e35a6dc6ee
Serving keystone from a wsgi container is recommended for production
setups. SSL is enabled by default.
See the following URLs for explanations:
http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/
https://etherpad.openstack.org/havana-keystone-performance
Documentation in manifests/wsgi/apache.pp
Apache can be configured as a drop in replacement for keystone (using
ports 5000 & 35357) or with paths using the standard SSL port. See
examples in examples/apache_*.pp
- Also change some 'real_' prefix into '_real' suffix to respect the
coding guide.
- Added the '--insecure' option to keystone client in the provider to
allow using self-signed certificates.
- Fixed parsing the ssl/enable value in the provider.
There is no integer verification done in the manifests
and to get around a bug in rspec, which has been fixed
in https://github.com/rodjek/rspec-puppet/pull/107,
certain parameters that should be integer are treated as
strings
files/httpd/keystone.py updated with lastest from keystone git repo
Change-Id: Ide8c090d105c1ea75a14939f5e8ddb7d24ca3f1c
60 lines
1.8 KiB
Puppet
60 lines
1.8 KiB
Puppet
# Example using apache to serve keystone
|
|
#
|
|
# To be sure everything is working, run:
|
|
# $ export OS_USERNAME=admin
|
|
# $ export OS_PASSWORD=ChangeMe
|
|
# $ export OS_TENANT_NAME=openstack
|
|
# $ export OS_AUTH_URL=http://keystone.local/keystone/main/v2.0
|
|
# $ keystone catalog
|
|
# Service: identity
|
|
# +-------------+----------------------------------------------+
|
|
# | Property | Value |
|
|
# +-------------+----------------------------------------------+
|
|
# | adminURL | http://keystone.local:80/keystone/admin/v2.0 |
|
|
# | id | 4f0f55f6789d4c73a53c51f991559b72 |
|
|
# | internalURL | http://keystone.local:80/keystone/main/v2.0 |
|
|
# | publicURL | http://keystone.local:80/keystone/main/v2.0 |
|
|
# | region | RegionOne |
|
|
# +-------------+----------------------------------------------+
|
|
#
|
|
|
|
Exec { logoutput => 'on_failure' }
|
|
|
|
class { 'mysql::server': }
|
|
class { 'keystone::db::mysql':
|
|
password => 'keystone',
|
|
}
|
|
class { 'keystone':
|
|
verbose => true,
|
|
debug => true,
|
|
sql_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone',
|
|
catalog_type => 'sql',
|
|
admin_token => 'admin_token',
|
|
enabled => true,
|
|
}
|
|
class { 'keystone::roles::admin':
|
|
email => 'test@puppetlabs.com',
|
|
password => 'ChangeMe',
|
|
}
|
|
class { 'keystone::endpoint':
|
|
public_address => $::fqdn,
|
|
admin_address => $::fqdn,
|
|
internal_address => $::fqdn,
|
|
public_port => 443,
|
|
admin_port => 443,
|
|
public_protocol => 'https',
|
|
admin_protocol => 'https'
|
|
}
|
|
|
|
# keystone_config { 'ssl/enable': value => true }
|
|
keystone_config { 'ssl/enable': ensure => absent }
|
|
|
|
include apache
|
|
class { 'keystone::wsgi::apache':
|
|
ssl => true,
|
|
public_port => 443,
|
|
admin_port => 443,
|
|
public_path => '/main/',
|
|
admin_path => '/admin/'
|
|
}
|