1 files changed, 12 insertions, 17 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 79c0dcc2..0a5193df 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
   OpenStack Keystone service configured with Puppet
 
 parameters:
-  KeystoneCACertificate:
-    default: ''
-    description: Keystone self-signed certificate authority certificate.
-    type: string
   KeystoneEnableDBPurge:
     default: true
     description: |
         Whether to create cron job for purging soft deleted rows in Keystone database.
     type: boolean
-  KeystoneSigningCertificate:
-    default: ''
-    description: Keystone certificate for verifying token validity.
-    type: string
-  KeystoneSigningKey:
-    default: ''
-    description: Keystone key for signing tokens.
-    type: string
-    hidden: true
   KeystoneSSLCertificate:
     default: ''
     description: Keystone certificate for verifying token validity.
@@ -45,6 +32,15 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -105,9 +101,6 @@ outputs:
               - '/keystone'
         keystone::admin_token: {get_param: AdminToken}
         keystone::roles::admin::password: {get_param: AdminPassword}
-        keystone_ca_certificate: {get_param: KeystoneCACertificate}
-        keystone_signing_key: {get_param: KeystoneSigningKey}
-        keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
         keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
         keystone::enable_proxy_headers_parsing: true
@@ -128,7 +121,7 @@ outputs:
         keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
         keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
         keystone::db::mysql::user: keystone
-        keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+        keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
         keystone::db::mysql::dbname: keystone
         keystone::db::mysql::allowed_hosts:
           - '%'
@@ -147,6 +140,8 @@ outputs:
         keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
         # override via extraconfig:
         keystone::wsgi::apache::threads: 1
+        keystone::db::database_db_max_retries: -1
+        keystone::db::database_max_retries: -1
         tripleo.keystone.firewall_rules:
           '111 keystone':
             dport: