Merge "[admin-guide] Consisitent keystone configuration file path"

doc/admin-guide/source/identity-caching-layer.rst

@@ -9,8 +9,9 @@ Identity uses the
 `dogpile.cache <http://dogpilecache.readthedocs.org/en/latest/>`__
 library which allows flexible cache back ends. The majority of the
 caching configuration options are set in the ``[cache]`` section of the
-``keystone.conf`` file. However, each section that has the capability to
-be cached usually has a caching boolean value that toggles caching.
+``/etc/keystone/keystone.conf`` file. However, each section that has
+the capability to be cached usually has a caching boolean value that
+toggles caching.
 
 So to enable only the token back end caching, set the values as follows:
 

doc/admin-guide/source/identity-certificates-for-pki.rst

@@ -10,9 +10,9 @@ used to sign it must be available as a :term:`Certificate Authority (CA)`
 certificate. These files can be generated either using the
 :command:`keystone-manage` utility, or externally generated. The files need to
 be in the locations specified by the top level Identity service
-configuration file ``keystone.conf`` as specified in the above section.
-Additionally, the private key should only be readable by the system user
-that will run the Identity service.
+configuration file ``/etc/keystone/keystone.conf`` as specified in the
+above section. Additionally, the private key should only be readable by
+the system user that will run the Identity service.
 
 
 .. warning::
@@ -65,8 +65,8 @@ certificates, or you are providing your own certificates, these values
 do not need to be set.
 
 If ``provider=keystone.token.providers.uuid.Provider`` in the
-``[token]`` section of the keystone configuration, a typical token looks
-like ``53f7f6ef0cc344b5be706bcc8b1479e1``. If
+``[token]`` section of the keystone configuration file, a typical token
+looks like ``53f7f6ef0cc344b5be706bcc8b1479e1``. If
 ``provider=keystone.token.providers.pki.Provider``, a typical token is a
 much longer string, such as::
 

doc/admin-guide/source/identity-integrate-identity-backend-ldap.rst

@@ -11,13 +11,14 @@ administrators to use users and groups in LDAP.
 .. important::
 
    For OpenStack Identity service to access LDAP servers, you must
-   define the destination LDAP server in the ``keystone.conf`` file.
-   For more information, see :ref:`identity_ldap_server_setup`.
+   define the destination LDAP server in the
+   ``/etc/keystone/keystone.conf`` file. For more information,
+   see :ref:`identity_ldap_server_setup`.
 
 **To integrate one Identity back end with LDAP**
 
-#. Enable the LDAP Identity driver in the ``keystone.conf`` file. This
-   allows LDAP as an identity back end:
+#. Enable the LDAP Identity driver in the ``/etc/keystone/keystone.conf``
+   file. This allows LDAP as an identity back end:
 
    .. code-block:: ini
 
@@ -26,7 +27,8 @@ administrators to use users and groups in LDAP.
       driver = ldap
 
 #. Create the organizational units (OU) in the LDAP directory, and define
-   the corresponding location in the ``keystone.conf`` file:
+   the corresponding location in the ``/etc/keystone/keystone.conf``
+   file:
 
    .. code-block:: ini
 
@@ -48,7 +50,8 @@ administrators to use users and groups in LDAP.
          user_objectclass = person
 
 #. A read-only implementation is recommended for LDAP integration. These
-   permissions are applied to object types in the ``keystone.conf``:
+   permissions are applied to object types in the
+   ``/etc/keystone/keystone.conf`` file:
 
    .. code-block:: ini
 
@@ -195,7 +198,7 @@ Identity attribute mapping
    update.
 
    For example, you can mask Active Directory account status attributes
-   in the ``keystone.conf`` file:
+   in the ``/etc/keystone/keystone.conf`` file:
 
    .. code-block:: ini
 

doc/admin-guide/source/identity-keystone-usage-and-features.rst

@@ -39,8 +39,8 @@ Logging
 You configure logging externally to the rest of Identity. The name of
 the file specifying the logging configuration is set using the
 ``log_config`` option in the ``[DEFAULT]`` section of the
-``keystone.conf`` file. To route logging through syslog, set
-``use_syslog=true`` in the ``[DEFAULT]`` section.
+``/etc/keystone/keystone.conf`` file. To route logging through syslog,
+set ``use_syslog=true`` in the ``[DEFAULT]`` section.
 
 A sample logging configuration file is available with the project in
 ``etc/logging.conf.sample``. Like other OpenStack projects, Identity

doc/admin-guide/source/identity-ldap-server.rst

@@ -25,7 +25,8 @@ examples. Modify these examples as needed.
 
 **To define the destination LDAP server**
 
-#. Define the destination LDAP server in the ``keystone.conf`` file:
+#. Define the destination LDAP server in the
+   ``/etc/keystone/keystone.conf`` file:
 
    .. code-block:: ini
 

doc/admin-guide/source/identity-service-api-protection.rst

@@ -5,9 +5,9 @@ Identity API protection with role-based access control (RBAC)
 Like most OpenStack projects, Identity supports the protection of its
 APIs by defining policy rules based on an RBAC approach. Identity stores
 a reference to a policy JSON file in the main Identity configuration
-file, ``keystone.conf``. Typically this file is named ``policy.json``,
-and contains the rules for which roles have access to certain actions
-in defined services.
+file, ``/etc/keystone/keystone.conf``. Typically this file is named
+``policy.json``, and contains the rules for which roles have access to
+certain actions in defined services.
 
 Each Identity API v3 call has a line in the policy file that dictates
 which level of governance of access applies.

doc/admin-guide/source/identity-token-binding.rst

@@ -10,7 +10,7 @@ additional security mechanism ensures that if a token is stolen, for
 example, it is not usable without external authentication.
 
 You configure the authentication types for a token binding in the
-``keystone.conf`` file:
+``/etc/keystone/keystone.conf`` file:
 
 .. code-block:: ini
 

doc/admin-guide/source/identity-tokens.rst

@@ -67,8 +67,8 @@ Token providers
 ---------------
 
 The token type issued by keystone is configurable through the
-``etc/keystone.conf`` file. Currently, there are four supported token types and
-they include ``UUID``, ``fernet``, ``PKI``, and ``PKIZ``.
+``/etc/keystone/keystone.conf`` file. Currently, there are four supported
+token types and they include ``UUID``, ``fernet``, ``PKI``, and ``PKIZ``.
 
 UUID tokens
 ~~~~~~~~~~~