Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and top scope fact. Change-Id: Ie757167eedce6fa1c99d08f96be1173871f21817
This commit is contained in:
parent
43331eadcd
commit
486d7f1435
@ -34,8 +34,8 @@ class { 'keystone':
|
||||
}
|
||||
class { 'keystone::bootstrap':
|
||||
password => 'ChangeMe',
|
||||
public_url => "https://${::fqdn}:5000",
|
||||
admin_url => "https://${::fqdn}:5000",
|
||||
public_url => "https://${facts['networking']['fqdn']}:5000",
|
||||
admin_url => "https://${facts['networking']['fqdn']}:5000",
|
||||
}
|
||||
|
||||
keystone_config { 'ssl/enable': value => true }
|
||||
|
@ -35,8 +35,8 @@ class { 'keystone':
|
||||
}
|
||||
class { 'keystone::bootstrap':
|
||||
password => 'ChangeMe',
|
||||
public_url => "https://${::fqdn}:443/v3",
|
||||
admin_url => "https://${::fqdn}:443/v3",
|
||||
public_url => "https://${facts['networking']['fqdn']}:443/v3",
|
||||
admin_url => "https://${facts['networking']['fqdn']}:443/v3",
|
||||
}
|
||||
|
||||
keystone_config { 'ssl/enable': ensure => absent }
|
||||
|
@ -53,8 +53,8 @@ class { 'keystone':
|
||||
|
||||
class { 'keystone::bootstrap':
|
||||
password => 'ChangeMe',
|
||||
public_url => "https://${::fqdn}:5000",
|
||||
admin_url => "https://${::fqdn}:5000",
|
||||
public_url => "https://${facts['networking']['fqdn']}:5000",
|
||||
admin_url => "https://${facts['networking']['fqdn']}:5000",
|
||||
}
|
||||
|
||||
keystone_config { 'ssl/enable': value => true }
|
||||
|
@ -8,99 +8,99 @@
|
||||
# the cache region. This should not need to be changed unless there
|
||||
# is another dogpile.cache region with the same configuration name.
|
||||
# (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*expiration_time*]
|
||||
# (Optional) Default TTL, in seconds, for any cached item in the
|
||||
# dogpile.cache region. This applies to any cached method that
|
||||
# doesn't have an explicit cache expiration time defined for it.
|
||||
# (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*backend*]
|
||||
# (Optional) Dogpile.cache backend module. It is recommended that
|
||||
# Memcache with pooling (oslo_cache.memcache_pool) or Redis
|
||||
# (dogpile.cache.redis) be used in production deployments. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*backend_argument*]
|
||||
# (Optional) Arguments supplied to the backend module. Specify this option
|
||||
# once per argument to be passed to the dogpile.cache backend.
|
||||
# Example format: "<argname>:<value>". (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*proxies*]
|
||||
# (Optional) Proxy classes to import that will affect the way the
|
||||
# dogpile.cache backend functions. See the dogpile.cache documentation on
|
||||
# changing-backend-behavior. (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*enabled*]
|
||||
# (Optional) Global toggle for caching. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*debug_cache_backend*]
|
||||
# (Optional) Extra debugging from the cache backend (cache keys,
|
||||
# get/set/delete/etc calls). This is only really useful if you need
|
||||
# to see the specific cache-backend get/set/delete calls with the keys/values.
|
||||
# Typically this should be left set to false. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*memcache_servers*]
|
||||
# (Optional) Memcache servers in the format of "host:port".
|
||||
# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
|
||||
# (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*memcache_dead_retry*]
|
||||
# (Optional) Number of seconds memcached server is considered dead before
|
||||
# it is tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool
|
||||
# backends only). (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*memcache_socket_timeout*]
|
||||
# (Optional) Timeout in seconds for every call to a server.
|
||||
# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
|
||||
# (floating point value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*enable_socket_keepalive*]
|
||||
# (Optional) Global toggle for the socket keepalive of dogpile's
|
||||
# pymemcache backend
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*socket_keepalive_idle*]
|
||||
# (Optional) The time (in seconds) the connection needs to remain idle
|
||||
# before TCP starts sending keepalive probes. Should be a positive integer
|
||||
# most greater than zero.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*socket_keepalive_interval*]
|
||||
# (Optional) The time (in seconds) between individual keepalive probes.
|
||||
# Should be a positive integer most greater than zero.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*socket_keepalive_count*]
|
||||
# (Optional) The maximum number of keepalive probes TCP should send before
|
||||
# dropping the connection. Should be a positive integer most greater than
|
||||
# zero.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*memcache_pool_maxsize*]
|
||||
# (Optional) Max total number of open connections to every memcached server.
|
||||
# (oslo_cache.memcache_pool backend only). (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*memcache_pool_unused_timeout*]
|
||||
# (Optional) Number of seconds a connection to memcached is held unused
|
||||
# in the pool before it is closed. (oslo_cache.memcache_pool backend only)
|
||||
# (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*memcache_pool_connection_get_timeout*]
|
||||
# (Optional) Number of seconds that an operation will wait to get a memcache
|
||||
# client connection. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*manage_backend_package*]
|
||||
# (Optional) Whether to install the backend package for the cache.
|
||||
@ -109,18 +109,18 @@
|
||||
# [*token_caching*]
|
||||
# (Optional) Toggle for token system caching. This has no effect unless
|
||||
# cache_backend, cache_enabled and cache_memcache_servers is set.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_enabled*]
|
||||
# (Optional) Global toggle for TLS usage when communicating with
|
||||
# the caching servers.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_cafile*]
|
||||
# (Optional) Path to a file of concatenated CA certificates in PEM
|
||||
# format necessary to establish the caching server's authenticity.
|
||||
# If tls_enabled is False, this option is ignored.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_certfile*]
|
||||
# (Optional) Path to a single file in PEM format containing the
|
||||
@ -128,84 +128,84 @@
|
||||
# needed to establish the certificate's authenticity. This file
|
||||
# is only required when client side authentication is necessary.
|
||||
# If tls_enabled is False, this option is ignored.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_keyfile*]
|
||||
# (Optional) Path to a single file containing the client's private
|
||||
# key in. Otherwise the private key will be taken from the file
|
||||
# specified in tls_certfile. If tls_enabled is False, this option
|
||||
# is ignored.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_allowed_ciphers*]
|
||||
# (Optional) Set the available ciphers for sockets created with
|
||||
# the TLS context. It should be a string in the OpenSSL cipher
|
||||
# list format. If not specified, all OpenSSL enabled ciphers will
|
||||
# be available.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*enable_retry_client*]
|
||||
# (Optional) Enable retry client mechanisms to handle failure.
|
||||
# Those mechanisms can be used to wrap all kind of pymemcache
|
||||
# clients. The wrapper allows you to define how many attempts
|
||||
# to make and how long to wait between attempts.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*retry_attempts*]
|
||||
# (Optional) Number of times to attempt an action before failing.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*retry_delay*]
|
||||
# (Optional) Number of seconds to sleep between each attempt.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*hashclient_retry_attempts*]
|
||||
# (Optional) Amount of times a client should be tried
|
||||
# before it is marked dead and removed from the pool in
|
||||
# the HashClient's internal mechanisms.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*hashclient_retry_delay*]
|
||||
# (Optional) Time in seconds that should pass between
|
||||
# retry attempts in the HashClient's internal mechanisms.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*dead_timeout*]
|
||||
# (Optional) Time in seconds before attempting to add a node
|
||||
# back in the pool in the HashClient's internal mechanisms.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
class keystone::cache(
|
||||
$config_prefix = $::os_service_default,
|
||||
$expiration_time = $::os_service_default,
|
||||
$backend = $::os_service_default,
|
||||
$backend_argument = $::os_service_default,
|
||||
$proxies = $::os_service_default,
|
||||
$enabled = $::os_service_default,
|
||||
$debug_cache_backend = $::os_service_default,
|
||||
$memcache_servers = $::os_service_default,
|
||||
$memcache_dead_retry = $::os_service_default,
|
||||
$memcache_socket_timeout = $::os_service_default,
|
||||
$enable_socket_keepalive = $::os_service_default,
|
||||
$socket_keepalive_idle = $::os_service_default,
|
||||
$socket_keepalive_interval = $::os_service_default,
|
||||
$socket_keepalive_count = $::os_service_default,
|
||||
$memcache_pool_maxsize = $::os_service_default,
|
||||
$memcache_pool_unused_timeout = $::os_service_default,
|
||||
$memcache_pool_connection_get_timeout = $::os_service_default,
|
||||
$config_prefix = $facts['os_service_default'],
|
||||
$expiration_time = $facts['os_service_default'],
|
||||
$backend = $facts['os_service_default'],
|
||||
$backend_argument = $facts['os_service_default'],
|
||||
$proxies = $facts['os_service_default'],
|
||||
$enabled = $facts['os_service_default'],
|
||||
$debug_cache_backend = $facts['os_service_default'],
|
||||
$memcache_servers = $facts['os_service_default'],
|
||||
$memcache_dead_retry = $facts['os_service_default'],
|
||||
$memcache_socket_timeout = $facts['os_service_default'],
|
||||
$enable_socket_keepalive = $facts['os_service_default'],
|
||||
$socket_keepalive_idle = $facts['os_service_default'],
|
||||
$socket_keepalive_interval = $facts['os_service_default'],
|
||||
$socket_keepalive_count = $facts['os_service_default'],
|
||||
$memcache_pool_maxsize = $facts['os_service_default'],
|
||||
$memcache_pool_unused_timeout = $facts['os_service_default'],
|
||||
$memcache_pool_connection_get_timeout = $facts['os_service_default'],
|
||||
$manage_backend_package = true,
|
||||
$token_caching = $::os_service_default,
|
||||
$tls_enabled = $::os_service_default,
|
||||
$tls_cafile = $::os_service_default,
|
||||
$tls_certfile = $::os_service_default,
|
||||
$tls_keyfile = $::os_service_default,
|
||||
$tls_allowed_ciphers = $::os_service_default,
|
||||
$enable_retry_client = $::os_service_default,
|
||||
$retry_attempts = $::os_service_default,
|
||||
$retry_delay = $::os_service_default,
|
||||
$hashclient_retry_attempts = $::os_service_default,
|
||||
$hashclient_retry_delay = $::os_service_default,
|
||||
$dead_timeout = $::os_service_default,
|
||||
$token_caching = $facts['os_service_default'],
|
||||
$tls_enabled = $facts['os_service_default'],
|
||||
$tls_cafile = $facts['os_service_default'],
|
||||
$tls_certfile = $facts['os_service_default'],
|
||||
$tls_keyfile = $facts['os_service_default'],
|
||||
$tls_allowed_ciphers = $facts['os_service_default'],
|
||||
$enable_retry_client = $facts['os_service_default'],
|
||||
$retry_attempts = $facts['os_service_default'],
|
||||
$retry_delay = $facts['os_service_default'],
|
||||
$hashclient_retry_attempts = $facts['os_service_default'],
|
||||
$hashclient_retry_delay = $facts['os_service_default'],
|
||||
$dead_timeout = $facts['os_service_default'],
|
||||
){
|
||||
|
||||
include keystone::deps
|
||||
|
@ -8,41 +8,41 @@
|
||||
# (Optional) Indicate whether this resource may be shared with the domain
|
||||
# received in the requests "origin" header.
|
||||
# (string value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*allow_credentials*]
|
||||
# (Optional) Indicate that the actual request can include user credentials.
|
||||
# (boolean value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*expose_headers*]
|
||||
# (Optional) Indicate which headers are safe to expose to the API.
|
||||
# (list value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*max_age*]
|
||||
# (Optional) Maximum cache age of CORS preflight requests.
|
||||
# (integer value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*allow_methods*]
|
||||
# (Optional) Indicate which methods can be used during the actual request.
|
||||
# (list value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*allow_headers*]
|
||||
# (Optional) Indicate which header field names may be used during the actual
|
||||
# request.
|
||||
# (list value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
class keystone::cors (
|
||||
$allowed_origin = $::os_service_default,
|
||||
$allow_credentials = $::os_service_default,
|
||||
$expose_headers = $::os_service_default,
|
||||
$max_age = $::os_service_default,
|
||||
$allow_methods = $::os_service_default,
|
||||
$allow_headers = $::os_service_default,
|
||||
$allowed_origin = $facts['os_service_default'],
|
||||
$allow_credentials = $facts['os_service_default'],
|
||||
$expose_headers = $facts['os_service_default'],
|
||||
$max_age = $facts['os_service_default'],
|
||||
$allow_methods = $facts['os_service_default'],
|
||||
$allow_headers = $facts['os_service_default'],
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
|
@ -7,7 +7,7 @@
|
||||
# [*database_db_max_retries*]
|
||||
# Maximum retries in case of connection error or deadlock error before
|
||||
# error is raised. Set to -1 to specify an infinite retry count.
|
||||
# (Optional) Defaults to $::os_service_default
|
||||
# (Optional) Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*database_connection*]
|
||||
# Url used to connect to database.
|
||||
@ -15,44 +15,44 @@
|
||||
#
|
||||
# [*database_connection_recycle_time*]
|
||||
# Timeout when db connections should be reaped.
|
||||
# (Optional) Defaults to $::os_service_default
|
||||
# (Optional) Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*database_max_retries*]
|
||||
# Maximum number of database connection retries during startup.
|
||||
# Setting -1 implies an infinite retry count.
|
||||
# (Optional) Defaults to $::os_service_default
|
||||
# (Optional) Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*database_retry_interval*]
|
||||
# Interval between retries of opening a database connection.
|
||||
# (Optional) Defaults to $::os_service_default
|
||||
# (Optional) Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*database_max_pool_size*]
|
||||
# Maximum number of SQL connections to keep open in a pool.
|
||||
# (Optional) Defaults to $::os_service_default
|
||||
# (Optional) Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*database_max_overflow*]
|
||||
# If set, use this value for max_overflow with sqlalchemy.
|
||||
# (Optional) Defaults to $::os_service_default
|
||||
# (Optional) Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*database_pool_timeout*]
|
||||
# (Optional) If set, use this value for pool_timeout with SQLAlchemy.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*mysql_enable_ndb*]
