Browse code
make keystone use mysql
Anthony Young authored on 2011/09/14 04:01:45Showing 2 changed files
| 1 | 1 |
new file mode 100755 |
| ... | ... |
@@ -0,0 +1,86 @@ |
| 0 |
+[DEFAULT] |
|
| 1 |
+# Show more verbose log output (sets INFO log level output) |
|
| 2 |
+verbose = False |
|
| 3 |
+ |
|
| 4 |
+# Show debugging output in logs (sets DEBUG log level output) |
|
| 5 |
+debug = False |
|
| 6 |
+ |
|
| 7 |
+# Which backend store should Keystone use by default. |
|
| 8 |
+# Default: 'sqlite' |
|
| 9 |
+# Available choices are 'sqlite' [future will include LDAP, PAM, etc] |
|
| 10 |
+default_store = sqlite |
|
| 11 |
+ |
|
| 12 |
+# Log to this file. Make sure you do not set the same log |
|
| 13 |
+# file for both the API and registry servers! |
|
| 14 |
+log_file = /opt/keystone/keystone.log |
|
| 15 |
+ |
|
| 16 |
+# List of backends to be configured |
|
| 17 |
+backends = keystone.backends.sqlalchemy |
|
| 18 |
+#For LDAP support, add: ,keystone.backends.ldap |
|
| 19 |
+ |
|
| 20 |
+# Dictionary Maps every service to a header.Missing services would get header |
|
| 21 |
+# X_(SERVICE_NAME) Key => Service Name, Value => Header Name |
|
| 22 |
+service-header-mappings = {
|
|
| 23 |
+ 'nova' : 'X-Server-Management-Url', |
|
| 24 |
+ 'swift' : 'X-Storage-Url', |
|
| 25 |
+ 'cdn' : 'X-CDN-Management-Url'} |
|
| 26 |
+ |
|
| 27 |
+# Address to bind the API server |
|
| 28 |
+# TODO Properties defined within app not available via pipeline. |
|
| 29 |
+service_host = 0.0.0.0 |
|
| 30 |
+ |
|
| 31 |
+# Port the bind the API server to |
|
| 32 |
+service_port = 5000 |
|
| 33 |
+ |
|
| 34 |
+# Address to bind the Admin API server |
|
| 35 |
+admin_host = 0.0.0.0 |
|
| 36 |
+ |
|
| 37 |
+# Port the bind the Admin API server to |
|
| 38 |
+admin_port = 5001 |
|
| 39 |
+ |
|
| 40 |
+#Role that allows to perform admin operations. |
|
| 41 |
+keystone-admin-role = Admin |
|
| 42 |
+ |
|
| 43 |
+#Role that allows to perform service admin operations. |
|
| 44 |
+keystone-service-admin-role = KeystoneServiceAdmin |
|
| 45 |
+ |
|
| 46 |
+[keystone.backends.sqlalchemy] |
|
| 47 |
+# SQLAlchemy connection string for the reference implementation registry |
|
| 48 |
+# server. Any valid SQLAlchemy connection string is fine. |
|
| 49 |
+# See: http://bit.ly/ideIpI |
|
| 50 |
+#sql_connection = sqlite:///keystone.db |
|
| 51 |
+sql_connection = mysql://root:nova@localhost/keystone |
|
| 52 |
+backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', |
|
| 53 |
+ 'User', 'Credentials', 'EndpointTemplates', 'Token', |
|
| 54 |
+ 'Service'] |
|
| 55 |
+ |
|
| 56 |
+# Period in seconds after which SQLAlchemy should reestablish its connection |
|
| 57 |
+# to the database. |
|
| 58 |
+sql_idle_timeout = 30 |
|
| 59 |
+ |
|
| 60 |
+[pipeline:admin] |
|
| 61 |
+pipeline = |
|
| 62 |
+ urlrewritefilter |
|
| 63 |
+ admin_api |
|
| 64 |
+ |
|
| 65 |
+[pipeline:keystone-legacy-auth] |
|
| 66 |
+pipeline = |
|
| 67 |
+ urlrewritefilter |
|
| 68 |
+ legacy_auth |
|
| 69 |
+ RAX-KEY-extension |
|
| 70 |
+ service_api |
|
| 71 |
+ |
|
| 72 |
+[app:service_api] |
|
| 73 |
+paste.app_factory = keystone.server:service_app_factory |
|
| 74 |
+ |
|
| 75 |
+[app:admin_api] |
|
| 76 |
+paste.app_factory = keystone.server:admin_app_factory |
|
| 77 |
+ |
|
| 78 |
+[filter:urlrewritefilter] |
|
| 79 |
+paste.filter_factory = keystone.middleware.url:filter_factory |
|
| 80 |
+ |
|
| 81 |
+[filter:legacy_auth] |
|
| 82 |
+paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory |
|
| 83 |
+ |
|
| 84 |
+[filter:RAX-KEY-extension] |
|
| 85 |
+paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory |
| ... | ... |
@@ -222,12 +222,15 @@ mkdir -p $NOVA_DIR/networks |
| 222 | 222 |
# (re)create nova database |
| 223 | 223 |
mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE nova;' || true |
| 224 | 224 |
mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE nova;' |
| 225 |
+mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE keystone;' || true |
|
| 226 |
+mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' |
|
| 225 | 227 |
$NOVA_DIR/bin/nova-manage db sync |
| 226 | 228 |
|
| 229 |
+# FIXME (anthony) keystone should use keystone.conf.example |
|
| 230 |
+KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf |
|
| 231 |
+cp $DIR/files/keystone.conf $KEYSTONE_CONF |
|
| 232 |
+ |
|
| 227 | 233 |
# initialize keystone with default users/endpoints |
| 228 |
-rm -f /opt/keystone/keystone.db |
|
| 229 |
-# FIXME keystone creates a keystone.log wherever you run it from (bugify) |
|
| 230 |
-cd /tmp |
|
| 231 | 234 |
BIN_DIR=$KEYSTONE_DIR/bin bash $DIR/files/keystone_data.sh |
| 232 | 235 |
|
| 233 | 236 |
# create a small network |
| ... | ... |
@@ -261,7 +264,7 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con |
| 261 | 261 |
screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" |
| 262 | 262 |
# keystone drops a keystone.log where if it is run, so change the path to |
| 263 | 263 |
# where it can write |
| 264 |
-screen_it key "cd /tmp; $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_DIR/etc/keystone.conf" |
|
| 264 |
+screen_it key "cd /tmp; $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" |
|
| 265 | 265 |
screen_it n-api "$NOVA_DIR/bin/nova-api" |
| 266 | 266 |
screen_it n-cpu "$NOVA_DIR/bin/nova-compute" |
| 267 | 267 |
screen_it n-net "$NOVA_DIR/bin/nova-network" |