Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / 7412508f595e45454aab6a464e05e1d36e54abba / . / README.rst
blob: 1d39d554931ab6a1a202cc9a90d49e8016d5a14e [file] [log] [blame]
Filip Pytloun943d6882015-10-06 16:28:32 +0200[diff] [blame]1==================
2OpenStack Keystone
3==================
4
Jakub Pavlikffc280d2016-05-20 11:19:14 +0200[diff] [blame]5Keystone provides authentication, authorization and service discovery
6mechanisms via HTTP primarily for use by projects in the OpenStack family. It
7is most commonly deployed as an HTTP interface to existing identity systems,
8such as LDAP.
Filip Pytloun943d6882015-10-06 16:28:32 +0200[diff] [blame]9
10From Kilo release Keystone v3 endpoint has definition without version in url
11
12.. code-block:: bash
13
14 +----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
15 | id | region | publicurl | internalurl | adminurl | service_id |
16 +----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
17 | 91663a8db11c487c9253c8c456863494 | RegionOne | http://10.0.150.37:5000/ | http://10.0.150.37:5000/ | http://10.0.150.37:35357/ | 0fd2dba3153d45a1ba7f709cfc2d69c9 |
18 +----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
19
20
21Sample pillars
22==============
23
Alexander Noskov78b81e02016-12-05 16:20:50 +0400[diff] [blame]24.. caution::
Adam Tengler7c66c882016-03-14 19:35:49 +0100[diff] [blame]25
Jakub Pavlikffc280d2016-05-20 11:19:14 +0200[diff] [blame]26 When you use localhost as your database host (keystone:server:
27 atabase:host), sqlalchemy will try to connect to /var/run/mysql/
28 mysqld.sock, may cause issues if you located your mysql socket elsewhere
Adam Tengler7c66c882016-03-14 19:35:49 +0100[diff] [blame]29
Filip Pytloun943d6882015-10-06 16:28:32 +0200[diff] [blame]30Full stacked keystone
31
32.. code-block:: yaml
33
34 keystone:
35 server:
36 enabled: true
37 version: juno
38 service_token: 'service_tokeen'
39 service_tenant: service
40 service_password: 'servicepwd'
41 admin_tenant: admin
42 admin_name: admin
43 admin_password: 'adminpwd'
44 admin_email: stackmaster@domain.com
45 roles:
46 - admin
47 - Member
48 - image_manager
49 bind:
50 address: 0.0.0.0
51 private_address: 127.0.0.1
52 private_port: 35357
53 public_address: 127.0.0.1
54 public_port: 5000
55 api_version: 2.0
56 region: RegionOne
57 database:
58 engine: mysql
59 host: '127.0.0.1'
60 name: 'keystone'
61 password: 'LfTno5mYdZmRfoPV'
62 user: 'keystone'
63
64Keystone public HTTPS API
65
66.. code-block:: yaml
67
68 keystone:
69 server:
70 enabled: true
71 version: juno
72 ...
73 services:
74 - name: nova
75 type: compute
76 description: OpenStack Compute Service
77 user:
78 name: nova
79 password: password
80 bind:
81 public_address: cloud.domain.com
82 public_protocol: https
83 public_port: 8774
84 internal_address: 10.0.0.20
85 internal_port: 8774
86 admin_address: 10.0.0.20
87 admin_port: 8774
88
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]89Keystone with custom policies. Keys with specified rules are created or set to this value if they already exists. Keys with no value (like our "existing_rule") are deleted from the policy file.
90
91.. code-block:: yaml
92
93 keystone:
94 server:
95 enabled: true
96 policy:
97 new_rule: "rule:admin_required"
98 existing_rule:
99
Filip Pytloun943d6882015-10-06 16:28:32 +0200[diff] [blame]100Keystone memcached storage for tokens
101
102.. code-block:: yaml
103
104 keystone:
105 server:
106 enabled: true
107 version: juno
108 ...
109 token_store: cache
110 cache:
111 engine: memcached
112 host: 127.0.0.1
113 port: 11211
114 services:
115 ...
116
117Keystone clustered memcached storage for tokens
118
119.. code-block:: yaml
120
121 keystone:
122 server:
123 enabled: true
124 version: juno
125 ...
126 token_store: cache
127 cache:
128 engine: memcached
129 members:
130 - host: 192.160.0.1
131 port: 11211
132 - host: 192.160.0.2
133 port: 11211
134 services:
135 ...
136
137Keystone client
138
139.. code-block:: yaml
140
141 keystone:
142 client:
143 enabled: true
144 server:
145 host: 10.0.0.2
146 public_port: 5000
147 private_port: 35357
148 service_token: 'token'
149 admin_tenant: admin
150 admin_name: admin
151 admin_password: 'passwd'
152
153Keystone cluster
154
155.. code-block:: yaml
156
157 keystone:
158 control:
159 enabled: true
160 provider:
161 os15_token:
162 host: 10.0.0.2
163 port: 35357
164 token: token
165 os15_tcp_core_stg:
166 host: 10.0.0.5
167 port: 5000
168 tenant: admin
169 name: admin
170 password: password
171
172Keystone fernet tokens for OpenStack Kilo release
173
174.. code-block:: yaml
175
176 keystone:
177 server:
178 ...
179 tokens:
180 engine: fernet
Jakub Pavlik6b0b74a2016-09-01 10:49:14 +0200[diff] [blame]181 max_active_keys: 3
Filip Pytloun943d6882015-10-06 16:28:32 +0200[diff] [blame]182 ...
183
Oleksii Chupryn6fd899f2017-04-21 10:20:51 +0300[diff] [blame]184Keystone auth methods
185
186.. code-block:: yaml
187
188 keystone:
189 server:
190 ...
191 auth_methods:
192 - external
193 - password
194 - token
195 - oauth1
196 ...
197
Filip Pytloun6b9ec2b2016-01-12 13:52:01 +0100[diff] [blame]198Keystone domain with LDAP backend, using SQL for role/project assignment
199
200.. code-block:: yaml
201
202 keystone:
203 server:
204 domain:
Ramon Melero96ff9122017-08-15 11:02:50 -0500[diff] [blame]205 external:
206 description: "Testing domain"
207 backend: ldap
208 assignment:
209 backend: sql
210 ldap:
211 url: "ldaps://idm.domain.com"
212 suffix: "dc=cloud,dc=domain,dc=com"
213 # Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
214 uid: keystone
215 password: password
Filip Pytloun6b9ec2b2016-01-12 13:52:01 +0100[diff] [blame]216
Filip Pytloun1abfdd72016-01-18 11:35:17 +0100[diff] [blame]217Using LDAP backend for default domain
218
219.. code-block:: yaml
220
221 keystone:
222 server:
223 backend: ldap
224 assignment:
225 backend: sql
226 ldap:
Ales Komarekaabbda62016-03-15 08:38:35 +0100[diff] [blame]227 url: "ldaps://idm.domain.com"
228 suffix: "dc=cloud,dc=domain,dc=com"
229 # Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
Filip Pytloun1abfdd72016-01-18 11:35:17 +0100[diff] [blame]230 uid: keystone
Ales Komarekaabbda62016-03-15 08:38:35 +0100[diff] [blame]231 password: password
232
kovchynnykov74125082018-02-05 13:17:43 +0200[diff] [blame^]233Using LDAP backend for default domain with "user_enabled" field emulation
234
235.. code-block:: yaml
236
237 keystone:
238 server:
239 backend: ldap
240 assignment:
241 backend: sql
242 ldap:
243 url: "ldap://idm.domain.com"
244 suffix: "ou=Openstack Service Users,o=domain.com"
245 bind_user: keystone
246 password: password
247 # Define LDAP "group" object class and "membership" attribute
248 group_objectclass: groupOfUniqueNames
249 group_member_attribute: uniqueMember
250 # User will receive "enabled" attribute basing on membership in "os-user-enabled" group
251 user_enabled_emulation: True
252 user_enabled_emulation_dn: "cn=os-user-enabled,ou=Openstack,o=domain.com"
253 user_enabled_emulation_use_group_config: True
254
Ales Komarekaabbda62016-03-15 08:38:35 +0100[diff] [blame]255Simple service endpoint definition (defaults to RegionOne)
256
257.. code-block:: yaml
258
259 keystone:
260 server:
261 service:
262 ceilometer:
263 type: metering
264 description: OpenStack Telemetry Service
265 user:
266 name: ceilometer
267 password: password
268 bind:
269 ...
270
271Region-aware service endpoints definition
272
273.. code-block:: yaml
274
275 keystone:
276 server:
277 service:
278 ceilometer_region01:
279 service: ceilometer
280 type: metering
281 region: region01
282 description: OpenStack Telemetry Service
283 user:
284 name: ceilometer
285 password: password
286 bind:
287 ...
288 ceilometer_region02:
289 service: ceilometer
290 type: metering
291 region: region02
292 description: OpenStack Telemetry Service
293 bind:
294 ...
295
Jakub Pavlik72e31d62016-04-08 16:26:57 +0200[diff] [blame]296Enable ceilometer notifications
297
298.. code-block:: yaml
299
300 keystone:
301 server:
302 notification: true
303 message_queue:
304 engine: rabbitmq
305 host: 127.0.0.1
306 port: 5672
307 user: openstack
308 password: password
309 virtual_host: '/openstack'
310 ha_queues: true
Filip Pytloun1abfdd72016-01-18 11:35:17 +0100[diff] [blame]311
Jakub Pavlik205ef802016-12-14 12:48:42 +0100[diff] [blame]312Client-side RabbitMQ HA setup
313
314.. code-block:: yaml
315
316 keystone:
317 server:
318 ....
319 message_queue:
320 engine: rabbitmq
321 members:
322 - host: 10.0.16.1
323 - host: 10.0.16.2
324 - host: 10.0.16.3
325 user: openstack
326 password: pwd
327 virtual_host: '/openstack'
328 ....
329
Kirill Bespalov00984452017-08-01 17:44:11 +0300[diff] [blame]330Client-side RabbitMQ TLS configuration:
331
332|
333
334By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
335
336.. code-block:: yaml
337
338 keystone:
339 server:
340 ....
341 message_queue:
342 ssl:
343 enabled: True
344
345Use `cacert_file` option to specify the CA-cert file path explicitly:
346
347.. code-block:: yaml
348
349 keystone:
350 server:
351 ....
352 message_queue:
353 ssl:
354 enabled: True
355 cacert_file: /etc/ssl/rabbitmq-ca.pem
356
357To manage content of the `cacert_file` use the `cacert` option:
358
359.. code-block:: yaml
360
361 keystone:
362 server:
363 ....
364 message_queue:
365 ssl:
366 enabled: True
367 cacert: |
368
369 -----BEGIN CERTIFICATE-----
370 ...
