| Anthony Young | 3a09312 | 2011-09-13 19:01:45 +0000 | [diff] [blame] | 1 | [DEFAULT] |
| 2 | # Show more verbose log output (sets INFO log level output) |
| 3 | verbose = False |
| 4 | |
| 5 | # Show debugging output in logs (sets DEBUG log level output) |
| 6 | debug = False |
| 7 | |
| 8 | # Which backend store should Keystone use by default. |
| 9 | # Default: 'sqlite' |
| 10 | # Available choices are 'sqlite' [future will include LDAP, PAM, etc] |
| 11 | default_store = sqlite |
| 12 | |
| 13 | # Log to this file. Make sure you do not set the same log |
| 14 | # file for both the API and registry servers! |
| 15 | log_file = /opt/keystone/keystone.log |
| 16 | |
| 17 | # List of backends to be configured |
| 18 | backends = keystone.backends.sqlalchemy |
| 19 | #For LDAP support, add: ,keystone.backends.ldap |
| 20 | |
| 21 | # Dictionary Maps every service to a header.Missing services would get header |
| 22 | # X_(SERVICE_NAME) Key => Service Name, Value => Header Name |
| 23 | service-header-mappings = { |
| 24 | 'nova' : 'X-Server-Management-Url', |
| 25 | 'swift' : 'X-Storage-Url', |
| 26 | 'cdn' : 'X-CDN-Management-Url'} |
| 27 | |
| 28 | # Address to bind the API server |
| 29 | # TODO Properties defined within app not available via pipeline. |
| 30 | service_host = 0.0.0.0 |
| 31 | |
| 32 | # Port the bind the API server to |
| 33 | service_port = 5000 |
| 34 | |
| 35 | # Address to bind the Admin API server |
| 36 | admin_host = 0.0.0.0 |
| 37 | |
| 38 | # Port the bind the Admin API server to |
| 39 | admin_port = 5001 |
| 40 | |
| 41 | #Role that allows to perform admin operations. |
| 42 | keystone-admin-role = Admin |
| 43 | |
| 44 | #Role that allows to perform service admin operations. |
| Anthony Young | fbd40d2 | 2011-09-19 16:18:34 -0700 | [diff] [blame] | 45 | # FIXME: need to separate this into a different role like KeystoneServiceAdmin |
| 46 | keystone-service-admin-role = Admin |
| Anthony Young | 3a09312 | 2011-09-13 19:01:45 +0000 | [diff] [blame] | 47 | |
| 48 | [keystone.backends.sqlalchemy] |
| 49 | # SQLAlchemy connection string for the reference implementation registry |
| 50 | # server. Any valid SQLAlchemy connection string is fine. |
| 51 | # See: http://bit.ly/ideIpI |
| 52 | #sql_connection = sqlite:///keystone.db |
| Anthony Young | a841644 | 2011-09-13 20:07:44 -0700 | [diff] [blame] | 53 | sql_connection = %SQL_CONN% |
| Anthony Young | 3a09312 | 2011-09-13 19:01:45 +0000 | [diff] [blame] | 54 | backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', |
| 55 | 'User', 'Credentials', 'EndpointTemplates', 'Token', |
| 56 | 'Service'] |
| 57 | |
| 58 | # Period in seconds after which SQLAlchemy should reestablish its connection |
| 59 | # to the database. |
| 60 | sql_idle_timeout = 30 |
| 61 | |
| 62 | [pipeline:admin] |
| 63 | pipeline = |
| 64 | urlrewritefilter |
| 65 | admin_api |
| 66 | |
| 67 | [pipeline:keystone-legacy-auth] |
| 68 | pipeline = |
| 69 | urlrewritefilter |
| 70 | legacy_auth |
| 71 | RAX-KEY-extension |
| 72 | service_api |
| 73 | |
| 74 | [app:service_api] |
| 75 | paste.app_factory = keystone.server:service_app_factory |
| 76 | |
| 77 | [app:admin_api] |
| 78 | paste.app_factory = keystone.server:admin_app_factory |
| 79 | |
| 80 | [filter:urlrewritefilter] |
| 81 | paste.filter_factory = keystone.middleware.url:filter_factory |
| 82 | |
| 83 | [filter:legacy_auth] |
| 84 | paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory |
| 85 | |
| 86 | [filter:RAX-KEY-extension] |
| 87 | paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory |