Blame - README.rst - salt-formulas/keystone

blob: 0d038d3cda1da80a607c225948bd84c92a6ebcc3 [file] [log] [blame]

Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	1	==================
				2	OpenStack Keystone
				3	==================
				4
				5	Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
				6
				7	From Kilo release Keystone v3 endpoint has definition without version in url
				8
				9	.. code-block:: bash
				10
				11	+----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
				12	\| id \| region \| publicurl \| internalurl \| adminurl \| service_id \|
				13	+----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
				14	\| 91663a8db11c487c9253c8c456863494 \| RegionOne \| http://10.0.150.37:5000/ \| http://10.0.150.37:5000/ \| http://10.0.150.37:35357/ \| 0fd2dba3153d45a1ba7f709cfc2d69c9 \|
				15	+----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
				16
				17
				18	Sample pillars
				19	==============
				20
Adam Tengler	7c66c88	2016-03-14 19:35:49 +0100	[diff] [blame]	21	.. caution::
				22
				23	When you use localhost as your database host (keystone:server:database:host), sqlalchemy will try to connect to /var/run/mysql/mysqld.sock, may cause issues if you located your mysql socket elsewhere
				24
Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	25	Full stacked keystone
				26
				27	.. code-block:: yaml
				28
				29	keystone:
				30	server:
				31	enabled: true
				32	version: juno
				33	service_token: 'service_tokeen'
				34	service_tenant: service
				35	service_password: 'servicepwd'
				36	admin_tenant: admin
				37	admin_name: admin
				38	admin_password: 'adminpwd'
				39	admin_email: stackmaster@domain.com
				40	roles:
				41	- admin
				42	- Member
				43	- image_manager
				44	bind:
				45	address: 0.0.0.0
				46	private_address: 127.0.0.1
				47	private_port: 35357
				48	public_address: 127.0.0.1
				49	public_port: 5000
				50	api_version: 2.0
				51	region: RegionOne
				52	database:
				53	engine: mysql
				54	host: '127.0.0.1'
				55	name: 'keystone'
				56	password: 'LfTno5mYdZmRfoPV'
				57	user: 'keystone'
				58
				59	Keystone public HTTPS API
				60
				61	.. code-block:: yaml
				62
				63	keystone:
				64	server:
				65	enabled: true
				66	version: juno
				67	...
				68	services:
				69	- name: nova
				70	type: compute
				71	description: OpenStack Compute Service
				72	user:
				73	name: nova
				74	password: password
				75	bind:
				76	public_address: cloud.domain.com
				77	public_protocol: https
				78	public_port: 8774
				79	internal_address: 10.0.0.20
				80	internal_port: 8774
				81	admin_address: 10.0.0.20
				82	admin_port: 8774
				83
				84	Keystone memcached storage for tokens
				85
				86	.. code-block:: yaml
				87
				88	keystone:
				89	server:
				90	enabled: true
				91	version: juno
				92	...
				93	token_store: cache
				94	cache:
				95	engine: memcached
				96	host: 127.0.0.1
				97	port: 11211
				98	services:
				99	...
				100
				101	Keystone clustered memcached storage for tokens
				102
				103	.. code-block:: yaml
				104
				105	keystone:
				106	server:
				107	enabled: true
				108	version: juno
				109	...
				110	token_store: cache
				111	cache:
				112	engine: memcached
				113	members:
				114	- host: 192.160.0.1
				115	port: 11211
				116	- host: 192.160.0.2
				117	port: 11211
				118	services:
				119	...
				120
				121	Keystone client
				122
				123	.. code-block:: yaml
				124
				125	keystone:
				126	client:
				127	enabled: true
				128	server:
				129	host: 10.0.0.2
				130	public_port: 5000
				131	private_port: 35357
				132	service_token: 'token'
				133	admin_tenant: admin
				134	admin_name: admin
				135	admin_password: 'passwd'
				136
				137	Keystone cluster
				138
				139	.. code-block:: yaml
				140
				141	keystone:
				142	control:
				143	enabled: true
				144	provider:
				145	os15_token:
				146	host: 10.0.0.2
				147	port: 35357
				148	token: token
				149	os15_tcp_core_stg:
				150	host: 10.0.0.5
				151	port: 5000
				152	tenant: admin
				153	name: admin
				154	password: password
				155
				156	Keystone fernet tokens for OpenStack Kilo release
				157
				158	.. code-block:: yaml
				159
				160	keystone:
				161	server:
				162	...
				163	tokens:
				164	engine: fernet
				165	...
				166
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	167	Keystone domain with LDAP backend, using SQL for role/project assignment
				168
				169	.. code-block:: yaml
				170
				171	keystone:
				172	server:
				173	domain:
Filip Pytloun	af25d8d	2016-01-12 14:21:39 +0100	[diff] [blame]	174	description: "Testing domain"
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	175	backend: ldap
				176	assignment:
				177	backend: sql
				178	ldap:
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	179	url: "ldaps://idm.domain.com"
				180	suffix: "dc=cloud,dc=domain,dc=com"
				181	# Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	182	uid: keystone
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	183	password: password
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	184
Filip Pytloun	1abfdd7	2016-01-18 11:35:17 +0100	[diff] [blame]	185	Using LDAP backend for default domain
				186
				187	.. code-block:: yaml
				188
				189	keystone:
				190	server:
				191	backend: ldap
				192	assignment:
				193	backend: sql
				194	ldap:
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	195	url: "ldaps://idm.domain.com"
				196	suffix: "dc=cloud,dc=domain,dc=com"
				197	# Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
Filip Pytloun	1abfdd7	2016-01-18 11:35:17 +0100	[diff] [blame]	198	uid: keystone
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	199	password: password
				200
				201	Simple service endpoint definition (defaults to RegionOne)
				202
				203	.. code-block:: yaml
				204
				205	keystone:
				206	server:
				207	service:
				208	ceilometer:
				209	type: metering
				210	description: OpenStack Telemetry Service
				211	user:
				212	name: ceilometer
				213	password: password
				214	bind:
				215	...
				216
				217	Region-aware service endpoints definition
				218
				219	.. code-block:: yaml
				220
				221	keystone:
				222	server:
				223	service:
				224	ceilometer_region01:
				225	service: ceilometer
				226	type: metering
				227	region: region01
				228	description: OpenStack Telemetry Service
				229	user:
				230	name: ceilometer
				231	password: password
				232	bind:
				233	...
				234	ceilometer_region02:
				235	service: ceilometer
				236	type: metering
				237	region: region02
				238	description: OpenStack Telemetry Service
				239	bind:
				240	...
				241
Jakub Pavlik	72e31d6	2016-04-08 16:26:57 +0200	[diff] [blame]	242	Enable ceilometer notifications
				243
				244	.. code-block:: yaml
				245
				246	keystone:
				247	server:
				248	notification: true
				249	message_queue:
				250	engine: rabbitmq
				251	host: 127.0.0.1
				252	port: 5672
				253	user: openstack
				254	password: password
				255	virtual_host: '/openstack'
				256	ha_queues: true
Filip Pytloun	1abfdd7	2016-01-18 11:35:17 +0100	[diff] [blame]	257
Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	258	Read more
				259	=========
				260
				261	* http://docs.openstack.org/developer/keystone/configuration.html
				262	* http://docs.openstack.org/developer/keystone/architecture.html
				263	* http://docs.saltstack.com/ref/states/all/salt.states.keystone.html
				264	* http://docs.saltstack.com/ref/modules/all/salt.modules.keystone.html
				265	* http://www.sebastien-han.fr/blog/2012/12/12/cleanup-keystone-tokens/
				266	* http://www-01.ibm.com/support/knowledgecenter/SS4KMC_2.2.0/com.ibm.sco.doc_2.2/t_memcached_keystone.html?lang=en
				267	* https://bugs.launchpad.net/tripleo/+bug/1203910