2521N/A<?xml version="1.0" ?>
2521N/A<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
2521N/A<!--
3998N/A Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
2521N/A
2521N/A Licensed under the Apache License, Version 2.0 (the "License"); you may
2521N/A not use this file except in compliance with the License. You may obtain
2521N/A a copy of the License at
2521N/A
2521N/A http://www.apache.org/licenses/LICENSE-2.0
2521N/A
2521N/A Unless required by applicable law or agreed to in writing, software
2521N/A distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
2521N/A WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
2521N/A License for the specific language governing permissions and limitations
2521N/A under the License.
2521N/A
2521N/A NOTE: This service manifest is not editable; its contents will
2521N/A be overwritten by package or patch operations, including
2521N/A operating system upgrade. Make customizations in a different
2521N/A file.
2521N/A-->
2521N/A<service_bundle type="manifest" name="keystone">
2521N/A
3998N/A <service version="1" type="service"
3998N/A name="application/openstack/keystone">
2521N/A
2521N/A <dependency name='multiuser' grouping='require_all' restart_on='error'
2521N/A type='service'>
2521N/A <service_fmri value='svc:/milestone/multi-user:default' />
2521N/A </dependency>
2521N/A
3998N/A <dependency name='upgrade' grouping='require_all' restart_on='none'
3998N/A type='service'>
3998N/A <service_fmri
3998N/A value='svc:/application/openstack/keystone/keystone-upgrade' />
3998N/A </dependency>
3998N/A
2892N/A <dependency name='ntp' grouping='optional_all' restart_on='none'
2892N/A type='service'>
2892N/A <service_fmri value='svc:/network/ntp'/>
2892N/A </dependency>
2892N/A
3998N/A <dependency name='mysql' grouping='optional_all' restart_on='none'
3998N/A type='service'>
3998N/A <service_fmri value='svc:/application/database/mysql'/>
3998N/A </dependency>
3998N/A
3998N/A <dependency name='rabbitmq' grouping='optional_all' restart_on='none'
3998N/A type='service'>
4474N/A <service_fmri value='svc:/application/rabbitmq'/>
3998N/A </dependency>
3998N/A
2892N/A <logfile_attributes permissions='600'/>
2892N/A
5403N/A <exec_method timeout_seconds="60" type="method" name="start"
5403N/A exec="/lib/svc/method/keystone %m">
5403N/A <method_context>
5403N/A <method_credential user='keystone' group='keystone'
5403N/A privileges='basic,{zone}:/system/volatile/keystone_wsgi_*'/>
5403N/A </method_context>
5403N/A </exec_method>
5403N/A
5403N/A <exec_method timeout_seconds="60" type="method" name="stop"
5403N/A exec="/lib/svc/method/keystone %m">
5403N/A <method_context>
5403N/A <method_credential user='keystone' group='keystone'/>
5403N/A </method_context>
5403N/A </exec_method>
5403N/A
5403N/A <exec_method timeout_seconds="60" type="method" name="restart"
2521N/A exec="/lib/svc/method/keystone %m">
2521N/A <method_context>
2521N/A <method_credential user='keystone' group='keystone' />
2521N/A </method_context>
2521N/A </exec_method>
5403N/A
5403N/A <property_group type="framework" name="startd">
5403N/A <propval type="astring" name="ignore_error" value="core,signal"/>
5403N/A </property_group>
2521N/A
2521N/A <instance name='default' enabled='false'>
2521N/A <!-- to start/stop/refresh the service -->
2521N/A <property_group name='general' type='framework'>
2521N/A <propval name='action_authorization' type='astring'
2521N/A value='solaris.smf.manage.keystone' />
2521N/A <propval name='value_authorization' type='astring'
2521N/A value='solaris.smf.value.keystone' />
2521N/A </property_group>
5403N/A
5403N/A <property_group name='keystone_stencil' type='configfile'>
5403N/A <propval name='path' type='astring'
5403N/A value='/var/lib/keystone/keystone.httpd.conf'/>
5403N/A <propval name='stencil' type='astring' value='keystone.stencil'/>
5403N/A <propval name='mode' type='astring' value='0444'/>
5403N/A <propval name='owner' type='astring' value='keystone'/>
5403N/A <propval name='group' type='astring' value='keystone'/>
5403N/A </property_group>
5403N/A
5403N/A <property_group name='config' type='application'>
5403N/A <propval name='admin_port' type='count' value='35357'/>
5403N/A <propval name='access_log' type='astring'
5403N/A value='/var/log/keystone/keystone_access.log'/>
5403N/A <propval name='error_log' type='astring'
5403N/A value='/var/log/keystone/keystone_error.log'/>
5403N/A <propval name='public_port' type='count' value='5000'/>
6849N/A <propval name='servername' type='astring' value='127.0.0.1'/>
5403N/A <propval name='use_tls' type='boolean' value='false'/>
5403N/A </property_group>
2521N/A </instance>
2521N/A
2521N/A <template>
2521N/A <common_name>
2521N/A <loctext xml:lang="C">
2521N/A OpenStack Keystone Identity Service
2521N/A </loctext>
2521N/A </common_name>
2521N/A <description>
2521N/A <loctext xml:lang="C">
2521N/A keystone starts both the service and administrative APIs in a single
2521N/A process to provide catalog, authorization, and authentication
2521N/A services for OpenStack.
