# Example using v3 domains.  The admin user is created in the domain
# named 'admin_domain', and assigned the role 'admin' in the 'admin'
# project in the domain 'admin_domain'.  The keystone service account is
# created in default domain, and assigned the
# role 'admin' in the project 'services' in the default domain.
# NOTE: Until all of the other services support using Keystone v3
# with keystone_authtoken middleware that supports v3, they cannot
# specify a domain for authentication, and so have to be in the
# default domain.
#
# To be sure everything is working, run:
#   $ export OS_IDENTITY_API_VERSION=3
#   $ export OS_USERNAME=admin
#   $ export OS_USER_DOMAIN_NAME=admin_domain
#   $ export OS_PASSWORD=ChangeMe
#   $ export OS_PROJECT_NAME=admin
#   $ export OS_PROJECT_DOMAIN_NAME=admin_domain
#   $ export OS_AUTH_URL=http://keystone.local:35357/v3
#   $ openstack user list
#

Exec { logoutput => 'on_failure' }


class { '::mysql::server': }
class { '::keystone::db::mysql':
  password => 'keystone',
}
class { '::keystone':
  verbose             => true,
  debug               => true,
  database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
  admin_token         => 'admin_token',
  enabled             => true,
}
class { '::keystone::roles::admin':
  email               => 'test@example.tld',
  password            => 'a_big_secret',
  admin               => 'admin', # username
  admin_tenant        => 'admin', # project name
  admin_user_domain   => 'admin', # domain for user
  admin_tenant_domain => 'admin', # domain for project
}
class { '::keystone::endpoint':
  public_url => 'http://127.0.0.1:5000/',
  admin_url  => 'http://127.0.0.1:35357/',
}