diff options
| author |   Emilien Macchi <emilien@redhat.com> | 2016-09-06 18:24:28 -0400 |
|---|---|---|
| committer | Emilien Macchi <emilien@redhat.com> | 2016-09-12 11:52:28 +0000 |
| commit | 8ce3d646a6d76f9449509456ad0f1e0964b9fe8d (patch) | |
| tree | 22cdce1b97f17e5acc6f25f651d41e8618368d57 /puppet/services | |
| parent | 44056af76650144b4a064c17c0bef4f23c1d76ce (diff) | |
Configure Keystone credentials
Configure Keystone credentials by installing 2 keys with dynamic content
generated by python-tripleoclient.
Note: this is a first iteration of managing Keystone credentials. It has
a few limitations:
- keys are not exported to external storage.
- keys are not rotated automatically.
Change-Id: I45cf8821eadf528dfcdc8d74e6e0484597b0d2c0
Diffstat (limited to 'puppet/services')
| -rw-r--r-- | puppet/services/keystone.yaml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 79033047..b321ecbe 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -87,6 +87,12 @@ parameters: MonitoringSubscriptionKeystone: default: 'overcloud-kestone' type: string + KeystoneCredential0: + type: string + description: The first Keystone credential key. Must be a valid key. + KeystoneCredential1: + type: string + description: The second Keystone credential key. Must be a valid key. resources: @@ -121,6 +127,12 @@ outputs: keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} keystone::enable_proxy_headers_parsing: true + keystone::enable_credential_setup: true + keystone::credential_keys: + '/etc/keystone/credential-keys/0': + content: {get_param: KeystoneCredential0} + '/etc/keystone/credential-keys/1': + content: {get_param: KeystoneCredential1} keystone::debug: {get_param: Debug} keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} |