diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-04-06 23:17:17 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-04-06 23:17:17 +0000 |
commit | 8dc8980358b6b7dc4720e1c93bb049f5ebf2a7b8 (patch) | |
tree | 9a47d586004a96936e99beae6fbfc0d73e7c03bf /puppet | |
parent | 656f78f00bb74c26dc1ae3f0c455c35ffa434ec9 (diff) | |
parent | 347f5434b3e3793b9fdf2a94f49ab7734c5d923b (diff) |
Merge "Add trigger to setup a LDAP backend as keystone domaine"
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/services/keystone.yaml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 0976b97c..632d9b0b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -164,6 +164,16 @@ parameters: e.g. { keystone-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + KeystoneLDAPDomainEnable: + description: Trigger to call ldap_backend puppet keystone define. + type: boolean + default: False + KeystoneLDAPBackendConfigs: + description: Hash containing the configurations for the LDAP backends + configured in keystone. + type: json + default: {} + hidden: true resources: @@ -177,6 +187,7 @@ resources: conditions: keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]} outputs: role_data: @@ -300,6 +311,15 @@ outputs: keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay} keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination} keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser} + - + if: + - keystone_ldap_domain_enabled + - + tripleo::profile::base::keystone::ldap_backend_enable: True + keystone::using_domain_config: True + tripleo::profile::base::keystone::ldap_backends_config: + get_param: KeystoneLDAPBackendConfigs + - {} step_config: | include ::tripleo::profile::base::keystone @@ -312,6 +332,13 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + horizon: + if: + - keystone_ldap_domain_enabled + - + horizon::keystone_multidomain_support: true + horizon::keystone_default_domain: 'Default' + - {} # Ansible tasks to handle upgrade upgrade_tasks: - name: Stop keystone service (running under httpd) |