Refactor keystone to use keystone_config

This commit refactors keystone to use the native
type keystone_config.
  - replace all concat usage with keystone_config
  - remove concat templates

deployment/puppet/keystone/manifests/config/ldap.pp

@@ -2,8 +2,6 @@
 # This class implements a config fragment for
 # the ldap specific backend for keystone.
 #
-# TODO finish implementing this
-#
 # == Dependencies
 # == Examples
 # == Authors
@@ -14,10 +12,24 @@
 #
 # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
 #
-class keystone::ldap {
+class keystone::ldap(
+  $url            = 'ldap://localhost',
+  $user           = 'dc=Manager,dc=example,dc=com',
+  $password       = 'None',
+  $suffix         = 'cn=example,cn=com',
+  $user_tree_dn   = 'ou=Users,dc=example,dc=com',
+  $tenant_tree_dn = 'ou=Roles,dc=example,dc=com',
+  $role_tree_dn   = 'dc=example,dc=com'
+) {
 
-  keystone::config { 'ldap':
-    order => '01',
+  keystone_config {
+    'ldap/url':            value => $url;
+    'ldap/user':           value => $user;
+    'ldap/password':       value => $password;
+    'ldap/suffix':         value => $suffix;
+    'ldap/user_tree_dn':   value => $user_tree_dn;
+    'ldap/tenant_tree_dn': value => $tenant_tree_dn;
+    'ldap/role_tree_dn':   value => $role_tree_dn;
+    #"ldap/tree_dn" value => "dc=example,dc=com",
   }
-
 }

deployment/puppet/keystone/manifests/config/mysql.pp

@@ -1,54 +0,0 @@
-# Class used to configure keystone connection information
-# for mysql databases.
-#
-# [*Parameters*]
-#
-# [user] User keystone should use to connect to database. Optional. Defaults to keystone_admin
-#
-# [password] Password that keystone should use to connect to database.
-#   Optional. Defaults to: 'keystone_default_password'
-#
-# [host] Host where keystone should connect to database.
-# Optional. Defaults to 127.0.0.1.
-#
-# [dbname] Name of database that keystone should connect to. Optional. Defaults to keystone.
-#
-# [idle_timeout] The timeout before idle qdl connection are reaped.
-#
-# == Dependencies
-# == Examples
-# == Authors
-#
-#   Dan Bode dan@puppetlabs.com
-#
-# == Copyright
-#
-# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
-#
-class keystone::config::mysql(
-  $user          = 'keystone_admin',
-  $password      = 'keystone_default_password',
-  $host          = '127.0.0.1',
-  $dbname        = 'keystone',
-  $idle_timeout  = '200',
-#  the below key,values will not be read from the keystone.conf and should be removed
-#  $min_pool_size = '5',
-#  $max_pool_size = '10',
-#  $pool_timeout  = '200'
-) {
-
-  keystone::config { 'mysql':
-    config => {
-      user          => $user,
-      password      => $password,
-      host          => $host,
-      dbname        => $dbname,
-      idle_timeout  => $idle_timeout,
-#      min_pool_size => $min_pool_size,
-#      max_pool_size => $max_pool_size,
-#      pool_timeout  => $pool_timeout
-    },
-    order  => '02',
-  }
-
-}

deployment/puppet/keystone/manifests/config/postgresql.pp

@@ -1,59 +0,0 @@
-# Class used to configure keystone connection information
-# for postgresql databases.
-#
-# [*Parameters*]
-#
-# [user] User keystone should use to connect to database. Optional. Defaults to keystone_admin
-#
-# [password] Password that keystone should use to connect to database.
-#   Optional. Defaults to: 'keystone_default_password'
-#
-# [host] Host where keystone should connect to database.
-# Optional. Defaults to 127.0.0.1.
-#
-# [dbname] Name of database that keystone should connect to. Optional. Defaults to keystone.
-#
-# [idle_timeout] TODO document
-#
-# [min_pool_size] TODO document
-#
-# [max_pool_size] TODO document
-#
-# [pool_timeout] TODO document
-#
-# == Dependencies
-# == Examples
-# == Authors
-#
-#   Etienne Pelletier epelletier@morphlabs.com
-#
-# == Copyright
-#
-# Copyright 2012 Etienne Pelletier, unless otherwise noted.
-#
-class keystone::config::postgresql(
-  $user          = 'keystone_admin',
-  $password      = 'keystone_default_password',
-  $host          = '127.0.0.1',
-  $dbname        = 'keystone',
-  $idle_timeout  = '300',
-  $min_pool_size = '5',
-  $max_pool_size = '10',
-  $pool_timeout  = '200'
-) {
-
-  keystone::config { 'postgresql':
-    config => {
-      user          => $user,
-      password      => $password,
-      host          => $host,
-      dbname        => $dbname,
-      idle_timeout  => $idle_timeout,
-      min_pool_size => $min_pool_size,
-      max_pool_size => $max_pool_size,
-      pool_timeout  => $pool_timeout
-    },
-    order  => '02',
-  }
-
-}

deployment/puppet/keystone/manifests/config/sqlite.pp

@@ -1,25 +0,0 @@
-#
-# Manages configuration section for sqlite backend.
-#
-# == Dependencies
-# == Examples
-# == Authors
-#
-#   Dan Bode dan@puppetlabs.com
-#
-# == Copyright
-#
-# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
-#
-class keystone::config::sqlite(
-  $idle_timeout = 200
-) {
-  keystone::config { 'sql':
-    content => inline_template('
-[sql]
-connection = sqlite:////var/lib/keystone/keystone.db
-idle_timeout = <%= idle_timeout %>
-'),
-    order => '02',
-  }
-}

deployment/puppet/keystone/manifests/init.pp

@@ -39,11 +39,11 @@
 # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
 #
 class keystone(
+  $admin_token    = 'service_token',
   $package_ensure = 'present',
   $bind_host      = '0.0.0.0',
   $public_port    = '5000',
   $admin_port     = '35357',
-  $admin_token    = 'service_token',
   $compute_port   = '3000',
   $log_verbose    = 'False',
   $log_debug      = 'False',
@@ -54,6 +54,8 @@ class keystone(
 ) {
 
   validate_re($catalog_type, 'template|sql')
+  File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service['keystone']
+  Keystone_config<||> -> Exec['keystone-manage db_sync']
 
   # TODO implement syslog features
   if ( $use_syslog != 'False') {
@@ -61,7 +63,6 @@ class keystone(
   }
 
   include 'keystone::params'
-  include 'concat::setup'
 
   package { 'keystone':
     name   => $::keystone::params::package_name,
@@ -89,51 +90,41 @@ class keystone(
     require => Package['keystone']
   }
 
-  concat { '/etc/keystone/keystone.conf':
-    owner   => 'keystone',
-    group   => 'keystone',
+  file { '/etc/keystone/keystone.conf':
     mode    => '0600',
-    require => Package['keystone'],
-    notify  => Service['keystone'],
   }
 
-  # config sections
-  keystone::config { 'DEFAULT':
-    config => {
-      'bind_host'    => $bind_host,
-      'public_port'  => $public_port,
-      'admin_port'   => $admin_port,
-      'admin_token'  => $admin_token,
-      'compute_port' => $compute_port,
-      'log_verbose'  => $log_verbose,
-      'log_debug'    => $log_debug,
-      'use_syslog'   => $use_syslog,
-    },
-    order  => '00',
+  # default config
+  keystone_config {
+    'DEFAULT/admin_token':  value => $admin_token;
+    'DEFAULT/bind_host':    value => $bind_host;
+    'DEFAULT/public_port':  value => $public_port;
+    'DEFAULT/admin_port':   value => $admin_port;
+    'DEFAULT/compute_port': value => $compute_port;
+    'DEFAULT/verbose':      value => $log_verbose;
+    'DEFAULT/debug':        value => $log_debug;
   }
 
-  keystone::config { 'identity':
-    order  => '03',
+  # db connection config
+  keystone_config {
+    'sql/connection':   value => $sql_connection;
+    'sql/idle_timeout': value => $idle_timeout;
   }
 
+  # configure based on the catalog backend
   if($catalog_type == 'template') {
-    # if we are using a catalog, then I may want to manage the file
-    keystone::config { 'template_catalog':
-      order => '04',
+    keystone_config {
+      'catalog/driver':
+        value => 'keystone.catalog.backends.templated.TemplatedCatalog';
+      'catalog/template_file':
+        value => '/etc/keystone/default_catalog.templates';
     }
   } elsif($catalog_type == 'sql' ) {
-    keystone::config { 'sql_catalog':
-      order => '04',
+    keystone_config { 'catalog/driver':
+      value => ' keystone.catalog.backends.sql.Catalog'
     }
   }
 
