diff options
Diffstat (limited to 'mcp/reclass/classes/system/keystone')
31 files changed, 890 insertions, 0 deletions
diff --git a/mcp/reclass/classes/system/keystone/client/service/aodh.yml b/mcp/reclass/classes/system/keystone/client/service/aodh.yml new file mode 100644 index 000000000..51de0ca89 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/aodh.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + aodh: + is_admin: true + password: ${_param:keystone_aodh_password} + email: ${_param:admin_email} + service: + aodh: + type: alarming + description: OpenStack Alarming Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8042 + public_path: '/' + internal_address: ${_param:aodh_service_host} + internal_port: 8042 + internal_path: '/' + admin_address: ${_param:aodh_service_host} + admin_port: 8042 + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/service/billometer.yml b/mcp/reclass/classes/system/keystone/client/service/billometer.yml new file mode 100644 index 000000000..3728aa54c --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/billometer.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + billometer: + is_admin: true + password: ${_param:keystone_billometer_password} + email: ${_param:admin_email} + service: + billometer: + type: billing + description: OpenStack Billing Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 9753 + public_path: '/v1' + internal_address: ${_param:billometer_service_host} + internal_port: 9753 + internal_path: '/v1' + admin_address: ${_param:billometer_service_host} + admin_port: 9753 + admin_path: '/v1' diff --git a/mcp/reclass/classes/system/keystone/client/service/ceilometer.yml b/mcp/reclass/classes/system/keystone/client/service/ceilometer.yml new file mode 100644 index 000000000..4c59f80f3 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/ceilometer.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + ceilometer: + is_admin: true + password: ${_param:keystone_ceilometer_password} + email: ${_param:admin_email} + service: + ceilometer: + type: metering + description: OpenStack Telemetry Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8777 + public_path: '/' + internal_address: ${_param:ceilometer_service_host} + internal_port: 8777 + internal_path: '/' + admin_address: ${_param:ceilometer_service_host} + admin_port: 8777 + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/service/cinder.yml b/mcp/reclass/classes/system/keystone/client/service/cinder.yml new file mode 100644 index 000000000..ffb55102a --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/cinder.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + cinder: + is_admin: true + password: ${_param:keystone_cinder_password} + email: ${_param:admin_email} + service: + cinder: + type: volume + description: OpenStack Volume Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8776 + public_path: '/v1/$(project_id)s' + internal_address: ${_param:cinder_service_host} + internal_port: 8776 + internal_path: '/v1/$(project_id)s' + admin_address: ${_param:cinder_service_host} + admin_port: 8776 + admin_path: '/v1/$(project_id)s' diff --git a/mcp/reclass/classes/system/keystone/client/service/cinder2.yml b/mcp/reclass/classes/system/keystone/client/service/cinder2.yml new file mode 100644 index 000000000..e0e2636c5 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/cinder2.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + cinder: + is_admin: true + password: ${_param:keystone_cinder_password} + email: ${_param:admin_email} + service: + cinderv2: + type: volumev2 + description: OpenStack Volume Service v2 + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8776 + public_path: '/v2/$(project_id)s' + internal_address: ${_param:cinder_service_host} + internal_port: 8776 + internal_path: '/v2/$(project_id)s' + admin_address: ${_param:cinder_service_host} + admin_port: 8776 + admin_path: '/v2/$(project_id)s' diff --git a/mcp/reclass/classes/system/keystone/client/service/cinder3.yml b/mcp/reclass/classes/system/keystone/client/service/cinder3.yml new file mode 100644 index 000000000..43a805cf3 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/cinder3.yml @@ -0,0 +1,31 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + cinder: + is_admin: true + password: ${_param:keystone_cinder_password} + email: ${_param:admin_email} + service: + cinderv3: + type: volumev3 + description: OpenStack Volume Service v3 + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8776 + public_path: '/v3/$(project_id)s' + internal_address: ${_param:cinder_service_host} + internal_port: 8776 + internal_path: '/v3/$(project_id)s' + admin_address: ${_param:cinder_service_host} + admin_port: 8776 + admin_path: '/v3/$(project_id)s' + diff --git a/mcp/reclass/classes/system/keystone/client/service/designate.yml b/mcp/reclass/classes/system/keystone/client/service/designate.yml new file mode 100644 index 000000000..4018712c7 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/designate.