diff options
Diffstat (limited to 'manifests/profile/base/keystone.pp')
-rw-r--r-- | manifests/profile/base/keystone.pp | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 9598d64..5909337 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -59,6 +59,15 @@ # heat admin user name # Defaults to undef # +# [*ldap_backends_config*] +# Configuration for keystone::ldap_backend. This takes a hash that will +# create each backend specified. +# Defaults to undef +# +# [*ldap_backend_enable*] +# Enables creating per-domain LDAP backends for keystone. +# Default to false +# # [*manage_db_purge*] # (Optional) Whether keystone token flushing should be enabled # Defaults to hiera('keystone_enable_db_purge', true) @@ -126,6 +135,8 @@ class tripleo::profile::base::keystone ( $heat_admin_email = undef, $heat_admin_password = undef, $heat_admin_user = undef, + $ldap_backends_config = undef, + $ldap_backend_enable = false, $manage_db_purge = hiera('keystone_enable_db_purge', true), $public_endpoint_network = hiera('keystone_public_api_network', undef), $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), @@ -207,6 +218,11 @@ class tripleo::profile::base::keystone ( ssl_key_admin => $tls_keyfile_admin, } include ::keystone::cors + + if $ldap_backend_enable { + validate_hash($ldap_backends_config) + create_resources('::keystone::ldap_backend', $ldap_backends_config) + } } if $step >= 4 and $manage_db_purge { @@ -246,7 +262,10 @@ class tripleo::profile::base::keystone ( if hiera('barbican_api_enabled', false) { include ::barbican::keystone::auth } - if hiera('ceilometer_api_enabled', false) { + # ceilometer user is needed even when ceilometer api + # not running, so it can authenticate with keystone + # and dispatch data. + if hiera('ceilometer_auth_enabled', false) { include ::ceilometer::keystone::auth } if hiera('ceph_rgw_enabled', false) { |