Keystone/multiple-datastores
Currenlt, Keystone supports on RDBMS and one LDAP server for all backends. IN the case of LDAP, we often need to support one backend per domain. FOr RDBMS,. we may want to user adifferent user, or even a different server, for a high volume backend like tokens versus the Identity or other backends which are more read-heavy.
Create a subdirectory /etc/keystone/data for each data store, have a key value pairing to configure it, based on the values from the current config file:
example: token.conf name = token-sql type = sql url = postgresql://keystone:keystone@localhost/keystone?client_encoding=utf8
example identity.conf For Simple Bind
name = identity-simple type = ldap url = ldap://localhost user = dc=Manager,dc=openstack,dc=org password = test
example identity.conf for GSSAPI name = identity-gss type = ldap url = ldaps://ldap.openstack.org user = dc=Manager,dc=openstack,dc=org sasl = mech=GSSAPI
Then, the keystone config file, the name from above would be bound to the backend. For example.
[identity] driver = keystone.identity.backends.ldap.Identity source = data.identity-gss
or
[identity] driver = keystone.identity.backends.sql.Identity source = data.token-sql