# See the License for the specific language governing permissions and
# limitations under the License.
options:
- image:
- type: string
- default: opensourcemano/keystone:latest
- description: The docker image to install.
- image_username:
- type: string
- description: |
- The username for accessing the registry specified in image.
- default: ""
- image_password:
- type: string
- description: |
- The password associated with image_username for accessing
- the registry specified in image.
- default: ""
max_file_size:
type: int
description: |
type: string
description: Keystone DB Password
default: admin
+ mysql_host:
+ type: string
+ description: MySQL Host (external database)
+ mysql_port:
+ type: int
+ description: MySQL Port (external database)
+ mysql_root_password:
+ type: string
+ description: MySQL Root Password (external database)
admin_username:
type: string
description: Admin username to be created when starting the service
description: |
Project domain name (Hardcoded in the container start.sh script)
default: default
+ token_expiration:
+ type: int
+ description: Token keys expiration in seconds
+ default: 172800
ldap_enabled:
type: boolean
description: Boolean to enable/disable LDAP authentication
type: string
description: Password to bind and search for users
default: ""
+ ldap_chase_referrals:
+ type: string
+ description: |
+ Sets keystone’s referral chasing behavior across directory partitions.
+ If left unset, the system’s default behavior will be used.
+ default: ""
+ ldap_page_size:
+ type: int
+ description: |
+ Defines the maximum number of results per page that keystone should
+ request from the LDAP server when listing objects. A value of zero (0)
+ disables paging.
+ default: 0
ldap_user_tree_dn:
type: string
description: |
user is enabled.
default: 0
ldap_user_enabled_default:
- type: boolean
+ type: string
description: |
Most LDAP servers use a boolean or bit in a control field to indicate
enablement. However, some schemas might use an integer value in an
attribute. In this situation, set user_enabled_default to the integer
value that represents a user being enabled.
- default: true
+ default: "true"
ldap_user_enabled_invert:
type: boolean
description: |
setting in conjunction with user_enabled_attribute to map the lock
status to disabled in Keystone.
default: false
+ ldap_group_objectclass:
+ type: string
+ description: The LDAP object class to use for groups.
+ default: groupOfNames
+ ldap_group_tree_dn:
+ type: string
+ description: The search base to use for groups.
+ default: ""
ldap_use_starttls:
type: boolean
description: |