tripleo-image-elements

History

Dan Prince 7cbdf4b590 Correct the README.md descriptions Drops the 'from git' from many of the elements. This implies that the elements always use git... which they don't if you are using packages. Also, expands many of the descriptions to say 'and configures' since most of these elements also contain the OAC/ORC scripts to actually configure things as well. Change-Id: I3cbf80c99cfedd73770c9d24e140b7d2443f0dda		2014-10-31 16:30:58 -04:00
..
environment.d	Wire in _EXTRA_INSTALL_OPTS...	2014-04-19 08:08:45 -04:00
install.d	Fix DISTRO_NAME usage for centos7 element	2014-10-01 21:47:45 -04:00
os-apply-config	Move to keystone.token.persistence.backends.sql.Token	2014-10-30 09:58:24 +00:00
os-refresh-config	Run dbsync commands with service user	2014-08-18 17:29:32 +01:00
cleanup-keystone-tokens.sh	Fall back to keystone-manage if pt-archiver isn't available	2014-06-06 16:45:46 +01:00
element-deps	Reserve the keystone high port out of ephemeral	2014-07-25 13:39:08 -04:00
keystone.crontab	keystone crontab PATH needs /usr/local/bin	2014-02-07 13:31:53 -08:00
pkg-map	Use pkg-map for keystone source-install	2014-09-11 13:07:28 +02:00
README.md	Correct the README.md descriptions	2014-10-31 16:30:58 -04:00
source-repository-keystone	Use openstack git repos when possible	2013-11-15 10:48:11 +02:00

README.md

Install and configure Keystone.

Upon booting the image, the service should be running on port 5000.

Configuration

Default template for /etc/keystone/keystone.conf file contains minimal set of configuration parameters, which are expected to be passed in with Heat Metadata. For example, keystone.db key is required to provide MySQL connection string:

keystone:
  db: "mysql://keyuser:keypass@localhost/keystone"

All customizations to /etc/keystone/keystone.conf are expected to be done using passthrough configuration feature.

Additional configuration file /etc/keystone/domains/keystone.ldap.conf is also maintained to provide domain-specific configuration for LDAP. This file is also populated using passthrough configuration feature with "keystone_ldap" key. Here is a sample content for ExtraConfig Heat Metadata parameter:

{
    "keystone": {
        "config": [
            {
                "section": "identity",
                "values": [
                    {
                        "option": "domain_specific_drivers_enabled",
                        "value": "True"
                    },
                    {
                        "option": "domain_config_dir",
                        "value": "/etc/keystone/domains"
                    }
                ]
            }
        ]
    },
    "keystone_ldap": {
        "config": [
            {
                "section": "identity",
                "values": [
                    {
                        "option": "driver",
                        "value": "keystone.identity.backends.ldap.Identity"
                    }
                ]
            },
            {
                "section": "assignment",
                "values": [
                    {
                        "option": "driver",
                        "value": "keystone.assignment.backends.sql.Assignment"
                    }
                ]
            },
            {
                "section": "ldap",
                "values": [
                    {
                        "option": "url",
                        "value": "ldap://ldap.example.com"
                    },
                    {
                        "option": "suffix",
                        "value": "dc=example,dc=com"
                    },
                    . . .
                ]
            }
        ]
    }
}

NOTE: Token cleanup will cause poor performance until the upstream bug (https://bugs.launchpad.net/keystone/+bug/1188378) is fixed. This problem is fixed in some distributions (Ubuntu, RHEL, CentOS) where percona-toolkit's is supported and used to clean out the table on mysql. http://www.percona.com/mysql-support/policies/percona-toolkit-supported-platforms-and-versions