|
||||
# (Optional) If True, transparently enables support for handling MySQL
|
||||
# Cluster (NDB).
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
class keystone::db (
|
||||
$database_db_max_retries = $::os_service_default,
|
||||
$database_db_max_retries = $facts['os_service_default'],
|
||||
$database_connection = 'sqlite:////var/lib/keystone/keystone.sqlite',
|
||||
$database_connection_recycle_time = $::os_service_default,
|
||||
$database_max_pool_size = $::os_service_default,
|
||||
$database_max_retries = $::os_service_default,
|
||||
$database_retry_interval = $::os_service_default,
|
||||
$database_max_overflow = $::os_service_default,
|
||||
$database_pool_timeout = $::os_service_default,
|
||||
$mysql_enable_ndb = $::os_service_default,
|
||||
$database_connection_recycle_time = $facts['os_service_default'],
|
||||
$database_max_pool_size = $facts['os_service_default'],
|
||||
$database_max_retries = $facts['os_service_default'],
|
||||
$database_retry_interval = $facts['os_service_default'],
|
||||
$database_max_overflow = $facts['os_service_default'],
|
||||
$database_pool_timeout = $facts['os_service_default'],
|
||||
$mysql_enable_ndb = $facts['os_service_default'],
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
|
@ -7,16 +7,16 @@
|
||||
# This setting ensures that keystone only sends token data back to trusted
|
||||
# servers. This is performed as a precaution, specifically to prevent man-in-
|
||||
# the-middle (MITM) attacks.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*remote_id_attribute*]
|
||||
# (Optional) Value to be used to obtain the entity ID of the Identity
|
||||
# Provider from the environment.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
class keystone::federation (
|
||||
$trusted_dashboards = $::os_service_default,
|
||||
$remote_id_attribute = $::os_service_default,
|
||||
$trusted_dashboards = $facts['os_service_default'],
|
||||
$remote_id_attribute = $facts['os_service_default'],
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
|
@ -85,15 +85,15 @@ class keystone::federation::identity_provider(
|
||||
$certfile = $::keystone::ssl_ca_certs,
|
||||
$keyfile = $::keystone::ssl_ca_key,
|
||||
$user = $::keystone::params::user,
|
||||
$idp_organization_name = $::os_service_default,
|
||||
$idp_organization_display_name = $::os_service_default,
|
||||
$idp_organization_url = $::os_service_default,
|
||||
$idp_contact_company = $::os_service_default,
|
||||
$idp_contact_name = $::os_service_default,
|
||||
$idp_contact_surname = $::os_service_default,
|
||||
$idp_contact_email = $::os_service_default,
|
||||
$idp_contact_telephone = $::os_service_default,
|
||||
$idp_contact_type = $::os_service_default,
|
||||
$idp_organization_name = $facts['os_service_default'],
|
||||
$idp_organization_display_name = $facts['os_service_default'],
|
||||
$idp_organization_url = $facts['os_service_default'],
|
||||
$idp_contact_company = $facts['os_service_default'],
|
||||
$idp_contact_name = $facts['os_service_default'],
|
||||
$idp_contact_surname = $facts['os_service_default'],
|
||||
$idp_contact_email = $facts['os_service_default'],
|
||||
$idp_contact_telephone = $facts['os_service_default'],
|
||||
$idp_contact_type = $facts['os_service_default'],
|
||||
$package_ensure = present,
|
||||
) inherits keystone::params {
|
||||
|
||||
|
@ -74,8 +74,8 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
||||
'auth/saml2': ensure => absent;
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' or ($::osfamily == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) {
|
||||
if $::osfamily == 'RedHat' {
|
||||
if $facts['os']['family'] == 'Debian' or ($facts['os']['family'] == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) {
|
||||
if $facts['os']['family'] == 'RedHat' {
|
||||
warning('The platform is not officially supported, use at your own risk. Check manifest documentation for more.')
|
||||
apache::mod { 'shib2':
|
||||
id => 'mod_shib',
|
||||
@ -90,7 +90,7 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
||||
content => template('keystone/shibboleth.conf.erb'),
|
||||
order => $template_order,
|
||||
}
|
||||
} elsif $::osfamily == 'Redhat' {
|
||||
} elsif $facts['os']['family'] == 'Redhat' {
|
||||
if !$suppress_warning {
|
||||
warning( 'Can not configure Shibboleth in Apache on RedHat OS.Read the Note on this federation/shibboleth.pp' )
|
||||
}
|
||||
|
@ -6,28 +6,28 @@
|
||||
#
|
||||
# [*detailed*]
|
||||
# (Optional) Show more detailed information as part of the response.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*backends*]
|
||||
# (Optional) Additional backends that can perform health checks and report
|
||||
# that information back as part of a request.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*disable_by_file_path*]
|
||||
# (Optional) Check the presence of a file to determine if an application
|
||||
# is running on a port.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*disable_by_file_paths*]
|
||||
# (Optional) Check the presence of a file to determine if an application
|
||||
# is running on a port. Expects a "port:path" list of strings.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
class keystone::healthcheck (
|
||||
$detailed = $::os_service_default,
|
||||
$backends = $::os_service_default,
|
||||
$disable_by_file_path = $::os_service_default,
|
||||
$disable_by_file_paths = $::os_service_default,
|
||||
$detailed = $facts['os_service_default'],
|
||||
$backends = $facts['os_service_default'],
|
||||
$disable_by_file_path = $facts['os_service_default'],
|
||||
$disable_by_file_paths = $facts['os_service_default'],
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
|
@ -32,15 +32,15 @@
|
||||
#
|
||||
# [*password_hash_algorithm*]
|
||||
# (Optional) The password hash algorithm to use.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*password_hash_rounds*]
|
||||
# (Optional) The amount of rounds to do on the hash.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*revoke_driver*]
