blob: abb818894a86fe79f349c20fb90150b5993b33e5 [file] [log] [blame]
classes:
- service.keystone.server.cluster
- system.keystone.upgrade
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
- system.linux.system.users.keystone
# Add os-ctl-vip address to ctl nodes PROD-31397
- system.linux.network.hosts.openstack
- system.keystone.server.fernet_rotation.cluster
- system.salt.minion.cert.mysql.clients.openstack.keystone
- system.salt.minion.cert.rabbitmq.clients.openstack.keystone
- system.keystone.client.os_client_config.admin_identity
parameters:
_param:
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
system:
package:
python-pymysql:
fromrepo: ${_param:openstack_version}
version: latest
python-cryptography:
fromrepo: ${_param:openstack_version}
version: latest
keystone:
server:
enabled: true
version: ${_param:keystone_version}
service_token: ${_param:keystone_service_token}
service_tenant: service
admin_tenant: admin
admin_name: admin
admin_password: ${_param:keystone_admin_password}
admin_email: ${_param:admin_email}
role: ${_param:openstack_node_role}
admin_region: ${_param:openstack_region}
region: ${_param:openstack_region}
bind:
address: ${_param:cluster_local_address}
private_address: ${_param:openstack_service_host}
private_port: 35357
public_address: ${_param:cluster_vip_address}
public_port: 5000
database:
engine: mysql
host: ${_param:openstack_database_address}
name: keystone
password: ${_param:mysql_keystone_password}
user: keystone
x509:
enabled: ${_param:openstack_mysql_x509_enabled}
ca_file: ${_param:mysql_keystone_ssl_ca_file}
key_file: ${_param:mysql_keystone_client_ssl_key_file}
cert_file: ${_param:mysql_keystone_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
tokens:
engine: fernet
expiration: ${_param:keystone_tokens_expiration}
max_active_keys: ${_param:keystone_tokens_max_active_keys}
allow_expired_window: ${_param:keystone_tokens_allow_expired_window}
location: /var/lib/keystone/fernet-keys
credential:
location: /var/lib/keystone/credential-keys
message_queue:
port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
- host: ${_param:openstack_message_queue_node03_address}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
ha_queues: true
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_keystone_ssl_ca_file}
key_file: ${_param:rabbitmq_keystone_client_ssl_key_file}
cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
auth_methods:
- password
- token