--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/keystone/files/keystone.conf	Mon Mar 17 09:51:44 2014 -0600
@@ -0,0 +1,302 @@
+[DEFAULT]
+# A "shared secret" between keystone and other openstack services
+# admin_token = ADMIN
+
+# The IP address of the network interface to listen on
+# bind_host = 0.0.0.0
+
+# The port number which the public service listens on
+# public_port = 5000
+
+# The port number which the public admin listens on
+# admin_port = 35357
+
+# The base endpoint URLs for keystone that are advertised to clients
+# (NOTE: this does NOT affect how keystone listens for connections)
+# public_endpoint = http://localhost:%(public_port)d/
+# admin_endpoint = http://localhost:%(admin_port)d/
+
+# The port number which the OpenStack Compute service listens on
+# compute_port = 8774
+
+# Path to your policy definition containing identity actions
+# policy_file = policy.json
+
+# Rule to check if no matching policy definition is found
+# FIXME(dolph): This should really be defined as [policy] default_rule
+# policy_default_rule = admin_required
+
+# Role for migrating membership relationships
+# During a SQL upgrade, the following values will be used to create a new role
+# that will replace records in the user_tenant_membership table with explicit
+# role grants.  After migration, the member_role_id will be used in the API
+# add_user_to_project, and member_role_name will be ignored.
+# member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab
+# member_role_name = _member_
+
+# === Logging Options ===
+# Print debugging output
+# (includes plaintext request logging, potentially including passwords)
+# debug = False
+
+# Print more verbose output
+# verbose = False
+
+# Name of log file to output to. If not set, logging will go to stdout.
+# log_file = keystone.log
+
+# The directory to keep log files in (will be prepended to --logfile)
+# log_dir = /var/log/keystone
+
+# Use syslog for logging.
+# use_syslog = False
+
+# syslog facility to receive log lines
+# syslog_log_facility = LOG_USER
+
+# If this option is specified, the logging configuration file specified is
+# used and overrides any other logging options specified. Please see the
+# Python logging module documentation for details on logging configuration
+# files.
+# log_config = logging.conf
+
+# A logging.Formatter log message format string which may use any of the
+# available logging.LogRecord attributes.
+# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
+
+# Format string for %(asctime)s in log records.
+# log_date_format = %Y-%m-%d %H:%M:%S
+
+# onready allows you to send a notification when the process is ready to serve
+# For example, to have it notify using systemd, one could set shell command:
+# onready = systemd-notify --ready
+# or a module with notify() method:
+# onready = keystone.common.systemd
+
+[sql]
+# The SQLAlchemy connection string used to connect to the database
+# connection = sqlite:////var/lib/keystone/keystone.sqlite
+
+# the timeout before idle sql connections are reaped
+# idle_timeout = 200
+
+[identity]
+# driver = keystone.identity.backends.sql.Identity
+
+# This references the domain to use for all Identity API v2 requests (which are
+# not aware of domains). A domain with this ID will be created for you by
+# keystone-manage db_sync in migration 008.  The domain referenced by this ID
+# cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API.
+# There is nothing special about this domain, other than the fact that it must
+# exist to order to maintain support for your v2 clients.
+# default_domain_id = default
+
+[trust]
+# driver = keystone.trust.backends.sql.Trust
+
+# delegation and impersonation features can be optionally disabled
+# enabled = True
+
+[catalog]
+# dynamic, sql-based backend (supports API/CLI-based management commands)
+# driver = keystone.catalog.backends.sql.Catalog
+
+# static, file-based backend (does *NOT* support any management commands)
+# driver = keystone.catalog.backends.templated.TemplatedCatalog
+
+# template_file = default_catalog.templates
+
+[token]
+# driver = keystone.token.backends.kvs.Token
+
+# Amount of time a token should remain valid (in seconds)
+# expiration = 86400
+
+[policy]
+# driver = keystone.policy.backends.sql.Policy
+
+[ec2]
+# driver = keystone.contrib.ec2.backends.kvs.Ec2
+
+[ssl]
+#enable = True
+#certfile = /etc/keystone/ssl/certs/keystone.pem
+#keyfile = /etc/keystone/ssl/private/keystonekey.pem
+#ca_certs = /etc/keystone/ssl/certs/ca.pem
+#cert_required = True
+
+[signing]
+#token_format = PKI
+#certfile = /etc/keystone/ssl/certs/signing_cert.pem
+#keyfile = /etc/keystone/ssl/private/signing_key.pem
+#ca_certs = /etc/keystone/ssl/certs/ca.pem
+#key_size = 1024
+#valid_days = 3650
+#ca_password = None
+
+[ldap]
+# url = ldap://localhost
+# user = dc=Manager,dc=example,dc=com
+# password = None
+# suffix = cn=example,cn=com
+# use_dumb_member = False
+# allow_subtree_delete = False
+# dumb_member = cn=dumb,dc=example,dc=com
+
+# Maximum results per page; a value of zero ('0') disables paging (default)
+# page_size = 0
+
+# The LDAP dereferencing option for queries. This can be either 'never',
+# 'searching', 'always', 'finding' or 'default'. The 'default' option falls
+# back to using default dereferencing configured by your ldap.conf.
