openstack-manuals/doc/config-reference/ch_identityconfigure.xml
Gauvain Pocentek a6d957b61e [config-ref] Updated options for keystone
Change-Id: Ia878d852d1b7ccde4be3c7618dd1607eec3d7af9
2015-07-15 06:39:27 +02:00

97 lines
5.1 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="ch_configuring-openstack-identity">
<title>Identity service</title>
<para>This chapter details the OpenStack Identity service configuration
options. For installation prerequisites and step-by-step walkthroughs, see the
<citetitle>OpenStack Installation Guide</citetitle> for your distribution (<link xlink:href="http://docs.openstack.org"
>docs.openstack.org</link>) and <citetitle><link
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/">Cloud
Administrator Guide</link></citetitle>.</para>
<section xml:id="section_keystone-cache">
<title>Caching layer</title>
<para>Identity supports a caching layer that is above the
configurable subsystems, such as token or assignment. The
majority of the caching configuration options are set in the
<literal>[cache]</literal> section. However, each section that
has the capability to be cached usually has a
<option>caching</option> option that will toggle caching for that
specific section. By default, caching is globally disabled.
Options are as follows:</para>
<xi:include href="../common/tables/keystone-cache.xml"/>
<para>Current functional backends are:</para>
<itemizedlist>
<listitem><para><literal>dogpile.cache.memcached</literal> - Memcached backend using
the standard python-memcached library</para></listitem>
<listitem><para><literal>dogpile.cache.pylibmc</literal> - Memcached backend using
the pylibmc library</para></listitem>
<listitem><para><literal>dogpile.cache.bmemcached</literal> - Memcached using
python-binary-memcached library.</para></listitem>
<listitem><para><literal>dogpile.cache.redis</literal> - Redis backend</para></listitem>
<listitem><para><literal>dogpile.cache.dbm</literal> - Local DBM file backend</para></listitem>
<listitem><para><literal>dogpile.cache.memory</literal> - In-memory cache, not
suitable for use outside of testing as it does not cleanup it's
internal cache on cache expiration and does not share cache
between processes. This means that caching and cache invalidation
will not be consistent or reliable.</para>
</listitem>
<listitem><para><literal>dogpile.cache.mongo</literal> - MongoDB as caching
backend.</para></listitem>
</itemizedlist>
</section>
<section xml:id="keystone-configuration-file">
<title>Identity service configuration file</title>
<para>The Identity service is configured in the
<filename>/etc/keystone/keystone.conf</filename> file.</para>
<para>The following tables provide a comprehensive list of the Identity
service options.</para>
<xi:include href="../common/tables/keystone-api.xml"/>
<xi:include href="../common/tables/keystone-assignment.xml"/>
<xi:include href="../common/tables/keystone-auth.xml"/>
<xi:include href="../common/tables/keystone-auth_token.xml"/>
<xi:include href="../common/tables/keystone-ca.xml"/>
<xi:include href="../common/tables/keystone-catalog.xml"/>
<xi:include href="../common/tables/keystone-common.xml"/>
<xi:include href="../common/tables/keystone-cors.xml"/>
<xi:include href="../common/tables/keystone-credential.xml"/>
<xi:include href="../common/tables/keystone-database.xml"/>
<xi:include href="../common/tables/keystone-debug.xml"/>
<xi:include href="../common/tables/keystone-domain.xml"/>
<xi:include href="../common/tables/keystone-federation.xml"/>
<xi:include href="../common/tables/keystone-fernet_tokens.xml"/>
<xi:include href="../common/tables/keystone-identity.xml"/>
<xi:include href="../common/tables/keystone-kvs.xml"/>
<xi:include href="../common/tables/keystone-ldap.xml"/>
<xi:include href="../common/tables/keystone-logging.xml"/>
<xi:include href="../common/tables/keystone-mapping.xml"/>
<xi:include href="../common/tables/keystone-memcache.xml"/>
<xi:include href="../common/tables/keystone-oauth.xml"/>
<xi:include href="../common/tables/keystone-os_inherit.xml"/>
<xi:include href="../common/tables/keystone-policy.xml"/>
<xi:include href="../common/tables/keystone-revoke.xml"/>
<xi:include href="../common/tables/keystone-role.xml"/>
<xi:include href="../common/tables/keystone-saml.xml"/>
<xi:include href="../common/tables/keystone-security.xml"/>
<xi:include href="../common/tables/keystone-token.xml"/>
<xi:include href="../common/tables/keystone-trust.xml"/>
<xi:include href="../common/tables/keystone-rpc.xml"/>
<xi:include href="../common/tables/keystone-amqp.xml"/>
<xi:include href="../common/tables/keystone-qpid.xml"/>
<xi:include href="../common/tables/keystone-rabbitmq.xml"/>
<xi:include href="../common/tables/keystone-zeromq.xml"/>
<xi:include href="../common/tables/keystone-redis.xml"/>
</section>
<xi:include href="identity/section_keystone-sample-conf-files.xml"/>
<xi:include href="../common/tables/keystone-conf-changes.xml"/>
</chapter>