Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Configure the Keystone service
- #
- # [*default_domain*]
- # (optional) Define the default domain id.
- # Set to 'undef' for 'Default' domain.
- # Default to undef.
- #
- # [*using_domain_config*]
- # (optional) Eases the use of the keystone_domain_config resource type.
- # It ensures that a directory for holding the domain configuration is present
- # and the associated configuration in keystone.conf is set up right.
- # Defaults to false
- #
- # [*token_provider*]
- # (optional) Define the token provider to use.
- # Default to 'uuid'.
- #
- class camara_openstack::keystone (
- $default_domain = 'Default',
- $using_domain_config = true,
- $token_provider = 'uuid',
- ) {
- include ::camara_openstack::config
- include ::camara_openstack::params
- # NOTE: for the all examples above to work you have to define:
- keystone_domain { 'Default2':
- ensure => present
- }
- if $::camara_openstack::config::ssl {
- openstack_integration::ssl_key { 'keystone':
- notify => Service['httpd'],
- require => Package['keystone'],
- }
- Exec['update-ca-certificates'] ~> Service['httpd']
- }
- if $token_provider == 'fernet' {
- $enable_fernet_setup = true
- } else {
- $enable_fernet_setup = false
- }
- class { '::keystone::client': }
- class { '::keystone::cron::token_flush': }
- class { '::keystone::db::mysql':
- password => 'keystone',
- }
- class { '::keystone':
- debug => true,
- database_connection => 'mysql+pymysql://keystone:[email protected]/keystone',
- admin_token => 'a_big_secret',
- enabled => true,
- service_name => 'httpd',
- default_domain => $default_domain,
- enable_ssl => $::camara_openstack::config::ssl,
- public_bind_host => $::camara_openstack::config::host,
- admin_bind_host => $::camara_openstack::config::host,
- token_provider => $token_provider,
- enable_fernet_setup => $enable_fernet_setup,
- }
- include ::apache
- class { '::keystone::wsgi::apache':
- bind_host => $::camara_openstack::config::ip_for_url,
- ssl => $::camara_openstack::config::ssl,
- ssl_key => "/etc/keystone/ssl/private/${::fqdn}.pem",
- ssl_cert => $::camara_openstack::params::cert_path,
- workers => 2,
- }
- # Workaround to purge Keystone vhost that is provided & activated by default with running
- # Canonical packaging (called 'keystone').
- if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease, '16') >= 0) {
- ensure_resource('file', '/etc/apache2/sites-available/keystone.conf', {
- 'ensure' => 'absent',
- })
- ensure_resource('file', '/etc/apache2/sites-enabled/keystone.conf', {
- 'ensure' => 'absent',
- })
- Package['keystone'] -> File['/etc/apache2/sites-available/keystone.conf']
- -> File['/etc/apache2/sites-enabled/keystone.conf'] ~> Anchor['keystone::install::end']
- }
- class { '::keystone::roles::admin':
- password => 'a_big_secret',
- }
- # class { '::keystone::endpoint':
- # default_domain => $default_domain,
- # public_url => $::camara_openstack::config::keystone_auth_uri,
- # admin_url => $::camara_openstack::config::keystone_admin_uri,
- # }
- # Installs the service user endpoint.
- class { 'keystone::endpoint':
- public_url => 'http://127.0.0.1:5000/v2.0',
- admin_url => 'http://127.0.0.1:35357/v2.0',
- internal_url => 'http://127.0.0.1:5000/v2.0',
- region => 'example-1',
- }
- class { '::openstack_extras::auth_file':
- password => 'a_big_secret',
- auth_url => "${::camara_openstack::config::keystone_auth_uri}/v3/",
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
