--- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: keystone labels: name: keystone-global component: keystone layeringDefinition: abstract: false layer: global storagePolicy: cleartext substitutions: # Chart source - src: schema: pegleg/SoftwareVersions/v1 name: software-versions path: .charts.osh.keystone dest: path: .source # Images - src: schema: pegleg/SoftwareVersions/v1 name: software-versions path: .images.osh.keystone dest: path: .values.images.tags # Endpoints - src: schema: pegleg/EndpointCatalogue/v1 name: osh_endpoints path: .osh.identity dest: path: .values.endpoints.identity - src: schema: pegleg/EndpointCatalogue/v1 name: osh_endpoints path: .osh.oslo_db dest: path: .values.endpoints.oslo_db - src: schema: pegleg/EndpointCatalogue/v1 name: osh_endpoints path: .osh.keystone_oslo_messaging dest: path: .values.endpoints.oslo_messaging - src: schema: pegleg/EndpointCatalogue/v1 name: osh_endpoints path: .osh.oslo_cache dest: path: .values.endpoints.oslo_cache - src: schema: pegleg/EndpointCatalogue/v1 name: osh_infra_endpoints path: .osh_infra.fluentd dest: path: .values.endpoints.fluentd # Service Accounts - src: schema: pegleg/AccountCatalogue/v1 name: osh_service_accounts path: .osh.keystone.admin dest: path: .values.endpoints.identity.auth.admin - src: schema: pegleg/AccountCatalogue/v1 name: osh_service_accounts path: .osh.keystone.oslo_messaging.admin dest: path: .values.endpoints.oslo_messaging.auth.admin - src: schema: pegleg/AccountCatalogue/v1 name: osh_service_accounts path: .osh.keystone.oslo_messaging.keystone dest: path: .values.endpoints.oslo_messaging.auth.keystone - src: schema: pegleg/AccountCatalogue/v1 name: osh_service_accounts path: .osh.keystone.oslo_db dest: path: .values.endpoints.oslo_db.auth.keystone - src: schema: pegleg/AccountCatalogue/v1 name: osh_service_accounts path: .osh.keystone.oslo_db.database dest: path: .values.endpoints.oslo_db.path pattern: DB_NAME # Secrets - dest: path: .values.endpoints.identity.auth.admin.password src: schema: deckhand/Passphrase/v1 name: osh_keystone_admin_password path: . - dest: path: .values.endpoints.oslo_messaging.auth.admin.password src: schema: deckhand/Passphrase/v1 name: osh_keystone_oslo_messaging_admin_password path: . - dest: path: .values.endpoints.oslo_messaging.auth.keystone.password src: schema: deckhand/Passphrase/v1 name: osh_keystone_oslo_messaging_password path: . - dest: path: .values.endpoints.oslo_db.auth.keystone.password src: schema: deckhand/Passphrase/v1 name: osh_keystone_oslo_db_password path: . - dest: path: .values.endpoints.oslo_db.auth.admin.password src: schema: deckhand/Passphrase/v1 name: osh_oslo_db_admin_password path: . - dest: path: .values.endpoints.oslo_cache.auth.memcache_secret_key src: schema: deckhand/Passphrase/v1 name: osh_oslo_cache_secret_key path: . data: chart_name: keystone release: keystone namespace: openstack wait: timeout: 900 labels: release_group: airship-keystone install: no_hooks: false upgrade: no_hooks: false pre: delete: - type: job labels: release_group: airship-keystone post: create: [] values: bootstrap: script: | openstack role create --or-show _member_ openstack role add \ --user="${OS_USERNAME}" \ --user-domain="${OS_USER_DOMAIN_NAME}" \ --project-domain="${OS_PROJECT_DOMAIN_NAME}" \ --project="${OS_PROJECT_NAME}" \ "_member_" #NOTE(portdirect): required for all users who operate heat stacks openstack role create --or-show heat_stack_owner openstack role add \ --user="${OS_USERNAME}" \ --user-domain="${OS_USER_DOMAIN_NAME}" \ --project-domain="${OS_PROJECT_DOMAIN_NAME}" \ --project="${OS_PROJECT_NAME}" \ "heat_stack_owner" conf: logging: loggers: keys: - root - keystone handlers: keys: - stdout - stderr - "null" - fluent formatters: keys: - context - default - fluent logger_root: level: WARNING handlers: null logger_keystone: level: INFO handlers: - stdout - stderr - fluent qualname: keystone logger_amqp: level: WARNING handlers: stderr qualname: amqp logger_amqplib: level: WARNING handlers: stderr qualname: amqplib logger_eventletwsgi: level: WARNING handlers: stderr qualname: eventlet.wsgi.server logger_sqlalchemy: level: WARNING handlers: stderr qualname: sqlalchemy logger_boto: level: WARNING handlers: stderr qualname: boto handler_null: class: logging.NullHandler formatter: default args: () handler_stdout: class: StreamHandler args: (sys.stdout,) formatter: context handler_stderr: class: StreamHandler args: (sys.stderr,) formatter: context handler_fluent: class: fluent.handler.FluentHandler args: ('openstack.keystone', 'fluentd-logging.osh-infra', 24224) formatter: fluent formatter_fluent: class: oslo_log.formatters.FluentFormatter formatter_context: class: oslo_log.formatters.ContextFormatter formatter_default: format: "%(message)s" keystone: identity: driver: sql default_domain_id: default domain_specific_drivers_enabled: True domain_configurations_from_database: True domain_config_dir: /etc/keystonedomains pod: replicas: api: 2 labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled dependencies: - osh-helm-toolkit ...