46adc4c25c
This patch the logic and the sample configuration need to allow Staccato to use the keystone middleware for authentication. In order to make this work we had to introduce a global CONF object. blueprint add-security Change-Id: Ic7c6e2ca00411c5a9e4468aeebdb823200659fd9
77 lines
2.3 KiB
Plaintext
77 lines
2.3 KiB
Plaintext
[DEFAULT]
|
|
# Show more verbose log output (sets INFO log level output)
|
|
#verbose = False
|
|
|
|
# Show debugging output in logs (sets DEBUG log level output)
|
|
#ebug = False
|
|
|
|
#known_protocols = staccato.protocol.file,
|
|
# staccato.protocol.http,
|
|
|
|
# Address to bind the API server
|
|
bind_host = 0.0.0.0
|
|
|
|
# Port the bind the API server to
|
|
bind_port = 5309
|
|
|
|
# Log to this file. Make sure you do not set the same log
|
|
# file for both the API and registry servers!
|
|
log_file = api.log
|
|
|
|
# Backlog requests when creating socket
|
|
backlog = 4096
|
|
|
|
db_auto_create = True
|
|
# SQLAlchemy connection string for the reference implementation
|
|
# registry server. Any valid SQLAlchemy connection string is fine.
|
|
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
|
sql_connection = sqlite:///staccato.sqlite
|
|
|
|
# Period in seconds after which SQLAlchemy should reestablish its connection
|
|
# to the database.
|
|
#
|
|
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
|
|
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
|
|
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
|
|
# before MySQL can drop the connection.
|
|
sql_idle_timeout = 3600
|
|
|
|
|
|
protocol_policy = staccato-protocols.json
|
|
# Role used to identify an authenticated user as administrator
|
|
#admin_role = admin
|
|
|
|
# Allow unauthenticated users to access the API with read-only
|
|
# privileges. This only applies when using ContextMiddleware.
|
|
#allow_anonymous_access = False
|
|
|
|
# ================= SSL Options ===============================
|
|
|
|
# Certificate file to use when starting API server securely
|
|
#cert_file = /path/to/certfile
|
|
|
|
# Private key file to use when starting API server securely
|
|
#key_file = /path/to/keyfile
|
|
|
|
# CA certificate file to use to verify connecting clients
|
|
#ca_file = /path/to/cafile
|
|
|
|
# ================= Security Options ==========================
|
|
|
|
# AES key for encrypting store 'location' metadata, including
|
|
# -- if used -- Swift or S3 credentials
|
|
# Should be set to a random string of length 16, 24 or 32 bytes
|
|
#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
|
|
|
|
[keystone_authtoken]
|
|
auth_host = 127.0.0.1
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
|
admin_user = %SERVICE_USER%
|
|
admin_password = %SERVICE_PASSWORD%
|
|
|
|
[paste_deploy]
|
|
config_file = staccato-api-paste.ini
|
|
#flavor=None
|