puppet-keystone/examples/v3_domain_configuration.pp

Exec { logoutput => 'on_failure' }

class { 'mysql::server': }
class { 'keystone::db::mysql':
  password => 'keystone',
}
class { 'keystone':
  debug               => true,
  database_connection => 'mysql://keystone:keystone@192.168.1.1/keystone',
  enabled             => true,
  # The domain configuration setup at keystone level
  using_domain_config => true,
}
class { 'keystone::bootstrap':
  password   => 'a_big_secret',
  public_url => 'http://192.168.1.1:5000',
  admin_url  => 'http://192.168.1.1:5000',
}

# Creates the /etc/keystone/domains/keystone.my_domain.conf file and
# notifies keystone service
keystone_domain_config {
  'my_domain::ldap/url':                 value => 'ldap://ldapservice.my_org.com';
  'my_domain::ldap/user':                value => 'cn=Manager,dc=openstack,dc=org';
  'my_domain::ldap/password':            value => 'mysecret';
  'my_domain::ldap/suffix':              value => 'dc=openstack,dc=org';
  'my_domain::ldap/group_tree_dn':       value => 'ou=UserGroups,dc=openstack,dc=org';
  'my_domain::ldap/user_tree_dn':        value => 'ou=Users,dc=openstack,dc=org';
  'my_domain::ldap/user_mail_attribute': value => 'mail';
}
Add keystone domain specific configuration. Implements blueprint keystone-domain-configuration Adds a provider able to configure multiple domains and two parameters in keystone class to setup a working multi-domains configuration. The keystone_config type has been refactored into a mixin to be shared by keystone_config and keystone_domain_config. The provider, even though it is inheriting from openstack_config (and not keystone_config because it hard code the path), has required more new code. The problem is that we have several configuration files to work with (one per domain) which is unusual. The self.prefetch method is required to check the current catalog. If it's changing the Keystone_config[identity/domain_config_dir] we take it directly into account without the need for another run. Keystone_config[identity/domain_config_dir] configuration and the associated directory are autorequired. Change-Id: I5e4b298460ee592640af59ac9dcbefa3daf98098 2015-09-01 16:06:39 +02:00			`Exec { logoutput => 'on_failure' }`

Convert all class usage to relative names Change-Id: Ia631adf31be1eeadb7ab0f12b75f1eaed73d5fbf 2019-12-08 23:09:22 +01:00			`class { 'mysql::server': }`
			`class { 'keystone::db::mysql':`
Add keystone domain specific configuration. Implements blueprint keystone-domain-configuration Adds a provider able to configure multiple domains and two parameters in keystone class to setup a working multi-domains configuration. The keystone_config type has been refactored into a mixin to be shared by keystone_config and keystone_domain_config. The provider, even though it is inheriting from openstack_config (and not keystone_config because it hard code the path), has required more new code. The problem is that we have several configuration files to work with (one per domain) which is unusual. The self.prefetch method is required to check the current catalog. If it's changing the Keystone_config[identity/domain_config_dir] we take it directly into account without the need for another run. Keystone_config[identity/domain_config_dir] configuration and the associated directory are autorequired. Change-Id: I5e4b298460ee592640af59ac9dcbefa3daf98098 2015-09-01 16:06:39 +02:00			`password => 'keystone',`
			`}`
Convert all class usage to relative names Change-Id: Ia631adf31be1eeadb7ab0f12b75f1eaed73d5fbf 2019-12-08 23:09:22 +01:00			`class { 'keystone':`
Add keystone domain specific configuration. Implements blueprint keystone-domain-configuration Adds a provider able to configure multiple domains and two parameters in keystone class to setup a working multi-domains configuration. The keystone_config type has been refactored into a mixin to be shared by keystone_config and keystone_domain_config. The provider, even though it is inheriting from openstack_config (and not keystone_config because it hard code the path), has required more new code. The problem is that we have several configuration files to work with (one per domain) which is unusual. The self.prefetch method is required to check the current catalog. If it's changing the Keystone_config[identity/domain_config_dir] we take it directly into account without the need for another run. Keystone_config[identity/domain_config_dir] configuration and the associated directory are autorequired. Change-Id: I5e4b298460ee592640af59ac9dcbefa3daf98098 2015-09-01 16:06:39 +02:00			`debug => true,`
			`database_connection => 'mysql://keystone:keystone@192.168.1.1/keystone',`
			`enabled => true,`
			`# The domain configuration setup at keystone level`
			`using_domain_config => true,`
			`}`
Add keystone::bootstrap class This class combines the keystone-manage bootstrap command from init, the keystone::endpoint functionality that manages the keystone endpoints and the keystone::roles::admin class that manages users and projects. This is one of the steps to make sure we only have a single point of entry for bootstrapping (keystone-manage bootstrap) and then only managing resources after that. This is especially required since we are getting rid of the admin token and cannot manage resources before keystone-manage bootstrap has created the user, project, service and endpoints for us. These resources should always be in the default domain and deployments should manage domain specific configuration themselves using the provider resources. This class uses the default values from the keystone-manage bootstrap command. In the past puppet-keystone has always created a openstack project that is assumed as a admin project even though the bootstrap command creates the admin project. Since this uses the default values from the bootstrap command we should move away from having an openstack project, if we need that in testing it should be created there and not in the default deployment. Depends-On: https://review.opendev.org/#/c/698528/ Change-Id: I683fcdd743bddf6d4e989dd7e7c553db745934db 2019-11-02 12:32:24 +01:00			`class { 'keystone::bootstrap':`
			`password => 'a_big_secret',`
			`public_url => 'http://192.168.1.1:5000',`
			`admin_url => 'http://192.168.1.1:5000',`
Add keystone domain specific configuration. Implements blueprint keystone-domain-configuration Adds a provider able to configure multiple domains and two parameters in keystone class to setup a working multi-domains configuration. The keystone_config type has been refactored into a mixin to be shared by keystone_config and keystone_domain_config. The provider, even though it is inheriting from openstack_config (and not keystone_config because it hard code the path), has required more new code. The problem is that we have several configuration files to work with (one per domain) which is unusual. The self.prefetch method is required to check the current catalog. If it's changing the Keystone_config[identity/domain_config_dir] we take it directly into account without the need for another run. Keystone_config[identity/domain_config_dir] configuration and the associated directory are autorequired. Change-Id: I5e4b298460ee592640af59ac9dcbefa3daf98098 2015-09-01 16:06:39 +02:00			`}`

			`# Creates the /etc/keystone/domains/keystone.my_domain.conf file and`
			`# notifies keystone service`
			`keystone_domain_config {`
			`'my_domain::ldap/url': value => 'ldap://ldapservice.my_org.com';`
			`'my_domain::ldap/user': value => 'cn=Manager,dc=openstack,dc=org';`
			`'my_domain::ldap/password': value => 'mysecret';`
			`'my_domain::ldap/suffix': value => 'dc=openstack,dc=org';`
			`'my_domain::ldap/group_tree_dn': value => 'ou=UserGroups,dc=openstack,dc=org';`
			`'my_domain::ldap/user_tree_dn': value => 'ou=Users,dc=openstack,dc=org';`
			`'my_domain::ldap/user_mail_attribute': value => 'mail';`
			`}`