Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / f8f3c80a57386fd2896cdc6ff2a3435844d4cb86 / . / tests / pillar / single.sls
blob: ba1ef77af12c9cc700898f31a95d648dffd7d2ea [file] [log] [blame]
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]1keystone:
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]2# Server state
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]3 server:
4 enabled: true
5 version: liberty
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]6 service_name: apache2
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]7 service_token: RANDOMSTRINGTOKEN
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]8 service_tenant: service
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]9 admin_project:
10 name: projectname
11 domain: project
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]12 admin_tenant: admin
13 admin_name: admin
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]14 admin_password: passw0rd
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]15 admin_email: root@localhost
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]16 enable_proxy_headers_parsing: True
17 cors:
18 allowed_origin: 'https://horizon.example.com'
19 allow_credentials: True
20 expose_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token'
21 allow_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name'
22 max_age: 3600
23 allow_methods: 'GET,PUT,POST,DELETE,PATCH'
24 auth_methods:
25 - password
26 - token
27 federation:
28 oidc:
29 remote_id_attribute: HTTP_OIDC_ISS
30 remote_id_attribute_value: remote_id_attribute_value
31 oidc_claim_prefix: oidc_claim_prefix
32 oidc_client_id: oidc_client_id
33 oidc_client_secret: oidc_client_secret
34 oidc_crypto_passphrase: oidc_crypto_passphrase
35 oidc_redirect_uri: oidc_redirect_uri
36 oidc_provider_metadata_url: oidc_provider_metadata_url
37 oidc_response_type: oidc_response_type
38 oidc_scope: oidc_scope
39 oidc_ssl_validate_server: oidc_ssl_validate_server
40 oidc_oauth_ssl_validate_server: oidc_oauth_ssl_validate_server
41 oidc_oauth_introspection_endpoint: oidc_oauth_introspection_endpoint
42 oidc_oauth_introspection_token_param_name: oidc_oauth_introspection_token_param_name
43 oidc_oauth_remote_user_claim: oidc_oauth_remote_user_claim
44 oidc_oauth_verify_jwks_uri: oidc_oauth_verify_jwks_uri
45 odic_token_iat_slack: odic_token_iat_slack
46 oidc_provider_issuer: oidc_provider_issuer
47 oidc_provider_authorization_endpoint: oidc_provider_authorization_endpoint
48 oidc_provider_token_endpoint: oidc_provider_token_endpoint
49 oidc_provider_token_endpoint_auth: oidc_provider_token_endpoint_auth
50 oidc_provider_user_info_endpoint: oidc_provider_user_info_endpoint
51 oidc_provider_jwks_uri: oidc_provider_jwks_uri
52 protocol: oidc
53 saml2:
54 remote_id_attribute: HTTP_OIDC_ISS
55 protocol: saml2
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]56 bind:
57 address: 0.0.0.0
58 private_address: 127.0.0.1
59 private_port: 35357
60 public_address: 127.0.0.1
61 public_port: 5000
62 region: RegionOne
63 database:
64 engine: mysql
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]65 host: 127.0.0.1
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]66 name: keystone
67 password: passw0rd
68 user: keystone
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]69 tokens:
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]70 engine: fernet
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]71 expiration: 86400
72 location: /etc/keystone/fernet-keys/
Oleksandr Bryndzii49a50832019-02-26 15:38:54 +0200[diff] [blame]73 allow_expired_window: 86400
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]74 notification: true
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]75 notification_format: cadf
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]76 security_compliance:
77 disable_user_account_days_inactive: 90
Oleksandr Shyshko3d95b712019-04-19 11:50:49 +0300[diff] [blame]78 lockout_failure_attempts: 60
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]79 lockout_duration: 600
Oleksandr Shyshko3d95b712019-04-19 11:50:49 +0300[diff] [blame]80 password_expires_days: 730
81 unique_last_password_count: 5
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]82 minimum_password_age: 0
Oleksandr Shyshko3d95b712019-04-19 11:50:49 +0300[diff] [blame]83 password_regex: '^[a-zA-Z0-9]{32,}$$'
84 password_regex_description: |
85 Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters
86 change_password_upon_first_use: False
vgusev779727c2018-02-16 18:10:54 +0400[diff] [blame]87 logging:
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]88 debug: true
89 log_file: 'logfile.log'
90 log_dir: logdir
91 use_syslog: true
92 syslog_log_facility: LOG_USER
93 log_appender: true
vgusev779727c2018-02-16 18:10:54 +0400[diff] [blame]94 log_handlers:
95 watchedfile:
96 enabled: true
97 fluentd:
98 enabled: false
99 ossyslog:
100 enabled: false
Dmitry Ukov70256222017-11-20 19:26:38 +0400[diff] [blame]101 extra_config:
102 federation:
103 cache_group_membership_in_db: true
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]104 message_queue:
105 engine: rabbitmq
106 host: 127.0.0.1
107 port: 5672
108 user: openstack
109 password: password
110 virtual_host: '/openstack'
111 ha_queues: true
112 rabbit_ha_queues: true
113 rpc_conn_pool_size: 30
114 conn_pool_min_size: 2
115 conn_pool_ttl: 1200
116 rpc_poll_timeout: 1
117 rpc_thread_pool_size: 100
118 rpc_message_ttl: 300
119 rpc_use_acks: false
120 rpc_ack_timeout_base: 15
121 rpc_ack_timeout_multiplier: 2
122 rpc_retry_attempts: 3
123 executor_thread_pool_size: 64
124 rpc_response_timeout: 60
125 control_exchange: openstack
126 ssl:
127 version: TLSv1_2
128 cacert_file: ssl_ca_certs
129 x509:
130 key_file: kombu_ssl_keyfile
131 cert_file: kombu_ssl_certfile
132 rabbit_retry_interval: 1
133 rabbit_retry_backoff: 2
134 rabbit_interval_max: 30
135 rabbit_transient_queues_ttl: 1800
136 heartbeat_timeout_threshold: 60
137 heartbeat_rate: 2
138 channel_max: 2
139 frame_max: 2
140 heartbeat_interval: 3
141 socket_timeout: 10
142 tcp_user_timeout: 10
143 host_connection_reconnect_delay: 10
144 connection_factory: single
145 pool_max_size: 30
146 pool_max_overflow: 0
147 pool_timeout: 30
148 pool_recycle: 600
149 pool_stale: 60
150 default_serializer_type: json
151 notification_persistence: false
152 default_notification_exchange: exchange
153 notification_listener_prefetch_count: 100
154 default_notification_retry_attempts: 1
155 notification_retry_delay: 10
156 rpc_queue_expiration: 60
157 default_rpc_exchange: rpc_exchange
158 rpc_reply_exchange: rpc_reply_exchange
159 rpc_listener_prefetch_count: 100
160 rpc_reply_listener_prefetch_count: 100
161 rpc_reply_retry_attempts: 10
162 rpc_reply_retry_delay: 10
163 default_rpc_retry_attempts: 10
164 rpc_retry_delay: 10
165 rabbit_qos_prefetch_count: 64
166 healthcheck:
167 path: '/healthcheck'
168 max_request_body_size: 114688
169 profiler:
170 enabled: True
171 cache:
172 enabled: True
173 host: 127.0.0.1
174 port: 11211
175 policy:
176 policy_file: 'policy.json'
177 domain:
178 testing:
179 description: "Test domain"
180 backend: ldap
181 identity:
182 backend: ldap
183 driver: ldap
184 assignment:
185 backend: sql
186 driver: keystone.assignment.backends.sql.Assignment
187 ldap:
Dzmitry Stremkouski46705912019-07-30 16:16:29 +0200[diff] [blame]188 group_mapping: False
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]189 url: "ldaps://idm.domain.com"
190 suffix: "dc=cloud,dc=domain,dc=com"
191 uid: keystone
192 password: password
Dzmitry Stremkouski46705912019-07-30 16:16:29 +0200[diff] [blame]193 query_scope: "sub"
194 bind_user: "CN=lab,CN=users,${keystone:server:domain:testing:ldap:suffix}"
195 filter:
196 user: "(memberOf=CN=Grp-atm-admins,CN=Users,${keystone:server:domain:testing:ldap:suffix})"
197 user_tree_dn: "CN=users,${keystone:server:domain:testing:ldap:suffix}"
198 user_id_attribute: "sAMAccountName"
199 user_name_attribute: "sAMAccountName"
200 user_pass_attribute: ""
201 user_enabled_default: 512
202 user_enabled_mask: 2
203 user_enabled_attribute: "userAccountControl"
204 user_attribute_ignore: "password,tenant_id,tenants"
205
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]206# Client state
207 client:
208 enabled: false
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]209 os_client_config:
210 enabled: true
211 cfgs:
212 root:
213 content:
214 clouds:
215 admin_identity:
216 region_name: RegionOne
217 identity_api_version: '3'
218 interface: 'internal'
219 auth:
220 username: 'admin'
221 password: passw0rd
222 user_domain_name: 'Default'
223 project_name: 'admin'
224 project_domain_name: 'Default'
225 auth_url: 'http://127.0.0.1:5000'
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]226 server:
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]227 admin_identity:
228 admin:
229 user: admin
230 password: passw0rd
231 project: admin
232 host: localhost
233 port: 5000
234 region_name: RegionOne
235 use_keystoneauth: true
236 protocol: http
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]237 identity:
238 admin:
239 host: localhost
240 port: 35357
241 token: RANDOMSTRINGTOKEN
242 roles:
243 - admin
244 - Member
245 project:
246 service:
247 description: "OpenStack Service tenant"
248 admin:
249 description: "OpenStack Admin tenant"
250 user:
251 admin:
252 is_admin: true
253 password: passw0rd
254 email: admin@localhost
255 service:
256 keystone3:
257 type: identity
258 description: OpenStack Identity Service v3
259 endpoints:
260 - region: RegionOne
261 public_address: keystone
262 public_protocol: http
263 public_port: 5000
264 public_path: '/v3'
265 internal_address: keystone
266 internal_port: 5000
267 internal_path: '/v3'
268 admin_address: keystone
269 admin_port: 35357
270 admin_path: '/v3'
271 keystone:
272 type: identity
273 description: OpenStack Identity Service
274 endpoints:
275 - region: RegionOne
276 public_address: keystone
277 public_protocol: http
278 public_port: 5000
279 public_path: '/v2.0'
280 internal_address: keystone
281 internal_port: 5000
282 internal_path: '/v2.0'
283 admin_address: keystone
284 admin_port: 35357
285 admin_path: '/v2.0'
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]286apache:
287 server:
288 enabled: true
289 default_mpm: event
290 mpm:
291 prefork:
292 enabled: true
293 servers:
294 start: 5
295 spare:
296 min: 2
297 max: 10
298 max_requests: 0
299 max_clients: 20
300 limit: 20
301 site:
302 keystone:
303 enabled: true
304 type: keystone
305 name: wsgi
306 host:
307 name: localhost
308 pkgs:
309 - apache2
310 modules:
311 - wsgi
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]312# CI related dependencies
313mysql:
314 client:
315 enabled: true
316 version: '5.7'
317 admin:
318 host: localhost
319 port: 3306
320 user: admin
321 password: password
322 encoding: utf8
323 server:
324 enabled: true
325 version: "5.7"
326 force_encoding: utf8
327 bind:
328 address: 0.0.0.0
329 port: 3306
330 protocol: tcp
331 database:
332 keystone:
333 encoding: utf8
334 users:
335 - host: '%'
336 name: keystone
337 password: passw0rd
338 rights: all
339 - host: 127.0.0.1
340 name: keystone
341 password: passw0rd
342 rights: all