Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / refs/heads/release/2019.98.1 / . / tests / pillar / single.sls
blob: e4e191e69d717bdf87756ae012ec752054107369 [file] [log] [blame]
keystone:
# Server state
server:
enabled: true
version: liberty
service_token: RANDOMSTRINGTOKEN
service_tenant: service
admin_tenant: admin
admin_name: admin
admin_password: passw0rd
admin_email: root@localhost
admin_project:
domain: project
name: projectname
bind:
address: 0.0.0.0
private_address: 127.0.0.1
private_port: 35357
public_address: 127.0.0.1
public_port: 5000
region: RegionOne
database:
engine: mysql
host: 127.0.0.1
name: keystone
password: passw0rd
user: keystone
connection_recycle_time: 3600
max_pool_size: 10
max_retries: -1
max_overflow: 30
domain:
default_domain:
default: True
domain_specific_drivers_enabled: true
description: 'default'
not_default_domain:
description: 'not_default'
tokens:
engine: fernet
expiration: 86400
location: /var/lib/keystone/fernet-keys
max_active_keys: 3
notification: true
notification_format: cadf
logging:
debug: false
log_file: keystone.log
log_dir: /var/log/keystone
use_syslog: false
syslog_log_facility: LOG_USER
log_appender: true
log_handlers:
watchedfile:
enabled: true
fluentd:
enabled: true
ossyslog:
enabled: true
extra_config:
federation:
cache_group_membership_in_db: true
assignment:
backend: sql
auth_methods:
- password
- token
cache:
backend: 'oslo_cache.memcache_pool'
members:
- host: 127.0.0.1
port: 11211
credential:
location: /var/lib/keystone/credential-keys
cors:
allowed_origin: 'https://horizon.example.com'
allow_credentials: True
expose_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token'
max_age: 3600
allow_methods: 'GET,PUT,POST,DELETE,PATCH'
allow_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name'
backend: sql
hash_algorithm: sha256
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
ha_queues: true
heartbeat_timeout_threshold: 0
heartbeat_rate: 2
executor_thread_pool_size: 64
rpc_response_timeout: 60
control_exchange: keystone
max_request_body_size: 114688
enable_proxy_headers_parsing: True
healthcheck:
path: /healthcheck
profiler:
enabled: true
policy:
policy_file: 'policy.json'
federation:
federation_driver: sql
federated_domain_name: Federated
trusted_dashboard:
- 'https://acme.example.com/auth/websso'
- 'https://beta.example.com/auth/websso'
oidc:
remote_id_attribute: HTTP_OIDC_ISS
protocol: oidc
saml2:
remote_id_attribute: HTTP_OIDC_ISS
protocol: saml2
# Client state
client:
enabled: false
server:
identity:
admin:
host: localhost
port: 35357
token: RANDOMSTRINGTOKEN
roles:
- admin
- Member
project:
service:
description: "OpenStack Service tenant"
admin:
description: "OpenStack Admin tenant"
user:
admin:
is_admin: true
password: passw0rd
email: admin@localhost
service:
keystone3:
type: identity
description: OpenStack Identity Service v3
endpoints:
- region: RegionOne
public_address: keystone
public_protocol: http
public_port: 5000
public_path: '/v3'
internal_address: keystone
internal_port: 5000
internal_path: '/v3'
admin_address: keystone
admin_port: 35357
admin_path: '/v3'
keystone:
type: identity
description: OpenStack Identity Service
endpoints:
- region: RegionOne
public_address: keystone
public_protocol: http
public_port: 5000
public_path: '/v2.0'
internal_address: keystone
internal_port: 5000
internal_path: '/v2.0'
admin_address: keystone
admin_port: 35357
admin_path: '/v2.0'
# TODO: enable once salt keystone module/states are fixed
#keystoneR2:
#service: keystone
#type: identity
#description: OpenStack Identity Service
#endpoints:
#- region: RegionTwo
#public_address: keystone
#public_protocol: http
#public_port: 5000
#public_path: '/v2.0'
#internal_address: keystone
#internal_port: 5000
#internal_path: '/v2.0'
#admin_address: keystone
#admin_port: 35357
#admin_path: '/v2.0'