Complete keystone configuration for icehouse (updated)

This document describes the keystone. conf configuration file for the keystone release of icehouse.

[Default]
Admin_token = (string value)
# This is a known password used to initialize Keystone, it is strongly recommended to disable in production mode, just remove the admintokenauthmiddleware pipeline in the # keystone-paste.ini File

Public_bind_host = (string value)
# The IP address of the network interface to for the public
# Service to listen on. (string value)

Admin_bind_host = (string value)
# The IP address of the network interface to for the admin
# Service to listen on. (string value)

Compute_port = (integer value)
# Port number monitored by the openstack computing (compute) service. The default value is 8774.

Admin_port = (integer value)
# Admin service listening port number. The default value is 35357.

Public_port = (integer value)
# Port number monitored by the public service. The default value is 5000.

Public_endpoint = (string valuue)
# For the client, the public endpoint of keystone is http: // localhost: 5000 by default.

Admin_endpoint = (string value)
# For the client, the admin endpoint of keystone is http: // localhost: 35357 by default.

Onready = (string value)
# Unknown for the moment
# Onready allows you to send a notification when the process
# Is ready to serve for example, to have it costs y using
# Systemd, one cocould set shell command: "onready = systemd-
# Every y -- ready "or a module with every Y () method:" onready =
# Keystone. Common. systemd ".

Max_request_body_size = (integer value)
# Maximum request capacity, which is executed by Keystone. Middleware: requestbodysizelimiter. The default value is
#114688

Max_param_size = (integer value)
# Maximum length of user and tenant ID/Name

Max_token_size = (integer value)
# Maximum token Length

[Assignment]
Dirver	(Stropt) Assignment backend driver
Caching	(Boolopt) cache asignment data. This option is invalid unless global cache is enabled.
Cache_time	(Optional pt) the time when the assignment data is cached (unit: seconds). This option is invalid unless global cache is enabled.
List_limit	(Distinct pt) Capacity of data items in the returned assignment set
[Auth]
Methods	(Listopt) Default Authentication Method
Password	(Stropt) password authentication plug-in Module
Token	(Stropt) Token Authentication plug-in Module
External	(Stropt) external (remote_user) authentication plug-in Module
[Cache]
Backend	(Stropt) dogpile. cache backend module. We recommend that you use dogpile. cache. memcache or dog in production deployment mode. -Pile. cache. redis: the backend of dogpile. cache. memory can be used under small-scale loads.
Backend_argument	(Multistropt) parameters passed to the dogpile. cache backend module, refer to the format: "Name: Value"
Config_prefix	(Stropt) is the prefix used to create a configuration dictionary for the buffer domain. This option does not need to be changed unless the same configuration name is dogpile. cache domain.
Debug_cache_backend	(Boolopt) Additional cache backend debugging, usually false
Enabled	(Boolopt) Global cache Switch
Expiration_time	The global cache time (in seconds) in the dogpile. cache domain is applicable to any non-Global cache items that do not explicitly indicate the cache time.
Proxies	(Listopt) can introduce proxy classes that can affect the back-end work of dogpile. cache,
Use_key_mangler	(Boolopt) uses the key-mangling function (for example, SHA-1) to ensure that the cache key length is uniform. It is recommended to set this parameter to true.
[Catalog]
Template_file	(Stropt) specifies the directory Template File
Driver	(Stropt) Directory back-end driver
List_limit	(Partition pt) The size of the returned directory set at a time
[Credential]
Driver	(Stropt) credential backend driver
[Database]
Sqlite_db	(Stropt) Use SQLite file name
Backend	(Stropt) used for the backend of the database
Connection	(Stropt) sqlalchemy connection string connected to the specified database
Slave_connection
Mysql_ SQL _mode	(Stropt) SQL mode used by the MySQL session. This setting overwrites the settings at the database server and uses The SQL mode provided by the database server, which is left empty.
Idle_timeout	(Distinct pt) interval of repeated idle SQL connections
Min_pool_size	(Small pt) the minimum size of the Connection Pool
Max_pool_size	(Maximum pt) the maximum size of the Connection Pool
Max_retries	(Ipvpt) Maximum number of database connection retries in the startup phase.-1 indicates an infinite number of retries.
Retry_interval	Interval PT
Max_overflow	(Partition pt) corresponds to max_overflow in sqlalchemy
Connection_debug	(Batch pt) the complexity of SQL debugging information. 0 indicates nothing, and 100 indicates everything.
Connection_trace	(Boolopt) Add the stack trace of python to SQL as a comment
Pool_timeout	(Partition pt) corresponds to pool_timeout in sqlalchemy
Use_db_reconnect	(Boolopt) enables reconnect to a database of the experimental nature when the connection is lost
Db_retry_interval	(Ipvpt) database reconnection interval (unit: seconds)
Db_inc_retry_interval	(Boolopt) Whether to enable database reconnection incremental Interval
Db_max_retry_interval	(Limit pt) Maximum number of reconnect increments
Db_max_retries	(Batch pt) Maximum number of database connection retries (-1 is infinite)
[EC2]
Driver	(Stropt) ec2credential backend driver
[Federation]
Assertion_prefix	(Stropt) used to filter asserted parameters from the Environment
Driver	(Stropt) Keystone Alliance back-end driver
[Identity]
Default_domain_id	(Stropt) domain used by all identity API V2 requests. It is reserved for V2 users and cannot be deleted by V3 APIs.
Domain_config_dir	(Stropt) when the next option is true, keystone is used to locate the domain-specific identity configuration file
Domain_specific_drivers_enabled	(Boolopt) whether to allow some of all domain names to own their own identity drivers
Driver	(Stropt) Keystone identity backend driver
List_limit	(Partition pt) data item capacity returned by the keystone Server
Max_password_length	(Limit pt) maximum user password length
[KVS]
Backends	(Listopt) Additional dogpile. cache backend Module
Config_prefix	(Stropt) is the prefix used to create the configuration dictionary for the KVS domain. Unless there is another dogpile. cache domain with the same configuration name, the default value is not recommended.
Default_lock_timeout	Distributed lock timeout limit
Enable_key_mangler	(Boolopt) we recommend that you set this parameter to true, which is the same as use_key_mangler of [cache ].
[Memcache]
Max_compare_and_set_retry	(Batch pt) number of attempts made when using the Compare-and-set token of the memcache backend
Servers	(Listopt) memcache server in "Host: Port" Format
[Oauth1]
Access_token_duration	(Ipvpt) Validity Period of the oauth access token (unit: seconds)
Driver	(Stropt) Keystone credential backend driver
Request_token_duration	(Token pt) Validity Period of the oauth request token (unit: seconds)
[OS _inherit]
Enabled	(Boolopt) It can be enabled to inherit roles from the domain to the project.
[Revoke]
Caching	(Boolopt) Whether to enable the cache revocation event. It is valid only after the global cache is enabled.
Driver	(Stropt) is the backend driver implemented by the continuous cancellation event.
Expiration_buffer	(Distinct pt) before a cancellation event is deleted from the backend, the value (unit: seconds) will be increased to the token expiration time.
[Stats]
Driver	(Stropt) Keystone stats back-end driver
[Token]
Bind	(Listopt) external authentication mechanism to be bound with the token, such as Kerberos And X.509
Cache_time	(Ipvpt) cache token time (unit: seconds)
Caching	(Boolopt) indicates whether the cache token is valid only when the global cache is enabled.
Driver	(Stropt) token persistent storage backend driver
Enforce_token_bind	(Stropt) the execution policy provided by the token binding information to Keystone. Optional values include disabled, permissive, strict, required, or the mode that requires binding, such as Kerberos And X.509.
Expiration	(PT) token validity period (unit: seconds)
Provider	(Stropt) controls token construction, verification, revocation, and other operations, including PKI, UUID, and other provider
Revocation_cache_time	The time (in seconds) of the cache Revocation List and the Undo event when the Undo extension is enabled. This setting is invalid unless global cache is enabled.
Revoke_by_id	(Boolopt) revokes the token through the token ID. If it is set to true, multiple forms of enumeration tokens are allowed. We recommend that you disable this option only when undo extension is used and the backend driver is not KVS.
[Trust]
Driver	(Stropt) trust the backend driver
Enabled	(Boolopt) Whether to enable proxy and identity play