blob: aad2c64d2ae24ff341361fea6df57bac846f0d23 [file] [log] [blame]
Filip Pytloun943d6882015-10-06 16:28:32 +02001==================
2OpenStack Keystone
3==================
4
Jakub Pavlikffc280d2016-05-20 11:19:14 +02005Keystone provides authentication, authorization and service discovery
6mechanisms via HTTP primarily for use by projects in the OpenStack family. It
7is most commonly deployed as an HTTP interface to existing identity systems,
8such as LDAP.
Filip Pytloun943d6882015-10-06 16:28:32 +02009
10From Kilo release Keystone v3 endpoint has definition without version in url
11
12.. code-block:: bash
13
14 +----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
15 | id | region | publicurl | internalurl | adminurl | service_id |
16 +----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
17 | 91663a8db11c487c9253c8c456863494 | RegionOne | http://10.0.150.37:5000/ | http://10.0.150.37:5000/ | http://10.0.150.37:35357/ | 0fd2dba3153d45a1ba7f709cfc2d69c9 |
18 +----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
19
20
21Sample pillars
22==============
23
Alexander Noskov78b81e02016-12-05 16:20:50 +040024.. caution::
Adam Tengler7c66c882016-03-14 19:35:49 +010025
Jakub Pavlikffc280d2016-05-20 11:19:14 +020026 When you use localhost as your database host (keystone:server:
27 atabase:host), sqlalchemy will try to connect to /var/run/mysql/
28 mysqld.sock, may cause issues if you located your mysql socket elsewhere
Adam Tengler7c66c882016-03-14 19:35:49 +010029
Filip Pytloun943d6882015-10-06 16:28:32 +020030Full stacked keystone
31
32.. code-block:: yaml
33
34 keystone:
35 server:
36 enabled: true
37 version: juno
38 service_token: 'service_tokeen'
39 service_tenant: service
40 service_password: 'servicepwd'
41 admin_tenant: admin
42 admin_name: admin
43 admin_password: 'adminpwd'
44 admin_email: stackmaster@domain.com
45 roles:
46 - admin
47 - Member
48 - image_manager
49 bind:
50 address: 0.0.0.0
51 private_address: 127.0.0.1
52 private_port: 35357
53 public_address: 127.0.0.1
54 public_port: 5000
55 api_version: 2.0
56 region: RegionOne
57 database:
58 engine: mysql
59 host: '127.0.0.1'
60 name: 'keystone'
61 password: 'LfTno5mYdZmRfoPV'
62 user: 'keystone'
63
64Keystone public HTTPS API
65
66.. code-block:: yaml
67
68 keystone:
69 server:
70 enabled: true
71 version: juno
72 ...
73 services:
74 - name: nova
75 type: compute
76 description: OpenStack Compute Service
77 user:
78 name: nova
79 password: password
80 bind:
81 public_address: cloud.domain.com
82 public_protocol: https
83 public_port: 8774
84 internal_address: 10.0.0.20
85 internal_port: 8774
86 admin_address: 10.0.0.20
87 admin_port: 8774
88
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000089Keystone with custom policies. Keys with specified rules are created or set to this value if they already exists. Keys with no value (like our "existing_rule") are deleted from the policy file.
90
91.. code-block:: yaml
92
93 keystone:
94 server:
95 enabled: true
96 policy:
97 new_rule: "rule:admin_required"
98 existing_rule:
99
Filip Pytloun943d6882015-10-06 16:28:32 +0200100Keystone memcached storage for tokens
101
102.. code-block:: yaml
103
104 keystone:
105 server:
106 enabled: true
107 version: juno
108 ...
109 token_store: cache
110 cache:
111 engine: memcached
112 host: 127.0.0.1
113 port: 11211
114 services:
115 ...
116
117Keystone clustered memcached storage for tokens
118
119.. code-block:: yaml
120
121 keystone:
122 server:
123 enabled: true
124 version: juno
125 ...
126 token_store: cache
127 cache:
128 engine: memcached
129 members:
130 - host: 192.160.0.1
131 port: 11211
132 - host: 192.160.0.2
133 port: 11211
134 services:
135 ...
136
137Keystone client
138
139.. code-block:: yaml
140
141 keystone:
142 client:
143 enabled: true
144 server:
145 host: 10.0.0.2
146 public_port: 5000
147 private_port: 35357
148 service_token: 'token'
149 admin_tenant: admin
150 admin_name: admin
151 admin_password: 'passwd'
152
153Keystone cluster
154
155.. code-block:: yaml
156
157 keystone:
158 control:
159 enabled: true
160 provider:
161 os15_token:
162 host: 10.0.0.2
163 port: 35357
164 token: token
165 os15_tcp_core_stg:
166 host: 10.0.0.5
167 port: 5000
168 tenant: admin
169 name: admin
170 password: password
171
172Keystone fernet tokens for OpenStack Kilo release
173
174.. code-block:: yaml
175
176 keystone:
177 server:
178 ...
179 tokens:
180 engine: fernet
Jakub Pavlik6b0b74a2016-09-01 10:49:14 +0200181 max_active_keys: 3
Filip Pytloun943d6882015-10-06 16:28:32 +0200182 ...
183
Oleksii Chupryn6fd899f2017-04-21 10:20:51 +0300184Keystone auth methods
185
186.. code-block:: yaml
187
188 keystone:
189 server:
190 ...
191 auth_methods:
192 - external
193 - password
194 - token
195 - oauth1
196 ...
197
Filip Pytloun6b9ec2b2016-01-12 13:52:01 +0100198Keystone domain with LDAP backend, using SQL for role/project assignment
199
200.. code-block:: yaml
201
202 keystone:
203 server:
204 domain:
Ramon Melero96ff9122017-08-15 11:02:50 -0500205 external:
206 description: "Testing domain"
207 backend: ldap
208 assignment:
209 backend: sql
210 ldap:
211 url: "ldaps://idm.domain.com"
212 suffix: "dc=cloud,dc=domain,dc=com"
213 # Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
214 uid: keystone
215 password: password
Filip Pytloun6b9ec2b2016-01-12 13:52:01 +0100216
Dzmitry Stremkouskia0db50f2018-03-26 20:41:36 +0200217Use driver aliases for drivers instead of class path's
218
219.. code-block:: yaml
220
221 keystone:
222 server:
223 domain:
224 test:
225 description: "Test domain"
226 backend: ldap
227 assignment:
228 backend: sql
229 driver: sql
230 identity:
231 backend: ldap
232 driver: keystone.identity.backends.ldap.Identity
233 ldap:
234 url: "ldaps://idm.domain.com"
235 ...
236
Filip Pytloun1abfdd72016-01-18 11:35:17 +0100237Using LDAP backend for default domain
238
239.. code-block:: yaml
240
241 keystone:
242 server:
243 backend: ldap
244 assignment:
245 backend: sql
246 ldap:
Ales Komarekaabbda62016-03-15 08:38:35 +0100247 url: "ldaps://idm.domain.com"
248 suffix: "dc=cloud,dc=domain,dc=com"
249 # Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
Filip Pytloun1abfdd72016-01-18 11:35:17 +0100250 uid: keystone
Ales Komarekaabbda62016-03-15 08:38:35 +0100251 password: password
252
kovchynnykov74125082018-02-05 13:17:43 +0200253Using LDAP backend for default domain with "user_enabled" field emulation
254
255.. code-block:: yaml
256
257 keystone:
258 server:
259 backend: ldap
260 assignment:
261 backend: sql
262 ldap:
263 url: "ldap://idm.domain.com"
264 suffix: "ou=Openstack Service Users,o=domain.com"
265 bind_user: keystone
266 password: password
267 # Define LDAP "group" object class and "membership" attribute
268 group_objectclass: groupOfUniqueNames
269 group_member_attribute: uniqueMember
270 # User will receive "enabled" attribute basing on membership in "os-user-enabled" group
271 user_enabled_emulation: True
272 user_enabled_emulation_dn: "cn=os-user-enabled,ou=Openstack,o=domain.com"
273 user_enabled_emulation_use_group_config: True
274
Ales Komarekaabbda62016-03-15 08:38:35 +0100275Simple service endpoint definition (defaults to RegionOne)
276
277.. code-block:: yaml
278
279 keystone:
280 server:
281 service:
282 ceilometer:
283 type: metering
284 description: OpenStack Telemetry Service
285 user:
286 name: ceilometer
287 password: password
288 bind:
289 ...
