diff options
Diffstat (limited to 'manifests/profile/base/keystone.pp')
| -rw-r--r-- | manifests/profile/base/keystone.pp | 102 |
1 files changed, 80 insertions, 22 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 72049e3..9b2fc51 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -76,15 +76,50 @@ # This is set by t-h-t. # Defaults to hiera('keystone_public_api_network', undef) # +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('keystone::rabbit_port', 5672) # +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('keystone::rabbit_use_ssl', '0') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -102,8 +137,17 @@ class tripleo::profile::base::keystone ( $heat_admin_user = undef, $manage_db_purge = hiera('keystone_enable_db_purge', true), $public_endpoint_network = hiera('keystone_public_api_network', undef), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('keystone::rabbit_port', 5672), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('keystone::rabbit_password'), + $oslomsg_rpc_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('keystone::rabbit_password'), + $oslomsg_notify_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('keystone::rabbit_use_ssl', '0'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -142,11 +186,26 @@ class tripleo::profile::base::keystone ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::keystone': - sync_db => $sync_db, - enable_bootstrap => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + enable_bootstrap => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::keystone::config @@ -157,22 +216,13 @@ class tripleo::profile::base::keystone ( ssl_key_admin => $tls_keyfile_admin, } include ::keystone::cors - - if $manage_roles { - include ::keystone::roles::admin - } - - if $manage_endpoint { - include ::keystone::endpoint - } - } - if $step >= 5 and $manage_db_purge { + if $step >= 4 and $manage_db_purge { include ::keystone::cron::token_flush } - if $step >= 5 and $manage_domain { + if $step == 3 and $manage_domain { if hiera('heat_engine_enabled', false) { # create these seperate and don't use ::heat::keystone::domain since # that class writes out the configs @@ -193,7 +243,12 @@ class tripleo::profile::base::keystone ( } } - if $step >= 5 and $manage_endpoint{ + if $step == 3 and $manage_roles { + include ::keystone::roles::admin + } + + if $step == 3 and $manage_endpoint { + include ::keystone::endpoint if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth } @@ -227,6 +282,9 @@ class tripleo::profile::base::keystone ( if hiera('ironic_api_enabled', false) { include ::ironic::keystone::auth } + if hiera('ironic_inspector_enabled', false) { + include ::ironic::keystone::auth_inspector + } if hiera('manila_api_enabled', false) { include ::manila::keystone::auth } |