--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: keystone
+ labels:
+ name: keystone-global
+ component: keystone
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.keystone
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.keystone
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.keystone_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+
+ # Service Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_messaging.keystone
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.keystone
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.keystone
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+
+data:
+ chart_name: keystone
+ release: keystone
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-keystone
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-keystone
+ post:
+ create: []
+ values:
+ bootstrap:
+ script: |
+ openstack role create --or-show _member_
+ openstack role add \
+ --user="${OS_USERNAME}" \
+ --user-domain="${OS_USER_DOMAIN_NAME}" \
+ --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
+ --project="${OS_PROJECT_NAME}" \
+ "_member_"
+
+ #NOTE(portdirect): required for all users who operate heat stacks
+ openstack role create --or-show heat_stack_owner
+ openstack role add \
+ --user="${OS_USERNAME}" \
+ --user-domain="${OS_USER_DOMAIN_NAME}" \
+ --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
+ --project="${OS_PROJECT_NAME}" \
+ "heat_stack_owner"
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - keystone
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_keystone:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: keystone
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.keystone', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ keystone:
+ identity:
+ driver: sql
+ default_domain_id: default
+ domain_specific_drivers_enabled: True
+ domain_configurations_from_database: True
+ domain_config_dir: /etc/keystonedomains
+ pod:
+ replicas:
+ api: 2
+ labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-helm-toolkit
+...