OpenStack Heat Puppet Module
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

auth.pp 5.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. # == Class: heat::keystone::auth
  2. #
  3. # Configures heat user, service and endpoint in Keystone.
  4. #
  5. # === Parameters
  6. # [*password*]
  7. # (Required) Password for heat user.
  8. #
  9. # [*email*]
  10. # (Optional) Email for heat user.
  11. # Defaults to 'heat@localhost'.
  12. #
  13. # [*auth_name*]
  14. # (Optional) Username for heat service.
  15. # Defaults to 'heat'.
  16. #
  17. # [*configure_endpoint*]
  18. # (Optional) Should heat endpoint be configured?
  19. # Defaults to true.
  20. #
  21. # [*configure_service*]
  22. # (Optional) Should heat service be configured?
  23. # Defaults to true.
  24. #
  25. # [*configure_user*]
  26. # (Optional) Whether to create the service user.
  27. # Defaults to true.
  28. #
  29. # [*configure_user_role*]
  30. # (Optional) Whether to configure the admin role for the service user.
  31. # Defaults to true.
  32. #
  33. # [*service_name*]
  34. # (Optional) Name of the service.
  35. # Defaults to 'heat'.
  36. #
  37. # [*service_type*]
  38. # (Optional) Type of service.
  39. # Defaults to 'orchestration'.
  40. #
  41. # [*service_description*]
  42. # (Optional) Description for keystone service.
  43. # Defaults to 'Openstack Orchestration Service'.
  44. #
  45. # [*region*]
  46. # (Optional) Region for endpoint.
  47. # Defaults to 'RegionOne'.
  48. #
  49. # [*tenant*]
  50. # (Optional) Tenant for heat user.
  51. # Defaults to 'services'.
  52. #
  53. # [*trusts_delegated_roles*]
  54. # (Optional) Array of trustor roles to be delegated to heat.
  55. # Defaults to ['heat_stack_owner']
  56. #
  57. # [*configure_delegated_roles*]
  58. # (Optional) Whether to configure the delegated roles.
  59. # Defaults to false until the deprecated parameters in heat::engine
  60. # are removed after Kilo.
  61. #
  62. # [*public_url*]
  63. # (Optional) The endpoint's public url.
  64. # This url should *not* contain any trailing '/'.
  65. # Defaults to 'http://127.0.0.1:8004/v1/%(tenant_id)s'
  66. #
  67. # [*admin_url*]
  68. # (Optional) The endpoint's admin url.
  69. # This url should *not* contain any trailing '/'.
  70. # Defaults to 'http://127.0.0.1:8004/v1/%(tenant_id)s'
  71. #
  72. # [*internal_url*]
  73. # (Optional) The endpoint's internal url.
  74. # This url should *not* contain any trailing '/'.
  75. # Defaults to 'http://127.0.0.1:8004/v1/%(tenant_id)s'
  76. #
  77. # [*heat_stack_user_role*]
  78. # (Optional) Keystone role for heat template-defined users.
  79. # In this context this will create the role for the heat_stack_user.
  80. # It will not set the value in the config file, if you want to do
  81. # that you must set heat::engine::heat_stack_user_role. Generally
  82. # these should be set to the same value.
  83. # Defaults to 'heat_stack_user'
  84. # [*manage_heat_stack_user_role*]
  85. # (Optional) If true, this will manage the Keystone role for
  86. # $heat_stack_user_role.
  87. # Defaults to true
  88. #
  89. #
  90. # === Examples
  91. #
  92. # class { 'heat::keystone::auth':
  93. # public_url => 'https://10.0.0.10:8004/v1/%(tenant_id)s',
  94. # internal_url => 'https://10.0.0.11:8004/v1/%(tenant_id)s',
  95. # admin_url => 'https://10.0.0.11:8004/v1/%(tenant_id)s',
  96. # }
  97. #
  98. class heat::keystone::auth (
  99. $password = false,
  100. $email = 'heat@localhost',
  101. $auth_name = 'heat',
  102. $service_name = 'heat',
  103. $service_type = 'orchestration',
  104. $service_description = 'Openstack Orchestration Service',
  105. $region = 'RegionOne',
  106. $tenant = 'services',
  107. $configure_endpoint = true,
  108. $configure_service = true,
  109. $configure_user = true,
  110. $configure_user_role = true,
  111. $trusts_delegated_roles = ['heat_stack_owner'],
  112. $configure_delegated_roles = false,
  113. $public_url = 'http://127.0.0.1:8004/v1/%(tenant_id)s',
  114. $admin_url = 'http://127.0.0.1:8004/v1/%(tenant_id)s',
  115. $internal_url = 'http://127.0.0.1:8004/v1/%(tenant_id)s',
  116. $heat_stack_user_role = 'heat_stack_user',
  117. $manage_heat_stack_user_role = true,
  118. ) {
  119. include ::heat::deps
  120. validate_legacy(String, 'validate_string', $password)
  121. keystone::resource::service_identity { 'heat':
  122. configure_user => $configure_user,
  123. configure_user_role => $configure_user_role,
  124. configure_endpoint => $configure_endpoint,
  125. configure_service => $configure_service,
  126. service_type => $service_type,
  127. service_description => $service_description,
  128. service_name => $service_name,
  129. region => $region,
  130. auth_name => $auth_name,
  131. password => $password,
  132. email => $email,
  133. tenant => $tenant,
  134. public_url => $public_url,
  135. admin_url => $admin_url,
  136. internal_url => $internal_url,
  137. }
  138. if $configure_user_role {
  139. Keystone_user_role["${auth_name}@${tenant}"] ~> Anchor['heat::service::end']
  140. }
  141. if $manage_heat_stack_user_role {
  142. keystone_role { $heat_stack_user_role:
  143. ensure => present,
  144. }
  145. }
  146. if $configure_delegated_roles {
  147. # if this is a keystone only node, we configure the role here
  148. # but let engine.pp set the config file. A keystone only node
  149. # will not have a heat.conf file.
  150. keystone_role { $trusts_delegated_roles:
  151. ensure => present,
  152. }
  153. }
  154. }