diff options
Diffstat (limited to 'manifests/profile/base/keystone.pp')
| -rw-r--r-- | manifests/profile/base/keystone.pp | 158 |
1 files changed, 113 insertions, 45 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 9801eb2..994caad 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -51,6 +51,22 @@ # creates the certificates. # Defaults to hiera('generate_service_certificate', false). # +# [*heat_admin_domain*] +# domain name for heat admin +# Defaults to undef +# +# [*heat_admin_email*] +# heat admin email address +# Defaults to undef +# +# [*heat_admin_password*] +# heat admin password +# Defaults to undef +# +# [*heat_admin_user*] +# heat admin user name +# Defaults to undef +# # [*manage_db_purge*] # (Optional) Whether keystone token flushing should be enabled # Defaults to hiera('keystone_enable_db_purge', true) @@ -60,36 +76,54 @@ # This is set by t-h-t. # Defaults to hiera('keystone_public_api_network', undef) # +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('keystone::rabbit_port', 5672) # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_userid', 'guest') # -# [*heat_admin_domain*] -# domain name for heat admin -# Defaults to hiera('heat::keystone::domain::domain_name', 'heat') +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_password') # -# [*heat_admin_user*] -# heat admin user name -# Defaults to hiera('heat::keystone::domain::domain_admin', 'heat_admin') +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) # -# [*heat_admin_email*] -# heat admin email address -# Defaults to hiera('heat::keystone::domain::domain_admin_email', -# 'heat_admin@localhost') +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') # -# [*heat_admin_password*] -# heat admin password -# Defaults to hiera('heat::keystone::domain::domain_password') +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('keystone::rabbit_use_ssl', '0') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') # class tripleo::profile::base::keystone ( $admin_endpoint_network = hiera('keystone_admin_api_network', undef), @@ -97,15 +131,24 @@ class tripleo::profile::base::keystone ( $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_admin_domain = undef, + $heat_admin_email = undef, + $heat_admin_password = undef, + $heat_admin_user = undef, $manage_db_purge = hiera('keystone_enable_db_purge', true), $public_endpoint_network = hiera('keystone_public_api_network', undef), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), - $rabbit_port = hiera('keystone::rabbit_port', 5672), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('keystone::rabbit_password'), + $oslomsg_rpc_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('keystone::rabbit_password'), + $oslomsg_notify_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('keystone::rabbit_use_ssl', '0'), $step = hiera('step'), - $heat_admin_domain = hiera('heat::keystone::domain::domain_name', 'heat'), - $heat_admin_user = hiera('heat::keystone::domain::domain_admin', 'heat_admin'), - $heat_admin_email = hiera('heat::keystone::domain::domain_admin_email', 'heat_admin@localhost'), - $heat_admin_password = hiera('heat::keystone::domain::domain_password'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -143,11 +186,26 @@ class tripleo::profile::base::keystone ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::keystone': - sync_db => $sync_db, - enable_bootstrap => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + enable_bootstrap => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => sprintf('%s', $oslomsg_notify_port), + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::keystone::config @@ -158,22 +216,13 @@ class tripleo::profile::base::keystone ( ssl_key_admin => $tls_keyfile_admin, } include ::keystone::cors - - if $manage_roles { - include ::keystone::roles::admin - } - - if $manage_endpoint { - include ::keystone::endpoint - } - } - if $step >= 5 and $manage_db_purge { + if $step >= 4 and $manage_db_purge { include ::keystone::cron::token_flush } - if $step >= 5 and $manage_domain { + if $step == 3 and $manage_domain { if hiera('heat_engine_enabled', false) { # create these seperate and don't use ::heat::keystone::domain since # that class writes out the configs @@ -194,7 +243,12 @@ class tripleo::profile::base::keystone ( } } - if $step >= 5 and $manage_endpoint{ + if $step == 3 and $manage_roles { + include ::keystone::roles::admin + } + + if $step == 3 and $manage_endpoint { + include ::keystone::endpoint if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth } @@ -210,6 +264,9 @@ class tripleo::profile::base::keystone ( if hiera('cinder_api_enabled', false) { include ::cinder::keystone::auth } + if hiera('congress_enabled', false) { + include ::congress::keystone::auth + } if hiera('glance_api_enabled', false) { include ::glance::keystone::auth } @@ -237,12 +294,21 @@ class tripleo::profile::base::keystone ( if hiera('nova_api_enabled', false) { include ::nova::keystone::auth } + if hiera('nova_placement_enabled', false) { + include ::nova::keystone::auth_placement + } + if hiera('panko_api_enabled', false) { + include ::panko::keystone::auth + } if hiera('sahara_api_enabled', false) { include ::sahara::keystone::auth } if hiera('swift_proxy_enabled', false) { include ::swift::keystone::auth } + if hiera('tacker_enabled', false) { + include ::tacker::keystone::auth + } if hiera('trove_api_enabled', false) { include ::trove::keystone::auth } @@ -250,6 +316,8 @@ class tripleo::profile::base::keystone ( include ::zaqar::keystone::auth include ::zaqar::keystone::auth_websocket } + if hiera('ec2_api_enabled', false) { + include ::ec2api::keystone::auth + } } } - |