Chapter 11. Identity (keystone) Parameters
Parameter | Description |
---|---|
|
The email for the OpenStack Identity (keystone) admin account. The default value is |
| The password for the OpenStack Identity (keystone) admin account. |
| The OpenStack Identity (keystone) secret and database password. |
| Enabling this option requires users to change their password when the user is created, or upon administrative reset. |
| The first OpenStack Identity (keystone) credential key. Must be a valid key. |
| The second OpenStack Identity (keystone) credential key. Must be a valid key. |
|
Cron to purge expired tokens - Log destination. The default value is |
|
Cron to purge expired tokens - Ensure. The default value is |
|
Cron to purge expired tokens - Hour. The default value is |
|
Cron to purge expired tokens - Max Delay. The default value is |
|
Cron to purge expired tokens - Minute. The default value is |
|
Cron to purge expired tokens - Month. The default value is |
|
Cron to purge expired tokens - Month Day. The default value is |
|
Cron to purge expired tokens - User. The default value is |
|
Cron to purge expired tokens - Week Day. The default value is |
| The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked). |
|
Whether to create cron job for purging soft deleted rows in OpenStack Identity (keystone) database. The default value is |
| The first OpenStack Identity (keystone) fernet key. Must be a valid key. |
| The second OpenStack Identity (keystone) fernet key. Must be a valid key. |
| Mapping containing OpenStack Identity (keystone) fernet keys and their paths. |
|
The maximum active keys in the OpenStack Identity (keystone) fernet key repository. The default value is |
| Hash containing the configurations for the LDAP backends configured in keystone. |
|
Trigger to call ldap_backend puppet keystone define. The default value is |
| The number of seconds a user account will be locked when the maximum number of failed authentication attempts (as specified by KeystoneLockoutFailureAttempts) is exceeded. |
| The maximum number of times that a user can fail to authenticate before the user account is locked for the number of seconds specified by KeystoneLockoutDuration. |
| The number of days that a password must be used before the user can change it. This prevents users from changing their passwords immediately in order to wipe out their password history and reuse an old password. |
|
Comma-separated list of Oslo notification drivers used by OpenStack Identity (keystone). The default value is |
|
The OpenStack Identity (keystone) notification format. The default value is |
| OpenStack Identity (keystone) notification topics to enable. |
| The number of days for which a password will be considered valid before requiring it to be changed. |
| The regular expression used to validate password strength requirements. |
| Describe your password regular expression here in language for humans. |
| OpenStack Identity (keystone) certificate for verifying token validity. |
| OpenStack Identity (keystone) key for signing tokens. |
|
The OpenStack Identity (keystone) token format. The default value is |
| This controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique. |
| Set the number of workers for the OpenStack Identity (keystone) service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. The default value is equal to the number of vCPU cores on the physical node. |
|
Whether director should manage the OpenStack Identity (keystone) fernet keys or not. If set to True, the fernet keys will get the values from the saved keys repository in OpenStack Workflow (mistral) from the |
|
Driver or drivers to handle sending notifications. The default value is |