summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2016-09-06 18:24:28 -0400
committerEmilien Macchi <emilien@redhat.com>2016-09-12 11:52:28 +0000
commit8ce3d646a6d76f9449509456ad0f1e0964b9fe8d (patch)
tree22cdce1b97f17e5acc6f25f651d41e8618368d57 /puppet
parent44056af76650144b4a064c17c0bef4f23c1d76ce (diff)
Configure Keystone credentials
Configure Keystone credentials by installing 2 keys with dynamic content generated by python-tripleoclient. Note: this is a first iteration of managing Keystone credentials. It has a few limitations: - keys are not exported to external storage. - keys are not rotated automatically. Change-Id: I45cf8821eadf528dfcdc8d74e6e0484597b0d2c0
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/keystone.yaml12
1 files changed, 12 insertions, 0 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 79033047..b321ecbe 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -87,6 +87,12 @@ parameters:
MonitoringSubscriptionKeystone:
default: 'overcloud-kestone'
type: string
+ KeystoneCredential0:
+ type: string
+ description: The first Keystone credential key. Must be a valid key.
+ KeystoneCredential1:
+ type: string
+ description: The second Keystone credential key. Must be a valid key.
resources:
@@ -121,6 +127,12 @@ outputs:
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::enable_proxy_headers_parsing: true
+ keystone::enable_credential_setup: true
+ keystone::credential_keys:
+ '/etc/keystone/credential-keys/0':
+ content: {get_param: KeystoneCredential0}
+ '/etc/keystone/credential-keys/1':
+ content: {get_param: KeystoneCredential1}
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}