Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / fa2ae1b291f097eb49ee4e3c18c49c30e3803171 / . / tests / pillar / single.sls
blob: eec5c16c0af3bb3f47f28a953f37f3c59510d97a [file] [log] [blame]
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]1keystone:
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]2# Server state
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]3 server:
4 enabled: true
5 version: liberty
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]6 service_name: apache2
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]7 service_token: RANDOMSTRINGTOKEN
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]8 service_tenant: service
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]9 admin_project:
10 name: projectname
11 domain: project
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]12 admin_tenant: admin
13 admin_name: admin
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]14 admin_password: passw0rd
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]15 admin_email: root@localhost
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]16 enable_proxy_headers_parsing: True
17 cors:
18 allowed_origin: 'https://horizon.example.com'
19 allow_credentials: True
20 expose_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token'
21 allow_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name'
22 max_age: 3600
23 allow_methods: 'GET,PUT,POST,DELETE,PATCH'
24 auth_methods:
25 - password
26 - token
27 federation:
28 oidc:
29 remote_id_attribute: HTTP_OIDC_ISS
30 remote_id_attribute_value: remote_id_attribute_value
31 oidc_claim_prefix: oidc_claim_prefix
32 oidc_client_id: oidc_client_id
33 oidc_client_secret: oidc_client_secret
34 oidc_crypto_passphrase: oidc_crypto_passphrase
35 oidc_redirect_uri: oidc_redirect_uri
36 oidc_provider_metadata_url: oidc_provider_metadata_url
37 oidc_response_type: oidc_response_type
38 oidc_scope: oidc_scope
39 oidc_ssl_validate_server: oidc_ssl_validate_server
40 oidc_oauth_ssl_validate_server: oidc_oauth_ssl_validate_server
41 oidc_oauth_introspection_endpoint: oidc_oauth_introspection_endpoint
42 oidc_oauth_introspection_token_param_name: oidc_oauth_introspection_token_param_name
43 oidc_oauth_remote_user_claim: oidc_oauth_remote_user_claim
44 oidc_oauth_verify_jwks_uri: oidc_oauth_verify_jwks_uri
45 odic_token_iat_slack: odic_token_iat_slack
46 oidc_provider_issuer: oidc_provider_issuer
47 oidc_provider_authorization_endpoint: oidc_provider_authorization_endpoint
48 oidc_provider_token_endpoint: oidc_provider_token_endpoint
49 oidc_provider_token_endpoint_auth: oidc_provider_token_endpoint_auth
50 oidc_provider_user_info_endpoint: oidc_provider_user_info_endpoint
51 oidc_provider_jwks_uri: oidc_provider_jwks_uri
52 protocol: oidc
53 saml2:
54 remote_id_attribute: HTTP_OIDC_ISS
55 protocol: saml2
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]56 bind:
57 address: 0.0.0.0
58 private_address: 127.0.0.1
59 private_port: 35357
60 public_address: 127.0.0.1
61 public_port: 5000
62 region: RegionOne
63 database:
64 engine: mysql
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]65 host: 127.0.0.1
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]66 name: keystone
67 password: passw0rd
68 user: keystone
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]69 tokens:
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]70 engine: fernet
Jakub Pavlik874d9d32016-01-25 22:19:15 +0100[diff] [blame]71 expiration: 86400
72 location: /etc/keystone/fernet-keys/
Oleksandr Bryndziidf239652019-02-26 15:38:54 +0200[diff] [blame]73 allow_expired_window: 86400
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]74 notification: true
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]75 notification_format: cadf
