openstack/puppet-keystone
Code Issues Proposed changes
6aa7a17941
puppet-keystone/examples/apache_with_paths.pp
Emilien Macchi 6aa7a17941 enabling tokens flushing using cron 
This patch is for configuring a flush token cron when using database as
backend for tokens storage.
While potentially useful for auditing in production environments,
the accumulation of expired tokens will considerably
increase database size and may decrease service performance,
particularly in test environments with limited resources.
It's recommanded to create a crontab to flush tokens every hour.

Change-Id: Icd819cc95b3440f43c5b588f9f2dd6ca47b25a71
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
2014-05-21 19:50:52 +02:00

55 lines
1.7 KiB
Puppet
Raw Blame History

# Example using apache to serve keystone
#
# To be sure everything is working, run:
# $ export OS_USERNAME=admin
# $ export OS_PASSWORD=ChangeMe
# $ export OS_TENANT_NAME=openstack
# $ export OS_AUTH_URL=http://keystone.local/keystone/main/v2.0
# $ keystone catalog
# Service: identity
# +-------------+----------------------------------------------+
# | Property | Value |
# +-------------+----------------------------------------------+
# | adminURL | http://keystone.local:80/keystone/admin/v2.0 |
# | id | 4f0f55f6789d4c73a53c51f991559b72 |
# | internalURL | http://keystone.local:80/keystone/main/v2.0 |
# | publicURL | http://keystone.local:80/keystone/main/v2.0 |
# | region | RegionOne |
# +-------------+----------------------------------------------+
#
Exec { logoutput => 'on_failure' }
class { 'mysql::server': }
class { 'keystone::db::mysql':
password => 'keystone',
}
class { 'keystone':
verbose => true,
debug => true,
sql_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
enabled => true,
}
class { 'keystone::cron::token_flush': }
class { 'keystone::roles::admin':
email => 'test@puppetlabs.com',
password => 'ChangeMe',
}
class { 'keystone::endpoint':
public_url => "https://${::fqdn}:443/main/",
admin_address => "https://${::fqdn}:443/admin/",
}
keystone_config { 'ssl/enable': ensure => absent }
include apache
class { 'keystone::wsgi::apache':
ssl => true,
public_port => 443,
admin_port => 443,
public_path => '/main/',
admin_path => '/admin/'
}
View Git Blame Copy Permalink