config-ref: include keystone tables

Include keystone configuration options in the Identity section.

There is room for lots of improvements, but this first step will at
least make the info available.

Replace "Identity Service" with "Identity service" in the config-ref.

Closes-Bug: #1277330
Change-Id: I2dfac169c89bdbecd67322923a6a84f2155c4150
This commit is contained in:
Gauvain Pocentek 2014-04-16 21:27:20 +02:00
parent 4d72787ebb
commit 6a10e75a55
6 changed files with 56 additions and 128 deletions

View File

@ -1,114 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="keystone-configuration-file">
<title>Identity Service configuration files</title>
<variablelist>
<varlistentry>
<term>keystone.conf</term>
<listitem>
<para>The Identity Service
<filename>/etc/keystone/keystone.conf</filename>
configuration file is an INI-format file with
sections.</para>
<para>The <literal>[DEFAULT]</literal> section configures
general configuration values.</para>
<para>Specific sections, such as the <literal>[database]</literal>
and <literal>[ec2]</literal> sections, configure individual
services.</para>
<table rules="all">
<caption>keystone.conf file sections</caption>
<col width="30%"/>
<col width="70%"/>
<thead>
<tr>
<th>Section</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><literal>[DEFAULT]</literal></td>
<td>General configuration.</td>
</tr>
<tr>
<td><literal>[database]</literal></td>
<td>Optional storage back-end configuration.</td>
</tr>
<tr>
<td><literal>[ec2]</literal></td>
<td>Amazon EC2 authentication driver configuration.</td>
</tr>
<tr>
<td><literal>[s3]</literal></td>
<td>Amazon S3 authentication driver configuration.</td>
</tr>
<tr>
<td><literal>[identity]</literal></td>
<td>Identity Service system driver configuration.</td>
</tr>
<tr>
<td><literal>[catalog]</literal></td>
<td>Service catalog driver configuration.</td>
</tr>
<tr>
<td><literal>[token]</literal></td>
<td>Token driver configuration.</td>
</tr>
<tr>
<td><literal>[policy]</literal></td>
<td>Policy system driver configuration for RBAC.</td>
</tr>
<tr>
<td><literal>[signing]</literal></td>
<td>Cryptographic signatures for PKI based tokens.</td>
</tr>
<tr>
<td><literal>[ssl]</literal></td>
<td>SSL configuration.</td>
</tr>
</tbody>
</table>
<para>When you start the Identity Service, you can use the
<parameter>--config-file</parameter> parameter to specify
a configuration file.</para>
<para>If you do not specify a configuration file, the Identity
Service looks for the <filename>keystone.conf</filename>
configuration file in these directories in this
order:</para>
<orderedlist>
<listitem>
<para>
<literal>~/.keystone</literal>
</para>
</listitem>
<listitem>
<para>
<literal>~/</literal>
</para>
</listitem>
<listitem>
<para>
<literal>/etc/keystone</literal>
</para>
</listitem>
<listitem>
<para>
<literal>/etc</literal>
</para>
</listitem>
</orderedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>keystone-paste.ini</term>
<listitem>
<para>The
<filename>/etc/keystone/keystone-paste.ini</filename> file
configures the Identity Service WSGI middleware
pipeline.</para>
</listitem>
</varlistentry>
</variablelist>
</section>

View File

@ -23,7 +23,7 @@
directory.</para>
</listitem>
<listitem>
<para>Related Image Service and Identity Service management
<para>Related Image Service and Identity service management
configuration files.</para>
</listitem>
</itemizedlist>
@ -41,7 +41,7 @@
<title>Configure authentication and authorization</title>
<para>There are different methods of authentication for the
OpenStack Compute project, including no authentication. The
preferred system is the OpenStack Identity Service, code-named
preferred system is the OpenStack Identity service, code-named
Keystone.</para>
<para>To customize authorization settings for Compute, use the
configuration options documented in

