Merge "Avoid hard-coding OS user/group in each manifest"
This commit is contained in:
Zuul
Gerrit Code Review
commit
29cfe8feab
|
|
@ -84,7 +84,7 @@ class keystone::bootstrap (
|
|||
if defined('$::keystone::keystone_user') {
|
||||
$keystone_user = $::keystone::keystone_user
|
||||
} else {
|
||||
$keystone_user = $::keystone::params::keystone_user
|
||||
$keystone_user = $::keystone::params::user
|
||||
}
|
||||
|
||||
if $bootstrap {
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@
|
|||
#
|
||||
# [*user*]
|
||||
# (Optional) Allow to run the crontab on behalf any user.
|
||||
# Defaults to 'keystone'
|
||||
# Defaults to $::keystone::params::user
|
||||
#
|
||||
class keystone::cron::fernet_rotate (
|
||||
$ensure = present,
|
||||
|
|
@ -61,8 +61,8 @@ class keystone::cron::fernet_rotate (
|
|||
$month = '*',
|
||||
$weekday = '*',
|
||||
$maxdelay = 0,
|
||||
$user = 'keystone',
|
||||
) {
|
||||
$user = $::keystone::params::user,
|
||||
) inherits keystone::params {
|
||||
|
||||
include keystone::deps
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@
|
|||
#
|
||||
# [*user*]
|
||||
# (Optional) Allow to run the crontab on behalf any user.
|
||||
# Defaults to 'keystone'
|
||||
# Defaults to $::keystone::params::user
|
||||
#
|
||||
class keystone::cron::trust_flush (
|
||||
$ensure = present,
|
||||
|
|
@ -65,8 +65,8 @@ class keystone::cron::trust_flush (
|
|||
$weekday = '*',
|
||||
Integer $maxdelay = 0,
|
||||
$destination = '/var/log/keystone/keystone-trustflush.log',
|
||||
$user = 'keystone',
|
||||
) {
|
||||
$user = $::keystone::params::user,
|
||||
) inherits keystone::params {
|
||||
|
||||
include keystone::deps
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
#
|
||||
# [*keystone_user*]
|
||||
# (Optional) Specify the keystone system user to be used with keystone-manage.
|
||||
# Defaults to $::keystone::params::keystone_user
|
||||
# Defaults to $::keystone::params::user
|
||||
#
|
||||
# [*db_sync_timeout*]
|
||||
# (Optional) Timeout for the execution of the db_sync
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
#
|
||||
class keystone::db::sync(
|
||||
$extra_params = undef,
|
||||
$keystone_user = $::keystone::params::keystone_user,
|
||||
$keystone_user = $::keystone::params::user,
|
||||
$db_sync_timeout = 300,
|
||||
) inherits keystone::params {
|
||||
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@
|
|||
#
|
||||
# [*user*]
|
||||
# (Optional) User with access to keystone files. (string value)
|
||||
# Defaults to 'keystone'.
|
||||
# Defaults to $::keystone::params::user.
|
||||
#
|
||||
# [*package_ensure*]
|
||||
# (optional) Desired ensure state of packages.
|
||||
|
|
@ -84,7 +84,7 @@ class keystone::federation::identity_provider(
|
|||
$idp_metadata_path,
|
||||
$certfile = $::keystone::ssl_ca_certs,
|
||||
$keyfile = $::keystone::ssl_ca_key,
|
||||
$user = 'keystone',
|
||||
$user = $::keystone::params::user,
|
||||
$idp_organization_name = $::os_service_default,
|
||||
$idp_organization_display_name = $::os_service_default,
|
||||
$idp_organization_url = $::os_service_default,
|
||||
|
|
@ -95,10 +95,9 @@ class keystone::federation::identity_provider(
|
|||
$idp_contact_telephone = $::os_service_default,
|
||||
$idp_contact_type = $::os_service_default,
|
||||
$package_ensure = present,
|
||||
) {
|
||||
) inherits keystone::params {
|
||||
|
||||
include keystone::deps
|
||||
include keystone::params
|
||||
|
||||
if $::keystone::service_name != 'httpd' {
|
||||
fail ('Keystone need to be running under Apache for Federation work.')
