openstack/openstack-manuals
Code Issues Proposed changes
8265ab2ad6
openstack-manuals/doc/common/tables/keystone-ssl.xml
Gauvain Pocentek b88212e062 config reference update for juno-1 
Generate the config tables with the autohelp script and include the new
tables in the config ref sections.

For consistency, use the 'database' and 'auth_token' keywords in all
projects.

Split the LBaaS tables.

Closes-Bug: #1327802
Closes-Bug: #1331180
Closes-Bug: #1331175
Closes-Bug: #1330279
Closes-Bug: #1323946
Closes-Bug: #1323437
Closes-Bug: #1322075
Closes-Bug: #1321621
Closes-Bug: #1319564
Closes-Bug: #1318081
Closes-Bug: #1311474
Change-Id: I5602dda76fdf929d9124f5aa67d31ca4ac17c6d5
2014-06-29 20:55:34 +02:00

94 lines
3.5 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_ssl">
<caption>Description of configuration options for ssl</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[signing]</th>
</tr>
<tr>
<td>ca_certs = /etc/keystone/ssl/certs/ca.pem</td>
<td>(StrOpt) Path of the CA for token signing.</td>
</tr>
<tr>
<td>ca_key = /etc/keystone/ssl/private/cakey.pem</td>
<td>(StrOpt) Path of the CA key for token signing.</td>
</tr>
<tr>
<td>cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com</td>
<td>(StrOpt) Certificate subject (auto generated certificate) for token signing.</td>
</tr>
<tr>
<td>certfile = /etc/keystone/ssl/certs/signing_cert.pem</td>
<td>(StrOpt) Path of the certfile for token signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates.</td>
</tr>
<tr>
<td>key_size = 2048</td>
<td>(IntOpt) Key size (in bits) for token signing cert (auto generated certificate).</td>
</tr>
<tr>
<td>keyfile = /etc/keystone/ssl/private/signing_key.pem</td>
<td>(StrOpt) Path of the keyfile for token signing.</td>
</tr>
<tr>
<td>token_format = None</td>
<td>(StrOpt) Deprecated in favor of provider in the [token] section.</td>
</tr>
<tr>
<td>valid_days = 3650</td>
<td>(IntOpt) Days the token signing cert is valid for (auto generated certificate).</td>
</tr>
<tr>
<th colspan="2">[ssl]</th>
</tr>
<tr>
<td>ca_certs = /etc/keystone/ssl/certs/ca.pem</td>
<td>(StrOpt) Path of the ca cert file for SSL.</td>
</tr>
<tr>
<td>ca_key = /etc/keystone/ssl/private/cakey.pem</td>
<td>(StrOpt) Path of the CA key file for SSL.</td>
</tr>
<tr>
<td>cert_required = False</td>
<td>(BoolOpt) Require client certificate.</td>
</tr>
<tr>
<td>cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost</td>
<td>(StrOpt) SSL certificate subject (auto generated certificate).</td>
</tr>
<tr>
<td>certfile = /etc/keystone/ssl/certs/keystone.pem</td>
<td>(StrOpt) Path of the certfile for SSL. For non-production environments, you may be interested in using `keystone-manage ssl_setup` to generate self-signed certificates.</td>
</tr>
<tr>
<td>enable = False</td>
<td>(BoolOpt) Toggle for SSL support on the Keystone eventlet servers.</td>
</tr>
<tr>
<td>key_size = 1024</td>
<td>(IntOpt) SSL key length (in bits) (auto generated certificate).</td>
</tr>
<tr>
<td>keyfile = /etc/keystone/ssl/private/keystonekey.pem</td>
<td>(StrOpt) Path of the keyfile for SSL.</td>
</tr>
<tr>
<td>valid_days = 3650</td>
<td>(IntOpt) Days the certificate is valid for once signed (auto generated certificate).</td>
</tr>
</tbody>
</table>
</para>
View Git Blame Copy Permalink