Blame - README.rst - salt-formulas/keystone

blob: b0a0323459d650fc73b58454d7532421fa1ad438 [file] [log] [blame]

Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	1	==================
				2	OpenStack Keystone
				3	==================
				4
Jakub Pavlik	ffc280d	2016-05-20 11:19:14 +0200	[diff] [blame^]	5	Keystone provides authentication, authorization and service discovery
				6	mechanisms via HTTP primarily for use by projects in the OpenStack family. It
				7	is most commonly deployed as an HTTP interface to existing identity systems,
				8	such as LDAP.
Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	9
				10	From Kilo release Keystone v3 endpoint has definition without version in url
				11
				12	.. code-block:: bash
				13
				14	+----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
				15	\| id \| region \| publicurl \| internalurl \| adminurl \| service_id \|
				16	+----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
				17	\| 91663a8db11c487c9253c8c456863494 \| RegionOne \| http://10.0.150.37:5000/ \| http://10.0.150.37:5000/ \| http://10.0.150.37:35357/ \| 0fd2dba3153d45a1ba7f709cfc2d69c9 \|
				18	+----------------------------------+-----------+--------------------------+--------------------------+---------------------------+----------------------------------+
				19
				20
				21	Sample pillars
				22	==============
				23
Adam Tengler	7c66c88	2016-03-14 19:35:49 +0100	[diff] [blame]	24	.. caution::
				25
Jakub Pavlik	ffc280d	2016-05-20 11:19:14 +0200	[diff] [blame^]	26	When you use localhost as your database host (keystone:server:
				27	atabase:host), sqlalchemy will try to connect to /var/run/mysql/
				28	mysqld.sock, may cause issues if you located your mysql socket elsewhere
Adam Tengler	7c66c88	2016-03-14 19:35:49 +0100	[diff] [blame]	29
Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	30	Full stacked keystone
				31
				32	.. code-block:: yaml
				33
				34	keystone:
				35	server:
				36	enabled: true
				37	version: juno
				38	service_token: 'service_tokeen'
				39	service_tenant: service
				40	service_password: 'servicepwd'
				41	admin_tenant: admin
				42	admin_name: admin
				43	admin_password: 'adminpwd'
				44	admin_email: stackmaster@domain.com
				45	roles:
				46	- admin
				47	- Member
				48	- image_manager
				49	bind:
				50	address: 0.0.0.0
				51	private_address: 127.0.0.1
				52	private_port: 35357
				53	public_address: 127.0.0.1
				54	public_port: 5000
				55	api_version: 2.0
				56	region: RegionOne
				57	database:
				58	engine: mysql
				59	host: '127.0.0.1'
				60	name: 'keystone'
				61	password: 'LfTno5mYdZmRfoPV'
				62	user: 'keystone'
				63
				64	Keystone public HTTPS API
				65
				66	.. code-block:: yaml
				67
				68	keystone:
				69	server:
				70	enabled: true
				71	version: juno
				72	...
				73	services:
				74	- name: nova
				75	type: compute
				76	description: OpenStack Compute Service
				77	user:
				78	name: nova
				79	password: password
				80	bind:
				81	public_address: cloud.domain.com
				82	public_protocol: https
				83	public_port: 8774
				84	internal_address: 10.0.0.20
				85	internal_port: 8774
				86	admin_address: 10.0.0.20
				87	admin_port: 8774
				88
				89	Keystone memcached storage for tokens
				90
				91	.. code-block:: yaml
				92
				93	keystone:
				94	server:
				95	enabled: true
				96	version: juno
				97	...
				98	token_store: cache
				99	cache:
				100	engine: memcached
				101	host: 127.0.0.1
				102	port: 11211
				103	services:
				104	...
				105
				106	Keystone clustered memcached storage for tokens
				107
				108	.. code-block:: yaml
				109
				110	keystone:
				111	server:
				112	enabled: true
				113	version: juno
				114	...
				115	token_store: cache
				116	cache:
				117	engine: memcached
				118	members:
				119	- host: 192.160.0.1
				120	port: 11211
				121	- host: 192.160.0.2
				122	port: 11211
				123	services:
				124	...
				125
				126	Keystone client
				127
				128	.. code-block:: yaml
				129
				130	keystone:
				131	client:
				132	enabled: true
				133	server:
				134	host: 10.0.0.2
				135	public_port: 5000
				136	private_port: 35357
				137	service_token: 'token'
				138	admin_tenant: admin
				139	admin_name: admin
				140	admin_password: 'passwd'
				141
				142	Keystone cluster
				143
				144	.. code-block:: yaml
				145
				146	keystone:
				147	control:
				148	enabled: true
				149	provider:
				150	os15_token:
				151	host: 10.0.0.2
				152	port: 35357
				153	token: token
				154	os15_tcp_core_stg:
				155	host: 10.0.0.5
				156	port: 5000
				157	tenant: admin
				158	name: admin
				159	password: password
				160
				161	Keystone fernet tokens for OpenStack Kilo release
				162
				163	.. code-block:: yaml
				164
				165	keystone:
				166	server:
				167	...
