Keystone integration configuration options
Integrate your configuration options into Keystone.
See Table 1 for details of the available Keystone integration configuration options.
Important: After updating the Ceph configuration file, you must copy the new Ceph
configuration file to all Ceph nodes in the storage cluster.
| Name | Description | Type | Default |
|---|---|---|---|
rgw_s3_auth_use_keystone |
If set to true, the Ceph Object Gateway authenticates users by using
Keystone. |
Boolean | false |
nss_db_path |
The path to the NSS database. | String | "" |
rgw_keystone_url |
The URL for the administrative RESTful API on the Keystone server. | String | "" |
rgw_keystone_admin_token |
The token or shared secret that is configured internally in Keystone for administrative requests. | String | "" |
rgw_keystone_admin_user |
The keystone admin username. | String | "" |
rgw_keystone_admin_password |
The keystone admin user password. | String | "" |
rgw_keystone_admin_tenant |
The Keystone admin user tenant for keystone v2.0. | String | "" |
rgw_keystone_admin_project |
The Keystone admin user project for keystone v3. | String | "" |
rgw_trust_forwarded_https |
When a proxy in front of the Ceph Object Gateway is used for SSL termination, it does not whether incoming HTTP connections are secure. Enable this option to trust the forwarded and X-forwarded headers sent by the proxy when determining when the connection is secure. This is mainly required for server-side encryption. | Boolean | false |
rgw_swift_account_in_url |
Whether the Swift account is encoded in the URL path. You must set this option to
true and update the Keystone service catalog if you want the Ceph Object Gateway to
support publicly-readable containers and temporary URLs. |
Boolean | false |
rgw_keystone_admin_domain |
The Keystone admin user domain. | String | "" |
rgw_keystone_api_version |
The version of the Keystone API to use. Valid options are 2 or
3. |
Integer | 2 |
rgw_keystone_accepted_roles |
The roles required to serve requests. | String | "member, Member, admin" |
rgw_keystone_accepted_admin_roles |
The list of roles allowing a user to gain administrative privileges. | String | ResellerAdmin, swiftoperator |
rgw_keystone_token_cache_size |
The maximum number of entries in the Keystone token cache. | Integer | 10000 |
rgw_max_attr_name_len |
The maximum length of metadata name. 0 skips the check. | Size | 0 |
rgw_max_attrs_num_in_req |
The maximum number of metadata items that can be put with a single request. | Unit | 0 |
rgw_max_attr_size |
The maximum length of metadata value. 0 skips the check. | Size | 0 |
rgw_swift_versioning_enabled |
Enabling Swift versioning. | Boolean | 0 or 1 |
rgw_keystone_accepted_reader_roles |
List of roles that can only be used for reads. | String | "" |
rgw_swift_enforce_content_length |
Send content length when listing containers. | String | false |
rgw_keystone_verify_ssl |
If true Ceph tries to verify Keystone’s SSL certificate. |
Boolean | true |
rgw_keystone_implicit_tenants |
Create new users in their own tenants of the same name. Set this to true or
false under most circumstances. This has the effect of splitting the identity space
such that only the indicated protocol uses implicit tenants. |
String | false |