Ask Your Question
0

How to add an extension to keystone.conf ?

asked 2015-03-10 06:59:43 -0500

Valter Henrique gravatar image

I have this in /etc/keystone/keystone.conf:

[DEFAULT]
admin_token = XXX
log_config_append=/etc/keystone/logging.conf

public_bind_host = 192.168.0.XXX
admin_bind_host = 192.168.0.XXX

rabbit_use_ssl = false
rabbit_userid = XXX
rabbit_password = XXX
rabbit_virtual_host = /
rabbit_host=127.0.0.1

[sql]
connection = mysql://keystone:XXX@192.168.0.1/keystone

[identity]
driver = keystone.identity.backends.sql.Identity

[catalog]
driver = keystone.catalog.backends.sql.Catalog

[token]
driver = keystone.token.persistence.backends.sql.Token
expiration = 14400

[policy]
# driver = keystone.policy.backends.sql.Policy

[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2

[ssl]
#enable = True
#certfile = /etc/keystone/ssl/certs/keystone.pem
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = True

[signing]
certfile = /mnt/state/etc/keystone/ssl/certs/signing_cert.pem
keyfile = /mnt/state/etc/keystone/ssl/private/signing_key.pem
ca_certs = /mnt/state/etc/keystone/ssl/certs/ca.pem
ca_key = /mnt/state/etc/keystone/ssl/private/cakey.pem
#key_size = 1024
#valid_days = 3650
#ca_password = None

[token]
provider = keystone.token.providers.uuid.Provider

I would like to add this extension:

[trust]
driver = keystone.trust.backends.sql.Trust
enabled = True
  1. How can I do that ?
  2. Can I just type this in the file and everything will be working properly ?

I really don't know anything about keystone but I'm reading some stuff in order to achive my goal, any help or direction would be very appreciated.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-03-10 10:18:27 -0500

Trusts are enabled by default. You don't need to do anything. You need to change the options in keystone.conf only if you don't like the default values. You can check the default values at

https://github.com/openstack/keystone...

Also enabled=True is for different purpose and is not for enable/disable of trust. Assuming you have a valid token you can do

curl -k -H "X-Auth-Token:<your admin="" token""="" http:="" <keystone_host_name="">:35357/v3/OS-TRUST/trusts

Above command will list the trusts in the system. Most probably you will be getting an empty list

edit flag offensive delete link more

Comments

Thank you so much @Haneef Ali! :)

Valter Henrique gravatar imageValter Henrique ( 2015-03-10 14:19:52 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-03-10 06:59:43 -0500

Seen: 223 times

Last updated: Mar 10 '15