| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 1 | classes: |
| 2 | - service.keystone.server.cluster |
| 3 | - service.keepalived.cluster.single |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 4 | - system.haproxy.proxy.listen.openstack.keystone |
| Petr Michalec | 8eca205 | 2017-01-16 15:12:26 +0100 | [diff] [blame] | 5 | - system.haproxy.proxy.listen.openstack.keystone.standalone |
| Oleksii Grudev | e4ee26e | 2018-08-14 16:51:23 +0300 | [diff] [blame] | 6 | - system.linux.system.users.keystone |
| Oleksii Grudev | 614facd | 2018-08-20 13:20:29 +0300 | [diff] [blame] | 7 | - system.keystone.server.fernet_rotation.cluster |
| Oleksandr Shyshko | c4dd2d7 | 2018-08-30 18:30:59 +0300 | [diff] [blame] | 8 | - system.salt.minion.cert.mysql.clients.openstack.keystone |
| Oleksandr Bryndzii | a85aeec | 2018-09-12 13:53:36 +0000 | [diff] [blame] | 9 | - system.salt.minion.cert.rabbitmq.clients.openstack.keystone |
| Oleh Hryhorov | ceef60d | 2018-11-02 17:27:36 +0200 | [diff] [blame] | 10 | - system.keystone.client.os_client_config.admin_identity |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 11 | parameters: |
| Daniel Cech | ebf82af | 2017-10-04 16:42:22 +0200 | [diff] [blame] | 12 | _param: |
| danys94 | 4df63fb | 2017-10-05 08:40:10 +0200 | [diff] [blame] | 13 | keystone_tokens_expiration: 3600 |
| Vasyl Saienko | 01eb317 | 2018-07-16 13:44:53 +0300 | [diff] [blame] | 14 | openstack_node_role: primary |
| Oleh Hryhorov | ceef60d | 2018-11-02 17:27:36 +0200 | [diff] [blame] | 15 | keystone_service_protocol: ${_param:cluster_internal_protocol} |
| Andrey Shestakov | 0c7e110 | 2017-08-10 13:39:04 +0300 | [diff] [blame] | 16 | linux: |
| 17 | system: |
| 18 | package: |
| 19 | python-pymysql: |
| 20 | fromrepo: ${_param:openstack_version} |
| 21 | version: latest |
| Jakub Pavlik | fe19b08 | 2018-01-10 15:41:21 +0100 | [diff] [blame] | 22 | python-cryptography: |
| 23 | fromrepo: ${_param:openstack_version} |
| 24 | version: latest |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 25 | keystone: |
| 26 | server: |
| 27 | enabled: true |
| 28 | version: ${_param:keystone_version} |
| 29 | service_token: ${_param:keystone_service_token} |
| 30 | service_tenant: service |
| 31 | admin_tenant: admin |
| 32 | admin_name: admin |
| 33 | admin_password: ${_param:keystone_admin_password} |
| 34 | admin_email: ${_param:admin_email} |
| Vasyl Saienko | 01eb317 | 2018-07-16 13:44:53 +0300 | [diff] [blame] | 35 | role: ${_param:openstack_node_role} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 36 | bind: |
| 37 | address: ${_param:cluster_local_address} |
| 38 | private_address: ${_param:cluster_vip_address} |
| 39 | private_port: 35357 |
| 40 | public_address: ${_param:cluster_vip_address} |
| 41 | public_port: 5000 |
| 42 | region: ${_param:openstack_region} |
| 43 | database: |
| 44 | engine: mysql |
| 45 | host: ${_param:openstack_database_address} |
| 46 | name: keystone |
| 47 | password: ${_param:mysql_keystone_password} |
| 48 | user: keystone |
| Oleksandr Shyshko | c4dd2d7 | 2018-08-30 18:30:59 +0300 | [diff] [blame] | 49 | x509: |
| 50 | enabled: ${_param:openstack_mysql_x509_enabled} |
| 51 | ca_file: ${_param:mysql_keystone_ssl_ca_file} |
| 52 | key_file: ${_param:mysql_keystone_client_ssl_key_file} |
| 53 | cert_file: ${_param:mysql_keystone_client_ssl_cert_file} |
| 54 | ssl: |
| 55 | enabled: ${_param:galera_ssl_enabled} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 56 | tokens: |
| 57 | engine: fernet |
| danys94 | 4df63fb | 2017-10-05 08:40:10 +0200 | [diff] [blame] | 58 | expiration: ${_param:keystone_tokens_expiration} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 59 | max_active_keys: 3 |
| 60 | location: /var/lib/keystone/fernet-keys |
| Andrey Shestakov | 9490db9 | 2017-06-15 17:17:37 +0300 | [diff] [blame] | 61 | credential: |
| 62 | location: /var/lib/keystone/credential-keys |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 63 | message_queue: |
| Oleksandr Shyshko | 3d1dd6f | 2018-09-20 18:22:04 +0300 | [diff] [blame] | 64 | port: ${_param:openstack_rabbitmq_port} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 65 | engine: rabbitmq |
| Damian Szeluga | 2267303 | 2017-04-19 13:55:25 +0200 | [diff] [blame] | 66 | members: |
| 67 | - host: ${_param:openstack_message_queue_node01_address} |
| 68 | - host: ${_param:openstack_message_queue_node02_address} |
| 69 | - host: ${_param:openstack_message_queue_node03_address} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 70 | user: openstack |
| 71 | password: ${_param:rabbitmq_openstack_password} |
| 72 | virtual_host: '/openstack' |
| Damian Szeluga | 2267303 | 2017-04-19 13:55:25 +0200 | [diff] [blame] | 73 | ha_queues: true |
| Oleksandr Bryndzii | a85aeec | 2018-09-12 13:53:36 +0000 | [diff] [blame] | 74 | x509: |
| 75 | enabled: ${_param:openstack_rabbitmq_x509_enabled} |
| 76 | ca_file: ${_param:rabbitmq_keystone_ssl_ca_file} |
| 77 | key_file: ${_param:rabbitmq_keystone_client_ssl_key_file} |
| 78 | cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file} |
| 79 | ssl: |
| 80 | enabled: ${_param:rabbitmq_ssl_enabled} |
| Petr Michalec | e710384 | 2017-02-02 07:21:01 +0100 | [diff] [blame] | 81 | auth_methods: |
| 82 | - password |
| 83 | - token |