openstack/cookbook-openstack-identity
Code Issues Proposed changes
Files
e94c69b56cae3198c17d95fb5f4b702c2a2096eb
cookbook-openstack-identity/attributes/default.rb
Matt Odden e94c69b56c Change bind address to use Identity endpoint host 
Allow the bind interface address to take precendence, but default
to binding to the host attribute of the Identity API endpoint.
This brings the identity cookbook into conformance with the
other cookbooks regarding the service interface binding.

Closes-Bug: 1277266

Change-Id: I9634e2a359a6ce52b694859a7e84a57638bad5be
2014-02-18 17:26:54 +00:00

200 lines
10 KiB
Ruby
Raw Blame History

# encoding: UTF-8
#
# Cookbook Name:: openstack-identity
# Recipe:: default
#
# Copyright 2012-2013, AT&T Services, Inc.
# Copyright 2013, Opscode, Inc.
# Copyright 2013, IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default['openstack']['identity']['custom_template_banner'] = "
# This file autogenerated by Chef
# Do not edit, changes will be overwritten
"
# Adding these as blank
# this needs to be here for the initial deep-merge to work
default['credentials']['EC2']['admin']['access'] = ''
default['credentials']['EC2']['admin']['secret'] = ''
default['openstack']['identity']['verbose'] = 'False'
default['openstack']['identity']['debug'] = 'False'
default['openstack']['identity']['service_port'] = '5000'
default['openstack']['identity']['admin_port'] = '35357'
default['openstack']['identity']['region'] = 'RegionOne'
default['openstack']['identity']['token']['expiration'] = '86400'
# If set, the keystone service will bind to the address on this interface,
# otherwise it will bind to the API endpoint's host.
default['openstack']['identity']['bind_interface'] = nil
# Logging stuff
default['openstack']['identity']['syslog']['use'] = false
default['openstack']['identity']['syslog']['facility'] = 'LOG_LOCAL2'
default['openstack']['identity']['syslog']['config_facility'] = 'local2'
default['openstack']['identity']['admin_user'] = 'admin'
default['openstack']['identity']['admin_tenant_name'] = 'admin'
default['openstack']['identity']['users'] = {
default['openstack']['identity']['admin_user'] => {
'default_tenant' => default['openstack']['identity']['admin_tenant_name'],
'roles' => {
'admin' => ['admin'],
'KeystoneAdmin' => ['admin'],
'KeystoneServiceAdmin' => ['admin']
}
},
'monitoring' => {
'default_tenant' => 'service',
'roles' => { 'Member' => ['admin'] }
}
}
# PKI signing. Corresponds to the [signing] section of keystone.conf
# Note this section is only written if node['openstack']['auth']['strategy'] == 'pki'
default['openstack']['identity']['signing']['basedir'] = '/etc/keystone/ssl'
default['openstack']['identity']['signing']['certfile'] = '/etc/keystone/ssl/certs/signing_cert.pem'
default['openstack']['identity']['signing']['keyfile'] = '/etc/keystone/ssl/private/signing_key.pem'
default['openstack']['identity']['signing']['ca_certs'] = '/etc/keystone/ssl/certs/ca.pem'
default['openstack']['identity']['signing']['key_size'] = '1024'
default['openstack']['identity']['signing']['valid_days'] = '3650'
default['openstack']['identity']['signing']['ca_password'] = nil
# These switches set the various drivers for the different Keystone components
default['openstack']['identity']['identity']['backend'] = 'sql'
default['openstack']['identity']['token']['backend'] = 'sql'
default['openstack']['identity']['catalog']['backend'] = 'sql'
default['openstack']['identity']['policy']['backend'] = 'sql'
# LDAP backend general settings
default['openstack']['identity']['ldap']['url'] = 'ldap://localhost'
default['openstack']['identity']['ldap']['user'] = 'dc=Manager,dc=example,dc=com'
default['openstack']['identity']['ldap']['password'] = nil
default['openstack']['identity']['ldap']['suffix'] = 'cn=example,cn=com'
default['openstack']['identity']['ldap']['use_dumb_member'] = false
default['openstack']['identity']['ldap']['allow_subtree_delete'] = false
default['openstack']['identity']['ldap']['dumb_member'] = 'cn=dumb,dc=example,dc=com'
default['openstack']['identity']['ldap']['page_size'] = 0
default['openstack']['identity']['ldap']['alias_dereferencing'] = 'default'
default['openstack']['identity']['ldap']['query_scope'] = 'one'
# LDAP backend user related settings
default['openstack']['identity']['ldap']['user_tree_dn'] = nil
default['openstack']['identity']['ldap']['user_filter'] = nil
default['openstack']['identity']['ldap']['user_objectclass'] = 'inetOrgPerson'
default['openstack']['identity']['ldap']['user_id_attribute'] = 'cn'
default['openstack']['identity']['ldap']['user_name_attribute'] = 'sn'
default['openstack']['identity']['ldap']['user_mail_attribute'] = 'email'
default['openstack']['identity']['ldap']['user_pass_attribute'] = 'userPassword'
default['openstack']['identity']['ldap']['user_enabled_attribute'] = 'enabled'
default['openstack']['identity']['ldap']['user_domain_id_attribute'] = 'businessCategory'
default['openstack']['identity']['ldap']['user_enabled_mask'] = 0
default['openstack']['identity']['ldap']['user_enabled_default'] = 'true'
default['openstack']['identity']['ldap']['user_attribute_ignore'] = 'tenant_id,tenants'
default['openstack']['identity']['ldap']['user_allow_create'] = true
default['openstack']['identity']['ldap']['user_allow_update'] = true
default['openstack']['identity']['ldap']['user_allow_delete'] = true
default['openstack']['identity']['ldap']['user_enabled_emulation'] = false
default['openstack']['identity']['ldap']['user_enabled_emulation_dn'] = nil
# LDAP backend tenant related settings
default['openstack']['identity']['ldap']['tenant_tree_dn'] = nil
default['openstack']['identity']['ldap']['tenant_filter'] = nil
default['openstack']['identity']['ldap']['tenant_objectclass'] = 'groupOfNames'
default['openstack']['identity']['ldap']['tenant_id_attribute'] = 'cn'
default['openstack']['identity']['ldap']['tenant_member_attribute'] = 'member'
default['openstack']['identity']['ldap']['tenant_name_attribute'] = 'ou'
default['openstack']['identity']['ldap']['tenant_desc_attribute'] = 'description'
default['openstack']['identity']['ldap']['tenant_enabled_attribute'] = 'enabled'
default['openstack']['identity']['ldap']['tenant_domain_id_attribute'] = 'businessCategory'
default['openstack']['identity']['ldap']['tenant_attribute_ignore'] = nil
default['openstack']['identity']['ldap']['tenant_allow_create'] = true
default['openstack']['identity']['ldap']['tenant_allow_update'] = true
default['openstack']['identity']['ldap']['tenant_allow_delete'] = true
default['openstack']['identity']['ldap']['tenant_enabled_emulation'] = false
default['openstack']['identity']['ldap']['tenant_enabled_emulation_dn'] = nil
# LDAP backend role related settings
default['openstack']['identity']['ldap']['role_tree_dn'] = nil
default['openstack']['identity']['ldap']['role_filter'] = nil
default['openstack']['identity']['ldap']['role_objectclass'] = 'organizationalRole'
default['openstack']['identity']['ldap']['role_id_attribute'] = 'cn'
default['openstack']['identity']['ldap']['role_name_attribute'] = 'ou'
default['openstack']['identity']['ldap']['role_member_attribute'] = 'roleOccupant'
default['openstack']['identity']['ldap']['role_attribute_ignore'] = nil
default['openstack']['identity']['ldap']['role_allow_create'] = true
default['openstack']['identity']['ldap']['role_allow_update'] = true
default['openstack']['identity']['ldap']['role_allow_delete'] = true
# LDAP backend group related settings
default['openstack']['identity']['ldap']['group_tree_dn'] = nil
default['openstack']['identity']['ldap']['group_filter'] = nil
default['openstack']['identity']['ldap']['group_objectclass'] = 'groupOfNames'
default['openstack']['identity']['ldap']['group_id_attribute'] = 'cn'
default['openstack']['identity']['ldap']['group_name_attribute'] = 'ou'
default['openstack']['identity']['ldap']['group_member_attribute'] = 'member'
default['openstack']['identity']['ldap']['group_desc_attribute'] = 'description'
default['openstack']['identity']['ldap']['group_domain_id_attribute'] = 'businessCategory'
default['openstack']['identity']['ldap']['group_attribute_ignore'] = nil
default['openstack']['identity']['ldap']['group_allow_create'] = true
default['openstack']['identity']['ldap']['group_allow_update'] = true
default['openstack']['identity']['ldap']['group_allow_delete'] = true
# platform defaults
case platform
when 'fedora', 'redhat', 'centos' # :pragma-foodcritic: ~FC024 - won't fix this
default['openstack']['identity']['user'] = 'keystone'
default['openstack']['identity']['group'] = 'keystone'
default['openstack']['identity']['platform'] = {
'mysql_python_packages' => ['MySQL-python'],
'db2_python_packages' => ['db2-odbc', 'python-ibm-db', 'python-ibm-db-sa'],
'postgresql_python_packages' => ['python-psycopg2'],
'memcache_python_packages' => ['python-memcached'],
'keystone_packages' => ['openstack-keystone'],
'keystone_service' => 'openstack-keystone',
'keystone_process_name' => 'keystone-all',
'package_options' => ''
}
when 'suse'
default['openstack']['identity']['user'] = 'openstack-keystone'
default['openstack']['identity']['group'] = 'openstack-keystone'
default['openstack']['identity']['platform'] = {
'mysql_python_packages' => ['python-mysql'],
'postgresql_python_packages' => ['python-psycopg2'],
'memcache_python_packages' => ['python-python-memcached'],
'keystone_packages' => ['openstack-keystone'],
'keystone_service' => 'openstack-keystone',
'keystone_process_name' => 'keystone-all',
'package_options' => ''
}
when 'ubuntu'
default['openstack']['identity']['user'] = 'keystone'
default['openstack']['identity']['group'] = 'keystone'
default['openstack']['identity']['platform'] = {
'mysql_python_packages' => ['python-mysqldb'],
'postgresql_python_packages' => ['python-psycopg2'],
'memcache_python_packages' => ['python-memcache'],
'keystone_packages' => ['keystone'],
'keystone_service' => 'keystone',
'keystone_process_name' => 'keystone-all',
'package_options' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
}
end
View Git Blame Copy Permalink