Keystone is an OpenStack project that provides Identity, Token, Catalog and
Policy services for use specifically by projects in the OpenStack family. It
implements OpenStack’s Identity API.
- misc ›
This charm provides Keystone, the Openstack identity service. It's target
platform is Ubuntu Precise + Openstack Essex. This has not been tested
using Oneiric + Diablo.
It provides two interfaces.
- identity-service: Openstack API endpoints request an entry in the Keystone service catalog + endpoint template catalog. When a relation is established, Keystone receives: service name, region, public_url, admin_url and internal_url. It first checks that the requested service is listed as a supported service. This list should stay updated to support current Openstack core services. If the services is supported, a entry in the service catalog is created, an endpoint template is created and a admin token is generated. The other end of the relation recieves the token as well as info on which ports Keystone is listening. - keystone-service: This is currently only used by Horizon/dashboard as its interaction with Keystone is different from other Openstack API servicies. That is, Horizon requests a Keystone role and token exists. During a relation, Horizon requests its configured default role and Keystone responds with a token and the auth + admin ports on which Keystone is listening.
Keystone requires a database. By default, a local sqlite database is used.
The charm supports relations to a shared-db via mysql-shared interface. When
a new data store is configured, the charm ensures the minimum administrator
credentials exist (as configured via charm configuration)
VIP is only required if you plan on multi-unit clusterming. The VIP becomes a highly-available API endpoint.
- (string) Admin password. To be used *for testing only*. Randomly generated by default.
- (int) Port the bind the Admin API server to
- (string) Admin role to be associated with admin and service users
- (string) Admin token. If set, this token will be used for all services instead of being generated per service.
- (string) Default admin user to create and manage
- (string) Location of keystone configuration file
- (string) Database name
- (string) Database username
- (string) Enable verbose logging
- (string) Enable PKI token signing (Grizzly and beyond)
- (string) Default network interface on which HA cluster will bind to communication with the other members of the HA Cluster.
- (int) Default multicast port number that will be used to communicate between HA Cluster nodes.
- (string) Manage SSL certificates for all service endpoints.
- (string) Role that allows admin operations (access to all operations)
- (string) Role that allows acting as service admin
- (string) Log level (WARNING, INFO, DEBUG, ERROR)
- (string) Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry, or a supported Cloud Archive release pocket. Supported Cloud Archive sources include: cloud:precise-folsom, cloud:precise-folsom/updates, cloud:precise-folsom/staging, cloud:precise-folsom/proposed. Note that updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.
- (string) OpenStack Region(s) - separate multiple regions with single space
- (int) Port the bind the API server to
- (string) Name of tenant to associate service credentials.
- (string) Expiration date of generated admin tokens
- (boolean) By default, all services will log into their corresponding log files. Setting this to True will force all services to log to the syslog.
- (string) Enable debug logging
- (string) Virtual IP to use to front keystone in ha configuration
- (int) Netmask that will be used for the Virtual IP
- (string) Network Interface where to place the Virtual IP