Oleksandr Shyshko70341eb2019-02-21 12:51:25 +0000[diff] [blame]76 security_compliance:
77 disable_user_account_days_inactive: 90
Oleksandr Shyshko75dcd682019-04-19 11:50:49 +0300[diff] [blame]78 lockout_failure_attempts: 60
Oleksandr Shyshko70341eb2019-02-21 12:51:25 +0000[diff] [blame]79 lockout_duration: 600
Oleksandr Shyshko75dcd682019-04-19 11:50:49 +0300[diff] [blame]80 password_expires_days: 730
81 unique_last_password_count: 5
Oleksandr Shyshko70341eb2019-02-21 12:51:25 +0000[diff] [blame]82 minimum_password_age: 0
Oleksandr Shyshko75dcd682019-04-19 11:50:49 +0300[diff] [blame]83 password_regex: '^[a-zA-Z0-9]{32,}$$'
84 password_regex_description: |
85 Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters
86 change_password_upon_first_use: False
vgusev779727c2018-02-16 18:10:54 +0400[diff] [blame]87 logging:
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]88 debug: true
89 log_file: 'logfile.log'
90 log_dir: logdir
91 use_syslog: true
92 syslog_log_facility: LOG_USER
93 log_appender: true
vgusev779727c2018-02-16 18:10:54 +0400[diff] [blame]94 log_handlers:
95 watchedfile:
96 enabled: true
97 fluentd:
98 enabled: false
99 ossyslog:
100 enabled: false
Dmitry Ukov70256222017-11-20 19:26:38 +0400[diff] [blame]101 extra_config:
102 federation:
103 cache_group_membership_in_db: true
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]104 message_queue:
105 engine: rabbitmq
106 host: 127.0.0.1
107 port: 5672
108 user: openstack
109 password: password
110 virtual_host: '/openstack'
111 ha_queues: true
112 rabbit_ha_queues: true
113 rpc_conn_pool_size: 30
114 conn_pool_min_size: 2
115 conn_pool_ttl: 1200
116 rpc_poll_timeout: 1
117 rpc_thread_pool_size: 100
118 rpc_message_ttl: 300
119 rpc_use_acks: false
120 rpc_ack_timeout_base: 15
121 rpc_ack_timeout_multiplier: 2
122 rpc_retry_attempts: 3
123 executor_thread_pool_size: 64
124 rpc_response_timeout: 60
125 control_exchange: openstack
126 ssl:
127 version: TLSv1_2
128 cacert_file: ssl_ca_certs
129 x509:
130 key_file: kombu_ssl_keyfile
131 cert_file: kombu_ssl_certfile
132 rabbit_retry_interval: 1
133 rabbit_retry_backoff: 2
134 rabbit_interval_max: 30
135 rabbit_transient_queues_ttl: 1800
136 heartbeat_timeout_threshold: 60
137 heartbeat_rate: 2
138 channel_max: 2
139 frame_max: 2
140 heartbeat_interval: 3
141 socket_timeout: 10
142 tcp_user_timeout: 10
143 host_connection_reconnect_delay: 10
144 connection_factory: single
145 pool_max_size: 30
146 pool_max_overflow: 0
147 pool_timeout: 30
148 pool_recycle: 600
149 pool_stale: 60
150 default_serializer_type: json
151 notification_persistence: false
152 default_notification_exchange: exchange
153 notification_listener_prefetch_count: 100
154 default_notification_retry_attempts: 1
155 notification_retry_delay: 10
156 rpc_queue_expiration: 60
157 default_rpc_exchange: rpc_exchange
158 rpc_reply_exchange: rpc_reply_exchange
159 rpc_listener_prefetch_count: 100
160 rpc_reply_listener_prefetch_count: 100
161 rpc_reply_retry_attempts: 10
162 rpc_reply_retry_delay: 10
163 default_rpc_retry_attempts: 10
164 rpc_retry_delay: 10
165 rabbit_qos_prefetch_count: 64
166 healthcheck:
167 path: '/healthcheck'
168 max_request_body_size: 114688
169 profiler:
170 enabled: True
171 cache:
172 enabled: True
173 host: 127.0.0.1
174 port: 11211
175 policy:
Martin Polreichfa2ae1b2019-12-17 13:50:04 +0100[diff] [blame^]176 admin_or_token_subject: 'rule:token_subject'
177 service_admin_or_token_subject": 'rule:service_or_admin'
178 identity:get_region:
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]179 domain:
180 testing:
181 description: "Test domain"
182 backend: ldap
183 identity:
184 backend: ldap
185 driver: ldap
186 assignment:
187 backend: sql
188 driver: keystone.assignment.backends.sql.Assignment