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + designate: + is_admin: true + password: ${_param:keystone_designate_password} + email: ${_param:admin_email} + service: + designate: + type: dns + description: OpenStack DNS service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 9001 + public_path: '/' + internal_address: ${_param:designate_service_host} + internal_port: 9001 + internal_path: '/' + admin_address: ${_param:designate_service_host} + admin_port: 9001 + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/service/glance.yml b/mcp/reclass/classes/system/keystone/client/service/glance.yml new file mode 100644 index 000000000..365917b9f --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/glance.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + glance: + is_admin: true + password: ${_param:keystone_glance_password} + email: ${_param:admin_email} + service: + glance: + type: image + description: OpenStack Image Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 9292 + public_path: '' + internal_address: ${_param:glance_service_host} + internal_port: 9292 + internal_path: '' + admin_address: ${_param:glance_service_host} + admin_port: 9292 + admin_path: '' diff --git a/mcp/reclass/classes/system/keystone/client/service/glare.yml b/mcp/reclass/classes/system/keystone/client/service/glare.yml new file mode 100644 index 000000000..78c7d1f8d --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/glare.yml @@ -0,0 +1,31 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + glance: + is_admin: true + password: ${_param:keystone_glance_password} + email: ${_param:admin_email} + service: + glare: + type: artifact + description: OpenStack Image Artifact Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 9494 + public_path: '' + internal_address: ${_param:glance_service_host} + internal_port: 9494 + internal_path: '' + admin_address: ${_param:glance_service_host} + admin_port: 9494 + admin_path: '' + diff --git a/mcp/reclass/classes/system/keystone/client/service/heat-cfn.yml b/mcp/reclass/classes/system/keystone/client/service/heat-cfn.yml new file mode 100644 index 000000000..343ff461d --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/heat-cfn.yml @@ -0,0 +1,23 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + service: + heat-cfn: + type: cloudformation + description: OpenStack CloudFormation Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8000 + public_path: '/v1' + internal_address: ${_param:heat_service_host} + internal_port: 8000 + internal_path: '/v1' + admin_address: ${_param:heat_service_host} + admin_port: 8000 + admin_path: '/v1' diff --git a/mcp/reclass/classes/system/keystone/client/service/heat.yml b/mcp/reclass/classes/system/keystone/client/service/heat.yml new file mode 100644 index 000000000..d7eadd543 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/heat.yml @@ -0,0 +1,33 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + roles: + - heat_stack_user + - heat_stack_owner + project: + service: + user: + heat: + is_admin: true + password: ${_param:keystone_heat_password} + email: ${_param:admin_email} + service: + heat: + type: orchestration + description: OpenStack Orchestration Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8004 + public_path: '/v1/%(project_id)s' + internal_address: ${_param:heat_service_host} + internal_port: 8004 + internal_path: '/v1/%(project_id)s' + admin_address: ${_param:heat_service_host} + admin_port: 8004 + admin_path: '/v1/%(project_id)s' diff --git a/mcp/reclass/classes/system/keystone/client/service/keystone.yml b/mcp/reclass/classes/system/keystone/client/service/keystone.yml new file mode 100644 index 000000000..af3acfca2 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/keystone.yml @@ -0,0 +1,23 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + service: + keystone: + type: identity + description: OpenStack Identity Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 5000 + public_path: '/v2.0' + internal_address: ${_param:keystone_service_host} + internal_port: 5000 + internal_path: '/v2.0' + admin_address: ${_param:keystone_service_host} + admin_port: 35357 + admin_path: '/v2.0' diff --git a/mcp/reclass/classes/system/keystone/client/service/keystone3.yml b/mcp/reclass/classes/system/keystone/client/service/keystone3.yml new file mode 100644 index 000000000..9dd9eef6e --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/keystone3.yml @@ -0,0 +1,23 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + service: + keystone3: + type: identity + description: OpenStack Identity Service v3 + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 5000 + public_path: '/v3' + internal_address: ${_param:keystone_service_host} + internal_port: 5000 + internal_path: '/v3' + admin_address: ${_param:keystone_service_host} + admin_port: 35357 + admin_path: '/v3' diff --git a/mcp/reclass/classes/system/keystone/client/service/murano.yml b/mcp/reclass/classes/system/keystone/client/service/murano.yml new file mode 100644 index 000000000..5e6503885 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/murano.