290
291Region-aware service endpoints definition
292
293.. code-block:: yaml
294
295 keystone:
296 server:
297 service:
298 ceilometer_region01:
299 service: ceilometer
300 type: metering
301 region: region01
302 description: OpenStack Telemetry Service
303 user:
304 name: ceilometer
305 password: password
306 bind:
307 ...
308 ceilometer_region02:
309 service: ceilometer
310 type: metering
311 region: region02
312 description: OpenStack Telemetry Service
313 bind:
314 ...
315
Jakub Pavlik72e31d62016-04-08 16:26:57 +0200316Enable ceilometer notifications
317
318.. code-block:: yaml
319
320 keystone:
321 server:
322 notification: true
323 message_queue:
324 engine: rabbitmq
325 host: 127.0.0.1
326 port: 5672
327 user: openstack
328 password: password
329 virtual_host: '/openstack'
330 ha_queues: true
Filip Pytloun1abfdd72016-01-18 11:35:17 +0100331
Jakub Pavlik205ef802016-12-14 12:48:42 +0100332Client-side RabbitMQ HA setup
333
334.. code-block:: yaml
335
336 keystone:
337 server:
338 ....
339 message_queue:
340 engine: rabbitmq
341 members:
342 - host: 10.0.16.1
343 - host: 10.0.16.2
344 - host: 10.0.16.3
345 user: openstack
346 password: pwd
347 virtual_host: '/openstack'
348 ....
349
Kirill Bespalov00984452017-08-01 17:44:11 +0300350Client-side RabbitMQ TLS configuration:
351
352|
353
354By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
355
356.. code-block:: yaml
357
358 keystone:
359 server:
360 ....
361 message_queue:
362 ssl:
363 enabled: True
364
365Use `cacert_file` option to specify the CA-cert file path explicitly:
366
367.. code-block:: yaml
368
369 keystone:
370 server:
371 ....
372 message_queue:
373 ssl:
374 enabled: True
375 cacert_file: /etc/ssl/rabbitmq-ca.pem
376
377To manage content of the `cacert_file` use the `cacert` option:
378
379.. code-block:: yaml
380
381 keystone:
382 server:
383 ....
384 message_queue:
385 ssl:
386 enabled: True
387 cacert: |
388
389 -----BEGIN CERTIFICATE-----
390 ...
391 -----END CERTIFICATE-------
392
393 cacert_file: /etc/openstack/rabbitmq-ca.pem
394
395
396Notice:
397 * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
398 * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
399
Petr Michalec98fc6d62016-12-03 11:30:35 +0100400Enable CADF audit notification
401
402.. code-block:: yaml
403
404 keystone:
405 server:
406 notification: true
407 notification_format: cadf
408
Alexander Noskov78b81e02016-12-05 16:20:50 +0400409Run keystone under Apache
410
411.. code-block:: yaml
412
413 keystone:
414 server:
415 service_name: apache2
416 apache:
417 server:
418 enabled: true
419 default_mpm: event
420 site:
421 keystone:
422 enabled: true
423 type: keystone
424 name: wsgi
425 host:
426 name: ${linux:network:fqdn}
427 modules:
428 - wsgi
429
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300430Enable SAML2 Federated keystone
Alexander Noskov78b81e02016-12-05 16:20:50 +0400431
432.. code-block:: yaml
433
434 keystone:
435 server:
Oleksii Chupryn6fd899f2017-04-21 10:20:51 +0300436 auth_methods:
437 - password
438 - token
439 - saml2
Oleksii Chuprynebe09a52017-04-21 11:08:14 +0300440 federation:
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300441 saml2:
442 protocol: saml2
443 remote_id_attribute: Shib-Identity-Provider
444 shib_url_scheme: https
445 shib_compat_valid_user: 'on'
Alexander Noskov78b81e02016-12-05 16:20:50 +0400446 federation_driver: keystone.contrib.federation.backends.sql.Federation
