aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates')
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh15
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh13
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini96
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf59
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j246
5 files changed, 229 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh
new file mode 100644
index 00000000..6ba620ff
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+# Verify the Identity Service installation
+export OS_PASSWORD={{ ADMIN_PASS }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+export OS_USERNAME=admin
+export OS_VOLUME_API_VERSION=2
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh
new file mode 100644
index 00000000..5807e868
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+export OS_USERNAME=demo
+export OS_PASSWORD={{ DEMO_PASS }}
+export OS_TENANT_NAME=demo
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini
new file mode 100644
index 00000000..cd9ebede
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini
@@ -0,0 +1,96 @@
+# Keystone PasteDeploy configuration file.
+
+[pipeline:moon_pipeline]
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service
+
+[app:moon_service]
+use = egg:keystone#moon_service
+
+[filter:debug]
+use = egg:oslo.middleware#debug
+
+[filter:request_id]
+use = egg:oslo.middleware#request_id
+
+[filter:build_auth_context]
+use = egg:keystone#build_auth_context
+
+[filter:token_auth]
+use = egg:keystone#token_auth
+
+[filter:admin_token_auth]
+# This is deprecated in the M release and will be removed in the O release.
+# Use `keystone-manage bootstrap` and remove this from the pipelines below.
+use = egg:keystone#admin_token_auth
+
+[filter:json_body]
+use = egg:keystone#json_body
+
+[filter:cors]
+use = egg:oslo.middleware#cors
+oslo_config_project = keystone
+
+[filter:ec2_extension]
+use = egg:keystone#ec2_extension
+
+[filter:ec2_extension_v3]
+use = egg:keystone#ec2_extension_v3
+
+[filter:s3_extension]
+use = egg:keystone#s3_extension
+
+[filter:url_normalize]
+use = egg:keystone#url_normalize
+
+[filter:sizelimit]
+use = egg:oslo.middleware#sizelimit
+
+[app:public_service]
+use = egg:keystone#public_service
+
+[app:service_v3]
+use = egg:keystone#service_v3
+
+[app:admin_service]
+use = egg:keystone#admin_service
+
+[pipeline:public_api]
+# The last item in this pipeline must be public_service or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service
+
+[pipeline:admin_api]
+# The last item in this pipeline must be admin_service or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service
+
+[pipeline:api_v3]
+# The last item in this pipeline must be service_v3 or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
+
+[app:public_version_service]
+use = egg:keystone#public_version_service
+
+[app:admin_version_service]
+use = egg:keystone#admin_version_service
+
+[pipeline:public_version_api]
+pipeline = cors sizelimit url_normalize public_version_service
+
+[pipeline:admin_version_api]
+pipeline = cors sizelimit url_normalize admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/moon = moon_pipeline
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/moon = moon_pipeline
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf
new file mode 100644
index 00000000..649fc32c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf
@@ -0,0 +1,59 @@
+{% set memcached_servers = [] %}
+{% set rabbitmq_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% set _ = rabbitmq_servers.append('%s:5672'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
+[DEFAULT]
+admin_token={{ ADMIN_TOKEN }}
+debug={{ DEBUG }}
+log_dir = /var/log/keystone
+
+[cache]
+backend=keystone.cache.memcache_pool
+memcache_servers={{ memcached_servers}}
+enabled=true
+
+[revoke]
+driver=sql
+expiration_buffer=3600
+caching=true
+
+[database]
+connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8
+idle_timeout=30
+min_pool_size=5
+max_pool_size=120
+pool_timeout=30
+
+
+[identity]
+default_domain_id=default
+driver=sql
+
+[assignment]
+driver=sql
+
+[resource]
+driver=sql
+caching=true
+cache_time=3600
+
+[token]
+enforce_token_bind=permissive
+expiration=43200
+provider=uuid
+driver=sql
+caching=true
+cache_time=3600
+
+[eventlet_server]
+public_bind_host= {{ identity_host }}
+admin_bind_host= {{ identity_host }}
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_hosts = {{ rabbitmq_servers }}
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j2
new file mode 100644
index 00000000..64d864af
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,46 @@
+ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+<VirtualHost {{ internal_ip }}:5000>
+ WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
+
+<VirtualHost {{ internal_ip }}:35357>
+ WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>