Cleanup `README.md`, `config.yaml` and `templates/`
Remove configuration options which no longer have effect (the supporting code has been removed). Update and fix formatting of `README.md`. Remove templates for no longer supported OpenStack releases. Change-Id: Ibbda87738d98f6ad97da212ad1b56be88b33e9a3
This commit is contained in:
parent
68d173ff82
commit
1985c16033
110
README.md
110
README.md
|
@ -13,8 +13,8 @@ The following interfaces are provided:
|
||||||
|
|
||||||
- identity-service: Openstack API endpoints request an entry in the
|
- identity-service: Openstack API endpoints request an entry in the
|
||||||
Keystone service catalog + endpoint template catalog. When a relation
|
Keystone service catalog + endpoint template catalog. When a relation
|
||||||
is established, Keystone receives: service name, region, public_url,
|
is established, Keystone receives: `service_name`, `region`, `public_url`,
|
||||||
admin_url and internal_url. It first checks that the requested service
|
`admin_url` and `internal_url`. It first checks that the requested service
|
||||||
is listed as a supported service. This list should stay updated to
|
is listed as a supported service. This list should stay updated to
|
||||||
support current Openstack core services. If the service is supported,
|
support current Openstack core services. If the service is supported,
|
||||||
an entry in the service catalog is created, an endpoint template is
|
an entry in the service catalog is created, an endpoint template is
|
||||||
|
@ -41,22 +41,22 @@ The following interfaces are provided:
|
||||||
credentials without creating a service catalog entry. Set 'username'
|
credentials without creating a service catalog entry. Set 'username'
|
||||||
only on the relation and keystone will set defaults and return
|
only on the relation and keystone will set defaults and return
|
||||||
authentication details. Possible relation settings:
|
authentication details. Possible relation settings:
|
||||||
username: Username to be created.
|
- `username` Username to be created.
|
||||||
project: Project (tenant) name to be created. Defaults to services
|
- `project` Project (tenant) name to be created. Defaults to services
|
||||||
project.
|
project.
|
||||||
requested_roles: Comma delimited list of roles to be created
|
- `requested_roles` Comma delimited list of roles to be created
|
||||||
requested_grants: Comma delimited list of roles to be granted.
|
- `requested_grants` Comma delimited list of roles to be granted.
|
||||||
Defaults to Admin role.
|
Defaults to Admin role.
|
||||||
domain: Keystone v3 domain the user will be created in. Defaults
|
- `domain` Keystone v3 domain the user will be created in. Defaults
|
||||||
to the Default domain.
|
to the Default domain.
|
||||||
|
|
||||||
Database
|
Database
|
||||||
--------
|
--------
|
||||||
|
|
||||||
Keystone requires a database. By default, a local sqlite database is used.
|
Keystone requires a database. The charm supports relation to a shared database
|
||||||
The charm supports relations to a shared-db via mysql-shared interface. When
|
server through the `mysql-shared` interface. When a new data store is
|
||||||
a new data store is configured, the charm ensures the minimum administrator
|
configured, the charm ensures the minimum administrator credentials exist (as
|
||||||
credentials exist (as configured via charm configuration)
|
configured in charm configuration)
|
||||||
|
|
||||||
HA/Clustering
|
HA/Clustering
|
||||||
-------------
|
-------------
|
||||||
|
@ -70,9 +70,9 @@ the VIP is a valid IP on the subnet for one of the node's interfaces and each
|
||||||
node has an interface in said subnet. The VIP becomes a highly-available API
|
node has an interface in said subnet. The VIP becomes a highly-available API
|
||||||
endpoint.
|
endpoint.
|
||||||
|
|
||||||
At a minimum, the config option 'vip' must be set in order to use virtual IP
|
At a minimum, the config option `vip` must be set in order to use virtual IP
|
||||||
HA. If multiple networks are being used, a VIP should be provided for each
|
HA. If multiple networks are being used, a VIP should be provided for each
|
||||||
network, separated by spaces. Optionally, vip_iface or vip_cidr may be
|
network, separated by spaces. Optionally, `vip_iface` or `vip_cidr` may be
|
||||||
specified.
|
specified.
