1 files changed, 13 insertions, 16 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index de920de3..d45ed86e 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
   OpenStack Keystone service configured with Puppet
 
 parameters:
-  KeystoneCACertificate:
-    default: ''
-    description: Keystone self-signed certificate authority certificate.
-    type: string
   KeystoneEnableDBPurge:
     default: true
     description: |
         Whether to create cron job for purging soft deleted rows in Keystone database.
     type: boolean
-  KeystoneSigningCertificate:
-    default: ''
-    description: Keystone certificate for verifying token validity.
-    type: string
-  KeystoneSigningKey:
-    default: ''
-    description: Keystone key for signing tokens.
-    type: string
-    hidden: true
   KeystoneSSLCertificate:
     default: ''
     description: Keystone certificate for verifying token validity.
@@ -105,11 +92,9 @@ outputs:
               - '/keystone'
         keystone::admin_token: {get_param: AdminToken}
         keystone::roles::admin::password: {get_param: AdminPassword}
-        keystone_ca_certificate: {get_param: KeystoneCACertificate}
-        keystone_signing_key: {get_param: KeystoneSigningKey}
-        keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
         keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+        keystone::enable_proxy_headers_parsing: true
         keystone::debug: {get_param: Debug}
         keystone::db::mysql::password: {get_param: AdminToken}
         keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -132,10 +117,22 @@ outputs:
         keystone::db::mysql::allowed_hosts:
           - '%'
           - "%{hiera('mysql_bind_host')}"
+        keystone::rabbit_heartbeat_timeout_threshold: 60
+        keystone::cron::token_flush::maxdelay: 3600
+        keystone::roles::admin::service_tenant: 'service'
+        keystone::roles::admin::admin_tenant: 'admin'
+        keystone::cron::token_flush::destination: '/dev/null'
+        keystone::config::keystone_config:
+          ec2/driver:
+            value: 'keystone.contrib.ec2.backends.sql.Ec2'
+        keystone::service_name: 'httpd'
+        keystone::wsgi::apache::ssl: false
 
         keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
         # override via extraconfig:
         keystone::wsgi::apache::threads: 1
+        keystone::db::database_db_max_retries: -1
+        keystone::db::database_max_retries: -1
         tripleo.keystone.firewall_rules:
           '111 keystone':
             dport: