diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/network/contrail/analytics.pp | 236 | ||||
-rw-r--r-- | manifests/network/contrail/config.pp | 207 | ||||
-rw-r--r-- | manifests/network/contrail/control.pp | 154 | ||||
-rw-r--r-- | manifests/network/contrail/database.pp | 52 | ||||
-rw-r--r-- | manifests/network/contrail/webui.pp | 102 | ||||
-rw-r--r-- | manifests/profile/base/ceph/rgw.pp | 63 |
6 files changed, 814 insertions, 0 deletions
diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp new file mode 100644 index 0000000..57fd815 --- /dev/null +++ b/manifests/network/contrail/analytics.pp @@ -0,0 +1,236 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analytics +# +# Configure Contrail Analytics services +# +# == Parameters: +# +# [*admin_password*] +# (required) admin password +# String value. +# +# [*admin_tenant_name*] +# (required) admin tenant name. +# String value. +# +# [*admin_token*] +# (required) admin token +# String value. +# +# [*admin_user*] +# (required) admin user name. +# String value. +# +# [*auth_host*] +# (required) keystone server ip address +# String (IPv4) value. +# +# [*cassandra_server_list*] +# (required) List IPs+port of Cassandra servers +# Array of strings value. +# +# [*disc_server_ip*] +# (required) IPv4 address of discovery server. +# String (IPv4) value. +# +# [*host_ip*] +# (required) host IP address of Analytics +# String (IPv4) value. +# +# [*kafka_broker_list*] +# (required) List IPs+port of kafka servers +# Array of strings value. +# +# [*zk_server_ip*] +# (required) List IPs+port of Zookeeper servers +# Array of strings value. +# +# [*auth_port*] +# (required) keystone port. +# Integer value. +# Defaults to 35357. +# +# [*auth_protocol*] +# (required) authentication protocol. +# String value. +# Defaults to http. +# +# [*collector_http_server_port*] +# (required) Collector http port +# Integer value. +# Defaults to 8089 +# +# [*collector_sandesh_port*] +# (required) Collector sandesh port +# Integer value. +# Defaults to 8086 +# +# [*disc_server_port*] +# (required) port Discovery server listens on. +# Integer value. +# Defaults to 5998 +# +# [*http_server_port*] +# (required) Analytics http port +# Integer value. +# Defaults to 8090 +# +# [*insecure*] +# (required) insecure mode. +# Boolean value. +# Defaults to false +# +# [*redis_server*] +# (required) IPv4 address of redis server. +# String (IPv4) value. +# Defaults to '127.0.0.1'. +# +# [*redis_server_port*] +# (required) port Redis server listens on. +# Integer value. +# Defaults to 6379 +# +# [*rest_api_ip*] +# (required) IP address Analytics rest interface listens on +# String (IPv4) value. +# Defaults to '0.0.0.0' +# +# [*rest_api_port*] +# (required) Analytics rest port +# Integer value. +# Defaults to 8081 +# +# [*memcached_servers*] +# (optional) IPv4 address of memcached servers +# String (IPv4) value + port +# Defaults to '127.0.0.1:12111' +# +class tripleo::network::contrail::analytics( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_server_list = hiera('contrail::cassandra_server_list'), + $disc_server_ip = hiera('contrail::disc_server_ip'), + $host_ip, + $kafka_broker_list = hiera('contrail::kafka_broker_list'), + $zk_server_ip = hiera('contrail::zk_server_ip'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $collector_http_server_port = 8089, + $collector_sandesh_port = 8086, + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = 8090, + $insecure = hiera('contrail::insecure'), + $redis_server = '127.0.0.1', + $redis_server_port = 6379, + $rest_api_ip = '0.0.0.0', + $rest_api_port = 8081, + $memcached_servers = hiera('contrail::memcached_server'), +) +{ + class {'::contrail::keystone': + keystone_config => { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + }, + } -> + class {'::contrail::analytics': + analytics_api_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'redis_server' => $redis_server, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + }, + collector_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list, + 'zookeeper_server_list' => $zk_server_ip, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, + }, + query_engine_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, + }, + snmp_collector_config => { + 'DEFAULTS' => { + 'zk_server_ip' => $zk_server_ip, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + }, + topology_config => { + 'DEFAULTS' => { + 'zk_server_ip' => $zk_server_ip, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + }, + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp new file mode 100644 index 0000000..9a9e9bd --- /dev/null +++ b/manifests/network/contrail/config.pp @@ -0,0 +1,207 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::config +# +# Configure Contrail Config services +# +# == Parameters: +# +# [*admin_password*] +# (required) admin password +# String value. +# +# [*admin_tenant_name*] +# (required) admin tenant name. +# String