Complete keystone configuration for icehouse (updated)

Source: Internet
Author: User
Tags oauth stack trace

This document describes the keystone. conf configuration file for the keystone release of icehouse.

[Default]
Admin_token = (string value)
# This is a known password used to initialize Keystone, it is strongly recommended to disable in production mode, just remove the admintokenauthmiddleware pipeline in the # keystone-paste.ini File

Public_bind_host = (string value)
# The IP address of the network interface to for the public
# Service to listen on. (string value)

Admin_bind_host = (string value)
# The IP address of the network interface to for the admin
# Service to listen on. (string value)

Compute_port = (integer value)
# Port number monitored by the openstack computing (compute) service. The default value is 8774.

Admin_port = (integer value)
# Admin service listening port number. The default value is 35357.

Public_port = (integer value)
# Port number monitored by the public service. The default value is 5000.

Public_endpoint = (string valuue)
# For the client, the public endpoint of keystone is http: // localhost: 5000 by default.

Admin_endpoint = (string value)
# For the client, the admin endpoint of keystone is http: // localhost: 35357 by default.

Onready = (string value)
# Unknown for the moment
# Onready allows you to send a notification when the process
# Is ready to serve for example, to have it costs y using
# Systemd, one cocould set shell command: "onready = systemd-
# Every y -- ready "or a module with every Y () method:" onready =
# Keystone. Common. systemd ".

Max_request_body_size = (integer value)
# Maximum request capacity, which is executed by Keystone. Middleware: requestbodysizelimiter. The default value is
#114688

Max_param_size = (integer value)
# Maximum length of user and tenant ID/Name

Max_token_size = (integer value)
# Maximum token Length

[Assignment]

 
Dirver

(Stropt) Assignment backend driver

Caching

(Boolopt) cache asignment data. This option is invalid unless global cache is enabled.

Cache_time

(Optional pt) the time when the assignment data is cached (unit: seconds). This option is invalid unless global cache is enabled.

List_limit

(Distinct pt) Capacity of data items in the returned assignment set

[Auth]

 
Methods

(Listopt) Default Authentication Method

Password

(Stropt) password authentication plug-in Module

Token

(Stropt) Token Authentication plug-in Module

External

(Stropt) external (remote_user) authentication plug-in Module

[Cache]

 
Backend

(Stropt) dogpile. cache backend module. We recommend that you use dogpile. cache. memcache or dog in production deployment mode.

-Pile. cache. redis: the backend of dogpile. cache. memory can be used under small-scale loads.

Backend_argument

(Multistropt) parameters passed to the dogpile. cache backend module, refer to the format: "Name: Value"

Config_prefix

(Stropt) is the prefix used to create a configuration dictionary for the buffer domain. This option does not need to be changed unless the same configuration name is dogpile. cache domain.

Debug_cache_backend

(Boolopt) Additional cache backend debugging, usually false

Enabled

(Boolopt) Global cache Switch

Expiration_time

The global cache time (in seconds) in the dogpile. cache domain is applicable to any non-Global cache items that do not explicitly indicate the cache time.

Proxies

(Listopt) can introduce proxy classes that can affect the back-end work of dogpile. cache,

Use_key_mangler

(Boolopt) uses the key-mangling function (for example, SHA-1) to ensure that the cache key length is uniform. It is recommended to set this parameter to true.

[Catalog]

 

Template_file

(Stropt) specifies the directory Template File

Driver

(Stropt) Directory back-end driver
List_limit

(Partition pt) The size of the returned directory set at a time

[Credential]

 

Driver

(Stropt) credential backend driver

[Database]

 

Sqlite_db

(Stropt) Use SQLite file name
Backend

(Stropt) used for the backend of the database

Connection

(Stropt) sqlalchemy connection string connected to the specified database

Slave_connection

 

Mysql_ SQL _mode

(Stropt) SQL mode used by the MySQL session. This setting overwrites the settings at the database server and uses

The SQL mode provided by the database server, which is left empty.

Idle_timeout

(Distinct pt) interval of repeated idle SQL connections

Min_pool_size

(Small pt) the minimum size of the Connection Pool

Max_pool_size

(Maximum pt) the maximum size of the Connection Pool

Max_retries

(Ipvpt) Maximum number of database connection retries in the startup phase.-1 indicates an infinite number of retries.

