[Openstack-operators] [puppet] keystone.conf and 'federation/trusted_dashboard' (multi valued)

Alex Schultz aschultz at redhat.com
Fri Nov 10 22:05:58 UTC 2017


On Fri, Nov 10, 2017 at 12:45 PM, Red Cricket
<red.cricket.blog at gmail.com> wrote:
> Hi,
>
> I am using https://github.com/openstack/puppet-keystone (stable/newton
> branch) and we would like to implement a design that uses federation openid.
>
> As part of this design I need to add these lines to the keystone.conf file:
>
> [federation]
> ...
> trusted_dashboard = https://example.com/auth/websso
> trusted_dashboard = https://example.com/dashboard/auth/websso/
>
> I have attempted to use this yaml in my hiera data ...
>
> keystone::config::keystone_config:
> ...
>     'federation/trusted_dashboard':
>         value: "https://example.com/auth/websso"
>     'federation/trusted_dashboard':
>         value: "https://example.com/dashboard/auth/websso/"
>
> ... and some other various, but the resulting keystone.conf only gets the
> second federation/trusted_dashboard setting:
>
> keystone::config::keystone_config:
> ...
>     'federation/trusted_dashboard':
>         value: "https://example.com/dashboard/auth/websso/"
>
> If you could tell what I am doing wrong I'd appreciate it, but I suspect
> that the puppet-keystone module does not support
> 'federation/trusted_dashboard' (multi valued).
>

It appears from our other implementations that it can be a comma
seperated value.

https://github.com/openstack/puppet-keystone/blob/41f12aa800d46f914869618bd7afd6ccc4a4fa98/manifests/federation/mellon.pp#L114

So you may just try

     'federation/trusted_dashboard':
         value:
"https://example.com/auth/websso,https://example.com/dashboard/auth/websso/"

Thanks,
-Alex
> Thank you.
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



More information about the OpenStack-operators mailing list