0a24c61e3e
At the moment we don't provide any option rather then use memcached backend. With that we also hardocde list of packages that should be installed inside virtualenv for selected backend. Adding bmemcached requirement to oslo_cache.memcache_pool [1] gives us opportunity to refactor this bit of deployment and allow to be more flexible in backend selection and requirements installation for it. [1] https://review.opendev.org/c/openstack/oslo.cache/+/854628 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/858981/4 Change-Id: I2810208301fb31eeeabf31e4b38add7f8aa3e00b
163 lines
5.9 KiB
Django/Jinja
163 lines
5.9 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
[DEFAULT]
|
|
use_journal = True
|
|
# Disable stderr logging
|
|
use_stderr = False
|
|
debug = {{ debug }}
|
|
{% if keystone_public_endpoint is defined %}
|
|
public_endpoint = {{ keystone_public_endpoint }}
|
|
{% endif %}
|
|
fatal_deprecations = {{ keystone_fatal_deprecations }}
|
|
{% if keystone_sp != {} and (keystone_sp.cadf_notifications is defined) and (keystone_sp.cadf_notifications | bool) %}
|
|
{% set cadf_notifications = true %}
|
|
{% else %}
|
|
{% set cadf_notifications = false %}
|
|
{% endif %}
|
|
{% if cadf_notifications | bool %}
|
|
notification_format = cadf
|
|
{% if keystone_sp.cadf_notifications_opt_out is defined %}
|
|
{% for opt_out in keystone_sp.cadf_notifications_opt_out %}
|
|
notification_opt_out = {{ opt_out }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
## Oslo.Messaging RPC
|
|
transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
[oslo_messaging_notifications]
|
|
{% if keystone_ceilometer_enabled | bool %}
|
|
driver = messagingv2
|
|
{% set notification_driver = true %}
|
|
{% endif %}
|
|
{% if cadf_notifications | bool %}
|
|
driver = log
|
|
{% set notification_driver = true %}
|
|
{% endif %}
|
|
{% if notification_driver is not defined or notification_driver == false | bool %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
transport_url = {{ keystone_oslomsg_notify_transport }}://{% for host in keystone_oslomsg_notify_servers.split(',') %}{{ keystone_oslomsg_notify_userid }}:{{ keystone_oslomsg_notify_password }}@{{ host }}:{{ keystone_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_notify_vhost }}{% if keystone_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_notify_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
{% if keystone_cache_servers | length > 0 %}
|
|
[cache]
|
|
backend = {{ keystone_cache_backend }}
|
|
{% if keystone_cache_backend in keystone_cache_backend_map['dogpile'] %}
|
|
# FIXME(lbragstad): Some strange behaviors have been reported when using
|
|
# multiple memcached instances with backend_argument. This has been documented
|
|
# in https://bugs.launchpad.net/oslo.cache/+bug/1743036
|
|
# For the time being, memcache_servers works with a single memcached instance
|
|
# and multiple instances.
|
|
memcache_servers = {{ keystone_cache_servers | join(',') }}
|
|
{% endif %}
|
|
config_prefix = cache.keystone
|
|
enabled = true
|
|
{% endif %}
|
|
|
|
|
|
[revoke]
|
|
driver = {{ keystone_revocation_driver }}
|
|
expiration_buffer = {{ keystone_revocation_expiration_buffer }}
|
|
cache_time = {{ keystone_revocation_cache_time }}
|
|
|
|
|
|
[auth]
|
|
methods = {{ keystone_auth_methods }}{% if keystone_sp_apache_mod_shib %},saml2{% endif %}{% if keystone_sp_apache_mod_auth_openidc %},openid{% endif %}
|
|
|
|
|
|
{% if keystone_database_enabled | bool %}
|
|
[database]
|
|
connection = {{ keystone_database_connection_string }}
|
|
max_overflow = {{ keystone_db_max_overflow }}
|
|
max_pool_size = {{ keystone_db_max_pool_size }}
|
|
pool_timeout = {{ keystone_db_pool_timeout }}
|
|
connection_recycle_time = {{ keystone_db_connection_recycle_time }}
|
|
{% endif %}
|
|
|
|
{% if 'fernet' in keystone_token_provider %}
|
|
[fernet_tokens]
|
|
key_repository = {{ keystone_fernet_tokens_key_repository }}
|
|
max_active_keys = {{ keystone_fernet_tokens_max_active_keys }}
|
|
{% endif %}
|
|
|
|
|
|
[identity]
|
|
{% if keystone_ldap.Default is not defined %}
|
|
driver = sql
|
|
{% endif %}
|
|
{% if keystone_ldap | length > 0 %}
|
|
domain_config_dir = {{ keystone_ldap_domain_config_dir }}
|
|
domain_specific_drivers_enabled = True
|
|
{% endif %}
|
|
|
|
|
|
[assignment]
|
|
driver = {{ keystone_assignment_driver }}
|
|
|
|
|
|
[resource]
|
|
cache_time = {{ keystone_resource_cache_time }}
|
|
driver = {{ keystone_resource_driver }}
|
|
|
|
|
|
[token]
|
|
enforce_token_bind = permissive
|
|
expiration = {{ keystone_token_expiration }}
|
|
cache_time = {{ keystone_token_cache_time }}
|
|
provider = {{ keystone_token_provider }}
|
|
|
|
{% if keystone_idp != {} %}
|
|
[saml]
|
|
certfile = "{{ keystone_idp.certfile }}"
|
|
keyfile = "{{ keystone_idp.keyfile }}"
|
|
idp_entity_id = "{{ keystone_idp.idp_entity_id }}"
|
|
idp_sso_endpoint = "{{ keystone_idp.idp_sso_endpoint }}"
|
|
idp_metadata_path = "{{ keystone_idp.idp_metadata_path }}"
|
|
{% if keystone_idp.organization_name is defined %}
|
|
idp_organization_name = {{ keystone_idp.organization_name }}
|
|
{% endif %}
|
|
{% if keystone_idp.organization_display_name is defined %}
|
|
idp_organization_display_name = {{ keystone_idp.organization_display_name }}
|
|
{% endif %}
|
|
{% if keystone_idp.organization_url is defined %}
|
|
idp_organization_url = {{ keystone_idp.organization_url }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_company is defined %}
|
|
idp_contact_company = {{ keystone_idp.contact_company }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_name is defined %}
|
|
idp_contact_name = {{ keystone_idp.contact_name }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_surname is defined %}
|
|
idp_contact_surname = {{ keystone_idp.contact_surname }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_email is defined %}
|
|
idp_contact_email = {{ keystone_idp.contact_email }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_telephone is defined %}
|
|
idp_contact_telephone = {{ keystone_idp.contact_telephone }}
|
|
{% endif %}
|
|
{% if keystone_idp.contact_type is defined %}
|
|
idp_contact_type = {{ keystone_idp.contact_type }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[credential]
|
|
key_repository = {{ keystone_credential_key_repository }}
|
|
|
|
{% if keystone_sp != {} %}
|
|
[federation]
|
|
{% if keystone_sp_apache_mod_auth_openidc %}
|
|
remote_id_attribute = HTTP_OIDC_ISS
|
|
{% elif keystone_sp_apache_mod_shib %}
|
|
remote_id_attribute = Shib-Identity-Provider
|
|
{% endif %}
|
|
{% if keystone_sp.trusted_dashboard_list is defined %}
|
|
{% for item in keystone_sp.trusted_dashboard_list %}
|
|
trusted_dashboard = {{ item }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|