1 files changed, 9 insertions, 15 deletions

diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 994caad..9598d64 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -43,14 +43,6 @@
 #   (Optional) Whether TLS in the internal network is enabled or not.
 #   Defaults to hiera('enable_internal_tls', false)
 #
-# [*generate_service_certificates*]
-#   (Optional) Whether or not certmonger will generate certificates for
-#   HAProxy. This could be as many as specified by the $certificates_specs
-#   variable.
-#   Note that this doesn't configure the certificates in haproxy, it merely
-#   creates the certificates.
-#   Defaults to hiera('generate_service_certificate', false).
-#
 # [*heat_admin_domain*]
 #   domain name for heat admin
 #   Defaults to undef
@@ -130,7 +122,6 @@ class tripleo::profile::base::keystone (
   $bootstrap_node                = hiera('bootstrap_nodeid', undef),
   $certificates_specs            = hiera('apache_certificates_specs', {}),
   $enable_internal_tls           = hiera('enable_internal_tls', false),
-  $generate_service_certificates = hiera('generate_service_certificates', false),
   $heat_admin_domain             = undef,
   $heat_admin_email              = undef,
   $heat_admin_password           = undef,
@@ -163,10 +154,6 @@ class tripleo::profile::base::keystone (
   }
 
   if $enable_internal_tls {
-    if $generate_service_certificates {
-      ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
-    }
-
     if !$public_endpoint_network {
       fail('keystone_public_api_network is not set in the hieradata.')
     }
@@ -193,7 +180,7 @@ class tripleo::profile::base::keystone (
       default_transport_url      => os_transport_url({
         'transport' => $oslomsg_rpc_proto,
         'hosts'     => $oslomsg_rpc_hosts,
-        'port'      => sprintf('%s', $oslomsg_rpc_port),
+        'port'      => $oslomsg_rpc_port,
         'username'  => $oslomsg_rpc_username,
         'password'  => $oslomsg_rpc_password,
         'ssl'       => $oslomsg_use_ssl_real,
@@ -201,13 +188,17 @@ class tripleo::profile::base::keystone (
       notification_transport_url => os_transport_url({
         'transport' => $oslomsg_notify_proto,
         'hosts'     => $oslomsg_notify_hosts,
-        'port'      => sprintf('%s', $oslomsg_notify_port),
+        'port'      => $oslomsg_notify_port,
         'username'  => $oslomsg_notify_username,
         'password'  => $oslomsg_notify_password,
         'ssl'       => $oslomsg_use_ssl_real,
       }),
     }
 
+    if 'amqp' in [$oslomsg_rpc_proto, $oslomsg_notify_proto]{
+      include ::keystone::messaging::amqp
+    }
+
     include ::keystone::config
     class { '::keystone::wsgi::apache':
       ssl_cert       => $tls_certfile,
@@ -282,6 +273,9 @@ class tripleo::profile::base::keystone (
     if hiera('ironic_api_enabled', false) {
       include ::ironic::keystone::auth
     }
+    if hiera('ironic_inspector_enabled', false) {
+      include ::ironic::keystone::auth_inspector
+    }
     if hiera('manila_api_enabled', false) {
       include ::manila::keystone::auth
     }