How to add an extension to keystone.conf ?

asked 2015-03-10 06:59:43 -0600

Valter Henrique gravatar image

I have this in /etc/keystone/keystone.conf:

admin_token = XXX

public_bind_host = 192.168.0.XXX
admin_bind_host = 192.168.0.XXX

rabbit_use_ssl = false
rabbit_userid = XXX
rabbit_password = XXX
rabbit_virtual_host = /

connection = mysql://keystone:XXX@

driver = keystone.identity.backends.sql.Identity

driver = keystone.catalog.backends.sql.Catalog

driver = keystone.token.persistence.backends.sql.Token
expiration = 14400

# driver = keystone.policy.backends.sql.Policy

driver = keystone.contrib.ec2.backends.sql.Ec2

#enable = True
#certfile = /etc/keystone/ssl/certs/keystone.pem
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = True

certfile = /mnt/state/etc/keystone/ssl/certs/signing_cert.pem
keyfile = /mnt/state/etc/keystone/ssl/private/signing_key.pem
ca_certs = /mnt/state/etc/keystone/ssl/certs/ca.pem
ca_key = /mnt/state/etc/keystone/ssl/private/cakey.pem
#key_size = 1024
#valid_days = 3650
#ca_password = None

provider = keystone.token.providers.uuid.Provider

I would like to add this extension:

driver =
enabled = True
  1. How can I do that ?
  2. Can I just type this in the file and everything will be working properly ?

I really don't know anything about keystone but I'm reading some stuff in order to achive my goal, any help or direction would be very appreciated.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-03-10 10:18:27 -0600

Trusts are enabled by default. You don't need to do anything. You need to change the options in keystone.conf only if you don't like the default values. You can check the default values at

Also enabled=True is for different purpose and is not for enable/disable of trust. Assuming you have a valid token you can do

curl -k -H "X-Auth-Token:<your admin="" token""="" http:="" <keystone_host_name="">:35357/v3/OS-TRUST/trusts

Above command will list the trusts in the system. Most probably you will be getting an empty list

edit flag offensive delete link more


Thank you so much @Haneef Ali! :)

Valter Henrique gravatar imageValter Henrique ( 2015-03-10 14:19:52 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-03-10 06:59:43 -0600

Seen: 260 times

Last updated: Mar 10 '15