summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/system/keystone/server
diff options
context:
space:
mode:
Diffstat (limited to 'mcp/reclass/classes/system/keystone/server')
-rw-r--r--mcp/reclass/classes/system/keystone/server/cluster.yml46
-rw-r--r--mcp/reclass/classes/system/keystone/server/notification/cadf.yml4
-rw-r--r--mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml6
-rw-r--r--mcp/reclass/classes/system/keystone/server/single.yml53
-rw-r--r--mcp/reclass/classes/system/keystone/server/websso.yml15
-rw-r--r--mcp/reclass/classes/system/keystone/server/wsgi.yml19
6 files changed, 143 insertions, 0 deletions
diff --git a/mcp/reclass/classes/system/keystone/server/cluster.yml b/mcp/reclass/classes/system/keystone/server/cluster.yml
new file mode 100644
index 000000000..f077faf0d
--- /dev/null
+++ b/mcp/reclass/classes/system/keystone/server/cluster.yml
@@ -0,0 +1,46 @@
+classes:
+- service.keystone.server.cluster
+- service.keepalived.cluster.single
+- system.haproxy.proxy.listen.openstack.keystone
+parameters:
+ keystone:
+ server:
+ enabled: true
+ version: ${_param:keystone_version}
+ service_token: ${_param:keystone_service_token}
+ service_tenant: service
+ admin_tenant: admin
+ admin_name: admin
+ admin_password: ${_param:keystone_admin_password}
+ admin_email: ${_param:admin_email}
+ bind:
+ address: ${_param:cluster_local_address}
+ private_address: ${_param:cluster_vip_address}
+ private_port: 35357
+ public_address: ${_param:cluster_vip_address}
+ public_port: 5000
+ region: ${_param:openstack_region}
+ database:
+ engine: mysql
+ host: ${_param:openstack_database_address}
+ name: keystone
+ password: ${_param:mysql_keystone_password}
+ user: keystone
+ tokens:
+ engine: fernet
+ expiration: 3600
+ max_active_keys: 3
+ location: /var/lib/keystone/fernet-keys
+ message_queue:
+ engine: rabbitmq
+ members:
+ - host: ${_param:openstack_message_queue_node01_address}
+ - host: ${_param:openstack_message_queue_node02_address}
+ - host: ${_param:openstack_message_queue_node03_address}
+ user: openstack
+ password: ${_param:rabbitmq_openstack_password}
+ virtual_host: '/openstack'
+ ha_queues: true
+ auth_methods:
+ - password
+ - token
diff --git a/mcp/reclass/classes/system/keystone/server/notification/cadf.yml b/mcp/reclass/classes/system/keystone/server/notification/cadf.yml
new file mode 100644
index 000000000..dffb278a7
--- /dev/null
+++ b/mcp/reclass/classes/system/keystone/server/notification/cadf.yml
@@ -0,0 +1,4 @@
+parameters:
+ keystone:
+ server:
+ notification_format: cadf
diff --git a/mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml b/mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml
new file mode 100644
index 000000000..2cc7e6430
--- /dev/null
+++ b/mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml
@@ -0,0 +1,6 @@
+parameters:
+ keystone:
+ server:
+ notification:
+ driver: messagingv2
+ topics: "${_param:openstack_notification_topics}"
diff --git a/mcp/reclass/classes/system/keystone/server/single.yml b/mcp/reclass/classes/system/keystone/server/single.yml
new file mode 100644
index 000000000..aae179f27
--- /dev/null
+++ b/mcp/reclass/classes/system/keystone/server/single.yml
@@ -0,0 +1,53 @@
+classes:
+- service.keystone.server.single
+parameters:
+ _param:
+ keystone_service_token: token
+ keystone_admin_password: password
+ mysql_admin_user: root
+ mysql_admin_password: password
+ mysql_keystone_password: password
+ keystone:
+ server:
+ enabled: true
+ version: ${_param:keystone_version}
+ service_token: ${_param:keystone_service_token}
+ service_tenant: service
+ admin_tenant: admin
+ admin_name: admin
+ admin_password: ${_param:keystone_admin_password}
+ admin_email: ${_param:admin_email}
+ bind:
+ address: ${_param:single_address}
+ private_address: ${_param:single_address}
+ private_port: 35357
+ public_address: ${_param:single_address}
+ public_port: 5000
+ region: ${_param:openstack_region}
+ database:
+ engine: mysql
+ host: ${_param:single_address}
+ name: keystone
+ password: ${_param:mysql_keystone_password}
+ user: keystone
+ tokens:
+ engine: fernet
+ expiration: 3600
+ max_active_keys: 3
+ location: /var/lib/keystone/fernet-keys
+ message_queue:
+ engine: rabbitmq
+ host: ${_param:single_address}
+ user: openstack
+ password: ${_param:rabbitmq_openstack_password}
+ virtual_host: '/openstack'
+ ha_queues: true
+ roles:
+ - admin
+ - Member
+ - image_manager
+ auth_methods:
+ - password
+ - token
+ database:
+ host: 127.0.0.1
diff --git a/mcp/reclass/classes/system/keystone/server/websso.yml b/mcp/reclass/classes/system/keystone/server/websso.yml
new file mode 100644
index 000000000..0960ccb32
--- /dev/null
+++ b/mcp/reclass/classes/system/keystone/server/websso.yml
@@ -0,0 +1,15 @@
+classes:
+- service.shibboleth.server.cluster
+parameters:
+ keystone:
+ server:
+ websso:
+ protocol: saml2
+ remote_id_attribute: Shib-Identity-Provider
+ federation_driver: keystone.contrib.federation.backends.sql.Federation
+ trusted_dashboard:
+ - https://${_param:cluster_public_host}/auth/websso/
+ - https://${_param:proxy_vip_host}/auth/websso/
+ auth_methods:
+ - saml2
+ - external
diff --git a/mcp/reclass/classes/system/keystone/server/wsgi.yml b/mcp/reclass/classes/system/keystone/server/wsgi.yml
new file mode 100644
index 000000000..2c8a19deb
--- /dev/null
+++ b/mcp/reclass/classes/system/keystone/server/wsgi.yml
@@ -0,0 +1,19 @@
+classes:
+- system.apache.server.single
+parameters:
+ keystone:
+ server:
+ service_name: apache2
+ apache:
+ server:
+ enabled: true
+ default_mpm: event
+ site:
+ keystone:
+ enabled: true
+ type: keystone
+ name: wsgi
+ host:
+ name: ${linux:network:fqdn}
+ modules:
+ - wsgi