treasuremap/global/software/charts/osh/openstack-keystone/keystone.yaml

282 lines
7.4 KiB
YAML

---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: keystone
labels:
name: keystone-global
component: keystone
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.keystone
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.keystone
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.keystone_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
# Service Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.oslo_messaging.keystone
dest:
path: .values.endpoints.oslo_messaging.auth.keystone
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.keystone
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.keystone.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.keystone.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
data:
chart_name: keystone
release: keystone
namespace: openstack
wait:
timeout: 900
labels:
release_group: airship-keystone
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: airship-keystone
post:
create: []
values:
bootstrap:
script: |
openstack role create --or-show _member_
openstack role add \
--user="${OS_USERNAME}" \
--user-domain="${OS_USER_DOMAIN_NAME}" \
--project-domain="${OS_PROJECT_DOMAIN_NAME}" \
--project="${OS_PROJECT_NAME}" \
"_member_"
#NOTE(portdirect): required for all users who operate heat stacks
openstack role create --or-show heat_stack_owner
openstack role add \
--user="${OS_USERNAME}" \
--user-domain="${OS_USER_DOMAIN_NAME}" \
--project-domain="${OS_PROJECT_DOMAIN_NAME}" \
--project="${OS_PROJECT_NAME}" \
"heat_stack_owner"
conf:
logging:
loggers:
keys:
- root
- keystone
handlers:
keys:
- stdout
- stderr
- 'null'
- fluent
formatters:
keys:
- context
- default
- fluent
logger_root:
level: WARNING
handlers: 'null'
logger_keystone:
level: INFO
handlers:
- stdout
- fluent
qualname: keystone
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
handler_fluent:
class: fluent.handler.FluentHandler
args: ('openstack.keystone', 'fluentd-logging.osh-infra', 24224)
formatter: fluent
formatter_fluent:
class: oslo_log.formatters.FluentFormatter
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
keystone:
identity:
driver: sql
default_domain_id: default
domain_specific_drivers_enabled: True
domain_configurations_from_database: True
domain_config_dir: /etc/keystonedomains
pod:
replicas:
api: 2
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- keystone-htk
...
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: keystone-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.keystone-htk
dest:
path: .source
data:
chart_name: keystone-htk
release: keystone-htk
namespace: keystone-htk
values: {}
dependencies: []
...