e35a6dc6ee
Serving keystone from a wsgi container is recommended for production
setups. SSL is enabled by default.
See the following URLs for explanations:
http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/
https://etherpad.openstack.org/havana-keystone-performance
Documentation in manifests/wsgi/apache.pp
Apache can be configured as a drop in replacement for keystone (using
ports 5000 & 35357) or with paths using the standard SSL port. See
examples in examples/apache_*.pp
- Also change some 'real_' prefix into '_real' suffix to respect the
coding guide.
- Added the '--insecure' option to keystone client in the provider to
allow using self-signed certificates.
- Fixed parsing the ssl/enable value in the provider.
There is no integer verification done in the manifests
and to get around a bug in rspec, which has been fixed
in https://github.com/rodjek/rspec-puppet/pull/107,
certain parameters that should be integer are treated as
strings
files/httpd/keystone.py updated with lastest from keystone git repo
Change-Id: Ide8c090d105c1ea75a14939f5e8ddb7d24ca3f1c
32 lines
1023 B
Puppet
32 lines
1023 B
Puppet
#
|
|
# This class contains the platform differences for keystone
|
|
#
|
|
class keystone::params {
|
|
$client_package_name = 'python-keystone'
|
|
|
|
case $::osfamily {
|
|
'Debian': {
|
|
$package_name = 'keystone'
|
|
$service_name = 'keystone'
|
|
$keystone_wsgi_script_path = '/usr/lib/cgi-bin/keystone'
|
|
case $::operatingsystem {
|
|
'Debian': {
|
|
$service_provider = undef
|
|
$keystone_wsgi_script_source = '/usr/share/keystone/wsgi.py'
|
|
}
|
|
default: {
|
|
$service_provider = 'upstart'
|
|
$keystone_wsgi_script_source = 'puppet:///modules/keystone/httpd/keystone.py'
|
|
}
|
|
}
|
|
}
|
|
'RedHat': {
|
|
$package_name = 'openstack-keystone'
|
|
$service_name = 'openstack-keystone'
|
|
$keystone_wsgi_script_path = '/var/www/cgi-bin/keystone'
|
|
$service_provider = undef
|
|
$keystone_wsgi_script_source = 'puppet:///modules/keystone/httpd/keystone.py'
|
|
}
|
|
}
|
|
}
|