Oleksii Chupryn5f110b02017-03-30 09:54:27 +0300447 federated_domain_name: Federated
Alexander Noskov78b81e02016-12-05 16:20:50 +0400448 trusted_dashboard:
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300449 - https://${_param:cluster_public_host}/horizon/auth/websso/
Alexander Noskov78b81e02016-12-05 16:20:50 +0400450 apache:
451 server:
452 pkgs:
453 - apache2
454 - libapache2-mod-shib2
455 modules:
456 - wsgi
457 - shib2
Ales Komarek74a3ba62016-10-05 12:16:52 +0200458
Oleksii Chuprynfcecf192017-04-21 12:20:46 +0300459Enable OIDC Federated keystone
460
461.. code-block:: yaml
462
463 keystone:
464 server:
465 auth_methods:
466 - password
467 - token
468 - oidc
469 federation:
470 oidc:
471 protocol: oidc
472 remote_id_attribute: HTTP_OIDC_ISS
473 remote_id_attribute_value: https://accounts.google.com
474 oidc_claim_prefix: "OIDC-"
475 oidc_response_type: id_token
476 oidc_scope: "openid email profile"
477 oidc_provider_metadata_url: https://accounts.google.com/.well-known/openid-configuration
478 oidc_client_id: <openid_client_id>
479 oidc_client_secret: <openid_client_secret>
480 oidc_crypto_passphrase: openstack
481 oidc_redirect_uri: https://key.example.com:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect
482 oidc_oauth_introspection_endpoint: https://www.googleapis.com/oauth2/v1/tokeninfo
483 oidc_oauth_introspection_token_param_name: access_token
484 oidc_oauth_remote_user_claim: user_id
485 oidc_ssl_validate_server: 'off'
486 federated_domain_name: Federated
487 federation_driver: keystone.contrib.federation.backends.sql.Federation
488 trusted_dashboard:
489 - https://${_param:cluster_public_host}/auth/websso/
490 apache:
491 server:
492 pkgs:
493 - apache2
494 - libapache2-mod-auth-openidc
495 modules:
496 - wsgi
497 - auth_openidc
498
499Notes: Ubuntu Trusty repository doesn't contain libapache2-mod-auth-openidc package. Additonal repository should be added to source list.
500
mnederlof5d9ccac2017-03-02 15:47:50 +0100501Use a custom identity driver with custom options
502
503.. code-block:: yaml
504
505 keystone:
506 server:
507 backend: k2k
508 k2k:
509 auth_url: 'https://keystone.example.com/v2.0'
510 read_user: 'example_user'
511 read_pass: 'password'
512 read_tenant_id: 'admin'
513 identity_driver: 'sql'
514 id_prefix: 'k2k:'
515 domain: 'default'
516 caching: true
517 cache_time: 600
518
Ondrej Smola16e1bb72017-04-18 23:37:49 +0200519Enable CORS parameters
520
521.. code-block:: yaml
522
523 keystone:
524 server:
525 cors:
526 allowed_origin: https:localhost.local,http:localhost.local
527 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
528 allow_methods: GET,PUT,POST,DELETE,PATCH
529 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
530 allow_credentials: True
531 max_age: 86400
532
533
mnederlof5d9ccac2017-03-02 15:47:50 +0100534
Ales Komarek74a3ba62016-10-05 12:16:52 +0200535Keystone client
536---------------
537
538Service endpoints enforcement with service token
539
540.. code-block:: yaml
541
542 keystone:
543 client:
544 enabled: true
545 server:
546 keystone01:
547 admin:
548 host: 10.0.0.2
549 port: 35357
550 token: 'service_token'
551 service:
552 nova:
553 type: compute
554 description: OpenStack Compute Service
555 endpoints:
556 - region: region01
557 public_address: 172.16.10.1
558 public_port: 8773
559 public_path: '/v2'