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + murano: + is_admin: true + password: ${_param:keystone_murano_password} + email: ${_param:admin_email} + service: + murano: + type: application-catalog + description: Application Catalog for OpenStack + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8082 + public_path: '' + internal_address: ${_param:murano_service_host} + internal_port: 8082 + internal_path: '' + admin_address: ${_param:murano_service_host} + admin_port: 8082 + admin_path: '' diff --git a/mcp/reclass/classes/system/keystone/client/service/neutron.yml b/mcp/reclass/classes/system/keystone/client/service/neutron.yml new file mode 100644 index 000000000..12fe9fe17 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/neutron.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + neutron: + is_admin: true + password: ${_param:keystone_neutron_password} + email: ${_param:admin_email} + service: + neutron: + type: network + description: OpenStack Networking Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 9696 + public_path: '/' + internal_address: ${_param:neutron_service_host} + internal_port: 9696 + internal_path: '/' + admin_address: ${_param:neutron_service_host} + admin_port: 9696 + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/service/nova-ec2.yml b/mcp/reclass/classes/system/keystone/client/service/nova-ec2.yml new file mode 100644 index 000000000..586701cb0 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/nova-ec2.yml @@ -0,0 +1,23 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + service: + nova-ec2: + type: ec2 + description: OpenStack EC2 Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8773 + public_path: '/services/Cloud' + internal_address: ${_param:nova_service_host} + internal_port: 8773 + internal_path: '/services/Cloud' + admin_address: ${_param:nova_service_host} + admin_port: 8773 + admin_path: '/services/Admin' diff --git a/mcp/reclass/classes/system/keystone/client/service/nova-placement.yml b/mcp/reclass/classes/system/keystone/client/service/nova-placement.yml new file mode 100644 index 000000000..61b54550d --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/nova-placement.yml @@ -0,0 +1,23 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + service: + placement: + type: placement + description: OpenStack Placement API + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: '8778' + public_path: '' + internal_address: ${_param:nova_service_host} + internal_port: '8778' + internal_path: '' + admin_address: ${_param:nova_service_host} + admin_port: '8778' + admin_path: '' diff --git a/mcp/reclass/classes/system/keystone/client/service/nova.yml b/mcp/reclass/classes/system/keystone/client/service/nova.yml new file mode 100644 index 000000000..a0d698ba7 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/nova.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + nova: + is_admin: true + password: ${_param:keystone_nova_password} + email: ${_param:admin_email} + service: + nova: + type: compute + description: OpenStack Compute Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8774 + public_path: '/v2/$(project_id)s' + internal_address: ${_param:nova_service_host} + internal_port: 8774 + internal_path: '/v2/$(project_id)s' + admin_address: ${_param:nova_service_host} + admin_port: 8774 + admin_path: '/v2/$(project_id)s' diff --git a/mcp/reclass/classes/system/keystone/client/service/nova21.yml b/mcp/reclass/classes/system/keystone/client/service/nova21.yml new file mode 100644 index 000000000..328aefd7c --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/nova21.yml @@ -0,0 +1,45 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + nova: + is_admin: true + password: ${_param:keystone_nova_password} + email: ${_param:admin_email} + service: + nova20: + type: compute_legacy + description: OpenStack Compute Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8774 + public_path: '/v2/$(project_id)s' + internal_address: ${_param:nova_service_host} + internal_port: 8774 + internal_path: '/v2/$(project_id)s' + admin_address: ${_param:nova_service_host} + admin_port: 8774 + admin_path: '/v2/$(project_id)s' + nova: + type: compute + description: OpenStack Compute Service v2.1 + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8774 + public_path: '/v2.1/$(project_id)s' + internal_address: ${_param:nova_service_host} + internal_port: 8774 + internal_path: '/v2.1/$(project_id)s' + admin_address: ${_param:nova_service_host} + admin_port: 8774 + admin_path: '/v2.1/$(project_id)s' diff --git a/mcp/reclass/classes/system/keystone/client/service/radosgw-s3.yml b/mcp/reclass/classes/system/keystone/client/service/radosgw-s3.yml new file mode 100644 index 000000000..06d82991b --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/radosgw-s3.yml @@ -0,0 +1,31 @@ +parameters: + _param: + cluster_public_protocol: https + radosgw_s3_cluster_port: 8081 + keystone: + client: + server: + identity: + project: + service: + user: + swift: + is_admin: true + password: ${_param:keystone_swift_password} + email: ${_param:admin_email} + service: + radosgw-s3: + type: s3 + description: S3 Service (radosgw) + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: ${_param:radosgw_s3_cluster_port} + public_path: '/' # /$(project_id)s + internal_address: ${_param:radosgw_service_host} + internal_port: ${_param:radosgw_s3_cluster_port} + internal_path: '/' + admin_address: ${_param:radosgw_service_host} + admin_port: ${_param:radosgw_s3_cluster_port} + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/service/radosgw-swift.yml b/mcp/reclass/classes/system/keystone/client/service/radosgw-swift.yml new file mode 100644 index 000000000..9c7547e54 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/radosgw-swift.