|
||||
# (Optional) Driver for token revocation.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*revoke_by_id*]
|
||||
# (Optional) Revoke token by token identifier.
|
||||
@ -62,11 +62,11 @@
|
||||
# (Optional) A URL representing the messaging driver to use and its full
|
||||
# configuration. Transport URLs take the form:
|
||||
# transport://user:pass@host1:port[,hostN:portN]/virtual_host
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*rabbit_ha_queues*]
|
||||
# (Optional) Use HA queues in RabbitMQ.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*rabbit_heartbeat_timeout_threshold*]
|
||||
# (Optional) Number of seconds after which the RabbitMQ broker is considered
|
||||
@ -74,14 +74,14 @@
|
||||
# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
|
||||
# closed, resulting in missed or lost messages from the queue.
|
||||
# (Requires kombu >= 3.0.7 and amqp >= 1.4.0)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*rabbit_heartbeat_rate*]
|
||||
# (Optional) How often during the rabbit_heartbeat_timeout_threshold period to
|
||||
# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2
|
||||
# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked
|
||||
# every 30 seconds.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*rabbit_heartbeat_in_pthread*]
|
||||
# (Optional) EXPERIMENTAL: Run the health check heartbeat thread
|
||||
@ -91,86 +91,86 @@
|
||||
# example if the parent process have monkey patched the
|
||||
# stdlib by using eventlet/greenlet then the heartbeat
|
||||
# will be run through a green thread.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*rabbit_use_ssl*]
|
||||
# (Optional) Connect over SSL for RabbitMQ
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_ssl_ca_certs*]
|
||||
# (Optional) SSL certification authority file (valid only if SSL enabled).
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_ssl_certfile*]
|
||||
# (Optional) SSL cert file (valid only if SSL enabled).
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_ssl_keyfile*]
|
||||
# (Optional) SSL key file (valid only if SSL enabled).
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_ssl_version*]
|
||||
# (Optional) SSL version to use (valid only if SSL enabled).
|
||||
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
|
||||
# available on some distributions.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_reconnect_delay*]
|
||||
# (Optional) How long to wait before reconnecting in response
|
||||
# to an AMQP consumer cancel notification. (floating point value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_failover_strategy*]
|
||||
# (Optional) Determines how the next RabbitMQ node is chosen in case the one
|
||||
# we are currently connected to becomes unavailable. Takes effect only if
|
||||
# more than one RabbitMQ node is provided in config. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_compression*]
|
||||
# (Optional) Possible values are: gzip, bz2. If not set compression will not
|
||||
# be used. This option may notbe available in future versions. EXPERIMENTAL.
|
||||
# (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*notification_transport_url*]
|
||||
# (Optional) A URL representing the messaging driver to use for notifications
|
||||
# and its full configuration. Transport URLs take the form:
|
||||
# transport://user:pass@host1:port[,hostN:portN]/virtual_host
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*notification_driver*]
|
||||
# RPC driver. Not enabled by default (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*notification_topics*]
|
||||
# (Optional) AMQP topics to publish to when using the RPC notification driver.
|
||||
# (list value)
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*notification_format*]
|
||||
# (Optional) Define the notification format for identity service events.
|
||||
# Valid values are 'basic' and 'cadf'.
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*notification_opt_out*]
|
||||
# (Optional) Opt out notifications that match the patterns expressed in this
|
||||
# list.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*control_exchange*]
|
||||
# (Optional) AMQP exchange to connect to if using RabbitMQ
|
||||
# (string value)
|
||||
# Default to $::os_service_default
|
||||
# Default to $facts['os_service_default']
|
||||
#
|
||||
# [*rpc_response_timeout*]
|
||||
# (Optional) Seconds to wait for a response from a call.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*public_endpoint*]
|
||||
# (Optional) The base public endpoint URL for keystone that are
|
||||
# advertised to clients (NOTE: this does NOT affect how
|
||||
# keystone listens for connections) (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*service_name*]
|
||||
# (Optional) Name of the service that will be providing the
|
||||
@ -193,7 +193,7 @@
|
||||
#
|
||||
# [*max_token_size*]
|
||||
# (Optional) maximum allowable Keystone token size
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*sync_db*]
|
||||
# (Optional) Run db sync on the node.
|
||||
@ -213,7 +213,7 @@
|
||||
#
|
||||
# [*fernet_max_active_keys*]
|
||||
# (Optional) Number of maximum active Fernet keys. Integer > 0.
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*fernet_keys*]
|
||||
# (Optional) Hash of Keystone fernet keys
|
||||
@ -274,7 +274,7 @@
|
||||
#
|
||||
# [*policy_driver*]
|
||||
# Policy backend driver. (string value)
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*using_domain_config*]
