openstack/fuel-library
Code Issues Proposed changes

Adapt puppet-keystone for Fuel

Browse Source 
Partial blueprint merge-openstack-puppet-modules

- Includes fix for rhbz#1129760 bug.
  Upstream Change-Id: I3f0102b184a484f5e5a85cadf26ed651829fbf8c

Change-Id: I46d872bc6ec1ef33243dce2588847b8be7f2df4b
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
This commit is contained in:
Bogdan Dobrelya 2014-04-07 15:31:19 +03:00 committed by Aleksandr Didenko
parent 01326ed62c
commit e6647249b8
8 changed files with 98 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deployment/puppet/keystone/manifests/db/postgresql.pp
View File

@ -42,6 +42,6 @@ class keystone::db::postgresql(
password => $password,
}
Postgresql::Db[$dbname] ~> Exec<| title == 'keystone-manage db_sync' |>
Postgresql::Server::Db[$dbname] ~> Exec<| title == 'keystone-manage db_sync' |>
}

3
deployment/puppet/keystone/manifests/roles/admin.pp
View File

@ -6,7 +6,6 @@
# * "admin" tenant (defaults to "openstack")
# * admin user (that defaults to the "admin" tenant)
# * admin role
# * _member_ role
# * adds admin role to admin user on the "admin" tenant
#
# [*Parameters*]
@ -51,7 +50,7 @@ class keystone::roles::admin(
email => $email,
password => $password,
}
keystone_role { ['admin', '_member_']:
keystone_role { 'admin':
ensure => present,
}
keystone_user_role { "${admin}@${admin_tenant}":

4
deployment/puppet/keystone/spec/classes/keystone_roles_admin_spec.rb
View File

@ -28,9 +28,7 @@ describe 'keystone::roles::admin' do
:email => 'foo@bar',
:password => 'ChangeMe'
)}
['admin', '_member_'].each do |role_name|
it { should contain_keystone_role(role_name).with_ensure('present') }
end
it { should contain_keystone_role('admin').with_ensure('present') }
it { should contain_keystone_user_role('admin@openstack').with(
:roles => 'admin',
:ensure => 'present'

7
deployment/puppet/nailgun/examples/keystone-only.pp
View File

@ -21,6 +21,8 @@ case $production {
admin_token => $::fuel_settings['keystone']['admin_token'],
catalog_type => 'sql',
sql_connection => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
token_expiration => 86400,
token_provider => 'keystone.token.providers.uuid.Provider',
}
#FIXME(mattymo): We should enable db_sync on every run inside keystone,
@ -79,11 +81,6 @@ case $production {
address => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
}
# Increase token expiratin to 24h
keystone_config {
'token/expiration': value => 86400;
}
package { 'crontabs':
ensure => latest,
}

5
deployment/puppet/nailgun/manifests/auth.pp
View File

@ -21,7 +21,8 @@ class nailgun::auth(
$internal_address = undef,
$admin_address = undef,
$public_address = undef,
$port = '8000'
$port = '8000',
$region = 'RegionOne',
) {
if ($internal_address == undef) {
$internal_address_real = $address
@ -59,7 +60,7 @@ class nailgun::auth(
description => 'Nailgun API',
}
keystone_endpoint { 'nailgun':
keystone_endpoint { "$region/nailgun":
ensure => present,
public_url => "http://${public_address_real}:${port}/api",
admin_url => "http://${admin_address_real}:${port}/api",

5
deployment/puppet/nailgun/manifests/ostf/auth.pp
View File

@ -21,7 +21,8 @@ class nailgun::ostf::auth(
$internal_address = undef,
$admin_address = undef,
$public_address = undef,
$port = '8000'
$port = '8000',
$region = 'RegionOne',
) {
if ($internal_address == undef) {
$internal_address_real = $address
@ -59,7 +60,7 @@ class nailgun::ostf::auth(
description => 'OSTF',
}
keystone_endpoint { 'ostf':
keystone_endpoint { "$region/ostf":
ensure => present,
public_url => "http://${public_address_real}:${port}/ostf",
admin_url => "http://${admin_address_real}:${port}/ostf",

89
deployment/puppet/openstack/manifests/keystone.pp
View File

@ -30,6 +30,9 @@
# [use_syslog] Rather or not service should log to syslog. Optional. Default to false.
# [syslog_log_facility] Facility for syslog, if used. Optional. Note: duplicating conf option
# wouldn't have been used, but more powerfull rsyslog features managed via conf template instead
# [max_pool_size] SQLAlchemy backend related. Default 10.
# [max_overflow] SQLAlchemy backend related. Default 30.
# [max_retries] SQLAlchemy backend related. Default -1.
#
# === Example
#
@ -195,6 +198,14 @@ class openstack::keystone (
$ceilometer_admin_real = $admin_real
}
if $memcache_servers {
$memcache_servers_real = suffix($memcache_servers, inline_template(":<%= @memcache_server_port %>"))
$token_driver = 'keystone.token.backends.memcache.Token'
} else {
$memcache_servers_real = false
$token_driver = 'keystone.token.backends.sql.Token'
}
class { '::keystone':
verbose => $verbose,
debug => $debug,
@ -205,17 +216,83 @@ class openstack::keystone (
bind_host => $bind_host,
package_ensure => $package_ensure,
use_syslog => $use_syslog,
syslog_log_facility => $syslog_log_facility,
max_retries => $max_retries,
max_pool_size => $max_pool_size,
max_overflow => $max_overflow,
idle_timeout => $idle_timeout,
rabbit_password => $rabbit_password,
rabbit_userid => $rabbit_userid,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
memcache_servers => $memcache_servers,
memcache_server_port => $memcache_server_port,
memcache_servers => $memcache_servers_real,
token_driver => $token_driver,
token_provider => 'keystone.token.providers.uuid.Provider',
}
if $::operatingsystem == 'Ubuntu' {
if $service_provider == 'pacemaker' {
tweaks::ubuntu_service_override { 'keystone':
package_name => 'keystone',
}
exec { 'remove-keystone-bootblockr':
command => 'rm -rf /etc/init/keystone.override',
path => ['/bin', '/usr/bin'],
require => Package['keystone']
}
}
}
if $memcache_servers {
Service<| title == 'memcached' |> -> Service<| title == 'keystone'|>
keystone_config {
'token/caching': value => 'true';
'cache/enabled': value => 'true';
'cache/backend': value => 'dogpile.cache.memcached';
'cache/backend_argument': value => inline_template("url:<%= @memcache_servers.collect{|ip| ip }.join ',' %>");
}
}
Package<| title == 'keystone'|> ~> Service<| title == 'keystone'|>
if !defined(Service['keystone']) {
notify{ "Module ${module_name} cannot notify service keystone on package update": }
}
if $use_syslog {
keystone_config {
'DEFAULT/use_syslog_rfc_format': value => true;
}
}
keystone_config {
'DATABASE/max_pool_size': value => $max_pool_size;
'DATABASE/max_retries': value => $max_retries;
'DATABASE/max_overflow': value => $max_overflow;
'identity/driver': value =>"keystone.identity.backends.sql.Identity";
'policy/driver': value =>"keystone.policy.backends.rules.Policy";
'ec2/driver': value =>"keystone.contrib.ec2.backends.sql.Ec2";
'filter:debug/paste.filter_factory': value =>"keystone.common.wsgi:Debug.factory";
'filter:token_auth/paste.filter_factory': value =>"keystone.middleware:TokenAuthMiddleware.factory";
'filter:admin_token_auth/paste.filter_factory': value =>"keystone.middleware:AdminTokenAuthMiddleware.factory";
'filter:xml_body/paste.filter_factory': value =>"keystone.middleware:XmlBodyMiddleware.factory";
'filter:json_body/paste.filter_factory': value =>"keystone.middleware:JsonBodyMiddleware.factory";
'filter:user_crud_extension/paste.filter_factory': value =>"keystone.contrib.user_crud:CrudExtension.factory";
'filter:crud_extension/paste.filter_factory': value =>"keystone.contrib.admin_crud:CrudExtension.factory";
'filter:ec2_extension/paste.filter_factory': value =>"keystone.contrib.ec2:Ec2Extension.factory";
'filter:s3_extension/paste.filter_factory': value =>"keystone.contrib.s3:S3Extension.factory";
'filter:url_normalize/paste.filter_factory': value =>"keystone.middleware:NormalizingFilter.factory";
'filter:stats_monitoring/paste.filter_factory': value =>"keystone.contrib.stats:StatsMiddleware.factory";
'filter:stats_reporting/paste.filter_factory': value =>"keystone.contrib.stats:StatsExtension.factory";
'app:public_service/paste.app_factory': value =>"keystone.service:public_app_factory";
'app:admin_service/paste.app_factory': value =>"keystone.service:admin_app_factory";
'pipeline:public_api/pipeline': value =>"stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service";
'pipeline:admin_api/pipeline': value =>"stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service";
'app:public_version_service/paste.app_factory': value =>"keystone.service:public_version_app_factory";
'app:admin_version_service/paste.app_factory': value =>"keystone.service:admin_version_app_factory";
'pipeline:public_version_api/pipeline': value =>"stats_monitoring url_normalize xml_body public_version_service";
'pipeline:admin_version_api/pipeline': value =>"stats_monitoring url_normalize xml_body admin_version_service";
'composite:main/use': value =>"egg:Paste#urlmap";
'composite:main//v2.0': value =>"public_api";
'composite:main//': value =>"public_version_api";
'composite:admin/use': value =>"egg:Paste#urlmap";
'composite:admin//v2.0': value =>"admin_api";
'composite:admin//': value =>"admin_version_api";
}
if ($enabled) {

3
deployment/puppet/sahara/manifests/keystone/auth.pp
View File

@ -23,9 +23,8 @@ class sahara::keystone::auth (
description => 'OpenStack Data Processing',
}
keystone_endpoint { $auth_name:
keystone_endpoint { "$region/$auth_name":
ensure => present,
region => $region,
public_url => "http://${public_address}:${sahara_port}/v1.1/%(tenant_id)s",
internal_url => "http://${internal_address}:${sahara_port}/v1.1/%(tenant_id)s",
admin_url => "http://${admin_address}:${sahara_port}/v1.1/%(tenant_id)s",