1 files changed, 20 insertions, 1 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 79033047..b488fb44 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -87,6 +87,17 @@ parameters:
   MonitoringSubscriptionKeystone:
     default: 'overcloud-kestone'
     type: string
+  KeystoneCredential0:
+    type: string
+    description: The first Keystone credential key. Must be a valid key.
+  KeystoneCredential1:
+    type: string
+    description: The second Keystone credential key. Must be a valid key.
+  KeystoneLoggingSource:
+    type: json
+    default:
+      tag: openstack.keystone
+      path: /var/log/keystone/keystone.log
 
 resources:
 
@@ -103,6 +114,9 @@ outputs:
     value:
       service_name: keystone
       monitoring_subscription: {get_param: MonitoringSubscriptionKeystone}
+      logging_source: {get_param: KeystoneLoggingSource}
+      logging_groups:
+        - keystone
       config_settings:
       config_settings:
         map_merge:
@@ -121,6 +135,12 @@ outputs:
             keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
             keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
             keystone::enable_proxy_headers_parsing: true
+            keystone::enable_credential_setup: true
+            keystone::credential_keys:
+              '/etc/keystone/credential-keys/0':
+                content: {get_param: KeystoneCredential0}
+              '/etc/keystone/credential-keys/1':
+                content: {get_param: KeystoneCredential1}
             keystone::debug: {get_param: Debug}
             keystone::db::mysql::password: {get_param: AdminToken}
             keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -136,7 +156,6 @@ outputs:
             keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             keystone::endpoint::region: {get_param: KeystoneRegion}
             keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
-            keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
             keystone::db::mysql::user: keystone
             keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
             keystone::db::mysql::dbname: keystone