|
||||
# (Optional) Eases the use of the keystone_domain_config resource type.
|
||||
@ -303,11 +303,11 @@
|
||||
#
|
||||
# [*enable_proxy_headers_parsing*]
|
||||
# (Optional) Enable oslo middleware to parse proxy headers.
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*max_request_body_size*]
|
||||
# (Optional) Set max request body size
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# [*purge_config*]
|
||||
# (Optional) Whether to set only the specified config options
|
||||
@ -316,7 +316,7 @@
|
||||
#
|
||||
# [*amqp_durable_queues*]
|
||||
# (Optional) Whether to use durable queues in AMQP.
|
||||
# Defaults to $::os_service_default.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
@ -340,55 +340,55 @@ class keystone(
|
||||
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
||||
$token_provider = 'fernet',
|
||||
$token_expiration = 3600,
|
||||
$password_hash_algorithm = $::os_service_default,
|
||||
$password_hash_rounds = $::os_service_default,
|
||||
$revoke_driver = $::os_service_default,
|
||||
$password_hash_algorithm = $facts['os_service_default'],
|
||||
$password_hash_rounds = $facts['os_service_default'],
|
||||
$revoke_driver = $facts['os_service_default'],
|
||||
$revoke_by_id = true,
|
||||
$public_endpoint = $::os_service_default,
|
||||
$public_endpoint = $facts['os_service_default'],
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
|
||||
$rabbit_heartbeat_rate = $::os_service_default,
|
||||
$rabbit_heartbeat_in_pthread = $::os_service_default,
|
||||
$rabbit_use_ssl = $::os_service_default,
|
||||
$default_transport_url = $::os_service_default,
|
||||
$rabbit_ha_queues = $::os_service_default,
|
||||
$kombu_ssl_ca_certs = $::os_service_default,
|
||||
$kombu_ssl_certfile = $::os_service_default,
|
||||
$kombu_ssl_keyfile = $::os_service_default,
|
||||
$kombu_ssl_version = $::os_service_default,
|
||||
$kombu_reconnect_delay = $::os_service_default,
|
||||
$kombu_failover_strategy = $::os_service_default,
|
||||
$kombu_compression = $::os_service_default,
|
||||
$notification_transport_url = $::os_service_default,
|
||||
$notification_driver = $::os_service_default,
|
||||
$notification_topics = $::os_service_default,
|
||||
$notification_format = $::os_service_default,
|
||||
$notification_opt_out = $::os_service_default,
|
||||
$control_exchange = $::os_service_default,
|
||||
$rpc_response_timeout = $::os_service_default,
|
||||
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
||||
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
||||
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
||||
$rabbit_use_ssl = $facts['os_service_default'],
|
||||
$default_transport_url = $facts['os_service_default'],
|
||||
$rabbit_ha_queues = $facts['os_service_default'],
|
||||
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
||||
$kombu_ssl_certfile = $facts['os_service_default'],
|
||||
$kombu_ssl_keyfile = $facts['os_service_default'],
|
||||
$kombu_ssl_version = $facts['os_service_default'],
|
||||
$kombu_reconnect_delay = $facts['os_service_default'],
|
||||
$kombu_failover_strategy = $facts['os_service_default'],
|
||||
$kombu_compression = $facts['os_service_default'],
|
||||
$notification_transport_url = $facts['os_service_default'],
|
||||
$notification_driver = $facts['os_service_default'],
|
||||
$notification_topics = $facts['os_service_default'],
|
||||
$notification_format = $facts['os_service_default'],
|
||||
$notification_opt_out = $facts['os_service_default'],
|
||||
$control_exchange = $facts['os_service_default'],
|
||||
$rpc_response_timeout = $facts['os_service_default'],
|
||||
$service_name = $::keystone::params::service_name,
|
||||
$max_token_size = $::os_service_default,
|
||||
$max_token_size = $facts['os_service_default'],
|
||||
$sync_db = true,
|
||||
$enable_fernet_setup = true,
|
||||
$fernet_key_repository = '/etc/keystone/fernet-keys',
|
||||
$fernet_max_active_keys = $::os_service_default,
|
||||
$fernet_max_active_keys = $facts['os_service_default'],
|
||||
$fernet_keys = false,
|
||||
$fernet_replace_keys = true,
|
||||
$enable_credential_setup = true,
|
||||
$credential_key_repository = '/etc/keystone/credential-keys',
|
||||
$credential_keys = false,
|
||||
$default_domain = undef,
|
||||
$policy_driver = $::os_service_default,
|
||||
$policy_driver = $facts['os_service_default'],
|
||||
$using_domain_config = false,
|
||||
$domain_config_directory = '/etc/keystone/domains',
|
||||
$keystone_user = $::keystone::params::user,
|
||||
$keystone_group = $::keystone::params::group,
|
||||
$manage_policyrcd = false,
|
||||
$enable_proxy_headers_parsing = $::os_service_default,
|
||||
$max_request_body_size = $::os_service_default,
|
||||
$enable_proxy_headers_parsing = $facts['os_service_default'],
|
||||
$max_request_body_size = $facts['os_service_default'],
|
||||
$purge_config = false,
|
||||
$amqp_durable_queues = $::os_service_default,
|
||||
$amqp_durable_queues = $facts['os_service_default'],
|
||||
# DEPRECATED PARAMETERS
|
||||
$catalog_type = undef,
|
||||
) inherits keystone::params {
|
||||
@ -408,7 +408,7 @@ class keystone(
|
||||
# openstacklib policy_rcd only affects debian based systems.
|
||||
Policy_rcd <| title == 'keystone' |> -> Package['keystone']
|
||||
Policy_rcd['apache2'] -> Package['httpd']
|
||||
if ($::operatingsystem == 'Ubuntu') {
|
||||
if ($facts['os']['name'] == 'Ubuntu') {
|
||||
$policy_services = 'apache2'
|
||||
} else {
|
||||
$policy_services = ['keystone', 'apache2']
|
||||
@ -526,7 +526,7 @@ class keystone(
|
||||
|
||||
case $service_name {
|
||||
$::keystone::params::service_name: {
|
||||
if $::operatingsystem != 'Debian' {
|
||||
if $facts['os']['name'] != 'Debian' {
|
||||
# TODO(tkajinam): Make this hard-fail
|
||||
warning('Keystone under Eventlet is no longer supported by this operating system')
|
||||
}
|
||||
@ -547,7 +547,7 @@ class keystone(
|
||||
$service_name_real = $::apache::params::service_name
|
||||
Service <| title == 'httpd' |> { tag +> 'keystone-service' }
|
||||
|
||||
if $::operatingsystem == 'Debian' {
|
||||
if $facts['os']['name'] == 'Debian' {
|
||||
service { 'keystone':
|
||||
ensure => 'stopped',
|
||||
name => $::keystone::params::service_name,
|
||||
|
@ -6,60 +6,60 @@
|
||||
#
|
||||
# [*url*]
|
||||
# URL for connecting to the LDAP server. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user*]
|
||||
# User BindDN to query the LDAP server. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*password*]
|
