keystone.xml revision 6849
4049N/A<?xml version="1.0" ?>
3998N/A<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
5403N/A<!--
3998N/A Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3998N/A
3998N/A Licensed under the Apache License, Version 2.0 (the "License"); you may
3998N/A not use this file except in compliance with the License. You may obtain
3998N/A a copy of the License at
3998N/A
3998N/A http://www.apache.org/licenses/LICENSE-2.0
3998N/A
3998N/A Unless required by applicable law or agreed to in writing, software
3998N/A distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
3998N/A WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
3998N/A License for the specific language governing permissions and limitations
3998N/A under the License.
3998N/A
3998N/A NOTE: This service manifest is not editable; its contents will
3998N/A be overwritten by package or patch operations, including
3998N/A operating system upgrade. Make customizations in a different
3998N/A file.
3998N/A-->
3998N/A<service_bundle type="manifest" name="keystone">
3998N/A
3998N/A <service version="1" type="service"
3998N/A name="application/openstack/keystone">
4285N/A
4285N/A <dependency name='multiuser' grouping='require_all' restart_on='error'
3998N/A type='service'>
3998N/A <service_fmri value='svc:/milestone/multi-user:default' />
3998N/A </dependency>
5403N/A
5403N/A <dependency name='upgrade' grouping='require_all' restart_on='none'
5403N/A type='service'>
5403N/A <service_fmri
5403N/A value='svc:/application/openstack/keystone/keystone-upgrade' />
5403N/A </dependency>
5403N/A
5403N/A <dependency name='ntp' grouping='optional_all' restart_on='none'
5403N/A type='service'>
5403N/A <service_fmri value='svc:/network/ntp'/>
5403N/A </dependency>
5403N/A
5403N/A <dependency name='mysql' grouping='optional_all' restart_on='none'
5403N/A type='service'>
5403N/A <service_fmri value='svc:/application/database/mysql'/>
5403N/A </dependency>
5403N/A
5403N/A <dependency name='rabbitmq' grouping='optional_all' restart_on='none'
5403N/A type='service'>
5403N/A <service_fmri value='svc:/application/rabbitmq'/>
5403N/A </dependency>
5403N/A
5403N/A <logfile_attributes permissions='600'/>
5403N/A
5403N/A <exec_method timeout_seconds="60" type="method" name="start"
5403N/A exec="/lib/svc/method/keystone %m">
5403N/A <method_context>
5403N/A <method_credential user='keystone' group='keystone'
5403N/A privileges='basic,{zone}:/system/volatile/keystone_wsgi_*'/>
5403N/A </method_context>
3998N/A </exec_method>
3998N/A
4285N/A <exec_method timeout_seconds="60" type="method" name="stop"
4285N/A exec="/lib/svc/method/keystone %m">
4285N/A <method_context>
4285N/A <method_credential user='keystone' group='keystone'/>
4285N/A </method_context>
4285N/A </exec_method>
4285N/A
4285N/A <exec_method timeout_seconds="60" type="method" name="restart"
4285N/A exec="/lib/svc/method/keystone %m">
4285N/A <method_context>
4285N/A <method_credential user='keystone' group='keystone' />
4285N/A </method_context>
4285N/A </exec_method>
4285N/A
5403N/A <property_group type="framework" name="startd">
4285N/A <propval type="astring" name="ignore_error" value="core,signal"/>
4285N/A </property_group>
4285N/A
4285N/A <instance name='default' enabled='false'>
4285N/A <!-- to start/stop/refresh the service -->
4285N/A <property_group name='general' type='framework'>
4285N/A <propval name='action_authorization' type='astring'
4285N/A value='solaris.smf.manage.keystone' />
4285N/A <propval name='value_authorization' type='astring'
4285N/A value='solaris.smf.value.keystone' />
4285N/A </property_group>
4285N/A
4285N/A <property_group name='keystone_stencil' type='configfile'>
4285N/A <propval name='path' type='astring'
4285N/A value='/var/lib/keystone/keystone.httpd.conf'/>
4285N/A <propval name='stencil' type='astring' value='keystone.stencil'/>
4285N/A <propval name='mode' type='astring' value='0444'/>
4285N/A <propval name='owner' type='astring' value='keystone'/>
4285N/A <propval name='group' type='astring' value='keystone'/>
4285N/A </property_group>
5403N/A
5403N/A <property_group name='config' type='application'>
5403N/A <propval name='admin_port' type='count' value='35357'/>
5403N/A <propval name='access_log' type='astring'
5403N/A value='/var/log/keystone/keystone_access.log'/>
5403N/A <propval name='error_log' type='astring'
5403N/A value='/var/log/keystone/keystone_error.log'/>
5403N/A <propval name='public_port' type='count' value='5000'/>
5403N/A <propval name='servername' type='astring' value='127.0.0.1'/>
5403N/A <propval name='use_tls' type='boolean' value='false'/>
5403N/A </property_group>
5403N/A </instance>
5403N/A
5403N/A <template>
5403N/A <common_name>
5403N/A <loctext xml:lang="C">
5403N/A OpenStack Keystone Identity Service
5403N/A </loctext>
5403N/A </common_name>
5403N/A <description>
5403N/A <loctext xml:lang="C">
5403N/A keystone starts both the service and administrative APIs in a single
5403N/A process to provide catalog, authorization, and authentication
5403N/A services for OpenStack.
