forked from openstack-charmers/charm-keystone-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yaml
92 lines (84 loc) · 2.78 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# Copyright 2021 Canonical Ltd.
# See LICENSE file for licensing details.
#
options:
debug:
default: False
description: Enable debug logging.
type: boolean
log-level:
default: WARNING
type: string
description: Log level (WARNING, INFO, DEBUG, ERROR)
admin-user:
default: admin
description: Default admin user for keystone
type: string
admin-role:
default: Admin
description: Admin role to be associated with admin and service users
type: string
service-tenant:
default: services
description: Name of tenant to associate with service credentials
type: string
service-port:
default: 5000
description: Port the public and internal endpoints will listen on
type: int
admin-port:
default: 35357
description: Port the admin endpoint will listen on
type: int
os-admin-hostname:
default:
description: |
The hostname or address of the admin endpoints that should be advertised
in the keystone identity provider.
type: string
os-internal-hostname:
default:
description: |
The hostname or address of the internal endpoints that should be advertised
in the keystone identity provider.
type: string
os-public-hostname:
default:
description: |
The hostname or address of the internal endpoints that should be advertised
in the keystone identity provider.
type: string
region:
default: RegionOne
description: Space delimited list of OpenStack regions
type: string
fernet-max-active-keys:
type: int
default: 3
description: |
This is the maximum number of active keys. It has a minimum of 3, which includes the
spare and staging keys. When set to 3, the rotation time for the keys is the same as
the token expiration time. When set to a higher value, the rotation time is less than
the `token-expiration` time as calculated by:
rotation-time = token-expiration / (fernet-max-active-keys -2)
Please see the charm documentation for further details about how to use the Fernet token
parameters to achieve a key strategy appropriate for the system in question.
token-expiration:
type: int
default: 3600
description: Amount of time (in seconds) a token should remain valid.
catalog-cache-expiration:
type: int
default: 60
description: Amount of time (in seconds) the catalog should be cached for.
dogpile-cache-expiration:
type: int
default: 60
description: |
Amount of time (in seconds) to cache items in the dogpile.cache. This only applies
to cached methods that do not have an explicitly defined cache expiration time.
identity-backend:
type: string
default: "sql"
description: |
Keystone identity backend, valid options are sql and pam