[admin-guide] Consisitent keystone configuration file path

Change-Id: I03b806b6c2ce50e3c4d358c012ac5b8012f585ef
This commit is contained in:
chenxing 2016-11-05 02:39:15 +00:00
parent daa6f0e86c
commit 94a27b1960
8 changed files with 28 additions and 23 deletions

View File

@ -9,8 +9,9 @@ Identity uses the
`dogpile.cache <http://dogpilecache.readthedocs.org/en/latest/>`__
library which allows flexible cache back ends. The majority of the
caching configuration options are set in the ``[cache]`` section of the
``keystone.conf`` file. However, each section that has the capability to
be cached usually has a caching boolean value that toggles caching.
``/etc/keystone/keystone.conf`` file. However, each section that has
the capability to be cached usually has a caching boolean value that
toggles caching.
So to enable only the token back end caching, set the values as follows:

View File

@ -10,9 +10,9 @@ used to sign it must be available as a :term:`Certificate Authority (CA)`
certificate. These files can be generated either using the
:command:`keystone-manage` utility, or externally generated. The files need to
be in the locations specified by the top level Identity service
configuration file ``keystone.conf`` as specified in the above section.
Additionally, the private key should only be readable by the system user
that will run the Identity service.
configuration file ``/etc/keystone/keystone.conf`` as specified in the
above section. Additionally, the private key should only be readable by
the system user that will run the Identity service.
.. warning::
@ -65,8 +65,8 @@ certificates, or you are providing your own certificates, these values
do not need to be set.
If ``provider=keystone.token.providers.uuid.Provider`` in the
``[token]`` section of the keystone configuration, a typical token looks
like ``53f7f6ef0cc344b5be706bcc8b1479e1``. If
``[token]`` section of the keystone configuration file, a typical token
looks like ``53f7f6ef0cc344b5be706bcc8b1479e1``. If
``provider=keystone.token.providers.pki.Provider``, a typical token is a
much longer string, such as::

View File

@ -11,13 +11,14 @@ administrators to use users and groups in LDAP.
.. important::
For OpenStack Identity service to access LDAP servers, you must
define the destination LDAP server in the ``keystone.conf`` file.
For more information, see :ref:`identity_ldap_server_setup`.
define the destination LDAP server in the
``/etc/keystone/keystone.conf`` file. For more information,
see :ref:`identity_ldap_server_setup`.
**To integrate one Identity back end with LDAP**
#. Enable the LDAP Identity driver in the ``keystone.conf`` file. This
allows LDAP as an identity back end:
#. Enable the LDAP Identity driver in the ``/etc/keystone/keystone.conf``
file. This allows LDAP as an identity back end:
.. code-block:: ini
@ -26,7 +27,8 @@ administrators to use users and groups in LDAP.
driver = ldap
#. Create the organizational units (OU) in the LDAP directory, and define
the corresponding location in the ``keystone.conf`` file:
the corresponding location in the ``/etc/keystone/keystone.conf``
file:
.. code-block:: ini
@ -48,7 +50,8 @@ administrators to use users and groups in LDAP.
user_objectclass = person
#. A read-only implementation is recommended for LDAP integration. These
permissions are applied to object types in the ``keystone.conf``:
permissions are applied to object types in the
``/etc/keystone/keystone.conf`` file:
.. code-block:: ini
@ -195,7 +198,7 @@ Identity attribute mapping
update.
For example, you can mask Active Directory account status attributes
in the ``keystone.conf`` file:
in the ``/etc/keystone/keystone.conf`` file:
.. code-block:: ini

View File

@ -39,8 +39,8 @@ Logging
You configure logging externally to the rest of Identity. The name of
the file specifying the logging configuration is set using the
``log_config`` option in the ``[DEFAULT]`` section of the
``keystone.conf`` file. To route logging through syslog, set
``use_syslog=true`` in the ``[DEFAULT]`` section.
``/etc/keystone/keystone.conf`` file. To route logging through syslog,
set ``use_syslog=true`` in the ``[DEFAULT]`` section.
A sample logging configuration file is available with the project in
``etc/logging.conf.sample``. Like other OpenStack projects, Identity

View File

@ -25,7 +25,8 @@ examples. Modify these examples as needed.
**To define the destination LDAP server**
#. Define the destination LDAP server in the ``keystone.conf`` file:
#. Define the destination LDAP server in the
``/etc/keystone/keystone.conf`` file:
.. code-block:: ini

View File

@ -5,9 +5,9 @@ Identity API protection with role-based access control (RBAC)
Like most OpenStack projects, Identity supports the protection of its
APIs by defining policy rules based on an RBAC approach. Identity stores
a reference to a policy JSON file in the main Identity configuration
file, ``keystone.conf``. Typically this file is named ``policy.json``,
and contains the rules for which roles have access to certain actions
in defined services.
file, ``/etc/keystone/keystone.conf``. Typically this file is named
``policy.json``, and contains the rules for which roles have access to
certain actions in defined services.
Each Identity API v3 call has a line in the policy file that dictates
which level of governance of access applies.

View File

@ -10,7 +10,7 @@ additional security mechanism ensures that if a token is stolen, for
example, it is not usable without external authentication.
You configure the authentication types for a token binding in the
``keystone.conf`` file:
``/etc/keystone/keystone.conf`` file:
.. code-block:: ini

View File

@ -67,8 +67,8 @@ Token providers
---------------
The token type issued by keystone is configurable through the
``etc/keystone.conf`` file. Currently, there are four supported token types and
they include ``UUID``, ``fernet``, ``PKI``, and ``PKIZ``.
``/etc/keystone/keystone.conf`` file. Currently, there are four supported
token types and they include ``UUID``, ``fernet``, ``PKI``, and ``PKIZ``.
UUID tokens
~~~~~~~~~~~