X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fkeystone.yaml;h=57e3286a6d5aab8b6212c92069af995447e806f4;hb=490e237f09d2c685903b173d3fd94efc450a9cb2;hp=7262e47848f6962674da8f8301702e8df945b9de;hpb=16cae1759fe5606d15a33d31f962ca757f499e1e;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 7262e478..57e3286a 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -63,6 +63,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  KeystoneDebug:
+    default: ''
+    description: Set to True to enable debugging Keystone service.
+    type: string
   AdminEmail:
     default: 'admin@example.com'
     description: The email for the keystone admin account.
@@ -109,10 +113,15 @@ parameters:
     description: The second Keystone credential key. Must be a valid key.
   KeystoneFernetKey0:
     type: string
-    description: The first Keystone fernet key. Must be a valid key.
+    default: ''
+    description: (DEPRECATED) The first Keystone fernet key. Must be a valid key.
   KeystoneFernetKey1:
     type: string
-    description: The second Keystone fernet key. Must be a valid key.
+    default: ''
+    description: (DEPRECATED) The second Keystone fernet key. Must be a valid key.
+  KeystoneFernetKeys:
+    type: json
+    description: Mapping containing keystone's fernet keys and their paths.
   KeystoneLoggingSource:
     type: json
     default:
@@ -183,6 +192,17 @@ parameters:
     default: {}
     hidden: true
 
+parameter_groups:
+- label: deprecated
+  description: |
+   The following parameters are deprecated and will be removed. They should not
+   be relied on for new deployments. If you have concerns regarding deprecated
+   parameters, please contact the TripleO development team on IRC or the
+   OpenStack mailing list.
+  parameters:
+  - KeystoneFernetKey0
+  - KeystoneFernetKey1
+
 resources:
 
   ApacheServiceBase:
@@ -198,6 +218,7 @@ resources:
 conditions:
   keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
   keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
+  service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
 
 outputs:
   role_data:
@@ -236,13 +257,13 @@ outputs:
                 content: {get_param: KeystoneCredential0}
               '/etc/keystone/credential-keys/1':
                 content: {get_param: KeystoneCredential1}
-            keystone::fernet_keys:
-              '/etc/keystone/fernet-keys/0':
-                content: {get_param: KeystoneFernetKey0}
-              '/etc/keystone/fernet-keys/1':
-                content: {get_param: KeystoneFernetKey1}
+            keystone::fernet_keys: {get_param: KeystoneFernetKeys}
             keystone::fernet_replace_keys: false
-            keystone::debug: {get_param: Debug}
+            keystone::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: KeystoneDebug }
             keystone::rabbit_userid: {get_param: RabbitUserName}
             keystone::rabbit_password: {get_param: RabbitPassword}
             keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}