| classes: |
| - system.keystone.client.os_client_config.admin_identity |
| - system.keystone.client.service.cinder |
| - system.keystone.client.service.cinder2 |
| - system.keystone.client.service.cinder3 |
| - system.keystone.client.service.glance |
| - system.keystone.client.service.heat |
| - system.keystone.client.service.heat-cfn |
| - system.keystone.client.service.keystone |
| - system.keystone.client.service.neutron |
| parameters: |
| _param: |
| keystone_service_protocol: http |
| ###TODO: the section below should be removed in the future together with same related changes in cookiecutter-templates (control_init.yml) |
| linux: |
| system: |
| job: |
| keystone_job_rotate: |
| command: '/usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone >> /var/log/key_rotation_log 2>> /var/log/key_rotation_log' |
| enabled: false |
| user: root |
| minute: 0 |
| keystone: |
| client: |
| enabled: true |
| server: |
| identity: |
| admin: |
| host: ${_param:keystone_service_host} |
| port: 35357 |
| token: ${_param:keystone_service_token} |
| protocol: ${_param:keystone_service_protocol} |
| roles: |
| - admin |
| - Member |
| project: |
| service: |
| description: "OpenStack Service tenant" |
| admin: |
| description: "OpenStack Admin tenant" |
| user: |
| admin: |
| is_admin: true |
| password: ${_param:keystone_admin_password} |
| email: ${_param:admin_email} |
| options: ${_param:openstack_service_user_options} |
| admin_identity: |
| admin: |
| user: admin |
| password: ${_param:keystone_admin_password} |
| project: admin |
| host: ${_param:keystone_service_host} |
| port: 5000 |
| region_name: ${_param:openstack_region} |
| use_keystoneauth: true |
| protocol: ${_param:keystone_service_protocol} |