2521N/A </loctext>
2521N/A </description>
5403N/A
7092N/A <documentation>
7092N/A <external_logfile
7092N/A path='/var/log/keystone/keystone_access.log'/>
7092N/A <external_logfile
7092N/A path='/var/log/keystone/keystone_error.log'/>
7092N/A </documentation>
7092N/A
5403N/A <pg_pattern required='true' type='application' name='config'>
5403N/A <prop_pattern required='true' type='count' name='admin_port'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A The port for admin requests. Default value is 35357.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='astring' name='access_log'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A The absolute path for the Apache access log file. Defaults to
5403N/A /var/log/keystone/keystone_access.log
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='astring' name='error_log'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A The absolute path for the Apache error log file. Defaults to
5403N/A /var/log/keystone/keystone_error.log
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='count' name='public_port'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A The port for public requests. Default value is 5000.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
6849N/A <prop_pattern required='true' type='astring' name='servername'>
6849N/A <description>
6849N/A <loctext xml:lang='C'>
6849N/A The Apache ServerName Directive. Hostname and port that the
6849N/A server uses to identify itself.
6849N/A </loctext>
6849N/A </description>
6849N/A </prop_pattern>
6849N/A
5403N/A <prop_pattern required='false' type='astring' name='ssl_cert_file'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A Server PEM-encoded X.509 Certificate file.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='false' type='astring' name='ssl_ca_cert_file'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A File of concatenated PEM-encoded CA Certificates for Client Auth.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='false' type='astring' name='ssl_cert_key_file'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A Server PEM-encoded Private Key file.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='boolean' name='use_tls'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A Boolean property to indicate usage of TLS. Defaults to 'false'.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A </pg_pattern>
2521N/A </template>
2521N/A </service>
4538N/A
4538N/A
4538N/A <service version="1" type="service"
4538N/A name="application/openstack/keystone/keystone-token-flush">
4538N/A
4538N/A <logfile_attributes permissions='600'/>
4538N/A
4538N/A <!-- to start/stop/refresh the service -->
4538N/A <property_group name='general' type='framework'>
4538N/A <propval name='action_authorization' type='astring'
4538N/A value='solaris.smf.manage.keystone' />
4538N/A <propval name='value_authorization' type='astring'
4538N/A value='solaris.smf.value.keystone' />
4538N/A </property_group>
4538N/A
4788N/A <instance name='default' enabled='false'>
4538N/A <dependency name='keystone' grouping='require_all' restart_on='none'
4538N/A type='service'>
4538N/A <service_fmri value='svc:/application/openstack/keystone:default' />
4538N/A </dependency>
4538N/A
4538N/A <scheduled_method interval='hour'
4538N/A exec='/usr/bin/keystone-manage token_flush' timeout_seconds = '0' >
4538N/A <method_context>
4538N/A <method_credential user='keystone' group='keystone' />
4538N/A </method_context>
4538N/A </scheduled_method>
4538N/A <template>
4538N/A <common_name>
4538N/A <loctext xml:lang="C">
4538N/A OpenStack Keystone Token Flush Service
4538N/A </loctext>
4538N/A </common_name>
4538N/A <description>
4538N/A <loctext xml:lang="C">
4538N/A The keystone database needs to flush the expired tokens on a regular
4538N/A basis. As the default expiration is one hour, this will flush those
4538N/A expired tokens once an hour.
4538N/A </loctext>
4538N/A </description>
4538N/A </template>
4538N/A </instance>
4538N/A </service>
2521N/A</service_bundle>