This class combines the keystone-manage bootstrap command
from init, the keystone::endpoint functionality that manages
the keystone endpoints and the keystone::roles::admin class
that manages users and projects.
This is one of the steps to make sure we only have a single
point of entry for bootstrapping (keystone-manage bootstrap)
and then only managing resources after that.
This is especially required since we are getting rid of the
admin token and cannot manage resources before keystone-manage
bootstrap has created the user, project, service and endpoints
for us.
These resources should always be in the default domain and
deployments should manage domain specific configuration themselves
using the provider resources.
This class uses the default values from the keystone-manage
bootstrap command.
In the past puppet-keystone has always created a openstack project
that is assumed as a admin project even though the bootstrap command
creates the admin project. Since this uses the default values from
the bootstrap command we should move away from having an openstack
project, if we need that in testing it should be created there and
not in the default deployment.
Depends-On: https://review.opendev.org/#/c/698528/
Change-Id: I683fcdd743bddf6d4e989dd7e7c553db745934db
Option "verbose" from group "DEFAULT" is deprecated for removal.
The parameter has no effect.
-Deprecated verbose for logging and init
-Remove verbose in examples and README
-Remove verbose from tests.
If this option is not set explicitly, there is no such warning.
Change-Id: I2f554c07f71458894aaa5d8079285ac92d0f04a3
The puppet-lint requirement is now changed, so we can use puppet-lint
plugins. Most of these plugins are for 4.x compat, but some just catch
common errors.
Change-Id: I988929331e3f0cbef5e10ec9116cdba9ded16967
This patch is for configuring a flush token cron when using database as
backend for tokens storage.
While potentially useful for auditing in production environments,
the accumulation of expired tokens will considerably
increase database size and may decrease service performance,
particularly in test environments with limited resources.
It's recommanded to create a crontab to flush tokens every hour.
Change-Id: Icd819cc95b3440f43c5b588f9f2dd6ca47b25a71
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
- Add {public,admin,internal}_url parameters to override other
{public,admin,internal}_ parameters.
- Also change some 'real_' prefix into '_real' suffix to respect the
coding guide.
- Fixed parsing the ssl/enable value in the provider.
- Update examples
Change-Id: I78d2695eb5cb1287538afe154668da9fe23e62a3
Serving keystone from a wsgi container is recommended for production
setups. SSL is enabled by default.
See the following URLs for explanations:
http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/https://etherpad.openstack.org/havana-keystone-performance
Documentation in manifests/wsgi/apache.pp
Apache can be configured as a drop in replacement for keystone (using
ports 5000 & 35357) or with paths using the standard SSL port. See
examples in examples/apache_*.pp
- Also change some 'real_' prefix into '_real' suffix to respect the
coding guide.
- Added the '--insecure' option to keystone client in the provider to
allow using self-signed certificates.
- Fixed parsing the ssl/enable value in the provider.
There is no integer verification done in the manifests
and to get around a bug in rspec, which has been fixed
in https://github.com/rodjek/rspec-puppet/pull/107,
certain parameters that should be integer are treated as
strings
files/httpd/keystone.py updated with lastest from keystone git repo
Change-Id: Ide8c090d105c1ea75a14939f5e8ddb7d24ca3f1c