View File

@ -7,13 +7,55 @@
xmlns:ns4="http://www.w3.org/2000/svg"
xmlns:ns3="http://www.w3.org/1998/Math/MathML"
xmlns:ns="http://docbook.org/ns/docbook">
<title>Identity Service</title>
<para>This chapter details the OpenStack Identity Service configuration
<title>Identity service</title>
<para>This chapter details the OpenStack Identity service configuration
options. For installation prerequisites and step-by-step walkthroughs, see the
<citetitle>OpenStack Installation Guide</citetitle> for your distribution (<link xlink:href="docs.openstack.org"
>docs.openstack.org</link>) and <citetitle><link
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/">Cloud
Administrator Guide</link></citetitle>.</para>
<xi:include href="../common/section_identity-configure.xml"/>
<xi:include href="../common/section_keystone-sample-conf-files.xml"/>
<section xml:id="keystone-configuration-file">
<title>Identity service configuration file</title>
<para>The Identity service is configured in the
<filename>/etc/keystone/keystone.conf</filename> file.</para>
<para>The following tables provide a comprehensive list of the Identity
service options.</para>
<xi:include href="../common/tables/keystone-api.xml"/>
<xi:include href="../common/tables/keystone-assignment.xml"/>
<xi:include href="../common/tables/keystone-auth.xml"/>
<xi:include href="../common/tables/keystone-cache.xml"/>
<xi:include href="../common/tables/keystone-catalog.xml"/>
<xi:include href="../common/tables/keystone-credential.xml"/>
<xi:include href="../common/tables/keystone-database.xml"/>
<xi:include href="../common/tables/keystone-debug.xml"/>
<xi:include href="../common/tables/keystone-ec2.xml"/>
<xi:include href="../common/tables/keystone-federation.xml"/>
<xi:include href="../common/tables/keystone-identity.xml"/>
<xi:include href="../common/tables/keystone-kvs.xml"/>
<xi:include href="../common/tables/keystone-ldap.xml"/>
<xi:include href="../common/tables/keystone-logging.xml"/>
<xi:include href="../common/tables/keystone-memcache.xml"/>
<xi:include href="../common/tables/keystone-misc.xml"/>
<xi:include href="../common/tables/keystone-notification.xml"/>
<xi:include href="../common/tables/keystone-oauth.xml"/>
<xi:include href="../common/tables/keystone-os_inherit.xml"/>
<xi:include href="../common/tables/keystone-policy.xml"/>
<xi:include href="../common/tables/keystone-revoke.xml"/>
<xi:include href="../common/tables/keystone-security.xml"/>
<xi:include href="../common/tables/keystone-ssl.xml"/>
<xi:include href="../common/tables/keystone-stats.xml"/>
<xi:include href="../common/tables/keystone-token.xml"/>
<xi:include href="../common/tables/keystone-trust.xml"/>
<xi:include href="../common/tables/keystone-rpc.xml"/>
<xi:include href="../common/tables/keystone-amqp.xml"/>
<xi:include href="../common/tables/keystone-qpid.xml"/>
<xi:include href="../common/tables/keystone-rabbit.xml"/>
<xi:include href="../common/tables/keystone-zeromq.xml"/>
<xi:include href="../common/tables/keystone-redis.xml"/>
</section>
<xi:include href="identity/section_keystone-sample-conf-files.xml"/>
</chapter>

View File

@ -9,10 +9,10 @@
<title>keystone_policy.json</title>
<para>The <filename>keystone_policy.json</filename> file
defines additional access controls for the dashboard that
apply to the Identity Service.</para>
apply to the Identity service.</para>
<note>
<para>The <filename>keystone_policy.json</filename> file
must match the Identity Service
must match the Identity service
<filename>/etc/keystone/policy.json</filename>
policy file.</para>
</note>

View File

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="sample-configuration-files">
<title>Identity Service sample configuration files</title>
<title>Identity service sample configuration files</title>
<para>All the files in this section can be found in the <systemitem>/etc/keystone</systemitem>
directory.</para>
<section xml:id="section_keystone.conf">
@ -19,7 +19,7 @@
<title>keystone-paste.ini</title>
<para>The <filename>keystone-paste.ini</filename> file configures the
Web Service Gateway Interface (WSGI) middleware pipeline for
the Identity Service.
the Identity service.
</para>
<para>
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone-paste.ini"/>
@ -41,10 +41,10 @@
<section xml:id="section_keystone-policy.json">
<title>policy.json</title>
<para>The <filename>policy.json</filename> file defines additional access controls that
apply to the Identity Service.</para>
apply to the Identity service.</para>
<para>
<programlisting language="json"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/policy.json"/>
</programlisting>
</para>
</section>
</section>
</section>

View File

@ -54,13 +54,13 @@
<td/>
</tr>
<tr>
<td>Identity Service (<literal>keystone</literal>)
<td>Identity service (<literal>keystone</literal>)
administrative endpoint</td>
<td>35357</td>
<td>adminurl</td>
</tr>
<tr>
<td>Identity Service public endpoint</td>
<td>Identity service public endpoint</td>
<td>5000</td>
<td>publicurl</td>
</tr>