+# alias_dereferencing = default
+
+# The LDAP scope for queries, this can be either 'one'
+# (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
+# query_scope = one
+
+# user_tree_dn = ou=Users,dc=example,dc=com
+# user_filter =
+# user_objectclass = inetOrgPerson
+# user_domain_id_attribute = businessCategory
+# user_id_attribute = cn
+# user_name_attribute = sn
+# user_mail_attribute = email
+# user_pass_attribute = userPassword
+# user_enabled_attribute = enabled
+# user_enabled_mask = 0
+# user_enabled_default = True
+# user_attribute_ignore = tenant_id,tenants
+# user_allow_create = True
+# user_allow_update = True
+# user_allow_delete = True
+# user_enabled_emulation = False
+# user_enabled_emulation_dn =
+
+# tenant_tree_dn = ou=Groups,dc=example,dc=com
+# tenant_filter =
+# tenant_objectclass = groupOfNames
+# tenant_domain_id_attribute = businessCategory
+# tenant_id_attribute = cn
+# tenant_member_attribute = member
+# tenant_name_attribute = ou
+# tenant_desc_attribute = desc
+# tenant_enabled_attribute = enabled
+# tenant_attribute_ignore =
+# tenant_allow_create = True
+# tenant_allow_update = True
+# tenant_allow_delete = True
+# tenant_enabled_emulation = False
+# tenant_enabled_emulation_dn =
+
+# role_tree_dn = ou=Roles,dc=example,dc=com
+# role_filter =
+# role_objectclass = organizationalRole
+# role_id_attribute = cn
+# role_name_attribute = ou
+# role_member_attribute = roleOccupant
+# role_attribute_ignore =
+# role_allow_create = True
+# role_allow_update = True
+# role_allow_delete = True
+
+# group_tree_dn =
+# group_filter =
+# group_objectclass = groupOfNames
+# group_id_attribute = cn
+# group_name_attribute = ou
+# group_member_attribute = member
+# group_desc_attribute = desc
+# group_attribute_ignore =
+# group_allow_create = True
+# group_allow_update = True
+# group_allow_delete = True
+
+[auth]
+methods = password,token
+password = keystone.auth.plugins.password.Password
+token = keystone.auth.plugins.token.Token
+
+[filter:debug]
+paste.filter_factory = keystone.common.wsgi:Debug.factory
+
+[filter:token_auth]
+paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
+
+[filter:admin_token_auth]
+paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
+
+[filter:xml_body]
+paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
+
+[filter:json_body]
+paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
+
+[filter:user_crud_extension]
+paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
+
+[filter:crud_extension]
+paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
+
+[filter:ec2_extension]
+paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
+
+[filter:s3_extension]
+paste.filter_factory = keystone.contrib.s3:S3Extension.factory
+
+[filter:url_normalize]
+paste.filter_factory = keystone.middleware:NormalizingFilter.factory
+
+[filter:sizelimit]
+paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
+
+[filter:stats_monitoring]
+paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
+
+[filter:stats_reporting]
+paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
+
+[filter:access_log]
+paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
+
+[app:public_service]
+paste.app_factory = keystone.service:public_app_factory
+
+[app:service_v3]
+paste.app_factory = keystone.service:v3_app_factory
+
+[app:admin_service]
+paste.app_factory = keystone.service:admin_app_factory
+
+[pipeline:public_api]
+pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
+
+[pipeline:admin_api]
+pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
+
+[pipeline:api_v3]
+pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
+
+[app:public_version_service]
+paste.app_factory = keystone.service:public_version_app_factory
+
+[app:admin_version_service]
+paste.app_factory = keystone.service:admin_version_app_factory
+
+[pipeline:public_version_api]
+pipeline = access_log sizelimit stats_monitoring url_normalize xml_body public_version_service
+
+[pipeline:admin_version_api]
+pipeline = access_log sizelimit stats_monitoring url_normalize xml_body admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api