Appendix A. Keystone integration configuration options

You can integrate your configuration options into Keystone. See below for a detailed description of the available Keystone integration configuration options:

Important

After updating the Ceph configuration file, you must copy the new Ceph configuration file to all Ceph nodes in the storage cluster.

rgw_s3_auth_use_keystone

Description
If set to true, the Ceph Object Gateway will authenticate users using Keystone.
Type
Boolean
Default
false

nss_db_path

Description
The path to the NSS database.
Type
String
Default
""

rgw_keystone_url

Description
The URL for the administrative RESTful API on the Keystone server.
Type
String
Default
""

rgw_keystone_admin_token

Description
The token or shared secret that is configured internally in Keystone for administrative requests.
Type
String
Default
""

rgw_keystone_admin_user

Description
The keystone admin user name.
Type
String
Default
""

rgw_keystone_admin_password

Description
The keystone admin user password.
Type
String
Default
""

rgw_keystone_admin_tenant

Description
The Keystone admin user tenant for keystone v2.0.
Type
String
Default
""

rgw_keystone_admin_project

Description
The Keystone admin user project for keystone v3.
Type
String
Default
""

rgw_keystone_admin_domain

Description
The Keystone admin user domain.
Type
String
Default
""

rgw_keystone_api_version

Description
The version of the Keystone API to use. Valid options are 2 or 3.
Type
Integer
Default
2

rgw_keystone_accepted_roles

Description
The roles required to serve requests.
Type
String
Default
"Member, admin"

rgw_keystone_accepted_admin_roles

Description
The list of roles allowing a user to gain administrative privileges.
Type
String
Default
""

rgw_keystone_token_cache_size

Description
The maximum number of entries in the Keystone token cache.
Type
Integer
Default
10000

rgw_keystone_revocation_interval

Description
The number seconds between tokens revocation check.
Type
Integer
Default
15 * 60

rgw_keystone_verify_ssl

Description
If true Ceph will try to verify Keystone’s SSL certificate.
Type
Boolean
Default
true

rgw_keystone_implicit_tenants

Description
Create new users in their own tenants of the same name. Set this to true or false under most circumstances. For compatibility with previous versions of Red Hat Ceph Storage, it is also possible to set this to s3 or swift. This has the effect of splitting the identity space such that only the indicated protocol will use implicit tenants. Some older versions of Red Hat Ceph Storage only supported implicit tenants with Swift.
Type
String
Default
false