-  keystone::config { 'footer':
-    order    => '99',
-    config => {
-      'backend_driver' => $backend_driver
-    },
-  }
-
   if $enabled {
     $service_ensure = 'running'
   } else {
@@ -156,7 +147,7 @@ class keystone(
       path        => '/usr/bin',
       refreshonly => true,
       notify      => Service['keystone'],
-      subscribe   => [Package['keystone'], Concat['/etc/keystone/keystone.conf']]
+      subscribe   => Package['keystone'],
     }
   }
 }

deployment/puppet/keystone/templates/DEFAULT.erb

@@ -1,10 +0,0 @@
-[DEFAULT]
-bind_host     = <%= config['bind_host'] %>
-public_port   = <%= config['public_port'] %>
-admin_port    = <%= config['admin_port'] %>
-admin_token   = <%= config['admin_token'] %>
-compute_port  = <%= config['compute_port'] %>
-verbose       = <%= config['log_verbose'] %>
-debug         = <%= config['log_debug'] %>
-log_file      = /var/log/keystone/keystone.log
-use_syslog    = <%= config['use_syslog'] %>

deployment/puppet/keystone/templates/footer.erb

@@ -1,68 +0,0 @@
-
-[token]
-driver = <%= config['backend_driver'] %>
-expiration = 86400
-
-[policy]
-driver = keystone.policy.backends.rules.Policy
-
-[ec2]
-driver = keystone.contrib.ec2.backends.sql.Ec2
-
-[filter:debug]
-paste.filter_factory = keystone.common.wsgi:Debug.factory
-
-[filter:token_auth]
-paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
-
-[filter:admin_token_auth]
-paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
-
-[filter:xml_body]
-paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
-
-[filter:json_body]
-paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
-
-[filter:crud_extension]
-paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
-
-[filter:ec2_extension]
-paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
-
-[filter:s3_extension]
-paste.filter_factory = keystone.contrib.s3:S3Extension.factory
-
-[app:public_service]
-paste.app_factory = keystone.service:public_app_factory
-
-[app:admin_service]
-paste.app_factory = keystone.service:admin_app_factory
-
-[pipeline:public_api]
-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
-
-[pipeline:admin_api]
-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
-
-[app:public_version_service]
-paste.app_factory = keystone.service:public_version_app_factory
-
-[app:admin_version_service]
-paste.app_factory = keystone.service:admin_version_app_factory
-
-[pipeline:public_version_api]
-pipeline = xml_body public_version_service
-
-[pipeline:admin_version_api]
-pipeline = xml_body admin_version_service
-
-[composite:main]
-use = egg:Paste#urlmap
-/v2.0 = public_api
-/ = public_version_api
-
-[composite:admin]
-use = egg:Paste#urlmap
-/v2.0 = admin_api
-/ = admin_version_api

deployment/puppet/keystone/templates/identity.erb

@@ -1,2 +0,0 @@
-[identity]
-driver = keystone.identity.backends.sql.Identity

deployment/puppet/keystone/templates/mysql.erb

@@ -1,11 +0,0 @@
-
-[sql]
-# The SQLAlchemy connection string used to connect to the database
-connection    = mysql://<%= "#{config['user']}:#{config['password']}@#{config['host']}/#{config['dbname']}" %>
-
-# the timeout before idle sql connections are reaped
-idle_timeout  = <%= config['idle_timeout'] %>
-
-#min_pool_size = <%= config['min_pool_size'] %>
-#max_pool_size = <%= config['max_pool_size'] %>
-#pool_timeout  = <%= config['pool_timeout'] %>

deployment/puppet/keystone/templates/sql_catalog.erb

@@ -1,2 +0,0 @@
-[catalog]
-driver=keystone.catalog.backends.sql.Catalog

deployment/puppet/keystone/templates/template_catalog.erb

@@ -1,3 +0,0 @@
-[catalog]
-driver = keystone.catalog.backends.templated.TemplatedCatalog
-template_file = /etc/keystone/default_catalog.templates