Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Add sahara service support for composable upgrades"
[apex-tripleo-heat-templates.git] / puppet / services / keystone.yaml
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 48e81e7..434f0a3 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -113,6 +113,51 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  KeystoneCronTokenFlushEnsure:
+    type: string
+    description: >
+        Cron to purge expired tokens - Ensure
+    default: 'present'
+  KeystoneCronTokenFlushMinute:
+    type: string
+    description: >
+        Cron to purge expired tokens - Minute
+    default: '1'
+  KeystoneCronTokenFlushHour:
+    type: string
+    description: >
+        Cron to purge expired tokens - Hour
+    default: '0'
+  KeystoneCronTokenFlushMonthday:
+    type: string
+    description: >
+        Cron to purge expired tokens - Month Day
+    default: '*'
+  KeystoneCronTokenFlushMonth:
+    type: string
+    description: >
+        Cron to purge expired tokens - Month
+    default: '*'
+  KeystoneCronTokenFlushWeekday:
+    type: string
+    description: >
+        Cron to purge expired tokens - Week Day
+    default: '*'
+  KeystoneCronTokenFlushMaxDelay:
+    type: string
+    description: >
+        Cron to purge expired tokens - Max Delay
+    default: '0'
+  KeystoneCronTokenFlushDestination:
+    type: string
+    description: >
+        Cron to purge expired tokens - Log destination
+    default: '/var/log/keystone/keystone-tokenflush.log'
+  KeystoneCronTokenFlushUser:
+    type: string
+    description: >
+        Cron to purge expired tokens - User
+    default: 'keystone'
 
 resources:
 
@@ -148,6 +193,8 @@ outputs:
                   - '@'
                   - {get_param: [EndpointMap, MysqlInternal, host]}
                   - '/keystone'
+                  - '?bind_address='
+                  - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
             keystone::admin_token: {get_param: AdminToken}
             keystone::admin_password: {get_param: AdminPassword}
             keystone::roles::admin::password: {get_param: AdminPassword}
@@ -237,6 +284,16 @@ outputs:
             # NOTE: this applies to all 2 bind IP settings below...
             keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
             keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+            keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
+            keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
+            keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
+            keystone::cron::token_flush::monthday: {get_param: KeystoneCronTokenFlushMonthday}
+            keystone::cron::token_flush::month: {get_param: KeystoneCronTokenFlushMonth}
+            keystone::cron::token_flush::weekday: {get_param: KeystoneCronTokenFlushWeekday}
+            keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay}
+            keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination}
+            keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser}
+
       step_config: |
         include ::tripleo::profile::base::keystone
       service_config_settings:
@@ -256,6 +313,3 @@ outputs:
         - name: Sync keystone DB
           tags: step5
           command: keystone-manage db_sync
-        - name: Start keystone service (running under httpd)
-          tags: step6
-          service: name=httpd state=started