5edea78dff
Heat in juno relies on keystone domains, however our lxc keystone module does not support this functionality (which requires keystone v3). Our long-term goal should be to update our keystone ansible module however there are larger implications in moving that module over to using v3 for all calls. This commit bypasses using the keystone module and shells out to heat-keystone-setup-domain which sets up the keystone domain and domain user for us.
98 lines
2.5 KiB
Plaintext
98 lines
2.5 KiB
Plaintext
[DEFAULT]
|
|
verbose = True
|
|
debug = False
|
|
use_syslog = False
|
|
|
|
log_file = /var/log/heat/heat.log
|
|
|
|
stack_domain_admin_password = {{ stack_domain_admin_password }}
|
|
stack_domain_admin = {{ stack_domain_admin }}
|
|
stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }}
|
|
deferred_auth_method = {{ deferred_auth_method }}
|
|
|
|
auth_encryption_key = {{ auth_encryption_key }}
|
|
|
|
heat_watch_server_url = {{ heat_watch_server_url }}
|
|
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
|
|
heat_metadata_server_url = {{ heat_metadata_server_url }}
|
|
|
|
|
|
## RPC Backend
|
|
rpc_backend = {{ rpc_backend }}
|
|
rpc_thread_pool_size = {{ rpc_thread_pool_size }}
|
|
rpc_conn_pool_size = {{ rpc_conn_pool_size }}
|
|
rpc_response_timeout = {{ rpc_response_timeout }}
|
|
rpc_cast_timeout = {{ rpc_cast_timeout }}
|
|
|
|
|
|
## RabbitMQ
|
|
|
|
rabbit_hosts = {{ rabbit_hosts }}
|
|
|
|
rabbit_port = {{ rabbit_port }}
|
|
rabbit_use_ssl = {{ rabbit_use_ssl }}
|
|
rabbit_userid = {{ rabbit_userid }}
|
|
rabbit_password = {{ rabbit_password }}
|
|
rabbit_virtual_host = {{ rabbit_virtual_host }}
|
|
|
|
[clients]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_ceilometer]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_cinder]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_heat]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_keystone]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_neutron]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_nova]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_swift]
|
|
endpoint_type = internalURL
|
|
|
|
[clients_trove]
|
|
endpoint_type = internalURL
|
|
|
|
[database]
|
|
connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
|
|
|
|
[ec2authtoken]
|
|
auth_uri = {{ auth_identity_uri }}
|
|
|
|
[heat_api]
|
|
bind_port = 8004
|
|
|
|
[heat_api_cfn]
|
|
bind_port = 8000
|
|
|
|
[heat_api_cloudwatch]
|
|
bind_port = 8003
|
|
|
|
[keystone_authtoken]
|
|
signing_dir = /var/cache/heat
|
|
identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
|
auth_uri = {{ auth_identity_uri }}
|
|
admin_tenant_name = {{ service_admin_tenant_name }}
|
|
admin_user = {{ service_admin_username }}
|
|
admin_password = {{ service_admin_password }}
|
|
|
|
memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
|
|
token_cache_time = 300
|
|
revocation_cache_time = 60
|
|
|
|
# if your memcached server is shared, use these settings to avoid cache poisoning
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_secret_key }}
|
|
|
|
# if your keystone deployment uses PKI, and you value security over performance:
|
|
check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
|