|
||||||
|
|
||||||
To use DNS high availability there are several prerequisites. However, DNS HA
|
To use DNS high availability there are several prerequisites. However, DNS HA
|
||||||
|
@ -82,71 +82,48 @@ environments. MAAS 2.0 requires Juju 2.0 or greater. The clustered nodes must
|
||||||
have static or "reserved" IP addresses registered in MAAS. The DNS hostname(s)
|
have static or "reserved" IP addresses registered in MAAS. The DNS hostname(s)
|
||||||
must be pre-registered in MAAS before use with DNS HA.
|
must be pre-registered in MAAS before use with DNS HA.
|
||||||
|
|
||||||
At a minimum, the config option 'dns-ha' must be set to true and at least one
|
At a minimum, the configuration option `dns-ha` must be set to true and at
|
||||||
of 'os-public-hostname', 'os-internal-hostname' or 'os-internal-hostname' must
|
least one of `os-public-hostname`, `os-internal-hostname` or
|
||||||
be set in order to use DNS HA. One or more of the above hostnames may be set.
|
`os-internal-hostname` must be set in order to use DNS HA. One or more of the
|
||||||
|
above hostnames may be set.
|
||||||
|
|
||||||
The charm will throw an exception in the following circumstances:
|
The charm will throw an exception in the following circumstances:
|
||||||
If neither 'vip' nor 'dns-ha' is set and the charm is related to hacluster
|
|
||||||
If both 'vip' and 'dns-ha' are set as they are mutually exclusive
|
|
||||||
If 'dns-ha' is set and none of the os-{admin,internal,public}-hostname(s) are set
|
|
||||||
|
|
||||||
SSL/HTTPS
|
- If neither `vip` nor `dns-ha` is set and the charm is related to hacluster
|
||||||
|
|
||||||
|
- If both `vip` and `dns-ha` are set as they are mutually exclusive
|
||||||
|
|
||||||
|
- If `dns-ha` is set and none of the `os-{admin,internal,public}-hostname`
|
||||||
|
configuration options are set
|
||||||
|
|
||||||
|
TLS/HTTPS
|
||||||
---------
|
---------
|
||||||
|
|
||||||
Support for SSL and https endpoint is provided via various charm configuration
|
Support for TLS and https endpoints can be enabled through configuration
|
||||||
options.
|
options.
|
||||||
|
|
||||||
To enable SSL and https endpoint with a charm-generated CA, set the following
|
To enable TLS and https endpoints with a certificate signed by your own
|
||||||
configuration options:
|
Certificate Authority, set the following configuration options:
|
||||||
|
|
||||||
- use-https - if enabled this option tells Keystone to configure the identity
|
- `ssl_ca`
|
||||||
endpoint as https, and the keystone charm will generate its own CA and sync
|
|
||||||
across peers. The cert will be distributed to all service endpoints which
|
|
||||||
will be configured to use https.
|
|
||||||
|
|
||||||
- https-service-endpoints - if enabled this option tells Keystone to configure
|
- `ssl_cert`
|
||||||
ALL endpoints as https. Under this model the keystone charm will generate its
|
|
||||||
own CA and sync across peers. The cert will be distributed to all service
|
|
||||||
endpoints which will be configured to use https as well as configuring
|
|
||||||
themselves to be used as https.
|
|
||||||
|
|
||||||
To enable SSL and https endpoint with your own CA, SSL cert, and key set the
|
- `ssl_key`
|
||||||
following configuration options: ssl_ca, ssl_cert, and ssl_key. The user can
|
|
||||||
provide SSL cert and key using ssl_cert and ssl_key only when the cert is
|
|
||||||
signed by a trusted CA. These options should not be used with use-https and
|
|
||||||
https-service-endpoints.
|
|
||||||
|
|
||||||
When the charm configures itself as a CA (generally only recommended for test
|
Example bundle usage:
|
||||||
purposes) it will elect an "ssl-cert-master" whose duty is to generate the CA
|
|
||||||
and certs and ensure they are distributed across all peers. This leader is
|
|
||||||
distinct from the charm leader as elected by Juju so that if the Juju leader
|
|
||||||
switches we still have the ability to know which unit held the last-known-good
|
|
||||||
copy of CA/cert data. If the Juju leader switches the charm should eventually
|
|
||||||
work it out and migrate the ssl-cert-master to the new leader unit.
|
|
||||||
|
|
||||||
One side-effect of this is that if the unit currently elected as
|
keystone:
|
||||||
ssl-cert-master goes down, the remaining peer units or indeed any new units
|
charm: cs:keystone
|
||||||
will not be able to sync the ssl data of the master or re-elect a new master.
|
num_units: 1
|
||||||
This does currently require manual intervention to resolve. If no action is
|
options:
|
||||||
taken, it will be assumed that this unit may come back at some point and
|
ssl_ca: include-base64://path-to-base64-encoded-ca-data
|
||||||
therefore must be known to be in-sync with the rest before continuing.
|
ssl_cert: include-base64://path-to-base64-encoded-certificate-data
|
||||||
|
ssl_key: include-base64://path-to-base64-encoded-key-data
|
||||||
|
|
||||||
It is possible to check which unit is the ssl-cert-master with:
|
NOTE: If your certificate is signed by a Certificate Authority present in the
|
||||||
|
CA Certificate Store in operating systems used in your deployment you do not
|
||||||
~$ juju run --unit keystone/0 "relation-ids cluster"
|
need to provide the `ssl_ca` configuration option.
|
||||||
cluster:6
|
|
||||||
~$ juju run --unit keystone/0 "relation-get -r cluster:6 ssl-cert-master keystone/0"
|
|
||||||
keystone/0
|
|
||||||
|
|
||||||
If the master unit goes down and you want to manually migrate it to another
|
|
||||||
unit (that you are 100% sure holds an authoritative copy of the ssl certs)
|
|
||||||
you can do:
|
|
||||||
|
|
||||||
~$ juju run --unit keystone/0 "relation-set -r cluster:6 ssl-cert-master=keystone/1"
|
|
||||||
|
|
||||||
Where keystone/1 is known to hold a good copy of the CA/cert info and is
|
|
||||||
preferrably also the cluster leader.
|
|
||||||
|
|
||||||
Network Space support
|
Network Space support
|
||||||
---------------------
|
---------------------
|
||||||
|
@ -174,5 +151,4 @@ Alternatively these can also be provided as part of a juju native bundle configu
|
||||||
|
|
||||||
NOTE: Spaces must be configured in the underlying provider prior to attempting to use them.
|
NOTE: Spaces must be configured in the underlying provider prior to attempting to use them.
|
||||||
|
|
||||||
NOTE: Existing deployments using os\-\*-network configuration options will continue to function; these options are preferred over any network space binding provided if set.
|
NOTE: Existing deployments using `os\-\*-network` configuration options will continue to function; these options are preferred over any network space binding provided if set.
|
||||||
|
|
||||||
|
|
33
config.yaml
33
config.yaml
|
@ -55,10 +55,6 @@ options:
|
||||||
description: |
|
description: |
|
||||||
Apply system hardening. Supports a space-delimited list of modules
|
Apply system hardening. Supports a space-delimited list of modules
|
||||||
to run. Supported modules currently include os, ssh, apache and mysql.
|
to run. Supported modules currently include os, ssh, apache and mysql.
|
||||||
config-file:
|
|
||||||
type: string
|
|
||||||
default: "/etc/keystone/keystone.conf"
|
|
||||||
description: "Location of keystone configuration file"
|
|
||||||
service-port:
|
service-port:
|
||||||
type: int
|
type: int
|
||||||
default: 5000
|
default: 5000
|
||||||
|
@ -133,14 +129,6 @@ options:
|
||||||
twice the number of CPU cores a service unit has. When deployed in
|
twice the number of CPU cores a service unit has. When deployed in
|
||||||
a LXD container, this default value will be capped to 4 workers
|
a LXD container, this default value will be capped to 4 workers
|
||||||
unless this configuration option is set.
|
unless this configuration option is set.
|
||||||
enable-pki:
|
|
||||||
type: string
|
|
||||||
default: "false"
|
|
||||||
description: |
|
|
||||||
Enable PKI token signing.
|
|
||||||
.
|
|
||||||
[DEPRECATED] This option should no longer be used.
|
|
||||||
This option will be removed in a future release.
|
|
||||||
preferred-api-version:
|
preferred-api-version:
|
||||||
type: int
|
type: int
|
||||||
default:
|
default:
|
||||||
|
@ -369,27 +357,6 @@ options:
|
||||||
order for this charm to function correctly, the privacy extension must be
|
order for this charm to function correctly, the privacy extension must be
|
||||||
disabled and a non-temporary address must be configured/available on
|
disabled and a non-temporary address must be configured/available on
|
||||||
your network interface.
|
your network interface.
|
||||||
https-service-endpoints:
|
|
||||||
type: string
|
|
||||||
default: "False"
|
|
||||||
description: |
|
|
||||||
Manage SSL certificates for all service endpoints. This option
|
|
||||||
should be False when specifying ssl\_\* options.
|
|
||||||
.
|
|
||||||
[DEPRECATED] This option should no longer be used.
|
|
||||||
Provide SSL certificate data through the ssl\_\* options.
|
|
||||||
This option will be removed in a future release.
|
|
||||||
use-https:
|
|
||||||
type: string
|
|
||||||
default: "no"
|
|
||||||
description: |
|
|
||||||
Use SSL for Keystone itself using a charm-generated CA. Set to
|
|
||||||
'yes' to enable it. This option should be 'no' when specifying ssl\_\*
|
|
||||||
options.
|
|
||||||
.
|
|
||||||
[DEPRECATED] This option should no longer be used.
|
|
||||||
Provide SSL certificate data through the ssl\_\* options.
|
|
||||||
This option will be removed in a future release.
|
|
||||||
ssl_cert:
|
ssl_cert:
|
||||||
type: string
|
type: string
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -1,93 +0,0 @@
|
||||||
# essex
|
|
||||||
###############################################################################
|
|
||||||
# [ WARNING ]
|
|
||||||
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
||||||
###############################################################################
|
|
||||||
[DEFAULT]
|
|
||||||
admin_token = {{ token }}
|
|
||||||
admin_port = {{ admin_port }}
|
|
||||||
public_port = {{ public_port }}
|
|
||||||
use_syslog = {{ use_syslog }}
|
|
||||||
log_config = /etc/keystone/logging.conf
|
|
||||||
debug = {{ debug }}
|
|
||||||
verbose = {{ verbose }}
|
|
||||||
|
|
||||||
[sql]
|
|
||||||
{% if database_host -%}
|
|
||||||
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
|
||||||
{% else -%}
|
|
||||||
connection = sqlite:////var/lib/keystone/keystone.db
|
|
||||||
{% endif -%}
|
|
||||||
idle_timeout = 200
|
|
||||||
|
|
||||||
[identity]
|
|
||||||
driver = keystone.identity.backends.sql.Identity
|
|
||||||
|
|
||||||
[catalog]
|
|
||||||
driver = keystone.catalog.backends.sql.Catalog
|
|
||||||
|
|
||||||
[token]
|
|
||||||
driver = keystone.token.backends.sql.Token
|
|
||||||
expiration = 86400
|
|
||||||
|
|
||||||
[policy]
|
|
||||||
driver = keystone.policy.backends.rules.Policy
|
|
||||||
|
|
||||||
[ec2]
|
|
||||||
driver = keystone.contrib.ec2.backends.sql.Ec2
|
|
||||||
|
|
||||||
[filter:debug]
|
|
||||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
|
||||||
|
|
||||||
[filter:token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:admin_token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:xml_body]
|
|
||||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:json_body]
|
|
||||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:crud_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
|
||||||
|
|
||||||
[filter:ec2_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
|
||||||
|
|
||||||
[app:public_service]
|
|
||||||
paste.app_factory = keystone.service:public_app_factory
|
|
||||||
|
|
||||||
[app:admin_service]
|
|
||||||
paste.app_factory = keystone.service:admin_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_api]
|
|
||||||
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
|
|
||||||
|
|
||||||
[pipeline:admin_api]
|
|
||||||
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
|
|
||||||
|
|
||||||
[app:public_version_service]
|
|
||||||
paste.app_factory = keystone.service:public_version_app_factory
|
|
||||||
|
|
||||||
[app:admin_version_service]
|
|
||||||
paste.app_factory = keystone.service:admin_version_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_version_api]
|
|
||||||
pipeline = xml_body public_version_service
|
|
||||||
|
|
||||||
[pipeline:admin_version_api]
|
|
||||||
pipeline = xml_body admin_version_service
|
|
||||||
|
|
||||||
[composite:main]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = public_api
|
|
||||||
/ = public_version_api
|
|
||||||
|
|
||||||
[composite:admin]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = admin_api
|
|
||||||
/ = admin_version_api
|
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
[loggers]
|
|
||||||
keys=root
|
|
||||||
|
|
||||||
[formatters]
|
|
||||||
keys=normal,normal_with_name,debug
|
|
||||||
|
|
||||||
[handlers]
|
|
||||||
keys=production,file,devel
|
|
||||||
|
|
||||||
[logger_root]
|
|
||||||
level=WARNING
|
|
||||||
handlers=file
|
|
||||||
|
|
||||||
[handler_production]
|
|
||||||
class=handlers.SysLogHandler
|
|
||||||
level=ERROR
|
|
||||||
formatter=normal_with_name
|
|
||||||
args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
|
|
||||||
|
|
||||||
[handler_file]
|
|
||||||
class=FileHandler
|
|
||||||
level=DEBUG
|
|
||||||
formatter=normal_with_name
|
|
||||||
args=('/var/log/keystone/keystone.log', 'a')
|
|
||||||
|
|
||||||
[handler_devel]
|
|
||||||
class=StreamHandler
|
|
||||||
level=NOTSET
|
|
||||||
formatter=debug
|
|
||||||
args=(sys.stdout,)
|
|
||||||
|
|
||||||
[formatter_normal]
|
|
||||||
format=%(asctime)s %(levelname)s %(message)s
|
|
||||||
|
|
||||||
[formatter_normal_with_name]
|
|
||||||
format=(%(name)s): %(asctime)s %(levelname)s %(message)s
|
|
||||||
|
|
||||||
[formatter_debug]
|
|
||||||
format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
|
|
|
@ -1,112 +0,0 @@
|
||||||
# folsom
|
|
||||||
###############################################################################
|
|
||||||
# [ WARNING ]
|
|
||||||
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
||||||
###############################################################################
|
|
||||||
[DEFAULT]
|
|
||||||
admin_token = {{ token }}
|
|
||||||
admin_port = {{ admin_port }}
|
|
||||||
public_port = {{ public_port }}
|
|
||||||
use_syslog = {{ use_syslog }}
|
|
||||||
log_config = /etc/keystone/logging.conf
|
|
||||||
debug = {{ debug }}
|
|
||||||
verbose = {{ verbose }}
|
|
||||||
|
|
||||||
[sql]
|
|
||||||
{% if database_host -%}
|
|
||||||
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
|
||||||
{% else -%}
|
|
||||||
connection = sqlite:////var/lib/keystone/keystone.db
|
|
||||||
{% endif -%}
|
|
||||||
idle_timeout = 200
|
|
||||||
|
|
||||||
[identity]
|
|
||||||
driver = keystone.identity.backends.sql.Identity
|
|
||||||
|
|
||||||
[catalog]
|
|
||||||
driver = keystone.catalog.backends.sql.Catalog
|
|
||||||
|
|
||||||
[token]
|
|
||||||
driver = keystone.token.backends.sql.Token
|
|
||||||
expiration = 86400
|
|
||||||
|
|
||||||
[policy]
|
|
||||||
driver = keystone.policy.backends.rules.Policy
|
|
||||||
|
|
||||||
[ec2]
|
|
||||||
driver = keystone.contrib.ec2.backends.sql.Ec2
|
|
||||||
|
|
||||||
[signing]
|
|
||||||
token_format = UUID
|
|
||||||
key_size = 2048
|
|
||||||
valid_days = 3650
|
|
||||||
|
|
||||||
[filter:debug]
|
|
||||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
|
||||||
|
|
||||||
[filter:token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:admin_token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:xml_body]
|
|
||||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:json_body]
|
|
||||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:user_crud_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
|
||||||
|
|
||||||
[filter:crud_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
|
||||||
|
|
||||||
[filter:ec2_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
|
||||||
|
|
||||||
[filter:s3_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
|
||||||
|
|
||||||
[filter:url_normalize]
|
|
||||||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
|
||||||
|
|
||||||
[filter:stats_monitoring]
|
|
||||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
|
||||||
|
|
||||||
[filter:stats_reporting]
|
|
||||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
|
||||||
|
|
||||||
[app:public_service]
|
|
||||||
paste.app_factory = keystone.service:public_app_factory
|
|
||||||
|
|
||||||
[app:admin_service]
|
|
||||||
paste.app_factory = keystone.service:admin_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_api]
|
|
||||||
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
|
|
||||||
|
|
||||||
[pipeline:admin_api]
|
|
||||||
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
|
|
||||||
|
|
||||||
[app:public_version_service]
|
|
||||||
paste.app_factory = keystone.service:public_version_app_factory
|
|
||||||
|
|
||||||
[app:admin_version_service]
|
|
||||||
paste.app_factory = keystone.service:admin_version_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_version_api]
|
|
||||||
pipeline = stats_monitoring url_normalize xml_body public_version_service
|
|
||||||
|
|
||||||
[pipeline:admin_version_api]
|
|
||||||
pipeline = stats_monitoring url_normalize xml_body admin_version_service
|
|
||||||
|
|
||||||
[composite:main]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = public_api
|
|
||||||
/ = public_version_api
|
|
||||||
|
|
||||||
[composite:admin]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = admin_api
|
|
||||||
/ = admin_version_api
|
|
|
@ -1,131 +0,0 @@
|
||||||
# grizzly
|
|
||||||
###############################################################################
|
|
||||||
# [ WARNING ]
|
|
||||||
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
||||||
###############################################################################
|
|
||||||
[DEFAULT]
|
|
||||||
admin_token = {{ token }}
|
|
||||||
admin_port = {{ admin_port }}
|
|
||||||
public_port = {{ public_port }}
|
|
||||||
use_syslog = {{ use_syslog }}
|
|
||||||
log_config = /etc/keystone/logging.conf
|
|
||||||
debug = {{ debug }}
|
|
||||||
verbose = {{ verbose }}
|
|
||||||
|
|
||||||
[sql]
|
|
||||||
{% if database_host -%}
|
|
||||||
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
|
||||||
{% else -%}
|
|
||||||
connection = sqlite:////var/lib/keystone/keystone.db
|
|
||||||
{% endif -%}
|
|
||||||
idle_timeout = 200
|
|
||||||
|
|
||||||
[identity]
|
|
||||||
driver = keystone.identity.backends.sql.Identity
|
|
||||||
|
|
||||||
[trust]
|
|
||||||
driver = keystone.trust.backends.sql.Trust
|
|
||||||
|
|
||||||
[catalog]
|
|
||||||
driver = keystone.catalog.backends.sql.Catalog
|
|
||||||
|
|
||||||
[token]
|
|
||||||
driver = keystone.token.backends.sql.Token
|
|
||||||
|
|
||||||
[policy]
|
|
||||||
driver = keystone.policy.backends.sql.Policy
|
|
||||||
|
|
||||||
[ec2]
|
|
||||||
driver = keystone.contrib.ec2.backends.sql.Ec2
|
|
||||||
|
|
||||||
[signing]
|
|
||||||
token_format = UUID
|
|
||||||
|
|
||||||
[auth]
|
|
||||||
methods = password,token
|
|
||||||
password = keystone.auth.plugins.password.Password
|
|
||||||
token = keystone.auth.plugins.token.Token
|
|
||||||
|
|
||||||
[filter:debug]
|
|
||||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
|
||||||
|
|
||||||
[filter:token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:admin_token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:xml_body]
|
|
||||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:json_body]
|
|
||||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:user_crud_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
|
||||||
|
|
||||||
[filter:crud_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
|
||||||
|
|
||||||
[filter:ec2_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
|
||||||
|
|
||||||
[filter:s3_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
|
||||||
|
|
||||||
[filter:url_normalize]
|
|
||||||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
|
||||||
|
|
||||||
[filter:sizelimit]
|
|
||||||
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
|
|
||||||
|
|
||||||
[filter:stats_monitoring]
|
|
||||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
|
||||||
|
|
||||||
[filter:stats_reporting]
|
|
||||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
|
||||||
|
|
||||||
[filter:access_log]
|
|
||||||
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
|
|
||||||
|
|
||||||
[app:public_service]
|
|
||||||
paste.app_factory = keystone.service:public_app_factory
|
|
||||||
|
|
||||||
[app:service_v3]
|
|
||||||
paste.app_factory = keystone.service:v3_app_factory
|
|
||||||
|
|
||||||
[app:admin_service]
|
|
||||||
paste.app_factory = keystone.service:admin_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_api]
|
|
||||||
pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
|
|
||||||
|
|
||||||
[pipeline:admin_api]
|
|
||||||
pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
|
|
||||||
|
|
||||||
[pipeline:api_v3]
|
|
||||||
pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
|
|
||||||
|
|
||||||
[app:public_version_service]
|
|
||||||
paste.app_factory = keystone.service:public_version_app_factory
|
|
||||||
|
|
||||||
[app:admin_version_service]
|
|
||||||
paste.app_factory = keystone.service:admin_version_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_version_api]
|
|
||||||
pipeline = access_log sizelimit stats_monitoring url_normalize xml_body public_version_service
|
|
||||||
|
|
||||||
[pipeline:admin_version_api]
|
|
||||||
pipeline = access_log sizelimit stats_monitoring url_normalize xml_body admin_version_service
|
|
||||||
|
|
||||||
[composite:main]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = public_api
|
|
||||||
/v3 = api_v3
|
|
||||||
/ = public_version_api
|
|
||||||
|
|
||||||
[composite:admin]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = admin_api
|
|
||||||
/v3 = api_v3
|
|
||||||
/ = admin_version_api
|
|
|
@ -1,64 +0,0 @@
|
||||||
# havana
|
|
||||||
###############################################################################
|
|
||||||
# [ WARNING ]
|
|
||||||
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
||||||
###############################################################################
|
|
||||||
[DEFAULT]
|
|
||||||
admin_token = {{ token }}
|
|
||||||
admin_port = {{ admin_port }}
|
|
||||||
public_port = {{ public_port }}
|
|
||||||
use_syslog = {{ use_syslog }}
|
|
||||||
log_config = /etc/keystone/logging.conf
|
|
||||||
debug = {{ debug }}
|
|
||||||
verbose = {{ verbose }}
|
|
||||||
|
|
||||||
[sql]
|
|
||||||
{% if database_host -%}
|
|
||||||
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
|
||||||
{% else -%}
|
|
||||||
connection = sqlite:////var/lib/keystone/keystone.db
|
|
||||||
{% endif -%}
|
|
||||||
idle_timeout = 200
|
|
||||||
|
|
||||||
[identity]
|
|
||||||
driver = keystone.identity.backends.sql.Identity
|
|
||||||
|
|
||||||
[credential]
|
|
||||||
driver = keystone.credential.backends.sql.Credential
|
|
||||||
|
|
||||||
[trust]
|
|
||||||
driver = keystone.trust.backends.sql.Trust
|
|
||||||
|
|
||||||
[os_inherit]
|
|
||||||
|
|
||||||
[catalog]
|
|
||||||
driver = keystone.catalog.backends.sql.Catalog
|
|
||||||
|
|
||||||
[endpoint_filter]
|
|
||||||
|
|
||||||
[token]
|
|
||||||
driver = keystone.token.backends.sql.Token
|
|
||||||
provider = keystone.token.providers.uuid.Provider
|
|
||||||
|
|
||||||
[cache]
|
|
||||||
|
|
||||||
[policy]
|
|
||||||
driver = keystone.policy.backends.sql.Policy
|
|
||||||
|
|
||||||
[ec2]
|
|
||||||
driver = keystone.contrib.ec2.backends.sql.Ec2
|
|
||||||
|
|
||||||
[assignment]
|
|
||||||
|
|
||||||
[oauth1]
|
|
||||||
|
|
||||||
[signing]
|
|
||||||
|
|
||||||
[auth]
|
|
||||||
methods = external,password,token,oauth1
|
|
||||||
password = keystone.auth.plugins.password.Password
|
|
||||||
token = keystone.auth.plugins.token.Token
|
|
||||||
oauth1 = keystone.auth.plugins.oauth1.OAuth
|
|
||||||
|
|
||||||
[paste_deploy]
|
|
||||||
config_file = keystone-paste.ini
|
|
|
@ -315,7 +315,6 @@ class TestKeystoneUtils(CharmTestCase):
|
||||||
self.test_config.set('admin-port', 80)
|
self.test_config.set('admin-port', 80)
|
||||||
self.test_config.set('service-port', 81)
|
self.test_config.set('service-port', 81)
|
||||||
self.https.return_value = False
|
self.https.return_value = False
|
||||||
self.test_config.set('https-service-endpoints', 'False')
|
|
||||||
self.get_local_endpoint.return_value = 'http://localhost:80/v2.0/'
|
self.get_local_endpoint.return_value = 'http://localhost:80/v2.0/'
|
||||||
self.relation_ids.return_value = ['cluster/0']
|
self.relation_ids.return_value = ['cluster/0']
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue