Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / 49a50833cc96fb2eb775547af1d39a414fc2756b / . / tests / pillar / single.sls
blob: 052657f149998557e9d1c63c8b88c16ae9981bb1 [file] [log] [blame]
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]1keystone:
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]2# Server state
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]3 server:
4 enabled: true
5 version: liberty
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]6 service_name: apache2
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]7 service_token: RANDOMSTRINGTOKEN
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]8 service_tenant: service
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]9 admin_project:
10 name: projectname
11 domain: project
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]12 admin_tenant: admin
13 admin_name: admin
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]14 admin_password: passw0rd
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]15 admin_email: root@localhost
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]16 enable_proxy_headers_parsing: True
17 cors:
18 allowed_origin: 'https://horizon.example.com'
19 allow_credentials: True
20 expose_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token'
21 allow_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name'
22 max_age: 3600
23 allow_methods: 'GET,PUT,POST,DELETE,PATCH'
24 auth_methods:
25 - password
26 - token
27 federation:
28 oidc:
29 remote_id_attribute: HTTP_OIDC_ISS
30 remote_id_attribute_value: remote_id_attribute_value
31 oidc_claim_prefix: oidc_claim_prefix
32 oidc_client_id: oidc_client_id
33 oidc_client_secret: oidc_client_secret
34 oidc_crypto_passphrase: oidc_crypto_passphrase
35 oidc_redirect_uri: oidc_redirect_uri
36 oidc_provider_metadata_url: oidc_provider_metadata_url
37 oidc_response_type: oidc_response_type
38 oidc_scope: oidc_scope
39 oidc_ssl_validate_server: oidc_ssl_validate_server
40 oidc_oauth_ssl_validate_server: oidc_oauth_ssl_validate_server
41 oidc_oauth_introspection_endpoint: oidc_oauth_introspection_endpoint
42 oidc_oauth_introspection_token_param_name: oidc_oauth_introspection_token_param_name
43 oidc_oauth_remote_user_claim: oidc_oauth_remote_user_claim
44 oidc_oauth_verify_jwks_uri: oidc_oauth_verify_jwks_uri
45 odic_token_iat_slack: odic_token_iat_slack
46 oidc_provider_issuer: oidc_provider_issuer
47 oidc_provider_authorization_endpoint: oidc_provider_authorization_endpoint
48 oidc_provider_token_endpoint: oidc_provider_token_endpoint
49 oidc_provider_token_endpoint_auth: oidc_provider_token_endpoint_auth
50 oidc_provider_user_info_endpoint: oidc_provider_user_info_endpoint
51 oidc_provider_jwks_uri: oidc_provider_jwks_uri
52 protocol: oidc
53 saml2:
54 remote_id_attribute: HTTP_OIDC_ISS
55 protocol: saml2
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]56 bind:
57 address: 0.0.0.0
58 private_address: 127.0.0.1
59 private_port: 35357
60 public_address: 127.0.0.1
61 public_port: 5000
62 region: RegionOne
63 database:
64 engine: mysql
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]65 host: 127.0.0.1
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]66 name: keystone
67 password: passw0rd
68 user: keystone
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]69 tokens:
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]70 engine: fernet
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]71 expiration: 86400
72 location: /etc/keystone/fernet-keys/
Oleksandr Bryndzii49a50832019-02-26 15:38:54 +0200[diff] [blame^]73 allow_expired_window: 86400
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]74 notification: true
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]75 notification_format: cadf
vgusev779727c2018-02-16 18:10:54 +0400[diff] [blame]76 logging:
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]77 debug: true
78 log_file: 'logfile.log'
79 log_dir: logdir
80 use_syslog: true
81 syslog_log_facility: LOG_USER
82 log_appender: true
vgusev779727c2018-02-16 18:10:54 +0400[diff] [blame]83 log_handlers:
84 watchedfile:
85 enabled: true
86 fluentd:
87 enabled: false
88 ossyslog:
89 enabled: false
Dmitry Ukov70256222017-11-20 19:26:38 +0400[diff] [blame]90 extra_config:
91 federation:
92 cache_group_membership_in_db: true
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]93 message_queue:
94 engine: rabbitmq
95 host: 127.0.0.1
96 port: 5672
97 user: openstack
98 password: password
99 virtual_host: '/openstack'
100 ha_queues: true
101 rabbit_ha_queues: true
102 rpc_conn_pool_size: 30
103 conn_pool_min_size: 2
104 conn_pool_ttl: 1200
105 rpc_poll_timeout: 1
106 rpc_thread_pool_size: 100
107 rpc_message_ttl: 300
108 rpc_use_acks: false
109 rpc_ack_timeout_base: 15
110 rpc_ack_timeout_multiplier: 2
111 rpc_retry_attempts: 3
112 executor_thread_pool_size: 64
113 rpc_response_timeout: 60
114 control_exchange: openstack
115 ssl:
116 version: TLSv1_2
117 cacert_file: ssl_ca_certs
118 x509:
119 key_file: kombu_ssl_keyfile
120 cert_file: kombu_ssl_certfile
121 rabbit_retry_interval: 1
122 rabbit_retry_backoff: 2
123 rabbit_interval_max: 30
124 rabbit_transient_queues_ttl: 1800
125 heartbeat_timeout_threshold: 60
126 heartbeat_rate: 2
127 channel_max: 2
128 frame_max: 2
129 heartbeat_interval: 3
130 socket_timeout: 10
131 tcp_user_timeout: 10
132 host_connection_reconnect_delay: 10
133 connection_factory: single
134 pool_max_size: 30
135 pool_max_overflow: 0
136 pool_timeout: 30
137 pool_recycle: 600
138 pool_stale: 60
139 default_serializer_type: json
140 notification_persistence: false
141 default_notification_exchange: exchange
142 notification_listener_prefetch_count: 100
143 default_notification_retry_attempts: 1
144 notification_retry_delay: 10
145 rpc_queue_expiration: 60
146 default_rpc_exchange: rpc_exchange
147 rpc_reply_exchange: rpc_reply_exchange
148 rpc_listener_prefetch_count: 100
149 rpc_reply_listener_prefetch_count: 100
150 rpc_reply_retry_attempts: 10
151 rpc_reply_retry_delay: 10
152 default_rpc_retry_attempts: 10
153 rpc_retry_delay: 10
154 rabbit_qos_prefetch_count: 64
155 healthcheck:
156 path: '/healthcheck'
157 max_request_body_size: 114688
158 profiler:
159 enabled: True
160 cache:
161 enabled: True
162 host: 127.0.0.1
163 port: 11211
164 policy:
165 policy_file: 'policy.json'
166 domain:
167 testing:
168 description: "Test domain"
169 backend: ldap
170 identity:
171 backend: ldap
172 driver: ldap
173 assignment:
174 backend: sql
175 driver: keystone.assignment.backends.sql.Assignment
176 ldap:
177 url: "ldaps://idm.domain.com"
178 suffix: "dc=cloud,dc=domain,dc=com"
179 uid: keystone
180 password: password
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]181# Client state
182 client:
183 enabled: false
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]184 os_client_config:
185 enabled: true
186 cfgs:
187 root:
188 content:
189 clouds:
190 admin_identity:
191 region_name: RegionOne
192 identity_api_version: '3'
193 interface: 'internal'
194 auth:
195 username: 'admin'
196 password: passw0rd
197 user_domain_name: 'Default'
198 project_name: 'admin'
199 project_domain_name: 'Default'
200 auth_url: 'http://127.0.0.1:5000'
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]201 server:
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]202 admin_identity:
203 admin:
204 user: admin
205 password: passw0rd
206 project: admin
207 host: localhost
208 port: 5000
209 region_name: RegionOne
210 use_keystoneauth: true
211 protocol: http
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]212 identity:
213 admin:
214 host: localhost
215 port: 35357
216 token: RANDOMSTRINGTOKEN
217 roles:
218 - admin
219 - Member
220 project:
221 service:
222 description: "OpenStack Service tenant"
223 admin:
224 description: "OpenStack Admin tenant"
225 user:
226 admin:
227 is_admin: true
228 password: passw0rd
229 email: admin@localhost
230 service:
231 keystone3:
232 type: identity
233 description: OpenStack Identity Service v3
234 endpoints:
235 - region: RegionOne
236 public_address: keystone
237 public_protocol: http
238 public_port: 5000
239 public_path: '/v3'
240 internal_address: keystone
241 internal_port: 5000
242 internal_path: '/v3'
243 admin_address: keystone
244 admin_port: 35357
245 admin_path: '/v3'
246 keystone:
247 type: identity
248 description: OpenStack Identity Service
249 endpoints:
250 - region: RegionOne
251 public_address: keystone
252 public_protocol: http
253 public_port: 5000
254 public_path: '/v2.0'
255 internal_address: keystone
256 internal_port: 5000
257 internal_path: '/v2.0'
258 admin_address: keystone
259 admin_port: 35357
260 admin_path: '/v2.0'
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]261apache:
262 server:
263 enabled: true
264 default_mpm: event
265 mpm:
266 prefork:
267 enabled: true
268 servers:
269 start: 5
270 spare:
271 min: 2
272 max: 10
273 max_requests: 0
274 max_clients: 20
275 limit: 20
276 site:
277 keystone:
278 enabled: true
279 type: keystone
280 name: wsgi
281 host:
282 name: localhost
283 pkgs:
284 - apache2
285 modules:
286 - wsgi
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]287# CI related dependencies
288mysql:
289 client:
290 enabled: true
291 version: '5.7'
292 admin:
293 host: localhost
294 port: 3306
295 user: admin
296 password: password
297 encoding: utf8
298 server:
299 enabled: true
300 version: "5.7"
301 force_encoding: utf8
302 bind:
303 address: 0.0.0.0
304 port: 3306
305 protocol: tcp
306 database:
307 keystone:
308 encoding: utf8
309 users:
310 - host: '%'
311 name: keystone
312 password: passw0rd
313 rights: all
314 - host: 127.0.0.1
315 name: keystone
316 password: passw0rd
317 rights: all