||||
# Password for the BindDN to query the LDAP server. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*suffix*]
|
||||
# LDAP server suffix (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*query_scope*]
|
||||
# The LDAP scope for queries, this can be either "one"
|
||||
# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*page_size*]
|
||||
# Maximum results per page; a value of zero ("0") disables paging. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_tree_dn*]
|
||||
# Search base for users. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_filter*]
|
||||
# LDAP search filter for users. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_objectclass*]
|
||||
# LDAP objectclass for users. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_id_attribute*]
|
||||
# LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_name_attribute*]
|
||||
# LDAP attribute mapped to user name. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_description_attribute*]
|
||||
# LDAP attribute mapped to user description. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_mail_attribute*]
|
||||
# LDAP attribute mapped to user email. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_enabled_attribute*]
|
||||
# LDAP attribute mapped to user enabled flag. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_enabled_mask*]
|
||||
# Bitmask integer to indicate the bit that the enabled value is stored in if
|
||||
@ -67,7 +67,7 @@
|
||||
# boolean. A value of "0" indicates the mask is not used. If this is not set
|
||||
# to "0" the typical value is "2". This is typically used when
|
||||
# "user_enabled_attribute = userAccountControl". (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_enabled_default*]
|
||||
# Default value to enable users. This should match an appropriate int value
|
||||
@ -75,7 +75,7 @@
|
||||
# is enabled or disabled. If this is not set to "True" the typical value is
|
||||
# "512". This is typically used when "user_enabled_attribute =
|
||||
# userAccountControl". (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_enabled_invert*]
|
||||
# Invert the meaning of the boolean enabled values. Some LDAP servers use a
|
||||
@ -83,30 +83,30 @@
|
||||
# "user_enabled_invert = true" will allow these lock attributes to be used.
|
||||
# This setting will have no effect if "user_enabled_mask" or
|
||||
# "user_enabled_emulation" settings are in use. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_attribute_ignore*]
|
||||
# List of attributes stripped off the user on update. (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_default_project_id_attribute*]
|
||||
# LDAP attribute mapped to default_project_id for users. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_pass_attribute*]
|
||||
# LDAP attribute mapped to password. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_enabled_emulation*]
|
||||
# If true, Keystone uses an alternative method to determine if
|
||||
# a user is enabled or not by checking if they are a member of
|
||||
# the "user_enabled_emulation_dn" group. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_enabled_emulation_dn*]
|
||||
# DN of the group entry to hold enabled users when using enabled emulation.
|
||||
# (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*user_additional_attribute_mapping*]
|
||||
# List of additional LDAP attributes used for mapping
|
||||
@ -114,119 +114,119 @@
|
||||
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
|
||||
# attribute in the LDAP entry and user_attr is the Identity
|
||||
# API attribute. (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_tree_dn*]
|
||||
# Search base for groups. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_filter*]
|
||||
# LDAP search filter for groups. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_objectclass*]
|
||||
# LDAP objectclass for groups. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_id_attribute*]
|
||||
# LDAP attribute mapped to group id. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_name_attribute*]
|
||||
# LDAP attribute mapped to group name. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_member_attribute*]
|
||||
# LDAP attribute mapped to show group membership. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_members_are_ids*]
|
||||
# LDAP attribute when members of the group object class are keystone user IDs. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_desc_attribute*]
|
||||
# LDAP attribute mapped to group description. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_attribute_ignore*]
|
||||
# List of attributes stripped off the group on update. (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*group_additional_attribute_mapping*]
|
||||
# Additional attribute mappings for groups. Attribute mapping
|
||||
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
|
||||
# attribute in the LDAP entry and user_attr is the Identity
|
||||
# API attribute. (list value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*chase_referrals*]
|
||||
# Whether or not to chase returned referrals. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*use_tls*]
|
||||
# Enable TLS for communicating with LDAP servers. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_cacertfile*]
|
||||
# CA certificate file path for communicating with LDAP servers. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_cacertdir*]
|
||||
# CA certificate directory path for communicating with LDAP servers. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*tls_req_cert*]
|
||||
# Valid options for tls_req_cert are demand, never, and allow. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*identity_driver*]
|
||||
# Identity backend driver. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*use_pool*]
|
||||
# Enable LDAP connection pooling. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*pool_size*]
|
||||
# Connection pool size. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*pool_retry_max*]
|
||||
# Maximum count of reconnect trials. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*pool_retry_delay*]
|
||||
# Time span in seconds to wait between two reconnect trials. (floating point value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*pool_connection_timeout*]
|
||||
# Connector timeout in seconds. Value -1 indicates indefinite wait for response. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*pool_connection_lifetime*]
