| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 1 | classes: |
| 2 | - service.keystone.server.cluster |
| 3 | - service.keepalived.cluster.single |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 4 | - system.haproxy.proxy.listen.openstack.keystone |
| Petr Michalec | 8eca205 | 2017-01-16 15:12:26 +0100 | [diff] [blame] | 5 | - system.haproxy.proxy.listen.openstack.keystone.standalone |
| Oleksii Grudev | e4ee26e | 2018-08-14 16:51:23 +0300 | [diff] [blame] | 6 | - system.linux.system.users.keystone |
| Oleksii Grudev | 614facd | 2018-08-20 13:20:29 +0300 | [diff] [blame] | 7 | - system.keystone.server.fernet_rotation.cluster |
| Oleksandr Shyshko | c4dd2d7 | 2018-08-30 18:30:59 +0300 | [diff] [blame] | 8 | - system.salt.minion.cert.mysql.clients.openstack.keystone |
| Oleksandr Bryndzii | a85aeec | 2018-09-12 13:53:36 +0000 | [diff] [blame] | 9 | - system.salt.minion.cert.rabbitmq.clients.openstack.keystone |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 10 | parameters: |
| Daniel Cech | ebf82af | 2017-10-04 16:42:22 +0200 | [diff] [blame] | 11 | _param: |
| danys94 | 4df63fb | 2017-10-05 08:40:10 +0200 | [diff] [blame] | 12 | keystone_tokens_expiration: 3600 |
| Vasyl Saienko | 01eb317 | 2018-07-16 13:44:53 +0300 | [diff] [blame] | 13 | openstack_node_role: primary |
| Oleksandr Shyshko | c4dd2d7 | 2018-08-30 18:30:59 +0300 | [diff] [blame] | 14 | openstack_mysql_x509_enabled: False |
| Oleksandr Bryndzii | a85aeec | 2018-09-12 13:53:36 +0000 | [diff] [blame] | 15 | openstack_rabbitmq_x509_enabled: False |
| Oleksandr Shyshko | c4dd2d7 | 2018-08-30 18:30:59 +0300 | [diff] [blame] | 16 | galera_ssl_enabled: False |
| Oleksandr Bryndzii | a85aeec | 2018-09-12 13:53:36 +0000 | [diff] [blame] | 17 | rabbitmq_ssl_enabled: False |
| Andrey Shestakov | 0c7e110 | 2017-08-10 13:39:04 +0300 | [diff] [blame] | 18 | linux: |
| 19 | system: |
| 20 | package: |
| 21 | python-pymysql: |
| 22 | fromrepo: ${_param:openstack_version} |
| 23 | version: latest |
| Jakub Pavlik | fe19b08 | 2018-01-10 15:41:21 +0100 | [diff] [blame] | 24 | python-cryptography: |
| 25 | fromrepo: ${_param:openstack_version} |
| 26 | version: latest |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 27 | keystone: |
| 28 | server: |
| 29 | enabled: true |
| 30 | version: ${_param:keystone_version} |
| 31 | service_token: ${_param:keystone_service_token} |
| 32 | service_tenant: service |
| 33 | admin_tenant: admin |
| 34 | admin_name: admin |
| 35 | admin_password: ${_param:keystone_admin_password} |
| 36 | admin_email: ${_param:admin_email} |
| Vasyl Saienko | 01eb317 | 2018-07-16 13:44:53 +0300 | [diff] [blame] | 37 | role: ${_param:openstack_node_role} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 38 | bind: |
| 39 | address: ${_param:cluster_local_address} |
| 40 | private_address: ${_param:cluster_vip_address} |
| 41 | private_port: 35357 |
| 42 | public_address: ${_param:cluster_vip_address} |
| 43 | public_port: 5000 |
| 44 | region: ${_param:openstack_region} |
| 45 | database: |
| 46 | engine: mysql |
| 47 | host: ${_param:openstack_database_address} |
| 48 | name: keystone |
| 49 | password: ${_param:mysql_keystone_password} |
| 50 | user: keystone |
| Oleksandr Shyshko | c4dd2d7 | 2018-08-30 18:30:59 +0300 | [diff] [blame] | 51 | x509: |
| 52 | enabled: ${_param:openstack_mysql_x509_enabled} |
| 53 | ca_file: ${_param:mysql_keystone_ssl_ca_file} |
| 54 | key_file: ${_param:mysql_keystone_client_ssl_key_file} |
| 55 | cert_file: ${_param:mysql_keystone_client_ssl_cert_file} |
| 56 | ssl: |
| 57 | enabled: ${_param:galera_ssl_enabled} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 58 | tokens: |
| 59 | engine: fernet |
| danys94 | 4df63fb | 2017-10-05 08:40:10 +0200 | [diff] [blame] | 60 | expiration: ${_param:keystone_tokens_expiration} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 61 | max_active_keys: 3 |
| 62 | location: /var/lib/keystone/fernet-keys |
| Andrey Shestakov | 9490db9 | 2017-06-15 17:17:37 +0300 | [diff] [blame] | 63 | credential: |
| 64 | location: /var/lib/keystone/credential-keys |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 65 | message_queue: |
| 66 | engine: rabbitmq |
| Damian Szeluga | 2267303 | 2017-04-19 13:55:25 +0200 | [diff] [blame] | 67 | members: |
| 68 | - host: ${_param:openstack_message_queue_node01_address} |
| 69 | - host: ${_param:openstack_message_queue_node02_address} |
| 70 | - host: ${_param:openstack_message_queue_node03_address} |
| Ondrej Smola | 03ff34e | 2016-12-01 01:30:33 +0100 | [diff] [blame] | 71 | user: openstack |
| 72 | password: ${_param:rabbitmq_openstack_password} |
| 73 | virtual_host: '/openstack' |
| Damian Szeluga | 2267303 | 2017-04-19 13:55:25 +0200 | [diff] [blame] | 74 | ha_queues: true |
| Oleksandr Bryndzii | a85aeec | 2018-09-12 13:53:36 +0000 | [diff] [blame] | 75 | x509: |
| 76 | enabled: ${_param:openstack_rabbitmq_x509_enabled} |
| 77 | ca_file: ${_param:rabbitmq_keystone_ssl_ca_file} |
| 78 | key_file: ${_param:rabbitmq_keystone_client_ssl_key_file} |
| 79 | cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file} |
| 80 | ssl: |
| 81 | enabled: ${_param:rabbitmq_ssl_enabled} |
| Petr Michalec | e710384 | 2017-02-02 07:21:01 +0100 | [diff] [blame] | 82 | auth_methods: |
| 83 | - password |
| 84 | - token |