value. +# +# [*admin_token*] +# (required) admin token +# String value. +# +# [*admin_user*] +# (required) admin user name. +# String value. +# +# [*auth_host*] +# (required) keystone server ip address +# String (IPv4) value. +# +# [*cassandra_server_list*] +# (required) List IPs+port of Cassandra servers +# Array of strings value. +# +# [*disc_server_ip*] +# (required) IPv4 address of discovery server. +# String (IPv4) value. +# +# [*ifmap_password*] +# (required) ifmap password +# String value. +# +# [*ifmap_server_ip*] +# (required) ifmap server ip address. +# String value. +# +# [*ifmap_username*] +# (required) ifmap username +# String value. +# +# [*rabbit_server*] +# (required) IPv4 address of rabbit server. +# String (IPv4) value. +# +# [*zk_server_ip*] +# (required) List IPs+port of Zookeeper servers +# Array of strings value. +# +# [*auth*] +# (required) Authentication method. +# Defaults to 'keystone'. +# +# [*auth_port*] +# (required) keystone port. +# Defaults to 35357. +# +# [*auth_protocol*] +# (required) authentication protocol. +# Defaults to http. +# +# [*insecure*] +# (required) insecure mode. +# Defaults to false +# +# [*listen_ip_address*] +# (required) IP address to listen on. +# String (IPv4) value. +# Defaults to '0.0.0.0'. +# +# [*listen_port*] +# (required) Listen port for config-api +# Defaults to 8082. +# +# [*memcached_servers*] +# (optional) IPv4 address of memcached servers +# String (IPv4) value + port +# Defaults to '127.0.0.1:12111' +# +# [*multi_tenancy*] +# (required) Defines if mutli-tenancy is enabled. +# Defaults to 'true'. +# +# [*redis_server*] +# (required) IPv4 address of redis server. +# String (IPv4) value. +# Defaults to '127.0.0.1'. +# +class tripleo::network::contrail::config( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_server_list = hiera('contrail::cassandra_server_list'), + $disc_server_ip = hiera('contrail::disc_server_ip'), + $ifmap_password, + $ifmap_server_ip, + $ifmap_username, + $rabbit_server, + $zk_server_ip = hiera('contrail::zk_server_ip'), + $auth = hiera('contrail::auth'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $insecure = hiera('contrail::insecure'), + $listen_ip_address = '0.0.0.0', + $listen_port = 8082, + $memcached_servers = hiera('contrail::memcached_server'), + $multi_tenancy = hiera('contrail::multi_tenancy'), + $redis_server = '127.0.0.1', +) +{ + validate_ip_address($listen_ip_address) + validate_ip_address($disc_server_ip) + validate_ip_address($ifmap_server_ip) + class {'::contrail::keystone': + keystone_config => { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + }, + } -> + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'multi_tenancy' => $multi_tenancy, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip, + }, + }, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip, + }, + }, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip, + }, + }, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'zk_server_ip' => $zk_server_ip, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + }, + }, + } +} diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp new file mode 100644 index 0000000..8e1f4b8 --- /dev/null +++ b/manifests/network/contrail/control.pp @@ -0,0 +1,154 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::control +# +# Configure Contrail Control services +# +# == Parameters: +# +# [*admin_password*] +# (required) admin password +# String value. +# +# [*admin_tenant_name*] +# (required) admin tenant name. +# String value. +# +# [*admin_token*] +# (required) admin token +# String value. +# +# [*admin_user*] +# (required) admin user name. +# String value. +# +# [*auth_host*] +# (required) keystone server ip address +# String (IPv4) value. +# +# [*disc_server_ip*] +# (required) IPv4 address of discovery server. +# String (IPv4) value. +# +# [*host_ip*] +# (required) host IP address of Control +# String (IPv4) value. +# +# [*ifmap_password*] +# (required) ifmap password +# String value. +# +# [*ifmap_server_ip*] +# (required) ifmap server ip address. +# String value. +# +# [*ifmap_username*] +# (required) ifmap username +# String value. +# +# [*auth_port*] +# (required) keystone port. +# Defaults to 35357. +# +# [*auth_protocol*] +# (required) authentication protocol. +# Defaults to http. +# +# [*disc_server_port*] +# (required) port Discovery server listens on. +# Integer value. +# Defaults to 5998 +# +# [*insecure*] +# (required) insecure mode. +# Defaults to false +# +# [*memcached_servers*] +# (optional) IPv4 address of memcached servers +# String (IPv4) value + port +# Defaults to '127.0.0.1:12111' +# +# [*multi_tenancy*] +# (required) Defines if mutli-tenancy is enabled. +# Defaults to 'true'. +# +class tripleo::network::contrail::control( + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_password = hiera('contrail::admin_password'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $disc_server_ip = hiera('contrail::disc_server_ip'), + $host_ip, + $ifmap_password, + $ifmap_username, + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_port = hiera('contrail::disc_server_port'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), +) +{ + class {'::contrail::keystone': + keystone_config => { + 'KEYSTONE' => { + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_password' => $admin_password, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + }, + } -> + class {'::contrail::control': + control_config => { + 'DEFAULTS' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $ifmap_password, + 'user' => $ifmap_username, + }, + }, + dns_config => { + 'DEFAULTS' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $ifmap_password, + 'user' => $ifmap_username, + } + }, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } +} diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp new file mode 100644 index 0000000..5fdfb97 --- /dev/null +++ b/manifests/network/contrail/database.pp @@ -0,0 +1,52 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::control +# +# Configure Contrail Control services +# +# == Parameters: +# +# [*disc_server_ip*] +# (required) IPv4 address of discovery server. +# String (IPv4) value. +# +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*disc_server_port*] +# (required) port Discovery server listens on. +# Integer value. +# Defaults to 5998 +# +class tripleo::network::contrail::database( + $disc_server_ip = hiera('contrail::disc_server_ip'), + $host_ip, + $disc_server_port = hiera('contrail::disc_server_port'), +) +{ + class {'::contrail::database': + database_nodemgr_config => { + 'DEFAULTS' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp new file mode 100644 index 0000000..f289923 --- /dev/null +++ b/manifests/network/contrail/webui.pp @@ -0,0 +1,102 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::webui +# +# Configure Contrail Webui services +# +# == Parameters: +# +# [*admin_password*] +# (required) admin password +# String value. +# +# [*admin_tenant_name*] +# (required) admin tenant name. +# String value. +# +# [*admin_token*] +# (required) admin token +# String value. +# +# [*admin_user*] +# (required) admin user name. +# String value. +# +# [*auth_host*] +# (required) keystone server ip address +# String (IPv4) value. +# +# [*cassandra_server_list*] +# (required) List IPs+port of Cassandra servers +# Array of strings value. +# +# [*contrail_analytics_vip*] +# (required) VIP of Contrail Analytics +# String (IPv4) value. +# +# [*contrail_config_vip*] +# (required) VIP of Contrail Config +# String (IPv4) value. +# +# [*neutron_vip*] +# (required) VIP of Neutron +# String (IPv4) value. +# +# [*contrail_webui_http_port*] +# (required) Webui HTTP Port +# Integer value. +# Defaults to 8080 +# +# [*contrail_webui_https_port*] +# (required) Webui HTTPS Port +# Integer value. +# Defaults to 8143 +# +# [*redis_ip*] +# (required) IP of Redis +# String (IPv4) value. +# Defaults to '127.0.0.1' +# +class tripleo::network::contrail::webui( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_server_list = hiera('contrail::cassandra_server_list'), + $contrail_analytics_vip, + $contrail_config_vip, + $neutron_vip, + $contrail_webui_http_port = 8080, + $contrail_webui_https_port = 8143, + $redis_ip = '127.0.0.1', +) +{ + class {'::contrail::webui': + openstack_vip => $auth_host, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + neutron_vip => $neutron_vip, + cassandra_ip => $cassandra_server_list, + redis_ip => $redis_ip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + admin_user => $admin_user, + admin_password => $admin_password, + admin_token => $admin_token, + admin_tenant_name => $admin_tenant_name, + } +} diff --git a/manifests/profile/base/ceph/rgw.pp b/manifests/profile/base/ceph/rgw.pp new file mode 100644 index 0000000..7cd2b6a --- /dev/null +++ b/manifests/profile/base/ceph/rgw.pp @@ -0,0 +1,63 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceph::rgw +# +# Ceph RadosGW profile for tripleo +# +# === Parameters +# +# [*keystone_admin_token*] +# The keystone admin token +# +# [*keystone_url*] +# The internal or admin url for keystone +# +# [*rgw_key*] +# The cephx key for the RGW client service +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::ceph::rgw ( + $keystone_admin_token, + $keystone_url, + $rgw_key, + $step = hiera('step'), +) { + + include ::tripleo::profile::base::ceph + + if $step >= 3 { + include ::ceph::profile::rgw + $rgw_name = hiera('ceph::profile::params::rgw_name', 'radosgw.gateway') + ceph::key { "client.${rgw_name}": + secret => $rgw_key, + cap_mon => 'allow *', + cap_osd => 'allow *', + inject => true, + } + } + + if $step >= 4 { + ceph::rgw::keystone { $rgw_name: + rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'], + use_pki => false, + rgw_keystone_admin_token => $keystone_admin_token, + rgw_keystone_url => $keystone_url, + } + } +} |