|
||||
# Connection lifetime in seconds. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*use_auth_pool*]
|
||||
# Enable LDAP connection pooling for end user authentication.
|
||||
# If use_pool is disabled, then this setting is meaningless and is not used at all. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*auth_pool_size*]
|
||||
# End user auth connection pool size. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*auth_pool_connection_lifetime*]
|
||||
# End user auth connection lifetime in seconds. (integer value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*credential_driver*]
|
||||
# Credential backend driver. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*assignment_driver*]
|
||||
# Assignment backend driver. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*package_ensure*]
|
||||
# (optional) Desired ensure state of packages.
|
||||
@ -248,56 +248,56 @@
|
||||
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
||||
#
|
||||
class keystone::ldap(
|
||||
$url = $::os_service_default,
|
||||
$user = $::os_service_default,
|
||||
$password = $::os_service_default,
|
||||
$suffix = $::os_service_default,
|
||||
$query_scope = $::os_service_default,
|
||||
$page_size = $::os_service_default,
|
||||
$user_tree_dn = $::os_service_default,
|
||||
$user_filter = $::os_service_default,
|
||||
$user_objectclass = $::os_service_default,
|
||||
$user_id_attribute = $::os_service_default,
|
||||
$user_name_attribute = $::os_service_default,
|
||||
$user_description_attribute = $::os_service_default,
|
||||
$user_mail_attribute = $::os_service_default,
|
||||
$user_enabled_attribute = $::os_service_default,
|
||||
$user_enabled_mask = $::os_service_default,
|
||||
$user_enabled_default = $::os_service_default,
|
||||
$user_enabled_invert = $::os_service_default,
|
||||
$user_attribute_ignore = $::os_service_default,
|
||||
$user_default_project_id_attribute = $::os_service_default,
|
||||
$user_pass_attribute = $::os_service_default,
|
||||
$user_enabled_emulation = $::os_service_default,
|
||||
$user_enabled_emulation_dn = $::os_service_default,
|
||||
$user_additional_attribute_mapping = $::os_service_default,
|
||||
$group_tree_dn = $::os_service_default,
|
||||
$group_filter = $::os_service_default,
|
||||
$group_objectclass = $::os_service_default,
|
||||
$group_id_attribute = $::os_service_default,
|
||||
$group_name_attribute = $::os_service_default,
|
||||
$group_member_attribute = $::os_service_default,
|
||||
$group_members_are_ids = $::os_service_default,
|
||||
$group_desc_attribute = $::os_service_default,
|
||||
$group_attribute_ignore = $::os_service_default,
|
||||
$group_additional_attribute_mapping = $::os_service_default,
|
||||
$chase_referrals = $::os_service_default,
|
||||
$use_tls = $::os_service_default,
|
||||
$tls_cacertdir = $::os_service_default,
|
||||
$tls_cacertfile = $::os_service_default,
|
||||
$tls_req_cert = $::os_service_default,
|
||||
$identity_driver = $::os_service_default,
|
||||
$assignment_driver = $::os_service_default,
|
||||
$credential_driver = $::os_service_default,
|
||||
$use_pool = $::os_service_default,
|
||||
$pool_size = $::os_service_default,
|
||||
$pool_retry_max = $::os_service_default,
|
||||
$pool_retry_delay = $::os_service_default,
|
||||
$pool_connection_timeout = $::os_service_default,
|
||||
$pool_connection_lifetime = $::os_service_default,
|
||||
$use_auth_pool = $::os_service_default,
|
||||
$auth_pool_size = $::os_service_default,
|
||||
$auth_pool_connection_lifetime = $::os_service_default,
|
||||
$url = $facts['os_service_default'],
|
||||
$user = $facts['os_service_default'],
|
||||
$password = $facts['os_service_default'],
|
||||
$suffix = $facts['os_service_default'],
|
||||
$query_scope = $facts['os_service_default'],
|
||||
$page_size = $facts['os_service_default'],
|
||||
$user_tree_dn = $facts['os_service_default'],
|
||||
$user_filter = $facts['os_service_default'],
|
||||
$user_objectclass = $facts['os_service_default'],
|
||||
$user_id_attribute = $facts['os_service_default'],
|
||||
$user_name_attribute = $facts['os_service_default'],
|
||||
$user_description_attribute = $facts['os_service_default'],
|
||||
$user_mail_attribute = $facts['os_service_default'],
|
||||
$user_enabled_attribute = $facts['os_service_default'],
|
||||
$user_enabled_mask = $facts['os_service_default'],
|
||||
$user_enabled_default = |