-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Keystone service configured with Puppet
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ KeystoneTokenProvider:
+ description: The keystone token format
+ type: string
+ default: 'uuid'
+ constraints:
+ - allowed_values: ['uuid', 'fernet']
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
KeystoneWorkers:
type: string
description: Set the number of workers for keystone::wsgi::apache
- default: '"%{::processorcount}"'
+ default: '"%{::os_workers}"'
MonitoringSubscriptionKeystone:
- default: 'overcloud-kestone'
+ default: 'overcloud-keystone'
type: string
KeystoneCredential0:
type: string
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
+conditions:
+ keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+
outputs:
role_data:
description: Role data for the Keystone role.
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
+ keystone::admin_password: {get_param: AdminPassword}
keystone::roles::admin::password: {get_param: AdminPassword}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::token_provider: {get_param: KeystoneTokenProvider}
+ keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
keystone::enable_proxy_headers_parsing: true
keystone::enable_credential_setup: true
keystone::credential_keys: