Appendix A. Keystone integration configuration options
You can integrate your configuration options into Keystone. See below for a detailed description of the available Keystone integration configuration options:
After updating the Ceph configuration file, you must copy the new Ceph configuration file to all Ceph nodes in the storage cluster.
rgw_s3_auth_use_keystone
- Description
-
If set to
true
, the Ceph Object Gateway will authenticate users using Keystone. - Type
- Boolean
- Default
-
false
nss_db_path
- Description
- The path to the NSS database.
- Type
- String
- Default
-
""
rgw_keystone_url
- Description
- The URL for the administrative RESTful API on the Keystone server.
- Type
- String
- Default
-
""
rgw_keystone_admin_token
- Description
- The token or shared secret that is configured internally in Keystone for administrative requests.
- Type
- String
- Default
-
""
rgw_keystone_admin_user
- Description
- The keystone admin user name.
- Type
- String
- Default
-
""
rgw_keystone_admin_password
- Description
- The keystone admin user password.
- Type
- String
- Default
-
""
rgw_keystone_admin_tenant
- Description
- The Keystone admin user tenant for keystone v2.0.
- Type
- String
- Default
-
""
rgw_keystone_admin_project
- Description
- The Keystone admin user project for keystone v3.
- Type
- String
- Default
-
""
rgw_keystone_admin_domain
- Description
- The Keystone admin user domain.
- Type
- String
- Default
-
""
rgw_keystone_api_version
- Description
-
The version of the Keystone API to use. Valid options are
2
or3
. - Type
- Integer
- Default
-
2
rgw_keystone_accepted_roles
- Description
- The roles required to serve requests.
- Type
- String
- Default
-
"Member, admin"
rgw_keystone_accepted_admin_roles
- Description
- The list of roles allowing a user to gain administrative privileges.
- Type
- String
- Default
-
""
rgw_keystone_token_cache_size
- Description
- The maximum number of entries in the Keystone token cache.
- Type
- Integer
- Default
-
10000
rgw_keystone_revocation_interval
- Description
- The number seconds between tokens revocation check.
- Type
- Integer
- Default
-
15 * 60
rgw_keystone_verify_ssl
- Description
-
If
true
Ceph will try to verify Keystone’s SSL certificate. - Type
- Boolean
- Default
-
true
rgw_keystone_implicit_tenants
- Description
-
Create new users in their own tenants of the same name. Set this to
true
orfalse
under most circumstances. For compatibility with previous versions of Red Hat Ceph Storage, it is also possible to set this tos3
orswift
. This has the effect of splitting the identity space such that only the indicated protocol will use implicit tenants. Some older versions of Red Hat Ceph Storage only supported implicit tenants with Swift. - Type
- String
- Default
-
false