| classes: |
| - service.keystone.server.cluster |
| - service.keepalived.cluster.single |
| - system.haproxy.proxy.listen.openstack.keystone |
| - system.haproxy.proxy.listen.openstack.keystone.standalone |
| - system.linux.system.users.keystone |
| - system.keystone.server.fernet_rotation.cluster |
| parameters: |
| _param: |
| keystone_tokens_expiration: 3600 |
| openstack_node_role: primary |
| linux: |
| system: |
| package: |
| python-pymysql: |
| fromrepo: ${_param:openstack_version} |
| version: latest |
| python-cryptography: |
| fromrepo: ${_param:openstack_version} |
| version: latest |
| keystone: |
| server: |
| enabled: true |
| version: ${_param:keystone_version} |
| service_token: ${_param:keystone_service_token} |
| service_tenant: service |
| admin_tenant: admin |
| admin_name: admin |
| admin_password: ${_param:keystone_admin_password} |
| admin_email: ${_param:admin_email} |
| role: ${_param:openstack_node_role} |
| bind: |
| address: ${_param:cluster_local_address} |
| private_address: ${_param:cluster_vip_address} |
| private_port: 35357 |
| public_address: ${_param:cluster_vip_address} |
| public_port: 5000 |
| region: ${_param:openstack_region} |
| database: |
| engine: mysql |
| host: ${_param:openstack_database_address} |
| name: keystone |
| password: ${_param:mysql_keystone_password} |
| user: keystone |
| tokens: |
| engine: fernet |
| expiration: ${_param:keystone_tokens_expiration} |
| max_active_keys: 3 |
| location: /var/lib/keystone/fernet-keys |
| credential: |
| location: /var/lib/keystone/credential-keys |
| message_queue: |
| engine: rabbitmq |
| members: |
| - host: ${_param:openstack_message_queue_node01_address} |
| - host: ${_param:openstack_message_queue_node02_address} |
| - host: ${_param:openstack_message_queue_node03_address} |
| user: openstack |
| password: ${_param:rabbitmq_openstack_password} |
| virtual_host: '/openstack' |
| ha_queues: true |
| auth_methods: |
| - password |
| - token |