3238e547a6
This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration for the horizon service. With this patch the baremetal version of each respective horizon service has been removed. Change-Id: I132465a32cd9f5e094ed184a92549d6521ad4e64 Related-Blueprint: services-yaml-flattening
43 lines
1.6 KiB
YAML
43 lines
1.6 KiB
YAML
environments:
|
|
-
|
|
name: enable-federation-openidc
|
|
title: Enable keystone federation with OpenID Connect
|
|
files:
|
|
deployment/keystone/keystone-container-puppet.yaml:
|
|
parameters:
|
|
- KeystoneFederationEnable
|
|
- KeystoneAuthMethods
|
|
- KeystoneTrustedDashboards
|
|
- KeystoneOpenIdcEnable
|
|
- KeystoneOpenIdcIdpName
|
|
- KeystoneOpenIdcProviderMetadataUrl
|
|
- KeystoneOpenIdcClientId
|
|
- KeystoneOpenIdcClientSecret
|
|
- KeystoneOpenIdcCryptoPassphrase
|
|
- KeystoneOpenIdcResponseType
|
|
- KeystoneOpenIdcRemoteIdAttribute
|
|
deployment/horizon/horizon-container-puppet.yaml:
|
|
parameters:
|
|
- WebSSOEnable
|
|
- WebSSOInitialChoice
|
|
- WebSSOChoices
|
|
- WebSSOIDPMapping
|
|
sample_values:
|
|
KeystoneFederationEnable: True
|
|
KeystoneOpenIdcEnable: True
|
|
WebSSOEnable: True
|
|
KeystoneAuthMethods: 'password,token,openid'
|
|
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
|
|
KeystoneOpenIdcIdpName: 'myidp'
|
|
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'
|
|
KeystoneOpenIdcClientId: 'myclientid'
|
|
KeystoneOpenIdcClientSecret: 'myclientsecret'
|
|
static:
|
|
- KeystoneFederationEnable
|
|
- KeystoneOpenIdcEnable
|
|
- WebSSOEnable
|
|
description: |
|
|
This is an example template on how to configure keystone federation for
|
|
the OpenID Connect protocol. You must modify the parameters to use
|
|
values appropriate for your identity provider.
|