# # Cookbook Name:: openstack-identity # Recipe:: default # # Copyright 2012-2013, AT&T Services, Inc. # Copyright 2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Set to some text value if you want templated config files # to contain a custom banner at the top of the written file default["openstack"]["identity"]["custom_template_banner"] = " # This file autogenerated by Chef # Do not edit, changes will be overwritten " # Adding these as blank # this needs to be here for the initial deep-merge to work default["credentials"]["EC2"]["admin"]["access"] = "" default["credentials"]["EC2"]["admin"]["secret"] = "" default["openstack"]["identity"]["db"]["username"] = "keystone" # Execute database migrations. There are cases where migrations should not be # executed. For example when upgrading a zone, and the identity database is # replicated across many zones. default["openstack"]["identity"]["db"]["migrate"] = true default["openstack"]["identity"]["verbose"] = "False" default["openstack"]["identity"]["debug"] = "False" default["openstack"]["identity"]["service_port"] = "5000" default["openstack"]["identity"]["admin_port"] = "35357" default["openstack"]["identity"]["region"] = "RegionOne" default["openstack"]["identity"]["bind_interface"] = "lo" # Logging stuff default["openstack"]["identity"]["syslog"]["use"] = false default["openstack"]["identity"]["syslog"]["facility"] = "LOG_LOCAL2" default["openstack"]["identity"]["syslog"]["config_facility"] = "local2" # default["openstack"]["identity"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin", "sysadmin", "netadmin" ] default["openstack"]["identity"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin" ] #TODO(shep): this should probably be derived from keystone.users hash keys default["openstack"]["identity"]["tenants"] = [ "admin", "service"] default["openstack"]["identity"]["admin_user"] = "admin" default["openstack"]["identity"]["admin_tenant_name"] = "admin" default["openstack"]["identity"]["users"] = { default["openstack"]["identity"]["admin_user"] => { "default_tenant" => default["openstack"]["identity"]["admin_tenant_name"], "roles" => { "admin" => [ "admin" ], "KeystoneAdmin" => [ "admin" ], "KeystoneServiceAdmin" => [ "admin" ] } }, "monitoring" => { "password" => "", "default_tenant" => "service", "roles" => { "Member" => [ "admin" ] } } } # PKI signing. Corresponds to the [signing] section of keystone.conf # Note this section is only written if node["openstack"]["auth"]["straegy"] == "pki" default["openstack"]["identity"]["signing"]["basedir"] = "/etc/keystone/ssl" default["openstack"]["identity"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem" default["openstack"]["identity"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem" default["openstack"]["identity"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem" default["openstack"]["identity"]["signing"]["key_size"] = "1024" default["openstack"]["identity"]["signing"]["valid_days"] = "3650" default["openstack"]["identity"]["signing"]["ca_password"] = nil # These switches set the various drivers for the different Keystone components default["openstack"]["identity"]["identity"]["backend"] = "sql" default["openstack"]["identity"]["token"]["backend"] = "sql" default["openstack"]["identity"]["catalog"]["backend"] = "sql" # platform defaults case platform when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this default["openstack"]["identity"]["user"] = "keystone" default["openstack"]["identity"]["group"] = "keystone" default["openstack"]["identity"]["platform"] = { "mysql_python_packages" => [ "MySQL-python" ], "postgresql_python_packages" => [ "python-psycopg2" ], "memcache_python_packages" => [ "python-memcached" ], "keystone_packages" => [ "openstack-keystone" ], "keystone_service" => "openstack-keystone", "keystone_process_name" => "keystone-all", "package_options" => "" } when "suse" default["openstack"]["identity"]["user"] = "openstack-keystone" default["openstack"]["identity"]["group"] = "openstack-keystone" default["openstack"]["identity"]["platform"] = { "mysql_python_packages" => [ "python-mysql" ], "postgresql_python_packages" => [ "python-psycopg2" ], "memcache_python_packages" => [ "python-python-memcached" ], "keystone_packages" => [ "openstack-keystone" ], "keystone_service" => "openstack-keystone", "keystone_process_name" => "keystone-all", "package_options" => "" } when "ubuntu" default["openstack"]["identity"]["user"] = "keystone" default["openstack"]["identity"]["group"] = "keystone" default["openstack"]["identity"]["platform"] = { "mysql_python_packages" => [ "python-mysqldb" ], "postgresql_python_packages" => [ "python-psycopg2" ], "memcache_python_packages" => [ "python-memcache" ], "keystone_packages" => [ "keystone" ], "keystone_service" => "keystone", "keystone_process_name" => "keystone-all", "package_options" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" } end