1 heat_template_version: 2016-04-08
4 OpenStack Keystone service configured with Puppet
9 description: Keystone self-signed certificate authority certificate.
11 KeystoneEnableDBPurge:
14 Whether to create cron job for purging soft deleted rows in Keystone database.
16 KeystoneSigningCertificate:
18 description: Keystone certificate for verifying token validity.
22 description: Keystone key for signing tokens.
25 KeystoneSSLCertificate:
27 description: Keystone certificate for verifying token validity.
29 KeystoneSSLCertificateKey:
31 description: Keystone key for signing tokens.
34 KeystoneNotificationDriver:
35 description: Comma-separated list of Oslo notification drivers used by Keystone
36 default: ['messaging']
37 type: comma_delimited_list
38 KeystoneNotificationFormat:
39 description: The Keystone notification format
43 - allowed_values: [ 'basic', 'cadf' ]
47 description: Keystone region for endpoint
50 description: Mapping of service endpoint -> protocol. Typically set
51 via parameter_defaults in the resource registry.
57 default: 'admin@example.com'
58 description: The email for the keystone admin account.
62 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
66 description: The keystone auth secret and db password.
70 description: The password for RabbitMQ
75 description: The username for RabbitMQ
80 Rabbit client subscriber parameter to specify
81 an SSL connection to the RabbitMQ host.
85 description: Set rabbit subscriber port, change this if using SSL
89 description: Set the number of workers for keystone::wsgi::apache
90 default: '"%{::processorcount}"'
93 description: Role data for the Keystone role.
95 service_name: keystone
97 keystone::database_connection:
100 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
102 - {get_param: AdminToken}
104 - {get_param: [EndpointMap, MysqlInternal, host]}
106 keystone::admin_token: {get_param: AdminToken}
107 keystone::roles::admin::password: {get_param: AdminPassword}
108 keystone_ca_certificate: {get_param: KeystoneCACertificate}
109 keystone_signing_key: {get_param: KeystoneSigningKey}
110 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
111 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
112 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
113 keystone::debug: {get_param: Debug}
114 keystone::db::mysql::password: {get_param: AdminToken}
115 keystone::rabbit_userid: {get_param: RabbitUserName}
116 keystone::rabbit_password: {get_param: RabbitPassword}
117 keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
118 keystone::rabbit_port: {get_param: RabbitClientPort}
119 keystone::notification_driver: {get_param: KeystoneNotificationDriver}
120 keystone::notification_format: {get_param: KeystoneNotificationFormat}
121 keystone::roles::admin::email: {get_param: AdminEmail}
122 keystone::roles::admin::password: {get_param: AdminPassword}
123 keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
124 keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
125 keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
126 keystone::endpoint::region: {get_param: KeystoneRegion}
127 keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
128 keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
129 keystone::db::mysql::user: keystone
130 keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
131 keystone::db::mysql::dbname: keystone
132 keystone::db::mysql::allowed_hosts:
134 - "%{hiera('mysql_bind_host')}"
136 keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
137 # override via extraconfig:
138 keystone::wsgi::apache::threads: 1
140 include ::tripleo::profile::base::keystone