openstack/openstack-manuals
Code Issues Proposed changes

config-ref: include keystone tables

Browse Source 
Include keystone configuration options in the Identity section.

There is room for lots of improvements, but this first step will at
least make the info available.

Replace "Identity Service" with "Identity service" in the config-ref.

Closes-Bug: #1277330
Change-Id: I2dfac169c89bdbecd67322923a6a84f2155c4150
This commit is contained in:
Gauvain Pocentek 2014-04-16 21:27:20 +02:00
parent 4d72787ebb
commit 6a10e75a55
6 changed files with 56 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
doc/common/section_identity-configure.xml
View File

@ -1,114 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="keystone-configuration-file">
<title>Identity Service configuration files</title>
<variablelist>
<varlistentry>
<term>keystone.conf</term>
<listitem>
<para>The Identity Service
<filename>/etc/keystone/keystone.conf</filename>
configuration file is an INI-format file with
sections.</para>
<para>The <literal>[DEFAULT]</literal> section configures
general configuration values.</para>
<para>Specific sections, such as the <literal>[database]</literal>
and <literal>[ec2]</literal> sections, configure individual
services.</para>
<table rules="all">
<caption>keystone.conf file sections</caption>
<col width="30%"/>
<col width="70%"/>
<thead>
<tr>
<th>Section</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><literal>[DEFAULT]</literal></td>
<td>General configuration.</td>
</tr>
<tr>
<td><literal>[database]</literal></td>
<td>Optional storage back-end configuration.</td>
</tr>
<tr>
<td><literal>[ec2]</literal></td>
<td>Amazon EC2 authentication driver configuration.</td>
</tr>
<tr>
<td><literal>[s3]</literal></td>
<td>Amazon S3 authentication driver configuration.</td>
</tr>
<tr>
<td><literal>[identity]</literal></td>
<td>Identity Service system driver configuration.</td>
</tr>
<tr>
<td><literal>[catalog]</literal></td>
<td>Service catalog driver configuration.</td>
</tr>
<tr>
<td><literal>[token]</literal></td>
<td>Token driver configuration.</td>
</tr>
<tr>
<td><literal>[policy]</literal></td>
<td>Policy system driver configuration for RBAC.</td>
</tr>
<tr>
<td><literal>[signing]</literal></td>
<td>Cryptographic signatures for PKI based tokens.</td>
</tr>
<tr>
<td><literal>[ssl]</literal></td>
<td>SSL configuration.</td>
</tr>
</tbody>
</table>
<para>When you start the Identity Service, you can use the
<parameter>--config-file</parameter> parameter to specify
a configuration file.</para>
<para>If you do not specify a configuration file, the Identity
Service looks for the <filename>keystone.conf</filename>
configuration file in these directories in this
order:</para>
<orderedlist>
<listitem>
<para>
<literal>~/.keystone</literal>
</para>
</listitem>
<listitem>
<para>
<literal>~/</literal>
</para>
</listitem>
<listitem>
<para>
<literal>/etc/keystone</literal>
</para>
</listitem>
<listitem>
<para>
<literal>/etc</literal>
</para>
</listitem>
</orderedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>keystone-paste.ini</term>
<listitem>
<para>The
<filename>/etc/keystone/keystone-paste.ini</filename> file
configures the Identity Service WSGI middleware
pipeline.</para>
</listitem>
</varlistentry>
</variablelist>
</section>

4
doc/config-reference/ch_computeconfigure.xml
View File

@ -23,7 +23,7 @@
directory.</para> directory.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Related Image Service and Identity Service management <para>Related Image Service and Identity service management
configuration files.</para> configuration files.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -41,7 +41,7 @@
<title>Configure authentication and authorization</title> <title>Configure authentication and authorization</title>
<para>There are different methods of authentication for the <para>There are different methods of authentication for the
OpenStack Compute project, including no authentication. The OpenStack Compute project, including no authentication. The
preferred system is the OpenStack Identity Service, code-named preferred system is the OpenStack Identity service, code-named
Keystone.</para> Keystone.</para>
<para>To customize authorization settings for Compute, use the <para>To customize authorization settings for Compute, use the
configuration options documented in configuration options documented in

50
doc/config-reference/ch_identityconfigure.xml
View File

@ -7,13 +7,55 @@
xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns4="http://www.w3.org/2000/svg"
xmlns:ns3="http://www.w3.org/1998/Math/MathML" xmlns:ns3="http://www.w3.org/1998/Math/MathML"
xmlns:ns="http://docbook.org/ns/docbook"> xmlns:ns="http://docbook.org/ns/docbook">
<title>Identity Service</title> <title>Identity service</title>
<para>This chapter details the OpenStack Identity Service configuration <para>This chapter details the OpenStack Identity service configuration
options. For installation prerequisites and step-by-step walkthroughs, see the options. For installation prerequisites and step-by-step walkthroughs, see the
<citetitle>OpenStack Installation Guide</citetitle> for your distribution (<link xlink:href="docs.openstack.org" <citetitle>OpenStack Installation Guide</citetitle> for your distribution (<link xlink:href="docs.openstack.org"
>docs.openstack.org</link>) and <citetitle><link >docs.openstack.org</link>) and <citetitle><link
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/">Cloud xlink:href="http://docs.openstack.org/admin-guide-cloud/content/">Cloud
Administrator Guide</link></citetitle>.</para> Administrator Guide</link></citetitle>.</para>
<xi:include href="../common/section_identity-configure.xml"/>
<xi:include href="../common/section_keystone-sample-conf-files.xml"/> <section xml:id="keystone-configuration-file">
<title>Identity service configuration file</title>
<para>The Identity service is configured in the
<filename>/etc/keystone/keystone.conf</filename> file.</para>
<para>The following tables provide a comprehensive list of the Identity
service options.</para>
<xi:include href="../common/tables/keystone-api.xml"/>
<xi:include href="../common/tables/keystone-assignment.xml"/>
<xi:include href="../common/tables/keystone-auth.xml"/>
<xi:include href="../common/tables/keystone-cache.xml"/>
<xi:include href="../common/tables/keystone-catalog.xml"/>
<xi:include href="../common/tables/keystone-credential.xml"/>
<xi:include href="../common/tables/keystone-database.xml"/>
<xi:include href="../common/tables/keystone-debug.xml"/>
<xi:include href="../common/tables/keystone-ec2.xml"/>
<xi:include href="../common/tables/keystone-federation.xml"/>
<xi:include href="../common/tables/keystone-identity.xml"/>
<xi:include href="../common/tables/keystone-kvs.xml"/>
<xi:include href="../common/tables/keystone-ldap.xml"/>
<xi:include href="../common/tables/keystone-logging.xml"/>
<xi:include href="../common/tables/keystone-memcache.xml"/>
<xi:include href="../common/tables/keystone-misc.xml"/>
<xi:include href="../common/tables/keystone-notification.xml"/>
<xi:include href="../common/tables/keystone-oauth.xml"/>
<xi:include href="../common/tables/keystone-os_inherit.xml"/>
<xi:include href="../common/tables/keystone-policy.xml"/>
<xi:include href="../common/tables/keystone-revoke.xml"/>
<xi:include href="../common/tables/keystone-security.xml"/>
<xi:include href="../common/tables/keystone-ssl.xml"/>
<xi:include href="../common/tables/keystone-stats.xml"/>
<xi:include href="../common/tables/keystone-token.xml"/>
<xi:include href="../common/tables/keystone-trust.xml"/>
<xi:include href="../common/tables/keystone-rpc.xml"/>
<xi:include href="../common/tables/keystone-amqp.xml"/>
<xi:include href="../common/tables/keystone-qpid.xml"/>
<xi:include href="../common/tables/keystone-rabbit.xml"/>
<xi:include href="../common/tables/keystone-zeromq.xml"/>
<xi:include href="../common/tables/keystone-redis.xml"/>
</section>
<xi:include href="identity/section_keystone-sample-conf-files.xml"/>
</chapter> </chapter>

4
doc/config-reference/dashboard/section_dashboard-sample-configuration-files.xml
View File

@ -9,10 +9,10 @@
<title>keystone_policy.json</title> <title>keystone_policy.json</title>
<para>The <filename>keystone_policy.json</filename> file <para>The <filename>keystone_policy.json</filename> file
defines additional access controls for the dashboard that defines additional access controls for the dashboard that
apply to the Identity Service.</para> apply to the Identity service.</para>
<note> <note>
<para>The <filename>keystone_policy.json</filename> file <para>The <filename>keystone_policy.json</filename> file
must match the Identity Service must match the Identity service
<filename>/etc/keystone/policy.json</filename> <filename>/etc/keystone/policy.json</filename>
policy file.</para> policy file.</para>
</note> </note>

8
doc/common/section_keystone-sample-conf-files.xml → doc/config-reference/identity/section_keystone-sample-conf-files.xml
View File

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="sample-configuration-files"> xml:id="sample-configuration-files">
<title>Identity Service sample configuration files</title> <title>Identity service sample configuration files</title>
<para>All the files in this section can be found in the <systemitem>/etc/keystone</systemitem> <para>All the files in this section can be found in the <systemitem>/etc/keystone</systemitem>
directory.</para> directory.</para>
<section xml:id="section_keystone.conf"> <section xml:id="section_keystone.conf">
@ -19,7 +19,7 @@
<title>keystone-paste.ini</title> <title>keystone-paste.ini</title>
<para>The <filename>keystone-paste.ini</filename> file configures the <para>The <filename>keystone-paste.ini</filename> file configures the
Web Service Gateway Interface (WSGI) middleware pipeline for Web Service Gateway Interface (WSGI) middleware pipeline for
the Identity Service. the Identity service.
</para> </para>
<para> <para>
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone-paste.ini"/> <programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone-paste.ini"/>
@ -41,10 +41,10 @@
<section xml:id="section_keystone-policy.json"> <section xml:id="section_keystone-policy.json">
<title>policy.json</title> <title>policy.json</title>
<para>The <filename>policy.json</filename> file defines additional access controls that <para>The <filename>policy.json</filename> file defines additional access controls that
apply to the Identity Service.</para> apply to the Identity service.</para>
<para> <para>
<programlisting language="json"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/policy.json"/> <programlisting language="json"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/policy.json"/>
</programlisting> </programlisting>
</para> </para>
</section> </section>
</section> </section>

4
doc/config-reference/table_default-ports-primary-services.xml
View File

@ -54,13 +54,13 @@
<td/> <td/>
</tr> </tr>
<tr> <tr>
<td>Identity Service (<literal>keystone</literal>) <td>Identity service (<literal>keystone</literal>)
administrative endpoint</td> administrative endpoint</td>
<td>35357</td> <td>35357</td>
<td>adminurl</td> <td>adminurl</td>
</tr> </tr>
<tr> <tr>
<td>Identity Service public endpoint</td> <td>Identity service public endpoint</td>
<td>5000</td> <td>5000</td>
<td>publicurl</td> <td>publicurl</td>
</tr> </tr>