|
||||
|
|
|
|||
|
|
@ -290,11 +290,11 @@
|
|||
#
|
||||
# [*keystone_user*]
|
||||
# (Optional) Specify the keystone system user to be used with keystone-manage.
|
||||
# Defaults to $::keystone::params::keystone_user
|
||||
# Defaults to $::keystone::params::user
|
||||
#
|
||||
# [*keystone_group*]
|
||||
# (Optional) Specify the keystone system group to be used with keystone-manage.
|
||||
# Defaults to $::keystone::params::keystone_group
|
||||
# Defaults to $::keystone::params::group
|
||||
#
|
||||
# [*manage_policyrcd*]
|
||||
# (Optional) Whether to manage the policy-rc.d on debian based systems to
|
||||
|
|
@ -437,8 +437,8 @@ class keystone(
|
|||
$policy_driver = $::os_service_default,
|
||||
$using_domain_config = false,
|
||||
$domain_config_directory = '/etc/keystone/domains',
|
||||
$keystone_user = $::keystone::params::keystone_user,
|
||||
$keystone_group = $::keystone::params::keystone_group,
|
||||
$keystone_user = $::keystone::params::user,
|
||||
$keystone_group = $::keystone::params::group,
|
||||
$manage_policyrcd = false,
|
||||
$enable_proxy_headers_parsing = $::os_service_default,
|
||||
$max_request_body_size = $::os_service_default,
|
||||
|
|
|
|||
|
|
@ -317,8 +317,8 @@ and \"${domain_dir_enabled}\" for identity/domain_config_dir"
|
|||
if (!defined(File[$domain_dir_enabled])) {
|
||||
ensure_resource('file', $domain_dir_enabled, {
|
||||
ensure => directory,
|
||||
owner => 'keystone',
|
||||
group => 'keystone',
|
||||
owner => $::keystone::params::user,
|
||||
group => $::keystone::params::group,
|
||||
mode => '0750',
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,10 +5,13 @@ class keystone::params {
|
|||
include openstacklib::defaults
|
||||
|
||||
$client_package_name = 'python3-keystoneclient'
|
||||
$keystone_user = 'keystone'
|
||||
$keystone_group = 'keystone'
|
||||
$user = 'keystone'
|
||||
$group = 'keystone'
|
||||
|
||||
# NOTE(tkajinam) These are kept for backword compatibility
|
||||
$keystone_user = $user
|
||||
$keystone_group = $group
|
||||
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
$package_name = 'keystone'
|
||||
|
|
|
|||
|
|
@ -171,11 +171,11 @@ class keystone::wsgi::apache (
|
|||
servername => $servername,
|
||||
bind_host => $bind_host,
|
||||
bind_port => $api_port,
|
||||
group => $::keystone::params::keystone_group,
|
||||
group => $::keystone::params::group,
|
||||
path => $path,
|
||||
workers => $workers,
|
||||
threads => $threads,
|
||||
user => $::keystone::params::keystone_user,
|
||||
user => $::keystone::params::user,
|
||||
priority => $priority,
|
||||
ssl => $ssl,
|
||||
ssl_cert => $ssl_cert,
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ describe 'keystone::bootstrap' do
|
|||
"OS_BOOTSTRAP_INTERNAL_URL=http://127.0.0.1:5000",
|
||||
"OS_BOOTSTRAP_REGION_ID=RegionOne",
|
||||
],
|
||||
:user => platform_params[:keystone_user],
|
||||
:user => platform_params[:user],
|
||||
:path => '/usr/bin',
|
||||
:refreshonly => true,
|
||||
:subscribe => 'Anchor[keystone::dbsync::end]',
|
||||
|
|
@ -134,7 +134,7 @@ describe 'keystone::bootstrap' do
|
|||
"OS_BOOTSTRAP_INTERNAL_URL=http://internal:1342",
|
||||
"OS_BOOTSTRAP_REGION_ID=RegionTwo",
|
||||
],
|
||||
:user => platform_params[:keystone_user],
|
||||
:user => platform_params[:user],
|
||||
:path => '/usr/bin',
|
||||
:refreshonly => true,
|
||||
:subscribe => 'Anchor[keystone::dbsync::end]',
|
||||
|
|
@ -303,7 +303,7 @@ describe 'keystone::bootstrap' do
|
|||
end
|
||||
|
||||
let(:platform_params) do
|
||||
{ :keystone_user => 'keystone' }
|
||||
{ :user => 'keystone' }
|
||||
end
|
||||
|
||||
it_behaves_like 'keystone::bootstrap'
|
||||
|
|
|
|||
Loading…
Reference in New Issue