1 files changed, 34 insertions, 7 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 25d92d4a..48e74875 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -45,10 +45,6 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
-  KeystoneWorkers:
-    default: 0
-    description: Number of workers for Keystone service.
-    type: number
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -88,11 +84,15 @@ parameters:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
     type: number
-
+  KeystoneWorkers:
+    type: string
+    description: Set the number of workers for keystone::wsgi::apache
+    default: '"%{::processorcount}"'
 outputs:
   role_data:
     description: Role data for the Keystone role.
     value:
+      service_name: keystone
       config_settings:
         keystone::database_connection:
           list_join:
@@ -124,9 +124,36 @@ outputs:
         keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
         keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
         keystone::endpoint::region: {get_param: KeystoneRegion}
-        keystone::admin_workers: {get_param: KeystoneWorkers}
-        keystone::public_workers: {get_param: KeystoneWorkers}
         keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
         keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+        keystone::db::mysql::user: keystone
+        keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+        keystone::db::mysql::dbname: keystone
+        keystone::db::mysql::allowed_hosts:
+          - '%'
+          - "%{hiera('mysql_bind_host')}"
+        keystone::rabbit_heartbeat_timeout_threshold: 60
+        keystone::cron::token_flush::maxdelay: 3600
+        keystone::roles::admin::service_tenant: 'service'
+        keystone::roles::admin::admin_tenant: 'admin'
+        keystone::cron::token_flush::destination: '/dev/null'
+        keystone::config::keystone_config:
+          DEFAULT/secure_proxy_ssl_header:
+            value: 'HTTP_X_FORWARDED_PROTO'
+          ec2/driver:
+            value: 'keystone.contrib.ec2.backends.sql.Ec2'
+        keystone::service_name: 'httpd'
+        keystone::wsgi::apache::ssl: false
+
+        keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
+        # override via extraconfig:
+        keystone::wsgi::apache::threads: 1
+        tripleo.keystone.firewall_rules:
+          '111 keystone':
+            dport:
+              - 5000
+              - 13000
+              - 35357
+              - 13357
       step_config: |
         include ::tripleo::profile::base::keystone