keystone.xml revision 7092
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Licensed under the Apache License, Version 2.0 (the "License"); you may
6fbd2e53c97ea6976d93e0ac521adabc55e0fb73nd not use this file except in compliance with the License. You may obtain
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd License for the specific language governing permissions and limitations
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd under the License.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd NOTE: This service manifest is not editable; its contents will
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd be overwritten by package or patch operations, including
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd operating system upgrade. Make customizations in a different
c3fcea07965f59723831e23da647a77518285b8eslive <dependency name='multiuser' grouping='require_all' restart_on='error'
c3fcea07965f59723831e23da647a77518285b8eslive type='service'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <service_fmri value='svc:/milestone/multi-user:default' />
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </dependency>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <dependency name='upgrade' grouping='require_all' restart_on='none'
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen type='service'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <service_fmri
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen value='svc:/application/openstack/keystone/keystone-upgrade' />
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </dependency>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <dependency name='ntp' grouping='optional_all' restart_on='none'
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen type='service'>
75159a79720160d33d888cf45481ef400c1e3a01nd </dependency>
75569f53579b42dc17cf097015b6b055c01e6875slive <dependency name='mysql' grouping='optional_all' restart_on='none'
75569f53579b42dc17cf097015b6b055c01e6875slive type='service'>
75569f53579b42dc17cf097015b6b055c01e6875slive <service_fmri value='svc:/application/database/mysql'/>
75569f53579b42dc17cf097015b6b055c01e6875slive </dependency>
75569f53579b42dc17cf097015b6b055c01e6875slive <dependency name='rabbitmq' grouping='optional_all' restart_on='none'
75569f53579b42dc17cf097015b6b055c01e6875slive type='service'>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive </dependency>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive <exec_method timeout_seconds="60" type="method" name="start"
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive <method_context>
75569f53579b42dc17cf097015b6b055c01e6875slive privileges='basic,{zone}:/system/volatile/keystone_wsgi_*'/>
75569f53579b42dc17cf097015b6b055c01e6875slive </method_context>
75569f53579b42dc17cf097015b6b055c01e6875slive </exec_method>
75569f53579b42dc17cf097015b6b055c01e6875slive <exec_method timeout_seconds="60" type="method" name="stop"
75569f53579b42dc17cf097015b6b055c01e6875slive <method_context>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive </method_context>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive </exec_method>
df5db89264efca559e954ca181763a0d3ef2f844nd <exec_method timeout_seconds="60" type="method" name="restart"
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive <method_context>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive <method_credential user='keystone' group='keystone' />
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive </method_context>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive </exec_method>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive <propval type="astring" name="ignore_error" value="core,signal"/>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive </property_group>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <!-- to start/stop/refresh the service -->
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </property_group>
75159a79720160d33d888cf45481ef400c1e3a01nd <property_group name='keystone_stencil' type='configfile'>
eabaccd4bdeaafc3d0c21886863bd9acefea99bbslive <propval name='stencil' type='astring' value='keystone.stencil'/>
75569f53579b42dc17cf097015b6b055c01e6875slive <propval name='owner' type='astring' value='keystone'/>
75569f53579b42dc17cf097015b6b055c01e6875slive <propval name='group' type='astring' value='keystone'/>
75569f53579b42dc17cf097015b6b055c01e6875slive </property_group>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <propval name='admin_port' type='count' value='35357'/>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <propval name='servername' type='astring' value='127.0.0.1'/>
73cee0397242a5dd872d618c65e416327b774f18nd </property_group>
73cee0397242a5dd872d618c65e416327b774f18nd </instance>
73cee0397242a5dd872d618c65e416327b774f18nd <template>
73cee0397242a5dd872d618c65e416327b774f18nd <common_name>
73cee0397242a5dd872d618c65e416327b774f18nd OpenStack Keystone Identity Service
73cee0397242a5dd872d618c65e416327b774f18nd </loctext>
73cee0397242a5dd872d618c65e416327b774f18nd </common_name>
73cee0397242a5dd872d618c65e416327b774f18nd <description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen keystone starts both the service and administrative APIs in a single
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen process to provide catalog, authorization, and authentication
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen services for OpenStack.
