Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / a07d61fb6a9dc0d53256e8b3c5ed7d2e89a0d591 / . / keystone / server / cluster.yml
blob: 16ec57ab67b93ab4cd3121fdfa1e103b75ae791d [file] [log] [blame]
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]1classes:
2- service.keystone.server.cluster
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]3- system.keystone.upgrade
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]4- service.keepalived.cluster.single
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]5- system.haproxy.proxy.listen.openstack.keystone
Petr Michalec8eca2052017-01-16 15:12:26 +0100[diff] [blame]6- system.haproxy.proxy.listen.openstack.keystone.standalone
Oleksii Grudeve4ee26e2018-08-14 16:51:23 +0300[diff] [blame]7- system.linux.system.users.keystone
sgarbuzf5f1f362019-06-26 13:47:01 +0300[diff] [blame]8# Add os-ctl-vip address to ctl nodes PROD-31397
9- system.linux.network.hosts.openstack
Oleksii Grudev614facd2018-08-20 13:20:29 +0300[diff] [blame]10- system.keystone.server.fernet_rotation.cluster
Oleksandr Shyshkoc4dd2d72018-08-30 18:30:59 +0300[diff] [blame]11- system.salt.minion.cert.mysql.clients.openstack.keystone
Oleksandr Bryndziia85aeec2018-09-12 13:53:36 +0000[diff] [blame]12- system.salt.minion.cert.rabbitmq.clients.openstack.keystone
Oleh Hryhorovceef60d2018-11-02 17:27:36 +0200[diff] [blame]13- system.keystone.client.os_client_config.admin_identity
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]14parameters:
Daniel Cechebf82af2017-10-04 16:42:22 +0200[diff] [blame]15 _param:
Vasyl Saienko01eb3172018-07-16 13:44:53 +0300[diff] [blame]16 openstack_node_role: primary
Oleh Hryhorovceef60d2018-11-02 17:27:36 +0200[diff] [blame]17 keystone_service_protocol: ${_param:cluster_internal_protocol}
Andrey Shestakov0c7e1102017-08-10 13:39:04 +0300[diff] [blame]18 linux:
19 system:
20 package:
21 python-pymysql:
22 fromrepo: ${_param:openstack_version}
23 version: latest
Jakub Pavlikfe19b082018-01-10 15:41:21 +0100[diff] [blame]24 python-cryptography:
25 fromrepo: ${_param:openstack_version}
26 version: latest
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]27 keystone:
28 server:
29 enabled: true
30 version: ${_param:keystone_version}
31 service_token: ${_param:keystone_service_token}
32 service_tenant: service
33 admin_tenant: admin
34 admin_name: admin
35 admin_password: ${_param:keystone_admin_password}
36 admin_email: ${_param:admin_email}
Vasyl Saienko01eb3172018-07-16 13:44:53 +0300[diff] [blame]37 role: ${_param:openstack_node_role}
Vasyl Saienko7d0455d2018-12-06 14:43:56 +0200[diff] [blame]38 admin_region: ${_param:openstack_region}
39 region: ${_param:openstack_region}
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]40 bind:
41 address: ${_param:cluster_local_address}
sgarbuz89244092019-04-17 12:51:37 +0300[diff] [blame]42 private_address: ${_param:openstack_service_host}
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]43 private_port: 35357
44 public_address: ${_param:cluster_vip_address}
45 public_port: 5000
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]46 database:
47 engine: mysql
48 host: ${_param:openstack_database_address}
49 name: keystone
50 password: ${_param:mysql_keystone_password}
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]51 user: ${_param:mysql_keystone_username}
Oleksandr Shyshkoc4dd2d72018-08-30 18:30:59 +0300[diff] [blame]52 x509:
53 enabled: ${_param:openstack_mysql_x509_enabled}
54 ca_file: ${_param:mysql_keystone_ssl_ca_file}
55 key_file: ${_param:mysql_keystone_client_ssl_key_file}
56 cert_file: ${_param:mysql_keystone_client_ssl_cert_file}
57 ssl:
58 enabled: ${_param:galera_ssl_enabled}
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]59 tokens:
60 engine: fernet
danys944df63fb2017-10-05 08:40:10 +0200[diff] [blame]61 expiration: ${_param:keystone_tokens_expiration}
Oleksandr Bryndzii79b89682019-02-27 14:23:23 +0200[diff] [blame]62 max_active_keys: ${_param:keystone_tokens_max_active_keys}
63 allow_expired_window: ${_param:keystone_tokens_allow_expired_window}
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]64 location: /var/lib/keystone/fernet-keys
Andrey Shestakov9490db92017-06-15 17:17:37 +0300[diff] [blame]65 credential:
66 location: /var/lib/keystone/credential-keys
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]67 message_queue:
Oleksandr Shyshko3d1dd6f2018-09-20 18:22:04 +0300[diff] [blame]68 port: ${_param:openstack_rabbitmq_port}
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]69 engine: rabbitmq
Oleksandr Shyshko613e04e2019-08-07 12:08:51 +0300[diff] [blame]70 use_vip_address: ${_param:openstack_rabbitmq_standalone_mode}
71 host: ${_param:openstack_message_queue_address}
Damian Szeluga22673032017-04-19 13:55:25 +0200[diff] [blame]72 members:
73 - host: ${_param:openstack_message_queue_node01_address}
74 - host: ${_param:openstack_message_queue_node02_address}
75 - host: ${_param:openstack_message_queue_node03_address}
Ondrej Smola03ff34e2016-12-01 01:30:33 +0100[diff] [blame]76 user: openstack
77 password: ${_param:rabbitmq_openstack_password}
78 virtual_host: '/openstack'
Damian Szeluga22673032017-04-19 13:55:25 +0200[diff] [blame]79 ha_queues: true
Oleksandr Bryndziia85aeec2018-09-12 13:53:36 +0000[diff] [blame]80 x509:
81 enabled: ${_param:openstack_rabbitmq_x509_enabled}
82 ca_file: ${_param:rabbitmq_keystone_ssl_ca_file}
83 key_file: ${_param:rabbitmq_keystone_client_ssl_key_file}
84 cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file}
85 ssl:
86 enabled: ${_param:rabbitmq_ssl_enabled}
Petr Michalece7103842017-02-02 07:21:01 +0100[diff] [blame]87 auth_methods:
88 - password
89 - token