189 ldap:
190 group_mapping: False
191 url: "ldaps://idm.domain.com"
192 suffix: "dc=cloud,dc=domain,dc=com"
193 uid: keystone
194 password: password
195 query_scope: "sub"
196 bind_user: "CN=lab,CN=users,${keystone:server:domain:testing:ldap:suffix}"
197 filter:
198 user: "(memberOf=CN=Grp-atm-admins,CN=Users,${keystone:server:domain:testing:ldap:suffix})"
199 user_tree_dn: "CN=users,${keystone:server:domain:testing:ldap:suffix}"
200 user_id_attribute: "sAMAccountName"
201 user_name_attribute: "sAMAccountName"
202 user_pass_attribute: ""
203 user_enabled_default: 512
204 user_enabled_mask: 2
205 user_enabled_attribute: "userAccountControl"
206 user_attribute_ignore: "password,tenant_id,tenants"
207
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]208# Client state
209 client:
210 enabled: false
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]211 os_client_config:
212 enabled: true
213 cfgs:
214 root:
215 content:
216 clouds:
217 admin_identity:
218 region_name: RegionOne
219 identity_api_version: '3'
220 interface: 'internal'
221 auth:
222 username: 'admin'
223 password: passw0rd
224 user_domain_name: 'Default'
225 project_name: 'admin'
226 project_domain_name: 'Default'
227 auth_url: 'http://127.0.0.1:5000'
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]228 server:
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]229 admin_identity:
230 admin:
231 user: admin
232 password: passw0rd
233 project: admin
234 host: localhost
235 port: 5000
236 region_name: RegionOne
237 use_keystoneauth: true
238 protocol: http
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]239 identity:
240 admin:
241 host: localhost
242 port: 35357
243 token: RANDOMSTRINGTOKEN
244 roles:
245 - admin
246 - Member
247 project:
248 service:
249 description: "OpenStack Service tenant"
250 admin:
251 description: "OpenStack Admin tenant"
252 user:
253 admin:
254 is_admin: true
255 password: passw0rd
256 email: admin@localhost
257 service:
258 keystone3:
259 type: identity
260 description: OpenStack Identity Service v3
261 endpoints:
262 - region: RegionOne
263 public_address: keystone
264 public_protocol: http
265 public_port: 5000
266 public_path: '/v3'
267 internal_address: keystone
268 internal_port: 5000
269 internal_path: '/v3'
270 admin_address: keystone
271 admin_port: 35357
272 admin_path: '/v3'
273 keystone:
274 type: identity
275 description: OpenStack Identity Service
276 endpoints:
277 - region: RegionOne
278 public_address: keystone
279 public_protocol: http
280 public_port: 5000
281 public_path: '/v2.0'
282 internal_address: keystone
283 internal_port: 5000
284 internal_path: '/v2.0'
285 admin_address: keystone
286 admin_port: 35357
287 admin_path: '/v2.0'
Martin Polreich12663342019-10-14 18:39:26 +0200[diff] [blame]288apache:
289 server:
290 enabled: true
291 default_mpm: event
292 mpm:
293 prefork:
294 enabled: true
295 servers:
296 start: 5
297 spare:
298 min: 2
299 max: 10
300 max_requests: 0
301 max_clients: 20
302 limit: 20
303 site:
304 keystone:
305 enabled: true
306 type: keystone
307 name: wsgi
308 host:
309 name: localhost
310 pkgs:
311 - apache2
312 modules:
313 - wsgi
Petr Michalece9a6c2a2017-03-05 20:14:34 +0100[diff] [blame]314# CI related dependencies
315mysql:
316 client:
317 enabled: true
318 version: '5.7'
319 admin:
320 host: localhost
321 port: 3306
322 user: admin
323 password: password
324 encoding: utf8
325 server:
326 enabled: true
327 version: "5.7"
328 force_encoding: utf8
329 bind:
330 address: 0.0.0.0
331 port: 3306
332 protocol: tcp
333 database:
334 keystone:
335 encoding: utf8
336 users:
337 - host: '%'
338 name: keystone
339 password: passw0rd
340 rights: all
341 - host: 127.0.0.1
342 name: keystone
343 password: passw0rd
344 rights: all