1 heat_template_version: 2016-04-08
4 OpenStack Keystone service configured with Puppet
10 Whether to create cron job for purging soft deleted rows in Keystone database.
12 KeystoneSSLCertificate:
14 description: Keystone certificate for verifying token validity.
16 KeystoneSSLCertificateKey:
18 description: Keystone key for signing tokens.
21 KeystoneNotificationDriver:
22 description: Comma-separated list of Oslo notification drivers used by Keystone
23 default: ['messaging']
24 type: comma_delimited_list
25 KeystoneNotificationFormat:
26 description: The Keystone notification format
30 - allowed_values: [ 'basic', 'cadf' ]
34 description: Keystone region for endpoint
37 description: Mapping of service_name -> network name. Typically set
38 via parameter_defaults in the resource registry. This
39 mapping overrides those in ServiceNetMapDefaults.
43 description: Mapping of service endpoint -> protocol. Typically set
44 via parameter_defaults in the resource registry.
50 default: 'admin@example.com'
51 description: The email for the keystone admin account.
55 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
59 description: The keystone auth secret and db password.
63 description: The password for RabbitMQ
68 description: The username for RabbitMQ
73 Rabbit client subscriber parameter to specify
74 an SSL connection to the RabbitMQ host.
78 description: Set rabbit subscriber port, change this if using SSL
82 description: Set the number of workers for keystone::wsgi::apache
83 default: '"%{::processorcount}"'
86 description: Role data for the Keystone role.
88 service_name: keystone
90 keystone::database_connection:
93 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
95 - {get_param: AdminToken}
97 - {get_param: [EndpointMap, MysqlInternal, host]}
99 keystone::admin_token: {get_param: AdminToken}
100 keystone::roles::admin::password: {get_param: AdminPassword}
101 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
102 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
103 keystone::enable_proxy_headers_parsing: true
104 keystone::debug: {get_param: Debug}
105 keystone::db::mysql::password: {get_param: AdminToken}
106 keystone::rabbit_userid: {get_param: RabbitUserName}
107 keystone::rabbit_password: {get_param: RabbitPassword}
108 keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
109 keystone::rabbit_port: {get_param: RabbitClientPort}
110 keystone::notification_driver: {get_param: KeystoneNotificationDriver}
111 keystone::notification_format: {get_param: KeystoneNotificationFormat}
112 keystone::roles::admin::email: {get_param: AdminEmail}
113 keystone::roles::admin::password: {get_param: AdminPassword}
114 keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
115 keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
116 keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
117 keystone::endpoint::region: {get_param: KeystoneRegion}
118 keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
119 keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
120 keystone::db::mysql::user: keystone
121 keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
122 keystone::db::mysql::dbname: keystone
123 keystone::db::mysql::allowed_hosts:
125 - "%{hiera('mysql_bind_host')}"
126 keystone::rabbit_heartbeat_timeout_threshold: 60
127 keystone::cron::token_flush::maxdelay: 3600
128 keystone::roles::admin::service_tenant: 'service'
129 keystone::roles::admin::admin_tenant: 'admin'
130 keystone::cron::token_flush::destination: '/dev/null'
131 keystone::config::keystone_config:
133 value: 'keystone.contrib.ec2.backends.sql.Ec2'
134 keystone::service_name: 'httpd'
135 keystone::wsgi::apache::ssl: false
137 keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
138 # override via extraconfig:
139 keystone::wsgi::apache::threads: 1
140 keystone::db::database_db_max_retries: -1
141 keystone::db::database_max_retries: -1
142 tripleo.keystone.firewall_rules:
150 include ::tripleo::profile::base::keystone