diff options
Diffstat (limited to 'manifests/profile/base/keystone.pp')
-rw-r--r-- | manifests/profile/base/keystone.pp | 104 |
1 files changed, 62 insertions, 42 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 706b78f..354d24c 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -18,17 +18,9 @@ # # === Parameters # -# [*sync_db*] -# (Optional) Whether to run db sync -# Defaults to true -# -# [*manage_roles*] -# (Optional) whether to create keystone admin role -# Defaults to true -# -# [*manage_endpoint*] -# (Optional) Whether to create keystone endpoints -# Defaults to true +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') # # [*manage_db_purge*] # (Optional) Whether keystone token flushing should be enabled @@ -40,12 +32,19 @@ # Defaults to hiera('step') # class tripleo::profile::base::keystone ( - $sync_db = true, - $manage_roles = true, - $manage_endpoint = true, + $bootstrap_node = hiera('bootstrap_nodeid', undef), $manage_db_purge = hiera('keystone_enable_db_purge', true), $step = hiera('step'), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + $manage_roles = true + $manage_endpoint = true + } else { + $sync_db = false + $manage_roles = false + $manage_endpoint = false + } if $step >= 3 and $sync_db { include ::keystone::db::mysql @@ -59,6 +58,7 @@ class tripleo::profile::base::keystone ( include ::keystone::config include ::keystone::wsgi::apache + include ::keystone::cors if $manage_roles { include ::keystone::roles::admin @@ -68,38 +68,58 @@ class tripleo::profile::base::keystone ( include ::keystone::endpoint } - #TODO: need a cleanup-keystone-tokens.sh solution here - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } } if $step >= 5 and $manage_db_purge { include ::keystone::cron::token_flush } + + if $step >= 5 and $manage_endpoint{ + if hiera('aodh_api_enabled', false) { + include ::aodh::keystone::auth + } + if hiera('ceilometer_api_enabled', false) { + include ::ceilometer::keystone::auth + } + if hiera('cinder_api_enabled', false) { + include ::cinder::keystone::auth + } + if hiera('glance_api_enabled', false) { + include ::glance::keystone::auth + } + if hiera('gnocchi_api_enabled', false) { + include ::gnocchi::keystone::auth + } + if hiera('heat_api_enabled', false) { + include ::heat::keystone::auth + } + if hiera('heat_api_cfn_enabled', false) { + include ::heat::keystone::auth_cfn + } + if hiera('ironic_api_enabled', false) { + include ::ironic::keystone::auth + } + if hiera('manila_api_enabled', false) { + include ::manila::keystone::auth + } + if hiera('mistral_api_enabled', false) { + include ::mistral::keystone::auth + } + if hiera('neutron_api_enabled', false) { + include ::neutron::keystone::auth + } + if hiera('nova_api_enabled', false) { + include ::nova::keystone::auth + } + if hiera('sahara_api_enabled', false) { + include ::sahara::keystone::auth + } + if hiera('swift_proxy_enabled', false) { + include ::swift::keystone::auth + } + if hiera('trove_api_enabled', false) { + include ::trove::keystone::auth + } + } } |