
This patch imports the autogenerated tables for keystone. Actual use of these tables will be done in another patch. Change-Id: Ib035c8469820aca7a7cf880f1bea758e9ea855d1 Partial-Bug: #1277330
110 lines
6.8 KiB
XML
110 lines
6.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!-- Warning: Do not edit this file. It is automatically
|
|
generated and your changes will be overwritten.
|
|
The tool to do so lives in the tools directory of this
|
|
repository -->
|
|
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
|
<table rules="all" xml:id="config_table_keystone_api">
|
|
<caption>Description of configuration options for api</caption>
|
|
<col width="50%"/>
|
|
<col width="50%"/>
|
|
<thead>
|
|
<tr>
|
|
<th>Configuration option = Default value</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<th colspan="2">[DEFAULT]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_bind_host = 0.0.0.0</td>
|
|
<td>(StrOpt) The IP Address of the network interface to for the admin service to listen on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_endpoint = None</td>
|
|
<td>(StrOpt) The base admin endpoint URL for keystone that are advertised to clients (NOTE: this does NOT affect how keystone listens for connections). Defaults to the base host URL of the request. Eg a request to http://server:35357/v2.0/users will default to http://server:35357. You should only need to set this value if the base URL contains a path (eg /prefix/v2.0) or the endpoint should be found on a different server.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_port = 35357</td>
|
|
<td>(IntOpt) The port number which the admin service listens on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_token = ADMIN</td>
|
|
<td>(StrOpt) A "shared secret" that can be used to bootstrap Keystone. This "token" does not represent a user, and carries no explicit authorization. To disable in production (highly recommended), remove AdminTokenAuthMiddleware from your paste application pipelines (for example, in keystone-paste.ini).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>compute_port = 8774</td>
|
|
<td>(IntOpt) The port which the OpenStack Compute service listens on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>domain_id_immutable = True</td>
|
|
<td>(BoolOpt) Set this to false if you want to enable the ability for user, group and project entities to be moved between domains by updating their domain_id. Allowing such movement is not recommended if the scope of a domain admin is being restricted by use of an appropriate policy file (see policy.v3cloudsample as an example).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>list_limit = None</td>
|
|
<td>(IntOpt) The maximum number of entities that will be returned in a collection can be set with list_limit, with no limit set by default. This global limit may be then overridden for a specific driver, by specifying a list_limit in the appropriate section (e.g. [assignment]).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>max_param_size = 64</td>
|
|
<td>(IntOpt) limit the sizes of user & tenant ID/names.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>max_request_body_size = 114688</td>
|
|
<td>(IntOpt) enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>max_token_size = 8192</td>
|
|
<td>(IntOpt) similar to max_param_size, but provides an exception for token values.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab</td>
|
|
<td>(StrOpt) During a SQL upgrade member_role_id will be used to create a new role that will replace records in the user_tenant_membership table with explicit role grants. After migration, the member_role_id will be used in the API add_user_to_project.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>member_role_name = _member_</td>
|
|
<td>(StrOpt) During a SQL upgrade member_role_id will be used to create a new role that will replace records in the user_tenant_membership table with explicit role grants. After migration, member_role_name will be ignored.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_bind_host = 0.0.0.0</td>
|
|
<td>(StrOpt) The IP Address of the network interface to for the public service to listen on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_endpoint = None</td>
|
|
<td>(StrOpt) The base public endpoint URL for keystone that are advertised to clients (NOTE: this does NOT affect how keystone listens for connections). Defaults to the base host URL of the request. Eg a request to http://server:5000/v2.0/users will default to http://server:5000. You should only need to set this value if the base URL contains a path (eg /prefix/v2.0) or the endpoint should be found on a different server.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_port = 5000</td>
|
|
<td>(IntOpt) The port number which the public service listens on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tcp_keepalive = False</td>
|
|
<td>(BoolOpt) Set this to True if you want to enable TCP_KEEPALIVE on server sockets i.e. sockets used by the keystone wsgi server for client connections.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tcp_keepidle = 600</td>
|
|
<td>(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only applies if tcp_keepalive is True. Not supported on OS X.</td>
|
|
</tr>
|
|
<tr>
|
|
<th colspan="2">[endpoint_filter]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter</td>
|
|
<td>(StrOpt) Keystone Endpoint Filter backend driver</td>
|
|
</tr>
|
|
<tr>
|
|
<td>return_all_endpoints_if_no_filter = True</td>
|
|
<td>(BoolOpt) Toggle to return all active endpoints if no filter exists.</td>
|
|
</tr>
|
|
<tr>
|
|
<th colspan="2">[paste_deploy]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>config_file = keystone-paste.ini</td>
|
|
<td>(StrOpt) Name of the paste configuration file that defines the available pipelines.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</para>
|