371 -----END CERTIFICATE-------
372
373 cacert_file: /etc/openstack/rabbitmq-ca.pem
374
375
376Notice:
377 * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
378 * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
379
Petr Michalec98fc6d62016-12-03 11:30:35 +0100[diff] [blame]380Enable CADF audit notification
381
382.. code-block:: yaml
383
384 keystone:
385 server:
386 notification: true
387 notification_format: cadf
388
Alexander Noskov78b81e02016-12-05 16:20:50 +0400[diff] [blame]389Run keystone under Apache
390
391.. code-block:: yaml
392
393 keystone:
394 server:
395 service_name: apache2
396 apache:
397 server:
398 enabled: true
399 default_mpm: event
400 site:
401 keystone:
402 enabled: true
403 type: keystone
404 name: wsgi
405 host:
406 name: ${linux:network:fqdn}
407 modules:
408 - wsgi
409
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300[diff] [blame]410Enable SAML2 Federated keystone
Alexander Noskov78b81e02016-12-05 16:20:50 +0400[diff] [blame]411
412.. code-block:: yaml
413
414 keystone:
415 server:
Oleksii Chupryn6fd899f2017-04-21 10:20:51 +0300[diff] [blame]416 auth_methods:
417 - password
418 - token
419 - saml2
Oleksii Chuprynebe09a52017-04-21 11:08:14 +0300[diff] [blame]420 federation:
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300[diff] [blame]421 saml2:
422 protocol: saml2
423 remote_id_attribute: Shib-Identity-Provider
424 shib_url_scheme: https
425 shib_compat_valid_user: 'on'
Alexander Noskov78b81e02016-12-05 16:20:50 +0400[diff] [blame]426 federation_driver: keystone.contrib.federation.backends.sql.Federation
Oleksii Chupryn5f110b02017-03-30 09:54:27 +0300[diff] [blame]427 federated_domain_name: Federated
Alexander Noskov78b81e02016-12-05 16:20:50 +0400[diff] [blame]428 trusted_dashboard:
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300[diff] [blame]429 - https://${_param:cluster_public_host}/horizon/auth/websso/
Alexander Noskov78b81e02016-12-05 16:20:50 +0400[diff] [blame]430 apache:
431 server:
432 pkgs:
433 - apache2
434 - libapache2-mod-shib2
435 modules:
436 - wsgi
437 - shib2
Ales Komarek74a3ba62016-10-05 12:16:52 +0200[diff] [blame]438
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300[diff] [blame]439Enable OIDC Federated keystone
440
441.. code-block:: yaml
442
443 keystone:
444 server:
445 auth_methods:
446 - password
447 - token
448 - oidc
449 federation:
450 oidc:
451 protocol: oidc
452 remote_id_attribute: HTTP_OIDC_ISS
453 remote_id_attribute_value: https://accounts.google.com
454 oidc_claim_prefix: "OIDC-"
455 oidc_response_type: id_token
456 oidc_scope: "openid email profile"
457 oidc_provider_metadata_url: https://accounts.google.com/.well-known/openid-configuration
458 oidc_client_id: <openid_client_id>
459 oidc_client_secret: <openid_client_secret>
460 oidc_crypto_passphrase: openstack
461 oidc_redirect_uri: https://key.example.com:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect
462 oidc_oauth_introspection_endpoint: https://www.googleapis.com/oauth2/v1/tokeninfo
463 oidc_oauth_introspection_token_param_name: access_token
464 oidc_oauth_remote_user_claim: user_id
465 oidc_ssl_validate_server: 'off'
466 federated_domain_name: Federated
467 federation_driver: keystone.contrib.federation.backends.sql.Federation
468 trusted_dashboard:
469 - https://${_param:cluster_public_host}/auth/websso/
470 apache:
471 server:
472 pkgs:
473 - apache2
474 - libapache2-mod-auth-openidc
475 modules:
476 - wsgi
477 - auth_openidc
478
479Notes: Ubuntu Trusty repository doesn't contain libapache2-mod-auth-openidc package. Additonal repository should be added to source list.
480
mnederlof5d9ccac2017-03-02 15:47:50 +0100[diff] [blame]481Use a custom identity driver with custom options
482
483.. code-block:: yaml
484
485 keystone:
486 server:
487 backend: k2k
488 k2k:
489 auth_url: 'https://keystone.example.com/v2.0'
490 read_user: 'example_user'
491 read_pass: 'password'
492 read_tenant_id: 'admin'
493 identity_driver: 'sql'
494 id_prefix: 'k2k:'
495 domain: 'default'
496 caching: true
497 cache_time: 600
498
Ondrej Smola16e1bb72017-04-18 23:37:49 +0200[diff] [blame]499Enable CORS parameters
500
501.. code-block:: yaml
502
503 keystone:
504 server:
505 cors:
506 allowed_origin: https:localhost.local,http:localhost.local
507 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
508 allow_methods: GET,PUT,POST,DELETE,PATCH
509 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
510 allow_credentials: True
511 max_age: 86400
512
513
mnederlof5d9ccac2017-03-02 15:47:50 +0100[diff] [blame]514
Ales Komarek74a3ba62016-10-05 12:16:52 +0200[diff] [blame]515Keystone client
516---------------
517
518Service endpoints enforcement with service token
519
520.. code-block:: yaml
521
522 keystone:
523 client:
524 enabled: true
525 server:
526 keystone01:
527 admin:
528 host: 10.0.0.2
529 port: 35357
530 token: 'service_token'
531 service:
532 nova:
533 type: compute
534 description: OpenStack Compute Service
535 endpoints:
536 - region: region01
537 public_address: 172.16.10.1
538 public_port: 8773
539 public_path: '/v2'
540 internal_address: 172.16.10.1
541 internal_port: 8773
542 internal_path: '/v2'
543 admin_address: 172.16.10.1
544 admin_port: 8773
545 admin_path: '/v2'
546
547Project, users, roles enforcement with admin user
548
549.. code-block:: yaml
550
551 keystone:
552 client:
553 enabled: true
554 server:
555 keystone01:
556 admin:
557 host: 10.0.0.2
558 port: 5000
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100[diff] [blame]559 project: admin
Ales Komarek74a3ba62016-10-05 12:16:52 +0200[diff] [blame]560 user: admin
561 password: 'passwd'
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100[diff] [blame]562 region_name: RegionOne
563 protocol: https
Ales Komarek74a3ba62016-10-05 12:16:52 +0200[diff] [blame]564 roles:
565 - admin
566 - member
567 project:
568 tenant01:
569 description: "test env"
Jiri Broulik59000e92017-02-06 18:14:06 +0100[diff] [blame]570 quota:
571 instances: 100
572 cores: 24
573 ram: 151200
574 floating_ips: 50
575 fixed_ips: -1
576 metadata_items: 128
577 injected_files: 5
578 injected_file_content_bytes: 10240
579 injected_file_path_bytes: 255
580 key_pairs: 100
581 security_groups: 20
582 security_group_rules: 40
583 server_groups: 20
584 server_group_members: 20
Ales Komarek74a3ba62016-10-05 12:16:52 +0200[diff] [blame]585 user:
586 user01:
587 email: jdoe@domain.com
588 is_admin: true
589 password: some
590 user02:
591 email: jdoe2@domain.com
592 password: some
593 roles:
594 - custom-roles
595
Richard Felkl5ff315e2017-02-01 23:26:23 +0100[diff] [blame]596Multiple servers example
597
598.. code-block:: yaml
599
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100[diff] [blame]600 keystone:
601 client:
602 enabled: true
603 server:
604 keystone01:
605 admin:
606 host: 10.0.0.2
607 port: 5000
608 project: 'admin'
609 user: admin
610 password: 'workshop'
611 region_name: RegionOne
612 protocol: https
613 keystone02:
614 admin:
615 host: 10.0.0.3
616 port: 5000
617 project: 'admin'
618 user: admin
619 password: 'workshop'
620 region_name: RegionOne
Richard Felkl5ff315e2017-02-01 23:26:23 +0100[diff] [blame]621
Jiri Broulik59000e92017-02-06 18:14:06 +0100[diff] [blame]622
623Tenant quotas
624
625.. code-block:: yaml
626
627 keystone:
628 client:
629 enabled: true
630 server:
631 keystone01:
632 admin:
633 host: 10.0.0.2
634 port: 5000
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100[diff] [blame]635 project: admin
Jiri Broulik59000e92017-02-06 18:14:06 +0100[diff] [blame]636 user: admin
637 password: 'passwd'
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100[diff] [blame]638 region_name: RegionOne
639 protocol: https
Jiri Broulik59000e92017-02-06 18:14:06 +0100[diff] [blame]640 roles:
641 - admin
642 - member
643 project:
644 tenant01:
645 description: "test env"
646 quota:
647 instances: 100
648 cores: 24
649 ram: 151200
650 floating_ips: 50
651 fixed_ips: -1
652 metadata_items: 128
653 injected_files: 5
654 injected_file_content_bytes: 10240
655 injected_file_path_bytes: 255
656 key_pairs: 100
657 security_groups: 20
658 security_group_rules: 40
659 server_groups: 20
660 server_group_members: 20
661
Oleksii Chupryn4fec2132017-04-03 17:35:28 +0300[diff] [blame]662Extra config params in keystone.conf (since Mitaka release)
663
664.. code-block:: yaml
665
666 keystone:
667 server:
668 ....
