ad9faae7c3
Include new tables in the config reference. Closes-Bug: #1366489 Closes-Bug: #1374844 Change-Id: I47883b3e524aba67f82304112a066a281c341be3
128 lines
6.9 KiB
XML
128 lines
6.9 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
|
|
<!-- Warning: Do not edit this file. It is automatically
|
|
generated and your changes will be overwritten.
|
|
The tool to do so lives in openstack-doc-tools repository. -->
|
|
<table rules="all" xml:id="config_table_keystone_api">
|
|
<caption>Description of API configuration options</caption>
|
|
<col width="50%"/>
|
|
<col width="50%"/>
|
|
<thead>
|
|
<tr>
|
|
<th>Configuration option = Default value</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<th colspan="2">[DEFAULT]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_bind_host = 0.0.0.0</td>
|
|
<td>(StrOpt) The IP address of the network interface for the admin service to listen on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_endpoint = None</td>
|
|
<td>(StrOpt) The base admin endpoint URL for Keystone that is advertised to clients (NOTE: this does NOT affect how Keystone listens for connections). Defaults to the base host URL of the request. E.g. a request to http://server:35357/v2.0/users will default to http://server:35357. You should only need to set this value if the base URL contains a path (e.g. /prefix/v2.0) or the endpoint should be found on a different server.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_port = 35357</td>
|
|
<td>(IntOpt) The port number which the admin service listens on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_token = ADMIN</td>
|
|
<td>(StrOpt) A "shared secret" that can be used to bootstrap Keystone. This "token" does not represent a user, and carries no explicit authorization. To disable in production (highly recommended), remove AdminTokenAuthMiddleware from your paste application pipelines (for example, in keystone-paste.ini).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_workers = None</td>
|
|
<td>(IntOpt) The number of worker processes to serve the admin WSGI application. Defaults to number of CPUs (minimum of 2).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>compute_port = 8774</td>
|
|
<td>(IntOpt) (Deprecated) The port which the OpenStack Compute service listens on. This option was only used for string replacement in the templated catalog backend. Templated catalogs should replace the "$(compute_port)s" substitution with the static port of the compute service. As of Juno, this option is deprecated and will be removed in the L release.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>domain_id_immutable = True</td>
|
|
<td>(BoolOpt) Set this to false if you want to enable the ability for user, group and project entities to be moved between domains by updating their domain_id. Allowing such movement is not recommended if the scope of a domain admin is being restricted by use of an appropriate policy file (see policy.v3cloudsample as an example).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>list_limit = None</td>
|
|
<td>(IntOpt) The maximum number of entities that will be returned in a collection, with no limit set by default. This global limit may be then overridden for a specific driver, by specifying a list_limit in the appropriate section (e.g. [assignment]).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>max_param_size = 64</td>
|
|
<td>(IntOpt) Limit the sizes of user & project ID/names.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>max_request_body_size = 114688</td>
|
|
<td>(IntOpt) Enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>max_token_size = 8192</td>
|
|
<td>(IntOpt) Similar to max_param_size, but provides an exception for token values.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab</td>
|
|
<td>(StrOpt) During a SQL upgrade member_role_id will be used to create a new role that will replace records in the assignment table with explicit role grants. After migration, the member_role_id will be used in the API add_user_to_project.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>member_role_name = _member_</td>
|
|
<td>(StrOpt) During a SQL upgrade member_role_name will be used to create a new role that will replace records in the assignment table with explicit role grants. After migration, member_role_name will be ignored.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_bind_host = 0.0.0.0</td>
|
|
<td>(StrOpt) The IP address of the network interface for the public service to listen on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_endpoint = None</td>
|
|
<td>(StrOpt) The base public endpoint URL for Keystone that is advertised to clients (NOTE: this does NOT affect how Keystone listens for connections). Defaults to the base host URL of the request. E.g. a request to http://server:5000/v2.0/users will default to http://server:5000. You should only need to set this value if the base URL contains a path (e.g. /prefix/v2.0) or the endpoint should be found on a different server.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_port = 5000</td>
|
|
<td>(IntOpt) The port number which the public service listens on.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>public_workers = None</td>
|
|
<td>(IntOpt) The number of worker processes to serve the public WSGI application. Defaults to number of CPUs (minimum of 2).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>strict_password_check = False</td>
|
|
<td>(BoolOpt) If set to true, strict password length checking is performed for password manipulation. If a password exceeds the maximum length, the operation will fail with an HTTP 403 Forbidden error. If set to false, passwords are automatically truncated to the maximum length.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tcp_keepalive = False</td>
|
|
<td>(BoolOpt) Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. sockets used by the Keystone wsgi server for client connections.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tcp_keepidle = 600</td>
|
|
<td>(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only applies if tcp_keepalive is true. Not supported on OS X.</td>
|
|
</tr>
|
|
<tr>
|
|
<th colspan="2">[endpoint_filter]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter</td>
|
|
<td>(StrOpt) Endpoint Filter backend driver</td>
|
|
</tr>
|
|
<tr>
|
|
<td>return_all_endpoints_if_no_filter = True</td>
|
|
<td>(BoolOpt) Toggle to return all active endpoints if no filter exists.</td>
|
|
</tr>
|
|
<tr>
|
|
<th colspan="2">[endpoint_policy]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy</td>
|
|
<td>(StrOpt) Endpoint policy backend driver</td>
|
|
</tr>
|
|
<tr>
|
|
<th colspan="2">[paste_deploy]</th>
|
|
</tr>
|
|
<tr>
|
|
<td>config_file = keystone-paste.ini</td>
|
|
<td>(StrOpt) Name of the paste configuration file that defines the available pipelines.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</para>
|