ee78b91e81
Introduced namespaced variables for all OpenStack services supporting this setting as defined through oslo libraries. Default value is False in each case. Gating commit checks now enable the fatal_deprecations setting for each supporting service. Closes Bug: 1428412 Change-Id: I5f41d3fdfa1cc876efc0c33c657c9dad18a8ba51
139 lines
4.5 KiB
YAML
139 lines
4.5 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Defines that the role will be deployed on a host machine
|
|
is_metal: true
|
|
|
|
## Verbosity Options
|
|
debug: False
|
|
verbose: True
|
|
keystone_fatal_deprecations: False
|
|
|
|
## System info
|
|
keystone_system_user_name: keystone
|
|
keystone_system_group_name: keystone
|
|
keystone_system_service_name: apache2
|
|
keystone_system_shell: /bin/false
|
|
keystone_system_comment: keystone system user
|
|
keystone_system_user_home: "/var/lib/{{ keystone_system_user_name }}"
|
|
|
|
keystone_rpc_backend: rabbit
|
|
|
|
## Drivers
|
|
keystone_auth_methods: "password,token"
|
|
keystone_identity_driver: "keystone.identity.backends.sql.Identity"
|
|
# For a sql backed token storage use: "keystone.token.backends.sql.Token"
|
|
keystone_token_driver: "keystone.token.persistence.backends.memcache.Token"
|
|
keystone_token_provider: "keystone.token.providers.uuid.Provider"
|
|
|
|
keystone_bind_address: 0.0.0.0
|
|
|
|
## Memcached servers used within keystone.
|
|
# String or Comma separated list of servers.
|
|
keystone_memcached_servers: 127.0.0.1
|
|
|
|
## DB info
|
|
keystone_galera_user: keystone
|
|
keystone_galera_database: keystone
|
|
|
|
## Role info
|
|
keystone_role_name: admin
|
|
|
|
## Admin info
|
|
keystone_admin_port: 35357
|
|
keystone_admin_user_name: admin
|
|
keystone_admin_tenant_name: admin
|
|
keystone_admin_description: Admin Tenant
|
|
|
|
## Service Type and Data
|
|
keystone_service_region: RegionOne
|
|
keystone_service_name: keystone
|
|
keystone_service_port: 5000
|
|
keystone_service_proto: http
|
|
keystone_service_type: identity
|
|
keystone_service_description: "Keystone Identity Service"
|
|
keystone_service_user_name: keystone
|
|
keystone_service_tenant_name: service
|
|
|
|
keystone_service_publicuri: "{{ keystone_service_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
|
|
keystone_service_publicurl: "{{ keystone_service_publicuri }}/v2.0"
|
|
keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
|
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
|
|
keystone_service_adminuri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
|
|
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
|
|
|
|
keystone_service_publicuri_v3: "{{ keystone_service_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
|
|
keystone_service_publicurl_v3: "{{ keystone_service_publicuri_v3 }}/v3"
|
|
keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
|
keystone_service_internalurl_v3: "{{ keystone_service_internaluri_v3 }}/v3"
|
|
keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
|
|
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
|
|
|
|
## Set this value to override the "public_endpoint" keystone.conf variable
|
|
#keystone_public_endpoint:
|
|
|
|
## Apache setup
|
|
keystone_apache_log_level: info
|
|
|
|
keystone_ssl_enabled: false
|
|
keystone_ssl_cert: /etc/ssl/certs/apache.cert
|
|
keystone_ssl_key: /etc/ssl/private/apache.key
|
|
keystone_ssl_cert_path: /etc/ssl/certs
|
|
|
|
## Caching
|
|
# If set this will enable dog pile cache for keystone.
|
|
# keystone_cache_backend_argument: url:127.0.0.1:11211
|
|
|
|
## LDAP section
|
|
# Define keystone ldap information here.
|
|
# See the http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html
|
|
# for more information on available options. The sections here are defined as key: value pairs. Each
|
|
# top level key bellow ``keystone_ldap`` is a section.
|
|
# (EXAMPLE LAYOUT)
|
|
# keystone_ldap:
|
|
# ldap:
|
|
# url: "ldap://127.0.0.1"
|
|
# user: "root"
|
|
# password: "secrete"
|
|
# ...
|
|
|
|
# Common apt packages
|
|
keystone_apt_packages:
|
|
- apache2
|
|
- apache2-utils
|
|
- debhelper
|
|
- dh-apparmor
|
|
- docutils-common
|
|
- git
|
|
- libapache2-mod-wsgi
|
|
- libjs-sphinxdoc
|
|
- libjs-underscore
|
|
- libldap2-dev
|
|
- libsasl2-dev
|
|
- libxslt1.1
|
|
|
|
# Common pip packages
|
|
keystone_pip_packages:
|
|
- keystone
|
|
- keystonemiddleware
|
|
- ldappool
|
|
- lxml
|
|
- MySQL-python
|
|
- pbr
|
|
- pycrypto
|
|
- python-keystoneclient
|
|
- python-memcached
|
|
- repoze.lru
|