a6bce01980
The XML root element of Docbook XML files should match the following format: <ELEMENT xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="THE_XML_ID_OF_THE_ELEMENT"> Change-Id: I02a75b63d0fb3ea4a7d015794b9229a94ddad279
70 lines
4.0 KiB
XML
70 lines
4.0 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="sample-configuration-files">
|
|
<title>Identity service sample configuration files</title>
|
|
<para>You can find the files described in this section in the
|
|
<systemitem>/etc/keystone</systemitem> directory.</para>
|
|
<section xml:id="section_keystone.conf">
|
|
<title>keystone.conf</title>
|
|
<para>Use the <filename>keystone.conf</filename> file to
|
|
configure most Identity service options:</para>
|
|
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone.conf.sample?h=stable/icehouse"/>
|
|
</programlisting>
|
|
</section>
|
|
<section xml:id="section_keystone-paste.ini">
|
|
<title>keystone-paste.ini</title>
|
|
<para>Use the <filename>keystone-paste.ini</filename> file to
|
|
configure the Web Service Gateway Interface (WSGI)
|
|
middleware pipeline for the Identity service.</para>
|
|
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone-paste.ini?h=stable/icehouse"/>
|
|
</programlisting>
|
|
</section>
|
|
<section xml:id="section_keystone-logging.conf">
|
|
<title>logging.conf</title>
|
|
<para>You can specify a special logging configuration file in
|
|
the <filename>keystone.conf</filename> configuration file.
|
|
For example,
|
|
<filename>/etc/keystone/logging.conf</filename>.</para>
|
|
<para>For details, see the (<link
|
|
xlink:href="http://docs.python.org/2/howto/logging.html#configuring-logging"
|
|
>Python logging module documentation</link>).</para>
|
|
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/logging.conf.sample?h=stable/icehouse"/>
|
|
</programlisting>
|
|
</section>
|
|
<section xml:id="section_keystone-policy.json">
|
|
<title>policy.json</title>
|
|
<para>Use the <filename>policy.json</filename> file to define
|
|
additional access controls that apply to the Identity
|
|
service.</para>
|
|
<programlisting language="json"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/policy.json?h=stable/icehouse"/></programlisting>
|
|
</section>
|
|
<section xml:id="section_keystone-domain-configs">
|
|
<title>Domain-specific configuration</title>
|
|
<para>Identity enables you to configure domain-specific
|
|
authentication drivers. For example, you can configure a
|
|
domain to have its own LDAP or SQL server.</para>
|
|
<para>By default, the option to configure domain-specific
|
|
drivers is disabled.</para>
|
|
<para>To enable domain-specific drivers, set these options in
|
|
<literal>[identity]</literal> section in the
|
|
<filename>keystone.conf</filename> file:</para>
|
|
<programlisting language="ini">[identity]
|
|
domain_specific_drivers_enabled = True
|
|
domain_config_dir = /etc/keystone/domains</programlisting>
|
|
<para>When you enable domain-specific drivers, Identity looks
|
|
in the <option>domain_config_dir</option> directory for
|
|
configuration files that are named as follows:
|
|
<filename>keystone.<replaceable>DOMAIN_NAME</replaceable>.conf</filename>,
|
|
where <replaceable>DOMAIN_NAME</replaceable> is the domain
|
|
name.</para>
|
|
<para>Any options that you define in the domain-specific
|
|
configuration file override options in the primary
|
|
configuration file for the specified domain. Any domain
|
|
without a domain-specific configuration file uses only the
|
|
options in the primary configuration file.</para>
|
|
</section>
|
|
</section>
|