Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Permit usage of raw disks as backends for Swift storage"
[apex-tripleo-heat-templates.git] / puppet / services / keystone.yaml
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 48e7487..0a5193d 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
   OpenStack Keystone service configured with Puppet
 
 parameters:
-  KeystoneCACertificate:
-    default: ''
-    description: Keystone self-signed certificate authority certificate.
-    type: string
   KeystoneEnableDBPurge:
     default: true
     description: |
         Whether to create cron job for purging soft deleted rows in Keystone database.
     type: boolean
-  KeystoneSigningCertificate:
-    default: ''
-    description: Keystone certificate for verifying token validity.
-    type: string
-  KeystoneSigningKey:
-    default: ''
-    description: Keystone key for signing tokens.
-    type: string
-    hidden: true
   KeystoneSSLCertificate:
     default: ''
     description: Keystone certificate for verifying token validity.
@@ -45,6 +32,15 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -105,11 +101,9 @@ outputs:
               - '/keystone'
         keystone::admin_token: {get_param: AdminToken}
         keystone::roles::admin::password: {get_param: AdminPassword}
-        keystone_ca_certificate: {get_param: KeystoneCACertificate}
-        keystone_signing_key: {get_param: KeystoneSigningKey}
-        keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
         keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+        keystone::enable_proxy_headers_parsing: true
         keystone::debug: {get_param: Debug}
         keystone::db::mysql::password: {get_param: AdminToken}
         keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -127,7 +121,7 @@ outputs:
         keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
         keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
         keystone::db::mysql::user: keystone
-        keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+        keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
         keystone::db::mysql::dbname: keystone
         keystone::db::mysql::allowed_hosts:
           - '%'
@@ -138,8 +132,6 @@ outputs:
         keystone::roles::admin::admin_tenant: 'admin'
         keystone::cron::token_flush::destination: '/dev/null'
         keystone::config::keystone_config:
-          DEFAULT/secure_proxy_ssl_header:
-            value: 'HTTP_X_FORWARDED_PROTO'
           ec2/driver:
             value: 'keystone.contrib.ec2.backends.sql.Ec2'
         keystone::service_name: 'httpd'
@@ -148,6 +140,8 @@ outputs:
         keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
         # override via extraconfig:
         keystone::wsgi::apache::threads: 1
+        keystone::db::database_db_max_retries: -1
+        keystone::db::database_max_retries: -1
         tripleo.keystone.firewall_rules:
           '111 keystone':
             dport: