---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
keystone_service_publicuri_insecure: "{% if keystone_service_publicuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"

# These are here rather than in keystone_all because
# both the os_ceilometer and os_keystone roles require them

# RPC
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_port: "{{ rabbitmq_port }}"
keystone_rabbitmq_servers: "{{ rabbitmq_servers }}"
keystone_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
keystone_rabbitmq_host_group: "{{ rabbitmq_host_group }}"

# Telemetry notifications
keystone_rabbitmq_telemetry_userid: "{{ keystone_rabbitmq_userid }}"
keystone_rabbitmq_telemetry_password: "{{ keystone_rabbitmq_password }}"
keystone_rabbitmq_telemetry_vhost: "{{ keystone_rabbitmq_vhost }}"
keystone_rabbitmq_telemetry_port: "{{ keystone_rabbitmq_port }}"
keystone_rabbitmq_telemetry_servers: "{{ keystone_rabbitmq_servers }}"
keystone_rabbitmq_telemetry_use_ssl: "{{ keystone_rabbitmq_use_ssl }}"
keystone_rabbitmq_telemetry_host_group: "{{ keystone_rabbitmq_host_group }}"

# If there are any Ceilometer hosts in the environment, then enable its usage
keystone_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"

# The MySQL details for the keystone service
keystone_galera_user: keystone
keystone_galera_database: keystone
keystone_galera_address: "{{ galera_address }}"

# The system user for all keystone services
keystone_system_user_name: keystone

keystone_external_ssl: "{{ openstack_external_ssl }}"

keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
keystone_service_in_ldap: "{{ service_ldap_backend_enabled }}"

# Ensure that the package state matches the global setting
keystone_package_state: "{{ package_state }}"

# venv fetch configuration
keystone_venv_tag: "{{ venv_tag }}"
keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
keystone_venv_download_url: "{{ venv_base_download_url }}/keystone-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"

# locations for fetching the default files from the git source
keystone_git_config_lookup_location: "{{openstack_repo_url }}/openstackgit/keystone"