				168	tokens:
				169	engine: fernet
				170	...
				171
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	172	Keystone domain with LDAP backend, using SQL for role/project assignment
				173
				174	.. code-block:: yaml
				175
				176	keystone:
				177	server:
				178	domain:
Filip Pytloun	af25d8d	2016-01-12 14:21:39 +0100	[diff] [blame]	179	description: "Testing domain"
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	180	backend: ldap
				181	assignment:
				182	backend: sql
				183	ldap:
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	184	url: "ldaps://idm.domain.com"
				185	suffix: "dc=cloud,dc=domain,dc=com"
				186	# Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	187	uid: keystone
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	188	password: password
Filip Pytloun	6b9ec2b	2016-01-12 13:52:01 +0100	[diff] [blame]	189
Filip Pytloun	1abfdd7	2016-01-18 11:35:17 +0100	[diff] [blame]	190	Using LDAP backend for default domain
				191
				192	.. code-block:: yaml
				193
				194	keystone:
				195	server:
				196	backend: ldap
				197	assignment:
				198	backend: sql
				199	ldap:
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	200	url: "ldaps://idm.domain.com"
				201	suffix: "dc=cloud,dc=domain,dc=com"
				202	# Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
Filip Pytloun	1abfdd7	2016-01-18 11:35:17 +0100	[diff] [blame]	203	uid: keystone
Ales Komarek	aabbda6	2016-03-15 08:38:35 +0100	[diff] [blame]	204	password: password
				205
				206	Simple service endpoint definition (defaults to RegionOne)
				207
				208	.. code-block:: yaml
				209
				210	keystone:
				211	server:
				212	service:
				213	ceilometer:
				214	type: metering
				215	description: OpenStack Telemetry Service
				216	user:
				217	name: ceilometer
				218	password: password
				219	bind:
				220	...
				221
				222	Region-aware service endpoints definition
				223
				224	.. code-block:: yaml
				225
				226	keystone:
				227	server:
				228	service:
				229	ceilometer_region01:
				230	service: ceilometer
				231	type: metering
				232	region: region01
				233	description: OpenStack Telemetry Service
				234	user:
				235	name: ceilometer
				236	password: password
				237	bind:
				238	...
				239	ceilometer_region02:
				240	service: ceilometer
				241	type: metering
				242	region: region02
				243	description: OpenStack Telemetry Service
				244	bind:
				245	...
				246
Jakub Pavlik	72e31d6	2016-04-08 16:26:57 +0200	[diff] [blame]	247	Enable ceilometer notifications
				248
				249	.. code-block:: yaml
				250
				251	keystone:
				252	server:
				253	notification: true
				254	message_queue:
				255	engine: rabbitmq
				256	host: 127.0.0.1
				257	port: 5672
				258	user: openstack
				259	password: password
				260	virtual_host: '/openstack'
				261	ha_queues: true
Filip Pytloun	1abfdd7	2016-01-18 11:35:17 +0100	[diff] [blame]	262
Jakub Pavlik	ffc280d	2016-05-20 11:19:14 +0200	[diff] [blame^]	263	Documentation and Bugs
				264	============================
Filip Pytloun	943d688	2015-10-06 16:28:32 +0200	[diff] [blame]	265
Jakub Pavlik	ffc280d	2016-05-20 11:19:14 +0200	[diff] [blame^]	266	To learn how to deploy OpenStack Salt, consult the documentation available
				267	online at:
				268
				269	https://wiki.openstack.org/wiki/OpenStackSalt
				270
				271	In the unfortunate event that bugs are discovered, they should be reported to
				272	the appropriate bug tracker. If you obtained the software from a 3rd party
				273	operating system vendor, it is often wise to use their own bug tracker for
				274	reporting problems. In all other cases use the master OpenStack bug tracker,
				275	available at:
				276
				277	http://bugs.launchpad.net/openstack-salt
				278
				279	Developers wishing to work on the OpenStack Salt project should always base
				280	their work on the latest formulas code, available from the master GIT
				281	repository at:
				282
				283	https://git.openstack.org/cgit/openstack/salt-formula-keystone
				284
				285	Developers should also join the discussion on the IRC list, at:
				286
				287	https://wiki.openstack.org/wiki/Meetings/openstack-salt