[admin-guide] Consisitent keystone configuration file path

Change-Id: I03b806b6c2ce50e3c4d358c012ac5b8012f585ef
2016-11-05 02:39:15 +00:00 · 2016-11-05 02:39:15 +00:00 · 94a27b1960
commit 94a27b1960
parent daa6f0e86c
8 changed files with 28 additions and 23 deletions
--- a/doc/admin-guide/source/identity-caching-layer.rst
+++ b/doc/admin-guide/source/identity-caching-layer.rst
@ -9,8 +9,9 @@ Identity uses the
 `dogpile.cache <http://dogpilecache.readthedocs.org/en/latest/>`__
 library which allows flexible cache back ends. The majority of the
 caching configuration options are set in the ``[cache]`` section of the
-``keystone.conf`` file. However, each section that has the capability to
+``/etc/keystone/keystone.conf`` file. However, each section that has
-be cached usually has a caching boolean value that toggles caching.
+the capability to be cached usually has a caching boolean value that
 toggles caching.
 So to enable only the token back end caching, set the values as follows:
--- a/doc/admin-guide/source/identity-certificates-for-pki.rst
+++ b/doc/admin-guide/source/identity-certificates-for-pki.rst
@ -10,9 +10,9 @@ used to sign it must be available as a :term:`Certificate Authority (CA)`
 certificate. These files can be generated either using the
 :command:`keystone-manage` utility, or externally generated. The files need to
 be in the locations specified by the top level Identity service
-configuration file ``keystone.conf`` as specified in the above section.
+configuration file ``/etc/keystone/keystone.conf`` as specified in the
-Additionally, the private key should only be readable by the system user
+above section. Additionally, the private key should only be readable by
-that will run the Identity service.
+the system user that will run the Identity service.
 .. warning::
@ -65,8 +65,8 @@ certificates, or you are providing your own certificates, these values
 do not need to be set.
 If ``provider=keystone.token.providers.uuid.Provider`` in the
-``[token]`` section of the keystone configuration, a typical token looks
+``[token]`` section of the keystone configuration file, a typical token
-like ``53f7f6ef0cc344b5be706bcc8b1479e1``. If
+looks like ``53f7f6ef0cc344b5be706bcc8b1479e1``. If
 ``provider=keystone.token.providers.pki.Provider``, a typical token is a
 much longer string, such as::
--- a/doc/admin-guide/source/identity-integrate-identity-backend-ldap.rst
+++ b/doc/admin-guide/source/identity-integrate-identity-backend-ldap.rst
@ -11,13 +11,14 @@ administrators to use users and groups in LDAP.
 .. important::
   For OpenStack Identity service to access LDAP servers, you must
-   define the destination LDAP server in the ``keystone.conf`` file.
+   define the destination LDAP server in the
-   For more information, see :ref:`identity_ldap_server_setup`.
+   ``/etc/keystone/keystone.conf`` file. For more information,
   see :ref:`identity_ldap_server_setup`.
 **To integrate one Identity back end with LDAP**
-#. Enable the LDAP Identity driver in the ``keystone.conf`` file. This
+#. Enable the LDAP Identity driver in the ``/etc/keystone/keystone.conf``
-   allows LDAP as an identity back end:
+   file. This allows LDAP as an identity back end:
   .. code-block:: ini
@ -26,7 +27,8 @@ administrators to use users and groups in LDAP.
      driver = ldap
 #. Create the organizational units (OU) in the LDAP directory, and define
-   the corresponding location in the ``keystone.conf`` file:
+   the corresponding location in the ``/etc/keystone/keystone.conf``
   file:
   .. code-block:: ini
@ -48,7 +50,8 @@ administrators to use users and groups in LDAP.
         user_objectclass = person
 #. A read-only implementation is recommended for LDAP integration. These
-   permissions are applied to object types in the ``keystone.conf``:
+   permissions are applied to object types in the
   ``/etc/keystone/keystone.conf`` file:
   .. code-block:: ini
@ -195,7 +198,7 @@ Identity attribute mapping
   update.
   For example, you can mask Active Directory account status attributes
-   in the ``keystone.conf`` file:
+   in the ``/etc/keystone/keystone.conf`` file:
   .. code-block:: ini
--- a/doc/admin-guide/source/identity-keystone-usage-and-features.rst
+++ b/doc/admin-guide/source/identity-keystone-usage-and-features.rst
@ -39,8 +39,8 @@ Logging
 You configure logging externally to the rest of Identity. The name of
 the file specifying the logging configuration is set using the
 ``log_config`` option in the ``[DEFAULT]`` section of the
-``keystone.conf`` file. To route logging through syslog, set
+``/etc/keystone/keystone.conf`` file. To route logging through syslog,
-``use_syslog=true`` in the ``[DEFAULT]`` section.
+set ``use_syslog=true`` in the ``[DEFAULT]`` section.
 A sample logging configuration file is available with the project in
 ``etc/logging.conf.sample``. Like other OpenStack projects, Identity
--- a/doc/admin-guide/source/identity-ldap-server.rst
+++ b/doc/admin-guide/source/identity-ldap-server.rst
@ -25,7 +25,8 @@ examples. Modify these examples as needed.
 **To define the destination LDAP server**
-#. Define the destination LDAP server in the ``keystone.conf`` file:
+#. Define the destination LDAP server in the
   ``/etc/keystone/keystone.conf`` file:
   .. code-block:: ini
--- a/doc/admin-guide/source/identity-service-api-protection.rst
+++ b/doc/admin-guide/source/identity-service-api-protection.rst
@ -5,9 +5,9 @@ Identity API protection with role-based access control (RBAC)
 Like most OpenStack projects, Identity supports the protection of its
 APIs by defining policy rules based on an RBAC approach. Identity stores
 a reference to a policy JSON file in the main Identity configuration
-file, ``keystone.conf``. Typically this file is named ``policy.json``,
+file, ``/etc/keystone/keystone.conf``. Typically this file is named
-and contains the rules for which roles have access to certain actions
+``policy.json``, and contains the rules for which roles have access to
-in defined services.
+certain actions in defined services.
 Each Identity API v3 call has a line in the policy file that dictates
 which level of governance of access applies.
--- a/doc/admin-guide/source/identity-token-binding.rst
+++ b/doc/admin-guide/source/identity-token-binding.rst
@ -10,7 +10,7 @@ additional security mechanism ensures that if a token is stolen, for
 example, it is not usable without external authentication.
 You configure the authentication types for a token binding in the
-``keystone.conf`` file:
+``/etc/keystone/keystone.conf`` file:
 .. code-block:: ini
--- a/doc/admin-guide/source/identity-tokens.rst
+++ b/doc/admin-guide/source/identity-tokens.rst
@ -67,8 +67,8 @@ Token providers
 ---------------
 The token type issued by keystone is configurable through the
-``etc/keystone.conf`` file. Currently, there are four supported token types and
+``/etc/keystone/keystone.conf`` file. Currently, there are four supported
-they include ``UUID``, ``fernet``, ``PKI``, and ``PKIZ``.
+token types and they include ``UUID``, ``fernet``, ``PKI``, and ``PKIZ``.
 UUID tokens
 ~~~~~~~~~~~