openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
openstack-ansible-os_keystone/templates/keystone.conf.j2
Dmitriy Rabotyagov 1f4d83ef84 Add variable to globally control notifications enablement and disable RPC 
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.

Presence of ceilometer is still respected by default and being referenced.

Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.

This change also disables RPC communication for Glance since there's
no signs of RPC usage in Glance code. RabbitMQ seems to be used solely
for notifications

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I92b95acc5ec35468cafe041b277ef9fb3c21c2e4
2024-04-24 11:47:12 +02:00

170 lines
6.2 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
[DEFAULT]
use_journal = True
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
{% if keystone_public_endpoint is defined %}
public_endpoint = {{ keystone_public_endpoint }}
{% endif %}
fatal_deprecations = {{ keystone_fatal_deprecations }}
{% if keystone_sp != {} and (keystone_sp.cadf_notifications is defined) and (keystone_sp.cadf_notifications | bool) %}
{% set cadf_notifications = true %}
{% else %}
{% set cadf_notifications = false %}
{% endif %}
{% if cadf_notifications | bool %}
notification_format = cadf
{% if keystone_sp.cadf_notifications_opt_out is defined %}
{% for opt_out in keystone_sp.cadf_notifications_opt_out %}
notification_opt_out = {{ opt_out }}
{% endfor %}
{% endif %}
{% endif %}
{% if keystone_oslomsg_rpc_configure %}
## Oslo.Messaging RPC
transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _keystone_oslomsg_rpc_vhost_conf }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[oslo_messaging_rabbit]
rabbit_quorum_queue = {{ keystone_oslomsg_rabbit_quorum_queues }}
rabbit_quorum_delivery_limit = {{ keystone_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ keystone_oslomsg_rabbit_quorum_max_memory_bytes }}
{% endif %}
[oslo_messaging_notifications]
{% if keystone_oslomsg_notify_configure | bool %}
driver = messagingv2
{% set notification_driver = true %}
{% endif %}
{% if cadf_notifications | bool %}
driver = log
{% set notification_driver = true %}
{% endif %}
{% if notification_driver is not defined or notification_driver == false | bool %}
driver = noop
{% endif %}
transport_url = {{ keystone_oslomsg_notify_transport }}://{% for host in keystone_oslomsg_notify_servers.split(',') %}{{ keystone_oslomsg_notify_userid }}:{{ keystone_oslomsg_notify_password }}@{{ host }}:{{ keystone_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _keystone_oslomsg_notify_vhost_conf }}{% if keystone_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_notify_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
{% if keystone_cache_servers | length > 0 %}
[cache]
backend = {{ keystone_cache_backend }}
{% if keystone_cache_backend in keystone_cache_backend_map['dogpile'] %}
# FIXME(lbragstad): Some strange behaviors have been reported when using
# multiple memcached instances with backend_argument. This has been documented
# in https://bugs.launchpad.net/oslo.cache/+bug/1743036
# For the time being, memcache_servers works with a single memcached instance
# and multiple instances.
memcache_servers = {{ keystone_cache_servers | join(',') }}
{% endif %}
config_prefix = cache.keystone
enabled = true
{% endif %}
[revoke]
driver = {{ keystone_revocation_driver }}
expiration_buffer = {{ keystone_revocation_expiration_buffer }}
cache_time = {{ keystone_revocation_cache_time }}
[auth]
methods = {{ keystone_auth_methods }}{% if keystone_sp_apache_mod_shib %},saml2{% endif %}{% if keystone_sp_apache_mod_auth_openidc %},openid{% endif %}
{% if keystone_database_enabled | bool %}
[database]
connection = {{ keystone_database_connection_string }}
max_overflow = {{ keystone_db_max_overflow }}
max_pool_size = {{ keystone_db_max_pool_size }}
pool_timeout = {{ keystone_db_pool_timeout }}
connection_recycle_time = {{ keystone_db_connection_recycle_time }}
{% endif %}
{% if 'fernet' in keystone_token_provider %}
[fernet_tokens]
key_repository = {{ keystone_fernet_tokens_key_repository }}
max_active_keys = {{ keystone_fernet_tokens_max_active_keys }}
{% endif %}
[identity]
{% if keystone_ldap.Default is not defined %}
driver = sql
{% endif %}
{% if keystone_ldap | length > 0 %}
domain_config_dir = {{ keystone_ldap_domain_config_dir }}
domain_specific_drivers_enabled = True
{% endif %}
[assignment]
driver = {{ keystone_assignment_driver }}
[resource]
cache_time = {{ keystone_resource_cache_time }}
driver = {{ keystone_resource_driver }}
[token]
enforce_token_bind = permissive
expiration = {{ keystone_token_expiration }}
cache_time = {{ keystone_token_cache_time }}
provider = {{ keystone_token_provider }}
{% if keystone_idp != {} %}
[saml]
certfile = "{{ keystone_idp.certfile }}"
keyfile = "{{ keystone_idp.keyfile }}"
idp_entity_id = "{{ keystone_idp.idp_entity_id }}"
idp_sso_endpoint = "{{ keystone_idp.idp_sso_endpoint }}"
idp_metadata_path = "{{ keystone_idp.idp_metadata_path }}"
{% if keystone_idp.organization_name is defined %}
idp_organization_name = {{ keystone_idp.organization_name }}
{% endif %}
{% if keystone_idp.organization_display_name is defined %}
idp_organization_display_name = {{ keystone_idp.organization_display_name }}
{% endif %}
{% if keystone_idp.organization_url is defined %}
idp_organization_url = {{ keystone_idp.organization_url }}
{% endif %}
{% if keystone_idp.contact_company is defined %}
idp_contact_company = {{ keystone_idp.contact_company }}
{% endif %}
{% if keystone_idp.contact_name is defined %}
idp_contact_name = {{ keystone_idp.contact_name }}
{% endif %}
{% if keystone_idp.contact_surname is defined %}
idp_contact_surname = {{ keystone_idp.contact_surname }}
{% endif %}
{% if keystone_idp.contact_email is defined %}
idp_contact_email = {{ keystone_idp.contact_email }}
{% endif %}
{% if keystone_idp.contact_telephone is defined %}
idp_contact_telephone = {{ keystone_idp.contact_telephone }}
{% endif %}
{% if keystone_idp.contact_type is defined %}
idp_contact_type = {{ keystone_idp.contact_type }}
{% endif %}
{% endif %}
[credential]
key_repository = {{ keystone_credential_key_repository }}
{% if keystone_sp != {} %}
[federation]
{% if keystone_sp_apache_mod_auth_openidc %}
remote_id_attribute = HTTP_OIDC_ISS
{% elif keystone_sp_apache_mod_shib %}
remote_id_attribute = Shib-Identity-Provider
{% endif %}
{% if keystone_sp.trusted_dashboard_list is defined %}
{% for item in keystone_sp.trusted_dashboard_list %}
trusted_dashboard = {{ item }}
{% endfor %}
{% endif %}
{% endif %}
View Git Blame Copy Permalink