---
project_name: "keystone"

keystone_services:
  keystone:
    container_name: "keystone"
    group: "keystone"
    enabled: true
    image: "{{ keystone_image_full }}"
    volumes: "{{ keystone_default_volumes + keystone_extra_volumes }}"
    dimensions: "{{ keystone_dimensions }}"
    haproxy:
      keystone_internal:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: false
        port: "{{ keystone_public_port }}"
        listen_port: "{{ keystone_public_listen_port }}"
      keystone_external:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: true
        port: "{{ keystone_public_port }}"
        listen_port: "{{ keystone_public_listen_port }}"
      keystone_admin:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: false
        port: "{{ keystone_admin_port }}"
        listen_port: "{{ keystone_admin_listen_port }}"
  keystone-ssh:
    container_name: "keystone_ssh"
    group: "keystone"
    enabled: "{{ keystone_token_provider == 'fernet' }}"
    image: "{{ keystone_ssh_image_full }}"
    volumes:
      - "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
      - "/etc/localtime:/etc/localtime:ro"
      - "kolla_logs:/var/log/kolla/"
      - "keystone_fernet_tokens:/etc/keystone/fernet-keys"
    dimensions: "{{ keystone_ssh_dimensions }}"
  keystone-fernet:
    container_name: "keystone_fernet"
    group: "keystone"
    enabled: "{{ keystone_token_provider == 'fernet' }}"
    image: "{{ keystone_fernet_image_full }}"
    volumes:
      - "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
      - "/etc/localtime:/etc/localtime:ro"
      - "kolla_logs:/var/log/kolla/"
      - "keystone_fernet_tokens:/etc/keystone/fernet-keys"
    dimensions: "{{ keystone_fernet_dimensions }}"


####################
# Database
####################
keystone_database_name: "keystone"
keystone_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}keystone{% endif %}"
keystone_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"


####################
# Fernet
####################
keystone_username: "keystone"
keystone_groupname: "keystone"


####################
# Docker
####################
keystone_install_type: "{{ kolla_install_type }}"
keystone_tag: "{{ openstack_tag }}"

keystone_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ keystone_install_type }}-keystone"
keystone_service_tag: "{{ keystone_tag }}"
keystone_image_full: "{{ keystone_image }}:{{ keystone_service_tag }}"

keystone_fernet_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ keystone_install_type }}-keystone-fernet"
keystone_fernet_tag: "{{ keystone_tag }}"
keystone_fernet_image_full: "{{ keystone_fernet_image }}:{{ keystone_fernet_tag }}"

keystone_ssh_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ keystone_install_type }}-keystone-ssh"
keystone_ssh_tag: "{{ keystone_tag }}"
keystone_ssh_image_full: "{{ keystone_ssh_image }}:{{ keystone_ssh_tag }}"

keystone_dimensions: "{{ default_container_dimensions }}"
keystone_fernet_dimensions: "{{ default_container_dimensions }}"
keystone_ssh_dimensions: "{{ default_container_dimensions }}"

keystone_default_volumes:
  - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ kolla_dev_repos_directory ~ '/keystone/keystone:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/keystone' if keystone_dev_mode | bool else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"

keystone_extra_volumes: "{{ default_extra_volumes }}"

####################
# OpenStack
####################
keystone_logging_debug: "{{ openstack_logging_debug }}"

openstack_keystone_auth: "{{ openstack_auth }}"


####################
# Kolla
####################
keystone_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
keystone_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
keystone_dev_mode: "{{ kolla_dev_mode }}"
keystone_source_version: "{{ kolla_source_version }}"


####################
# Notifications
####################
keystone_default_notifications_topic_enabled: "{{ (enable_ceilometer | bool ) or (enable_cadf_notifications | bool)}}"
keystone_default_notifications_topic_name: "notifications"

keystone_notification_topics:
  - name: "{{ keystone_default_notifications_topic_name }}"
    enabled: "{{ keystone_default_notifications_topic_enabled | bool }}"
  - name: barbican_notifications
    enabled: "{{ enable_barbican | bool }}"

keystone_enabled_notification_topics: "{{ keystone_notification_topics | selectattr('enabled', 'equalto', true) | list }}"


####################
# Keystone
####################
keystone_ks_services:
  - name: "keystone"
    type: "identity"
    description: "Openstack Identity Service"
    endpoints:
      - {'interface': 'admin', 'url': '{{ keystone_admin_url }}'}
      - {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
      - {'interface': 'public', 'url': '{{ keystone_public_url }}'}