From: Martin Zobel-Helas <zobel@debian.org>
Date: Thu, 2 Jul 2015 18:32:23 +0000 (+0000)
Subject: try to validate against ca.crt
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;ds=sidebyside;h=55f512db10419d9264dc69507e0988bbb5a79552;p=dsa-puppet.git

try to validate against ca.crt

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---

diff --git a/modules/roles/manifests/keystone.pp b/modules/roles/manifests/keystone.pp
index 59fc4a2f..e265e541 100644
--- a/modules/roles/manifests/keystone.pp
+++ b/modules/roles/manifests/keystone.pp
@@ -1,5 +1,7 @@
 class roles::keystone {
 
+	Exec { logoutput => 'on_failure' }
+
 	include roles::openstack::params
 
 	$keystone_dbpass = $roles::openstack::params::keystone_dbpass
@@ -22,18 +24,20 @@ class roles::keystone {
 		memcache_servers    => ['localhost:11211'],
 		cache_backend       => 'keystone.cache.memcache_pool',
 		admin_endpoint      => 'https://openstack.bm.debian.org:35357/',
+		validate_cacert     => '/etc/ssl/debian/certs/ca.crt',
+		validate_service    => true,
 	}
-	class { 'keystone::roles::admin':
+	class { '::keystone::roles::admin':
 		email    => 'test@puppetlabs.com',
 		password => $admin_pass,
 	}
-	class { 'keystone::endpoint':
+	class { '::keystone::endpoint':
 		public_url => 'https://openstack.bm.debian.org:5000/',
 		admin_url  => 'https://openstack.bm.debian.org:35357/',
 	}
 
 	include apache
-	class { 'keystone::wsgi::apache':
+	class { '::keystone::wsgi::apache':
 		ssl      => true,
 		ssl_cert => '/etc/ssl/debian/certs/openstack.bm.debian.org.crt-chained',
 		ssl_key  => '/etc/ssl/private/openstack.bm.debian.org.key',