Retry_interval

Interval PT

Max_overflow

(Partition pt) corresponds to max_overflow in sqlalchemy

Connection_debug

(Batch pt) the complexity of SQL debugging information. 0 indicates nothing, and 100 indicates everything.

Connection_trace

(Boolopt) Add the stack trace of python to SQL as a comment

Pool_timeout

(Partition pt) corresponds to pool_timeout in sqlalchemy

Use_db_reconnect

(Boolopt) enables reconnect to a database of the experimental nature when the connection is lost

Db_retry_interval

(Ipvpt) database reconnection interval (unit: seconds)

Db_inc_retry_interval

(Boolopt) Whether to enable database reconnection incremental Interval
Db_max_retry_interval

(Limit pt) Maximum number of reconnect increments

Db_max_retries

(Batch pt) Maximum number of database connection retries (-1 is infinite)

[EC2]

 

Driver

(Stropt) ec2credential backend driver
   
   
   
   
   
   

[Federation]

 

Assertion_prefix

(Stropt) used to filter asserted parameters from the Environment

Driver

(Stropt) Keystone Alliance back-end driver

[Identity]

 

Default_domain_id

(Stropt) domain used by all identity API V2 requests. It is reserved for V2 users and cannot be deleted by V3 APIs.

Domain_config_dir

(Stropt) when the next option is true, keystone is used to locate the domain-specific identity configuration file
Domain_specific_drivers_enabled

(Boolopt) whether to allow some of all domain names to own their own identity drivers

Driver

(Stropt) Keystone identity backend driver

List_limit

(Partition pt) data item capacity returned by the keystone Server

Max_password_length

(Limit pt) maximum user password length

[KVS]

 

Backends

(Listopt) Additional dogpile. cache backend Module

Config_prefix

(Stropt) is the prefix used to create the configuration dictionary for the KVS domain. Unless there is another dogpile. cache domain with the same configuration name, the default value is not recommended.

Default_lock_timeout

Distributed lock timeout limit

Enable_key_mangler

(Boolopt) we recommend that you set this parameter to true, which is the same as use_key_mangler of [cache ].

[Memcache]

 

Max_compare_and_set_retry

(Batch pt) number of attempts made when using the Compare-and-set token of the memcache backend

Servers

(Listopt) memcache server in "Host: Port" Format

[Oauth1]

 

Access_token_duration

(Ipvpt) Validity Period of the oauth access token (unit: seconds)

Driver

(Stropt) Keystone credential backend driver

Request_token_duration

(Token pt) Validity Period of the oauth request token (unit: seconds)

 [OS _inherit]

 
Enabled

(Boolopt) It can be enabled to inherit roles from the domain to the project.

[Revoke]

 

Caching

(Boolopt) Whether to enable the cache revocation event. It is valid only after the global cache is enabled.

Driver

(Stropt) is the backend driver implemented by the continuous cancellation event.
Expiration_buffer

(Distinct pt) before a cancellation event is deleted from the backend, the value (unit: seconds) will be increased to the token expiration time.

[Stats]

 

Driver

(Stropt) Keystone stats back-end driver

[Token]

 

Bind

(Listopt) external authentication mechanism to be bound with the token, such as Kerberos And X.509

Cache_time

(Ipvpt) cache token time (unit: seconds)

Caching

(Boolopt) indicates whether the cache token is valid only when the global cache is enabled.

Driver

(Stropt) token persistent storage backend driver

Enforce_token_bind

(Stropt) the execution policy provided by the token binding information to Keystone. Optional values include disabled, permissive, strict, required, or the mode that requires binding, such as Kerberos And X.509.

Expiration

(PT) token validity period (unit: seconds)

Provider

(Stropt) controls token construction, verification, revocation, and other operations, including PKI, UUID, and other provider

Revocation_cache_time

The time (in seconds) of the cache Revocation List and the Undo event when the Undo extension is enabled. This setting is invalid unless global cache is enabled.
Revoke_by_id

(Boolopt) revokes the token through the token ID. If it is set to true, multiple forms of enumeration tokens are allowed. We recommend that you disable this option only when undo extension is used and the backend driver is not KVS.

[Trust]

 

Driver

(Stropt) trust the backend driver

Enabled

(Boolopt) Whether to enable proxy and identity play
   
   
   
   
   
   

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.