4285N/A </loctext>
4285N/A </description>
4285N/A
4285N/A <pg_pattern required='true' type='application' name='config'>
4285N/A <prop_pattern required='true' type='count' name='admin_port'>
4285N/A <description>
4285N/A <loctext xml:lang='C'>
4285N/A The port for admin requests. Default value is 35357.
4285N/A </loctext>
4285N/A </description>
4285N/A </prop_pattern>
4285N/A
4285N/A <prop_pattern required='true' type='astring' name='access_log'>
4285N/A <description>
4285N/A <loctext xml:lang='C'>
4285N/A The absolute path for the Apache access log file. Defaults to
3998N/A /var/log/keystone/keystone_access.log
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='astring' name='error_log'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A The absolute path for the Apache error log file. Defaults to
5403N/A /var/log/keystone/keystone_error.log
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='count' name='public_port'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A The port for public requests. Default value is 5000.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
3998N/A <prop_pattern required='true' type='astring' name='servername'>
3998N/A <description>
4285N/A <loctext xml:lang='C'>
4285N/A The Apache ServerName Directive. Hostname and port that the
5403N/A server uses to identify itself.
4285N/A </loctext>
4285N/A </description>
4285N/A </prop_pattern>
4285N/A
4285N/A <prop_pattern required='false' type='astring' name='ssl_cert_file'>
4285N/A <description>
4285N/A <loctext xml:lang='C'>
4285N/A Server PEM-encoded X.509 Certificate file.
4285N/A </loctext>
4285N/A </description>
4285N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='false' type='astring' name='ssl_ca_cert_file'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A File of concatenated PEM-encoded CA Certificates for Client Auth.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='false' type='astring' name='ssl_cert_key_file'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A Server PEM-encoded Private Key file.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
5403N/A
5403N/A <prop_pattern required='true' type='boolean' name='use_tls'>
5403N/A <description>
5403N/A <loctext xml:lang='C'>
5403N/A Boolean property to indicate usage of TLS. Defaults to 'false'.
5403N/A </loctext>
5403N/A </description>
5403N/A </prop_pattern>
4285N/A
4285N/A </pg_pattern>
3998N/A </template>
5403N/A </service>
5403N/A
3998N/A
4285N/A <service version="1" type="service"
4285N/A name="application/openstack/keystone/keystone-token-flush">
4285N/A
4285N/A <logfile_attributes permissions='600'/>
4285N/A
4285N/A <!-- to start/stop/refresh the service -->
4285N/A <property_group name='general' type='framework'>
4285N/A <propval name='action_authorization' type='astring'
4285N/A value='solaris.smf.manage.keystone' />
4285N/A <propval name='value_authorization' type='astring'
4285N/A value='solaris.smf.value.keystone' />
4285N/A </property_group>
4285N/A
4285N/A <instance name='default' enabled='false'>
3998N/A <dependency name='keystone' grouping='require_all' restart_on='none'
3998N/A type='service'>
3998N/A <service_fmri value='svc:/application/openstack/keystone:default' />
3998N/A </dependency>
3998N/A
3998N/A <scheduled_method interval='hour'
3998N/A exec='/usr/bin/keystone-manage token_flush' timeout_seconds = '0' >
3998N/A <method_context>
3998N/A <method_credential user='keystone' group='keystone' />
3998N/A </method_context>
3998N/A </scheduled_method>
3998N/A <template>
3998N/A <common_name>
3998N/A <loctext xml:lang="C">
3998N/A OpenStack Keystone Token Flush Service
3998N/A </loctext>
3998N/A </common_name>
3998N/A <description>
3998N/A <loctext xml:lang="C">
3998N/A The keystone database needs to flush the expired tokens on a regular
3998N/A basis. As the default expiration is one hour, this will flush those
3998N/A expired tokens once an hour.
3998N/A </loctext>
3998N/A </description>
4285N/A </template>
4285N/A </instance>
4285N/A </service>
4285N/A</service_bundle>
4285N/A