deaf440546
Commit 6db42a6 updated heat's keystone auth middleware to support keystone v3, however heat fails to operate with this configuration in place. This commit reverts this particular part of commit 6db42a6 to to restore heat functionality. Additionally, heat requires auth_uri to contain /v2.0, which is a non-standard as far as the other projects are concerned. Change-Id: I52c995e801660e21479a843b4e5410b7e3d349e1 Closes-Bug: #1445402
84 lines
2.3 KiB
Django/Jinja
84 lines
2.3 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
[DEFAULT]
|
|
verbose = {{ verbose }}
|
|
debug = {{ debug }}
|
|
fatal_deprecations = {{ heat_fatal_deprecations }}
|
|
use_syslog = False
|
|
|
|
log_file = /var/log/heat/heat.log
|
|
|
|
stack_domain_admin_password = {{ heat_stack_domain_admin_password }}
|
|
stack_domain_admin = {{ heat_stack_domain_admin }}
|
|
stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }}
|
|
max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
|
|
heat_watch_server_url = {{ heat_watch_server_url }}
|
|
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
|
|
heat_metadata_server_url = {{ heat_metadata_server_url }}
|
|
|
|
deferred_auth_method = {{ heat_deferred_auth_method }}
|
|
trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}
|
|
|
|
auth_encryption_key = {{ heat_auth_encryption_key }}
|
|
|
|
## RPC Backend
|
|
rpc_backend = {{ heat_rpc_backend }}
|
|
|
|
## Plugin dirs
|
|
plugin_dirs = {{ heat_plugin_dirs | join(',') }}
|
|
|
|
|
|
[clients]
|
|
endpoint_type = {{ heat_clients_endpoint }}
|
|
|
|
[clients_heat]
|
|
endpoint_type = {{ heat_clients_heat_endpoint }}
|
|
|
|
[database]
|
|
connection = mysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ galera_address }}/{{ heat_galera_database }}?charset=utf8
|
|
|
|
[ec2authtoken]
|
|
auth_uri = {{ keystone_service_internalurl }}
|
|
|
|
[heat_api]
|
|
bind_port = {{ heat_service_port }}
|
|
|
|
[heat_api_cfn]
|
|
bind_port = {{ heat_cfn_service_port }}
|
|
|
|
[heat_api_cloudwatch]
|
|
bind_port = {{ heat_watch_port }}
|
|
|
|
|
|
[oslo_messaging_rabbit]
|
|
rabbit_port = {{ rabbitmq_port }}
|
|
rabbit_userid = {{ rabbitmq_userid }}
|
|
rabbit_password = {{ rabbitmq_password }}
|
|
rabbit_hosts = {{ rabbitmq_servers }}
|
|
|
|
|
|
[profiler]
|
|
profiler_enabled = {{ heat_profiler_enabled }}
|
|
trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}
|
|
|
|
|
|
[keystone_authtoken]
|
|
signing_dir = /var/cache/heat
|
|
identity_uri = {{ keystone_service_adminuri }}
|
|
auth_uri = {{ keystone_service_internalurl }}
|
|
admin_tenant_name = {{ heat_service_project_name }}
|
|
admin_user = {{ heat_service_user_name }}
|
|
admin_password = {{ heat_service_password }}
|
|
|
|
memcached_servers = {{ memcached_servers }}
|
|
|
|
token_cache_time = 300
|
|
revocation_cache_time = 60
|
|
|
|
# if your memcached server is shared, use these settings to avoid cache poisoning
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_encryption_key }}
|
|
|
|
# if your keystone deployment uses PKI, and you value security over performance:
|
|
check_revocations_for_cached = False
|