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </description>
75159a79720160d33d888cf45481ef400c1e3a01nd <documentation>
75159a79720160d33d888cf45481ef400c1e3a01nd <external_logfile
75159a79720160d33d888cf45481ef400c1e3a01nd <external_logfile
75159a79720160d33d888cf45481ef400c1e3a01nd </documentation>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <pg_pattern required='true' type='application' name='config'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <prop_pattern required='true' type='count' name='admin_port'>
c3fcea07965f59723831e23da647a77518285b8eslive <description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen The port for admin requests. Default value is 35357.
c3fcea07965f59723831e23da647a77518285b8eslive </description>
c3fcea07965f59723831e23da647a77518285b8eslive </prop_pattern>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <prop_pattern required='true' type='astring' name='access_log'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <description>
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd The absolute path for the Apache access log file. Defaults to
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd </loctext>
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd </description>
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd </prop_pattern>
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd <prop_pattern required='true' type='astring' name='error_log'>
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd <description>
1ebdc607ba27ebd12f65da5c0b24c19038fcab1cnd The absolute path for the Apache error log file. Defaults to
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </prop_pattern>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <prop_pattern required='true' type='count' name='public_port'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen The port for public requests. Default value is 5000.
c3fcea07965f59723831e23da647a77518285b8eslive </description>
c3fcea07965f59723831e23da647a77518285b8eslive </prop_pattern>
73cee0397242a5dd872d618c65e416327b774f18nd <prop_pattern required='true' type='astring' name='servername'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <description>
75159a79720160d33d888cf45481ef400c1e3a01nd The Apache ServerName Directive. Hostname and port that the
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen server uses to identify itself.
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </prop_pattern>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <prop_pattern required='false' type='astring' name='ssl_cert_file'>
75159a79720160d33d888cf45481ef400c1e3a01nd <description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen Server PEM-encoded X.509 Certificate file.
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </prop_pattern>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <prop_pattern required='false' type='astring' name='ssl_ca_cert_file'>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen File of concatenated PEM-encoded CA Certificates for Client Auth.
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </description>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </prop_pattern>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd <prop_pattern required='false' type='astring' name='ssl_cert_key_file'>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd <description>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd Server PEM-encoded Private Key file.
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd </loctext>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd </description>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd </prop_pattern>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd <prop_pattern required='true' type='boolean' name='use_tls'>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd <description>
199a8ee5984e3708982fab1ba6ebb0a5feaea90cnd Boolean property to indicate usage of TLS. Defaults to 'false'.
75159a79720160d33d888cf45481ef400c1e3a01nd </description>
75159a79720160d33d888cf45481ef400c1e3a01nd </prop_pattern>
75159a79720160d33d888cf45481ef400c1e3a01nd </pg_pattern>
75159a79720160d33d888cf45481ef400c1e3a01nd </template>
75159a79720160d33d888cf45481ef400c1e3a01nd </service>
75159a79720160d33d888cf45481ef400c1e3a01nd name="application/openstack/keystone/keystone-token-flush">
75159a79720160d33d888cf45481ef400c1e3a01nd <!-- to start/stop/refresh the service -->
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen </property_group>
75159a79720160d33d888cf45481ef400c1e3a01nd <dependency name='keystone' grouping='require_all' restart_on='none'
75159a79720160d33d888cf45481ef400c1e3a01nd type='service'>
75159a79720160d33d888cf45481ef400c1e3a01nd <service_fmri value='svc:/application/openstack/keystone:default' />
75159a79720160d33d888cf45481ef400c1e3a01nd </dependency>
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen exec='/usr/bin/keystone-manage token_flush' timeout_seconds = '0' >
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen <method_context>
75159a79720160d33d888cf45481ef400c1e3a01nd </method_context>
75159a79720160d33d888cf45481ef400c1e3a01nd </scheduled_method>
75159a79720160d33d888cf45481ef400c1e3a01nd <template>
75159a79720160d33d888cf45481ef400c1e3a01nd <common_name>
75159a79720160d33d888cf45481ef400c1e3a01nd OpenStack Keystone Token Flush Service
75159a79720160d33d888cf45481ef400c1e3a01nd </loctext>
75159a79720160d33d888cf45481ef400c1e3a01nd </common_name>
75159a79720160d33d888cf45481ef400c1e3a01nd <description>
75159a79720160d33d888cf45481ef400c1e3a01nd The keystone database needs to flush the expired tokens on a regular
75159a79720160d33d888cf45481ef400c1e3a01nd basis. As the default expiration is one hour, this will flush those
c053576cdcd7389a1e11dd9c656f1f723ae854bcrbowen expired tokens once an hour.
75159a79720160d33d888cf45481ef400c1e3a01nd </description>
75159a79720160d33d888cf45481ef400c1e3a01nd </template>
75159a79720160d33d888cf45481ef400c1e3a01nd </instance>
75159a79720160d33d888cf45481ef400c1e3a01nd </service>
75159a79720160d33d888cf45481ef400c1e3a01nd</service_bundle>