X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fkeystone.yaml;h=f3a9cbc494e3bf403ff4445908127bb136bf5d39;hb=2f1bc9d1423b3c97b47d201aa688f14b649d6a28;hp=8a0e750d893b94677c86515a4ea789cbde387931;hpb=6db405e9dfcc5b5f917612aad526e391bdf7e6de;p=apex-tripleo-heat-templates.git diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8a0e750d..f3a9cbc4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Keystone service configured with Puppet @@ -47,6 +47,14 @@ parameters: DefaultPasswords: default: {} type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -55,6 +63,10 @@ parameters: Debug: type: string default: '' + KeystoneDebug: + default: '' + description: Set to True to enable debugging Keystone service. + type: string AdminEmail: default: 'admin@example.com' description: The email for the keystone admin account. @@ -183,11 +195,14 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} EnableInternalTLS: {get_param: EnableInternalTLS} conditions: keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]} + service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']} outputs: role_data: @@ -202,15 +217,15 @@ outputs: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - keystone::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/keystone' - - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo' + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: keystone + password: {get_param: AdminToken} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /keystone + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} @@ -231,7 +246,12 @@ outputs: content: {get_param: KeystoneFernetKey0} '/etc/keystone/fernet-keys/1': content: {get_param: KeystoneFernetKey1} - keystone::debug: {get_param: Debug} + keystone::fernet_replace_keys: false + keystone::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: KeystoneDebug } keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -339,10 +359,15 @@ outputs: horizon::keystone_multidomain_support: true horizon::keystone_default_domain: 'Default' - {} - # Ansible tasks to handle upgrade - upgrade_tasks: - - name: Stop keystone service (running under httpd) - tags: step1 - service: name=httpd state=stopped metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + yaql: + expression: $.data.apache_upgrade + $.data.keystone_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + keystone_upgrade: + - name: Stop keystone service (running under httpd) + tags: step1 + service: name=httpd state=stopped