keystone.conf file. Pay attention to keystone-admin-role, keystone-service-admin-role, and sql_connection.



# Show more verbose log output (sets INFO log level output)

verbose = False

# Show debugging output in logs (sets DEBUG log level output)

debug = False

# Which backend store should Keystone use by default.

# Default: 'sqlite'

# Available choices are 'sqlite' [future will include LDAP, PAM, etc]

default_store = sqlite

# Log to this file. Make sure you do not set the same log

# file for both the API and registry servers!

# Log to this file. Make sure you do not set the same log

# file for both the API and registry servers!

#log_dir = /var/log/keystone

log_dir = /var/log/keystone

log_file = keystone.log

# List of backends to be configured

backends = keystone.backends.sqlalchemy

#For LDAP support, add: ,keystone.backends.ldap

# Dictionary Maps every service to a header.Missing services would get header

# X_(SERVICE_NAME) Key => Service Name, Value => Header Name

service-header-mappings = {

'nova' : 'X-Server-Management-Url',

'swift' : 'X-Storage-Url',

'cdn' : 'X-CDN-Management-Url'}

# Address to bind the API server

# TODO Properties defined within app not available via pipeline.

service_host =

# Port the bind the API server to

service_port = 5000

# Address to bind the Admin API server

admin_host =

# Port the bind the Admin API server to

admin_port = 35357

#Role that allows to perform admin operations.

keystone-admin-role = Admin

#Role that allows to perform service admin operations.

keystone-service-admin-role = KeystoneServiceAdmin

#Tells whether password user need to be hashed in the backend

hash-password = True


# SQLAlchemy connection string for the reference implementation registry

# server. Any valid SQLAlchemy connection string is fine.

# See:

sql_connection = sqlite:////etc/keystone/keystone.db

backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',

'User', 'Credentials', 'EndpointTemplates', 'Token',


# Period in seconds after which SQLAlchemy should reestablish its connection

# to the database.

sql_idle_timeout = 30


pipeline =




pipeline =






paste.app_factory = keystone.server:service_app_factory


paste.app_factory = keystone.server:admin_app_factory


paste.filter_factory = keystone.middleware.url:filter_factory


paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory


paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory


paste.filter_factory = keystone.common.wsgi:debug_filter_factory