669 extra_config:
670 ini_section1:
671 param1: value
672 param2: value
673 ini_section2:
674 param1: value
675 param2: value
676 ....
677
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]678Configuration of policy.json file
679
680.. code-block:: yaml
681
682
683 keystone:
684 server:
685 ....
686 policy:
687 admin_or_token_subject: 'rule:admin_required or rule:token_subject'
688
Andrey4b287f02017-10-03 18:40:25 -0500[diff] [blame]689Setting up default admin project name and domain
690
691.. code-block:: yaml
692
693
694 keystone:
695 server:
696 ....
697 admin_project:
698 name: "admin"
699 domain: "default"
700
Dmitry Kalashnik494a17d2017-12-06 16:55:55 +0400[diff] [blame]701Enhanced logging with logging.conf
702----------------------------------
703
704By default logging.conf is disabled.
705
706That is possible to enable per-binary logging.conf with new variables:
707 * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
708 * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
709
710Only WatchedFileHandler and FluentHandler are available.
711
712Also it is possible to configure this with pillar:
713
714.. code-block:: yaml
715
716 keystone:
717 server:
718 logging:
719 log_appender: true
720 log_handlers:
721 watchedfile:
722 enabled: true
723 fluentd:
724 enabled: true
725
Jiri Broulik59000e92017-02-06 18:14:06 +0100[diff] [blame]726Usage
727=====
728
729Apply state `keystone.client.service` first and then `keystone.client` state.
730
731
Jakub Pavlikffc280d2016-05-20 11:19:14 +0200[diff] [blame]732Documentation and Bugs
Ales Komarek74a3ba62016-10-05 12:16:52 +0200[diff] [blame]733======================
Filip Pytloun943d6882015-10-06 16:28:32 +0200[diff] [blame]734
Jakub Pavlikffc280d2016-05-20 11:19:14 +0200[diff] [blame]735To learn how to deploy OpenStack Salt, consult the documentation available
736online at:
737
738 https://wiki.openstack.org/wiki/OpenStackSalt
739
740In the unfortunate event that bugs are discovered, they should be reported to
741the appropriate bug tracker. If you obtained the software from a 3rd party
742operating system vendor, it is often wise to use their own bug tracker for
743reporting problems. In all other cases use the master OpenStack bug tracker,
744available at:
745
746 http://bugs.launchpad.net/openstack-salt
747
748Developers wishing to work on the OpenStack Salt project should always base
749their work on the latest formulas code, available from the master GIT
750repository at:
751
752 https://git.openstack.org/cgit/openstack/salt-formula-keystone
753
754Developers should also join the discussion on the IRC list, at:
755
756 https://wiki.openstack.org/wiki/Meetings/openstack-salt
Filip Pytloun4cc5c0f2017-02-02 13:02:03 +0100[diff] [blame]757
758Documentation and Bugs
759======================
760
761To learn how to install and update salt-formulas, consult the documentation
762available online at:
763
764 http://salt-formulas.readthedocs.io/
765
766In the unfortunate event that bugs are discovered, they should be reported to
767the appropriate issue tracker. Use Github issue tracker for specific salt
768formula:
769
770 https://github.com/salt-formulas/salt-formula-keystone/issues
771
772For feature requests, bug reports or blueprints affecting entire ecosystem,
773use Launchpad salt-formulas project:
774
775 https://launchpad.net/salt-formulas
776
777You can also join salt-formulas-users team and subscribe to mailing list:
778
779 https://launchpad.net/~salt-formulas-users
780
781Developers wishing to work on the salt-formulas projects should always base
782their work on master branch and submit pull request against specific formula.
783
784 https://github.com/salt-formulas/salt-formula-keystone
785
786Any questions or feedback is always welcome so feel free to join our IRC
787channel:
788
789 #salt-formulas @ irc.freenode.net