aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/keystone.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services/keystone.yaml')
-rw-r--r--puppet/services/keystone.yaml21
1 files changed, 3 insertions, 18 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 48e74875..d45ed86e 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
OpenStack Keystone service configured with Puppet
parameters:
- KeystoneCACertificate:
- default: ''
- description: Keystone self-signed certificate authority certificate.
- type: string
KeystoneEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Keystone database.
type: boolean
- KeystoneSigningCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSigningKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
KeystoneSSLCertificate:
default: ''
description: Keystone certificate for verifying token validity.
@@ -105,11 +92,9 @@ outputs:
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ca_certificate: {get_param: KeystoneCACertificate}
- keystone_signing_key: {get_param: KeystoneSigningKey}
- keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -138,8 +123,6 @@ outputs:
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
- DEFAULT/secure_proxy_ssl_header:
- value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
keystone::service_name: 'httpd'
@@ -148,6 +131,8 @@ outputs:
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
# override via extraconfig:
keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
tripleo.keystone.firewall_rules:
'111 keystone':
dport: