aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/keystone.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile/base/keystone.pp')
-rw-r--r--manifests/profile/base/keystone.pp29
1 files changed, 27 insertions, 2 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 9598d64..31f5c93 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -59,6 +59,15 @@
# heat admin user name
# Defaults to undef
#
+# [*ldap_backends_config*]
+# Configuration for keystone::ldap_backend. This takes a hash that will
+# create each backend specified.
+# Defaults to undef
+#
+# [*ldap_backend_enable*]
+# Enables creating per-domain LDAP backends for keystone.
+# Default to false
+#
# [*manage_db_purge*]
# (Optional) Whether keystone token flushing should be enabled
# Defaults to hiera('keystone_enable_db_purge', true)
@@ -126,6 +135,8 @@ class tripleo::profile::base::keystone (
$heat_admin_email = undef,
$heat_admin_password = undef,
$heat_admin_user = undef,
+ $ldap_backends_config = undef,
+ $ldap_backend_enable = false,
$manage_db_purge = hiera('keystone_enable_db_purge', true),
$public_endpoint_network = hiera('keystone_public_api_network', undef),
$oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
@@ -200,6 +211,7 @@ class tripleo::profile::base::keystone (
}
include ::keystone::config
+ include ::apache::mod::ssl
class { '::keystone::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
@@ -207,6 +219,13 @@ class tripleo::profile::base::keystone (
ssl_key_admin => $tls_keyfile_admin,
}
include ::keystone::cors
+
+ if $ldap_backend_enable {
+ validate_hash($ldap_backends_config)
+ create_resources('::keystone::ldap_backend', $ldap_backends_config, {
+ create_domain_entry => $manage_domain,
+ })
+ }
}
if $step >= 4 and $manage_db_purge {
@@ -246,7 +265,10 @@ class tripleo::profile::base::keystone (
if hiera('barbican_api_enabled', false) {
include ::barbican::keystone::auth
}
- if hiera('ceilometer_api_enabled', false) {
+ # ceilometer user is needed even when ceilometer api
+ # not running, so it can authenticate with keystone
+ # and dispatch data.
+ if hiera('ceilometer_auth_enabled', false) {
include ::ceilometer::keystone::auth
}
if hiera('ceph_rgw_enabled', false) {
@@ -291,13 +313,16 @@ class tripleo::profile::base::keystone (
if hiera('nova_placement_enabled', false) {
include ::nova::keystone::auth_placement
}
+ if hiera('octavia_api_enabled', false) {
+ include ::octavia::keystone::auth
+ }
if hiera('panko_api_enabled', false) {
include ::panko::keystone::auth
}
if hiera('sahara_api_enabled', false) {
include ::sahara::keystone::auth
}
- if hiera('swift_proxy_enabled', false) {
+ if hiera('swift_proxy_enabled', false) or hiera('external_swift_proxy_enabled',false) {
include ::swift::keystone::auth
}
if hiera('tacker_enabled', false) {