560 internal_address: 172.16.10.1
561 internal_port: 8773
562 internal_path: '/v2'
563 admin_address: 172.16.10.1
564 admin_port: 8773
565 admin_path: '/v2'
566
567Project, users, roles enforcement with admin user
568
569.. code-block:: yaml
570
571 keystone:
572 client:
573 enabled: true
574 server:
575 keystone01:
576 admin:
577 host: 10.0.0.2
578 port: 5000
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100579 project: admin
Ales Komarek74a3ba62016-10-05 12:16:52 +0200580 user: admin
581 password: 'passwd'
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100582 region_name: RegionOne
583 protocol: https
Ales Komarek74a3ba62016-10-05 12:16:52 +0200584 roles:
585 - admin
586 - member
587 project:
588 tenant01:
589 description: "test env"
Jiri Broulik59000e92017-02-06 18:14:06 +0100590 quota:
591 instances: 100
592 cores: 24
593 ram: 151200
594 floating_ips: 50
595 fixed_ips: -1
596 metadata_items: 128
597 injected_files: 5
598 injected_file_content_bytes: 10240
599 injected_file_path_bytes: 255
600 key_pairs: 100
601 security_groups: 20
602 security_group_rules: 40
603 server_groups: 20
604 server_group_members: 20
Ales Komarek74a3ba62016-10-05 12:16:52 +0200605 user:
606 user01:
607 email: jdoe@domain.com
608 is_admin: true
609 password: some
610 user02:
611 email: jdoe2@domain.com
612 password: some
613 roles:
614 - custom-roles
615
Richard Felkl5ff315e2017-02-01 23:26:23 +0100616Multiple servers example
617
618.. code-block:: yaml
619
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100620 keystone:
621 client:
622 enabled: true
623 server:
624 keystone01:
625 admin:
626 host: 10.0.0.2
627 port: 5000
628 project: 'admin'
629 user: admin
630 password: 'workshop'
631 region_name: RegionOne
632 protocol: https
633 keystone02:
634 admin:
635 host: 10.0.0.3
636 port: 5000
637 project: 'admin'
638 user: admin
639 password: 'workshop'
640 region_name: RegionOne
Richard Felkl5ff315e2017-02-01 23:26:23 +0100641
Jiri Broulik59000e92017-02-06 18:14:06 +0100642
643Tenant quotas
644
645.. code-block:: yaml
646
647 keystone:
648 client:
649 enabled: true
650 server:
651 keystone01:
652 admin:
653 host: 10.0.0.2
654 port: 5000
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100655 project: admin
Jiri Broulik59000e92017-02-06 18:14:06 +0100656 user: admin
657 password: 'passwd'
Jiri Broulik1703fcc2017-02-13 17:42:29 +0100658 region_name: RegionOne
659 protocol: https
Jiri Broulik59000e92017-02-06 18:14:06 +0100660 roles:
661 - admin
662 - member
663 project:
664 tenant01:
665 description: "test env"
666 quota:
667 instances: 100
668 cores: 24
669 ram: 151200
670 floating_ips: 50
671 fixed_ips: -1
672 metadata_items: 128
673 injected_files: 5
674 injected_file_content_bytes: 10240
675 injected_file_path_bytes: 255
676 key_pairs: 100
677 security_groups: 20
678 security_group_rules: 40
679 server_groups: 20
680 server_group_members: 20
681
Oleksii Chupryn4fec2132017-04-03 17:35:28 +0300682Extra config params in keystone.conf (since Mitaka release)
683
684.. code-block:: yaml
685
686 keystone:
687 server:
688 ....
689 extra_config:
690 ini_section1:
691 param1: value
692 param2: value
693 ini_section2:
694 param1: value
695 param2: value
696 ....
697
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200698Configuration of policy.json file
699
700.. code-block:: yaml
701
702
703 keystone:
704 server:
705 ....
706 policy:
707 admin_or_token_subject: 'rule:admin_required or rule:token_subject'
708
Andrey4b287f02017-10-03 18:40:25 -0500709Setting up default admin project name and domain
710
711.. code-block:: yaml
712
713
714 keystone:
715 server:
716 ....
717 admin_project:
718 name: "admin"
719 domain: "default"
720
Dmitry Kalashnik494a17d2017-12-06 16:55:55 +0400721Enhanced logging with logging.conf
722----------------------------------
723
724By default logging.conf is disabled.
725
726That is possible to enable per-binary logging.conf with new variables:
727 * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
728 * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
Oleksii Chupryn6529bb32018-02-07 11:55:38 +0200729 * openstack_ossyslog_handler_enabled - set to true to enable OSSysLogHandler for all Openstack services.
Dmitry Kalashnik494a17d2017-12-06 16:55:55 +0400730
Oleksii Chupryn6529bb32018-02-07 11:55:38 +0200731Only WatchedFileHandler, OSSysLogHandler and FluentHandler are available.
Dmitry Kalashnik494a17d2017-12-06 16:55:55 +0400732
733Also it is possible to configure this with pillar:
734
735.. code-block:: yaml
736
737 keystone:
738 server:
739 logging:
740 log_appender: true
741 log_handlers:
742 watchedfile:
743 enabled: true
744 fluentd:
745 enabled: true
Oleksii Chupryn6529bb32018-02-07 11:55:38 +0200746 ossyslog:
747 enabled: true
Dmitry Kalashnik494a17d2017-12-06 16:55:55 +0400748
Jiri Broulik59000e92017-02-06 18:14:06 +0100749Usage
750=====
751
752Apply state `keystone.client.service` first and then `keystone.client` state.
753
754
Jakub Pavlikffc280d2016-05-20 11:19:14 +0200755Documentation and Bugs
Ales Komarek74a3ba62016-10-05 12:16:52 +0200756======================
Filip Pytloun943d6882015-10-06 16:28:32 +0200757
Jakub Pavlikffc280d2016-05-20 11:19:14 +0200758To learn how to deploy OpenStack Salt, consult the documentation available
759online at:
760
761 https://wiki.openstack.org/wiki/OpenStackSalt
762
763In the unfortunate event that bugs are discovered, they should be reported to
764the appropriate bug tracker. If you obtained the software from a 3rd party
765operating system vendor, it is often wise to use their own bug tracker for
766reporting problems. In all other cases use the master OpenStack bug tracker,
767available at:
768
769 http://bugs.launchpad.net/openstack-salt
770
771Developers wishing to work on the OpenStack Salt project should always base
772their work on the latest formulas code, available from the master GIT
773repository at:
774
775 https://git.openstack.org/cgit/openstack/salt-formula-keystone
776
777Developers should also join the discussion on the IRC list, at:
778
779 https://wiki.openstack.org/wiki/Meetings/openstack-salt
Filip Pytloun4cc5c0f2017-02-02 13:02:03 +0100780
781Documentation and Bugs
782======================
783
784To learn how to install and update salt-formulas, consult the documentation
785available online at:
786
787 http://salt-formulas.readthedocs.io/
788
789In the unfortunate event that bugs are discovered, they should be reported to
790the appropriate issue tracker. Use Github issue tracker for specific salt
791formula:
792
793 https://github.com/salt-formulas/salt-formula-keystone/issues
794
795For feature requests, bug reports or blueprints affecting entire ecosystem,
796use Launchpad salt-formulas project:
797
798 https://launchpad.net/salt-formulas
799
800You can also join salt-formulas-users team and subscribe to mailing list:
801
802 https://launchpad.net/~salt-formulas-users
803
804Developers wishing to work on the salt-formulas projects should always base
805their work on master branch and submit pull request against specific formula.
806
807 https://github.com/salt-formulas/salt-formula-keystone
808
809Any questions or feedback is always welcome so feel free to join our IRC
810channel:
811
812 #salt-formulas @ irc.freenode.net