class roles::keystone {
- $keystone_postgres_password = hkdf('/etc/puppet/secret', "openstack-keystone")
+ Exec { logoutput => 'on_failure' }
- class { 'keystone':
- verbose => true,
- debug => true,
- sql_connection => 'postgresql://keystone:$keystone_postgres_password@bmdb1.debian.org/keystone',
- catalog_type => 'sql',
- admin_token => 'admin_token',
- enabled => false,
+ include roles::openstack::params
+
+ $keystone_dbpass = $roles::openstack::params::keystone_dbpass
+ $admin_token = $roles::openstack::params::admin_token
+ $admin_pass = $roles::openstack::params::admin_pass
+ $rabbit_pass = $roles::openstack::params::rabbit_pass
+
+ class { '::keystone':
+ verbose => true,
+ debug => true,
+ sql_connection => "postgresql://keystone:${keystone_dbpass}@bmdb1.debian.org:5435/keystone",
+ catalog_type => 'sql',
+ admin_token => $admin_token,
+ enabled => false,
+ rabbit_host => undef,
+ rabbit_hosts => ['rapoport.debian.org','rainier.debian.org'],
+ rabbit_password => $rabbit_pass,
+ rabbit_userid => 'openstack',
+ rabbit_virtual_host => '/keystone',
+ memcache_servers => ['localhost:11211'],
+ cache_backend => 'keystone.cache.memcache_pool',
+ admin_endpoint => 'https://openstack.bm.debian.org:35357/',
+ validate_cacert => '/etc/ssl/debian/certs/ca.crt',
+ validate_service => true,
}
- class { 'keystone::roles::admin':
+ class { '::keystone::roles::admin':
email => 'test@puppetlabs.com',
- password => 'ChangeMe',
+ password => $admin_pass,
}
- class { 'keystone::endpoint':
- public_url => "https://${::fqdn}:5000/",
- admin_url => "https://${::fqdn}:35357/",
+ class { '::keystone::endpoint':
+ public_url => 'https://openstack.bm.debian.org:5000/',
+ admin_url => 'https://openstack.bm.debian.org:35357/',
}
- keystone_config { 'ssl/enable': value => true }
-
include apache
- class { 'keystone::wsgi::apache':
- ssl => true
- }
+ class { '::keystone::wsgi::apache':
+ ssl => true,
+ ssl_cert => '/etc/ssl/debian/certs/openstack.bm.debian.org.crt-chained',
+ ssl_key => '/etc/ssl/private/openstack.bm.debian.org.key',
- ssl::service { 'openstack.bm.debian.org':
- notify => Service['apache2'],
}
}
+