diff options
Diffstat (limited to 'puppet/services/keystone.yaml')
-rw-r--r-- | puppet/services/keystone.yaml | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index de920de3..d45ed86e 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -4,24 +4,11 @@ description: > OpenStack Keystone service configured with Puppet parameters: - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string KeystoneEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Keystone database. type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -105,11 +92,9 @@ outputs: - '/keystone' keystone::admin_token: {get_param: AdminToken} keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true keystone::debug: {get_param: Debug} keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} @@ -132,10 +117,22 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::cron::token_flush::maxdelay: 3600 + keystone::roles::admin::service_tenant: 'service' + keystone::roles::admin::admin_tenant: 'admin' + keystone::cron::token_flush::destination: '/dev/null' + keystone::config::keystone_config: + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' + keystone::service_name: 'httpd' + keystone::wsgi::apache::ssl: false keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 tripleo.keystone.firewall_rules: '111 keystone': dport: |