From 9034da542fa19fc763da78d59ba4c92186cf8ab2 Mon Sep 17 00:00:00 2001 From: Tom Fifield Date: Wed, 25 Jun 2014 12:21:29 +0800 Subject: [PATCH] Add information about domain-specific conf file This feature introduced in Havana allows settings for specific domains to override the main config. Add a new section to the config reference explaining the configuration file layout. Change-Id: I535639a7edb44e63f608806519b153e7a87042be Closes-Bug: 1209255 --- .../section_keystone-sample-conf-files.xml | 80 ++++++++++++------- 1 file changed, 49 insertions(+), 31 deletions(-) diff --git a/doc/config-reference/identity/section_keystone-sample-conf-files.xml b/doc/config-reference/identity/section_keystone-sample-conf-files.xml index acea7cb33d..83fd4a73f1 100644 --- a/doc/config-reference/identity/section_keystone-sample-conf-files.xml +++ b/doc/config-reference/identity/section_keystone-sample-conf-files.xml @@ -4,47 +4,65 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="sample-configuration-files"> Identity service sample configuration files - All the files in this section can be found in the /etc/keystone - directory. + You can find the files described in this section in the + /etc/keystone directory.
keystone.conf - The majority of the Identity service configuration is performed from the - keystone.conf file. - - + Use the keystone.conf file to + configure most Identity service options: + -
- keystone-paste.ini - The keystone-paste.ini file configures the - Web Service Gateway Interface (WSGI) middleware pipeline for - the Identity service. - - - + keystone-paste.ini + Use the keystone-paste.ini file to + configure the Web Service Gateway Interface (WSGI) + middleware pipeline for the Identity service. + -
- logging.conf - A special logging configuration file can be specified in the - keystone.conf configuration file (for example, - /etc/keystone/logging.conf). For details, see the Python - logging module documentation ( - Python Logging). - - + logging.conf + You can specify a special logging configuration file in + the keystone.conf configuration file. + For example, + /etc/keystone/logging.conf. + For details, see the (Python logging module documentation). + -
- policy.json - The policy.json file defines additional access controls that - apply to the Identity service. - - - - + policy.json + Use the policy.json file to define + additional access controls that apply to the Identity + service. + +
+
+ Domain-specific configuration + Identity enables you to configure domain-specific + authentication drivers. For example, you can configure a + domain to have its own LDAP or SQL server. + By default, the option to configure domain-specific + drivers is disabled. + To enable domain-specific drivers, set these options in + [identity] section in the + keystone.conf file: + [identity] +domain_specific_drivers_enabled = True +domain_config_dir = /etc/keystone/domains + When you enable domain-specific drivers, Identity looks + in the directory for + configuration files that are named as follows: + keystone.DOMAIN_NAME.conf, + where DOMAIN_NAME is the domain + name. + Any options that you define in the domain-specific + configuration file override options in the primary + configuration file for the specified domain. Any domain + without a domain-specific configuration file uses only the + options in the primary configuration file.