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + swift: + is_admin: true + password: ${_param:keystone_swift_password} + email: ${_param:admin_email} + service: + radosgw-swift: + type: object-store + description: Swift Service (radosgw) + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8081 + public_path: '/swift/v1' # /$(project_id)s + internal_address: ${_param:radosgw_service_host} + internal_port: 8081 + internal_path: '/swift/v1' + admin_address: ${_param:radosgw_service_host} + admin_port: 8081 + admin_path: '/swift/v1' diff --git a/mcp/reclass/classes/system/keystone/client/service/sahara.yml b/mcp/reclass/classes/system/keystone/client/service/sahara.yml new file mode 100644 index 000000000..84a0b9621 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/sahara.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + sahara: + is_admin: true + password: ${_param:keystone_sahara_password} + email: ${_param:admin_email} + service: + sahara: + type: data-processing + description: Sahara Data Processing + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8386 + public_path: '/v1.1/%(project_id)s' + internal_address: ${_param:sahara_service_host} + internal_port: 8386 + internal_path: '/v1.1/%(project_id)s' + admin_address: ${_param:sahara_service_host} + admin_port: 8386 + admin_path: '/v1.1/%(project_id)s' diff --git a/mcp/reclass/classes/system/keystone/client/service/swift-s3.yml b/mcp/reclass/classes/system/keystone/client/service/swift-s3.yml new file mode 100644 index 000000000..5880487c9 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/swift-s3.yml @@ -0,0 +1,31 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + swift: + is_admin: true + password: ${_param:keystone_swift_password} + email: ${_param:admin_email} + service: + swift-s3: + type: object-store + description: S3 Service (swift) + region: ${_param:openstack_region} + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8080 + public_path: '/v1/AUTH_%(project_id)s' + internal_address: ${_param:swift_service_host} + internal_port: 8080 + internal_path: '/v1/AUTH_%(project_id)s' + admin_address: ${_param:swift_service_host} + admin_port: 8080 + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/service/swift.yml b/mcp/reclass/classes/system/keystone/client/service/swift.yml new file mode 100644 index 000000000..781fab9c6 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/service/swift.yml @@ -0,0 +1,30 @@ +parameters: + _param: + cluster_public_protocol: https + keystone: + client: + server: + identity: + project: + service: + user: + swift: + is_admin: true + password: ${_param:keystone_swift_password} + email: ${_param:admin_email} + service: + swift: + type: object-store + description: Swift Service + endpoints: + - region: ${_param:openstack_region} + public_address: ${_param:cluster_public_host} + public_protocol: ${_param:cluster_public_protocol} + public_port: 8080 + public_path: '/v1/AUTH_%(project_id)s' + internal_address: ${_param:swift_service_host} + internal_port: 8080 + internal_path: '/v1/AUTH_%(project_id)s' + admin_address: ${_param:swift_service_host} + admin_port: 8080 + admin_path: '/' diff --git a/mcp/reclass/classes/system/keystone/client/single.yml b/mcp/reclass/classes/system/keystone/client/single.yml new file mode 100644 index 000000000..6d7a4c689 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/client/single.yml @@ -0,0 +1,40 @@ +classes: +- system.keystone.client.service.cinder +- system.keystone.client.service.cinder2 +- system.keystone.client.service.glance +- system.keystone.client.service.heat +- system.keystone.client.service.heat-cfn +- system.keystone.client.service.keystone +- system.keystone.client.service.neutron +- system.keystone.client.service.nova-ec2 +parameters: + linux: + system: + job: + keystone_job_rotate: + command: '/usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone >> /var/log/key_rotation_log 2>> /var/log/key_rotation_log' + enabled: true + user: root + minute: 0 + keystone: + client: + enabled: true + server: + identity: + admin: + host: ${_param:keystone_service_host} + port: 35357 + token: ${_param:keystone_service_token} + roles: + - admin + - Member + project: + service: + description: "OpenStack Service tenant" + admin: + description: "OpenStack Admin tenant" + user: + admin: + is_admin: true + password: ${_param:keystone_admin_password} + email: ${_param:admin_email} diff --git a/mcp/reclass/classes/system/keystone/server/cluster.yml b/mcp/reclass/classes/system/keystone/server/cluster.yml new file mode 100644 index 000000000..f077faf0d --- /dev/null +++ b/mcp/reclass/classes/system/keystone/server/cluster.yml @@ -0,0 +1,46 @@ +classes: +- service.keystone.server.cluster +- service.keepalived.cluster.single +- system.haproxy.proxy.listen.openstack.keystone +parameters: + keystone: + server: + enabled: true + version: ${_param:keystone_version} + service_token: ${_param:keystone_service_token} + service_tenant: service + admin_tenant: admin + admin_name: admin + admin_password: ${_param:keystone_admin_password} + admin_email: ${_param:admin_email} + bind: + address: ${_param:cluster_local_address} + private_address: ${_param:cluster_vip_address} + private_port: 35357 + public_address: ${_param:cluster_vip_address} + public_port: 5000 + region: ${_param:openstack_region} + database: + engine: mysql + host: ${_param:openstack_database_address} + name: keystone + password: ${_param:mysql_keystone_password} + user: keystone + tokens: + engine: fernet + expiration: 3600 + max_active_keys: 3 + location: /var/lib/keystone/fernet-keys + message_queue: + engine: rabbitmq + members: + - host: ${_param:openstack_message_queue_node01_address} + - host: ${_param:openstack_message_queue_node02_address} + - host: ${_param:openstack_message_queue_node03_address} + user: openstack + password: ${_param:rabbitmq_openstack_password} + virtual_host: '/openstack' + ha_queues: true + auth_methods: + - password + - token diff --git a/mcp/reclass/classes/system/keystone/server/notification/cadf.yml b/mcp/reclass/classes/system/keystone/server/notification/cadf.yml new file mode 100644 index 000000000..dffb278a7 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/server/notification/cadf.yml @@ -0,0 +1,4 @@ +parameters: + keystone: + server: + notification_format: cadf diff --git a/mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml b/mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml new file mode 100644 index 000000000..2cc7e6430 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/server/notification/messagingv2.yml @@ -0,0 +1,6 @@ +parameters: + keystone: + server: + notification: + driver: messagingv2 + topics: "${_param:openstack_notification_topics}" diff --git a/mcp/reclass/classes/system/keystone/server/single.yml b/mcp/reclass/classes/system/keystone/server/single.yml new file mode 100644 index 000000000..aae179f27 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/server/single.yml @@ -0,0 +1,53 @@ +classes: +- service.keystone.server.single +parameters: + _param: + keystone_service_token: token + keystone_admin_password: password + mysql_admin_user: root + mysql_admin_password: password + mysql_keystone_password: password + keystone: + server: + enabled: true + version: ${_param:keystone_version} + service_token: ${_param:keystone_service_token} + service_tenant: service + admin_tenant: admin + admin_name: admin + admin_password: ${_param:keystone_admin_password} + admin_email: ${_param:admin_email} + bind: + address: ${_param:single_address} + private_address: ${_param:single_address} + private_port: 35357 + public_address: ${_param:single_address} + public_port: 5000 + region: ${_param:openstack_region} + database: + engine: mysql + host: ${_param:single_address} + name: keystone + password: ${_param:mysql_keystone_password} + user: keystone + tokens: + engine: fernet + expiration: 3600 + max_active_keys: 3 + location: /var/lib/keystone/fernet-keys + message_queue: + engine: rabbitmq + host: ${_param:single_address} + user: openstack + password: ${_param:rabbitmq_openstack_password} + virtual_host: '/openstack' + ha_queues: true + roles: + - admin + - Member + - image_manager + auth_methods: + - password + - token + database: + host: 127.0.0.1 diff --git a/mcp/reclass/classes/system/keystone/server/websso.yml b/mcp/reclass/classes/system/keystone/server/websso.yml new file mode 100644 index 000000000..0960ccb32 --- /dev/null +++ b/mcp/reclass/classes/system/keystone/server/websso.yml @@ -0,0 +1,15 @@ +classes: +- service.shibboleth.server.cluster +parameters: + keystone: + server: + websso: + protocol: saml2 + remote_id_attribute: Shib-Identity-Provider + federation_driver: keystone.contrib.federation.backends.sql.Federation + trusted_dashboard: + - https://${_param:cluster_public_host}/auth/websso/ + - https://${_param:proxy_vip_host}/auth/websso/ + auth_methods: + - saml2 + - external diff --git a/mcp/reclass/classes/system/keystone/server/wsgi.yml b/mcp/reclass/classes/system/keystone/server/wsgi.yml new file mode 100644 index 000000000..2c8a19deb --- /dev/null +++ b/mcp/reclass/classes/system/keystone/server/wsgi.yml @@ -0,0 +1,19 @@ +classes: +- system.apache.server.single +parameters: + keystone: + server: + service_name: apache2 + apache: + server: + enabled: true + default_mpm: event + site: + keystone: + enabled: true + type: keystone + name: wsgi + host: + name: ${linux:network:fqdn} + modules: + - wsgi |