_dashboard_list %}
trusted_dashboard = {{ item }}
{% endfor %}
{% endif %}
{% endif %}