X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Froles%2Fmanifests%2Fkeystone.pp;h=e265e541a990554443955e167747a2ac9ed9ef18;hb=52e13a709b5b959cd8995e7fa4f1b226bbe13a87;hp=92642b3491f1394f5cb3352d0bc63cc809875e36;hpb=01c3a799eaa0ce9e9a465c78da4b2897a49db934;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/keystone.pp b/modules/roles/manifests/keystone.pp
index 92642b349..e265e541a 100644
--- a/modules/roles/manifests/keystone.pp
+++ b/modules/roles/manifests/keystone.pp
@@ -1,32 +1,47 @@
 class roles::keystone {
 
-	$keystone_postgres_password = hkdf('/etc/puppet/secret', "openstack-keystone")
+	Exec { logoutput => 'on_failure' }
 
-	class { 'keystone':
-		verbose        => true,
-		debug          => true,
-		sql_connection => 'postgresql://keystone:$keystone_postgres_password@bmdb1.debian.org/keystone',
-		catalog_type   => 'sql',
-		admin_token    => 'admin_token',
-		enabled        => false,
+	include roles::openstack::params
+
+	$keystone_dbpass = $roles::openstack::params::keystone_dbpass
+	$admin_token     = $roles::openstack::params::admin_token
+	$admin_pass      = $roles::openstack::params::admin_pass
+	$rabbit_pass     = $roles::openstack::params::rabbit_pass
+
+	class { '::keystone':
+		verbose             => true,
+		debug               => true,
+		sql_connection      => "postgresql://keystone:${keystone_dbpass}@bmdb1.debian.org:5435/keystone",
+		catalog_type        => 'sql',
+		admin_token         => $admin_token,
+		enabled             => false,
+		rabbit_host         => undef,
+		rabbit_hosts        => ['rapoport.debian.org','rainier.debian.org'],
+		rabbit_password     => $rabbit_pass,
+		rabbit_userid       => 'openstack',
+		rabbit_virtual_host => '/keystone',
+		memcache_servers    => ['localhost:11211'],
+		cache_backend       => 'keystone.cache.memcache_pool',
+		admin_endpoint      => 'https://openstack.bm.debian.org:35357/',
+		validate_cacert     => '/etc/ssl/debian/certs/ca.crt',
+		validate_service    => true,
 	}
-	class { 'keystone::roles::admin':
+	class { '::keystone::roles::admin':
 		email    => 'test@puppetlabs.com',
-		password => 'ChangeMe',
+		password => $admin_pass,
 	}
-	class { 'keystone::endpoint':
-		public_url => "https://${::fqdn}:5000/",
-		admin_url  => "https://${::fqdn}:35357/",
+	class { '::keystone::endpoint':
+		public_url => 'https://openstack.bm.debian.org:5000/',
+		admin_url  => 'https://openstack.bm.debian.org:35357/',
 	}
 
-	keystone_config { 'ssl/enable': value => true }
-
 	include apache
-	class { 'keystone::wsgi::apache':
-		ssl => true
-	}
+	class { '::keystone::wsgi::apache':
+		ssl      => true,
+		ssl_cert => '/etc/ssl/debian/certs/openstack.bm.debian.org.crt-chained',
+		ssl_key  => '/etc/ssl/private/openstack.bm.debian.org.key',
 
-	ssl::service { 'openstack.bm.debian.org':
-		notify => Service['apache2'],
 	}
 }
+