Replace legacy facts and use fact hash

... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: Ie757167eedce6fa1c99d08f96be1173871f21817
This commit is contained in:
Takashi Kajinami 2023-03-02 11:10:02 +09:00
parent 43331eadcd
commit 486d7f1435
31 changed files with 574 additions and 583 deletions

View File

@ -34,8 +34,8 @@ class { 'keystone':
}
class { 'keystone::bootstrap':
password => 'ChangeMe',
public_url => "https://${::fqdn}:5000",
admin_url => "https://${::fqdn}:5000",
public_url => "https://${facts['networking']['fqdn']}:5000",
admin_url => "https://${facts['networking']['fqdn']}:5000",
}
keystone_config { 'ssl/enable': value => true }

View File

@ -35,8 +35,8 @@ class { 'keystone':
}
class { 'keystone::bootstrap':
password => 'ChangeMe',
public_url => "https://${::fqdn}:443/v3",
admin_url => "https://${::fqdn}:443/v3",
public_url => "https://${facts['networking']['fqdn']}:443/v3",
admin_url => "https://${facts['networking']['fqdn']}:443/v3",
}
keystone_config { 'ssl/enable': ensure => absent }

View File

@ -53,8 +53,8 @@ class { 'keystone':
class { 'keystone::bootstrap':
password => 'ChangeMe',
public_url => "https://${::fqdn}:5000",
admin_url => "https://${::fqdn}:5000",
public_url => "https://${facts['networking']['fqdn']}:5000",
admin_url => "https://${facts['networking']['fqdn']}:5000",
}
keystone_config { 'ssl/enable': value => true }

View File

@ -8,99 +8,99 @@
# the cache region. This should not need to be changed unless there
# is another dogpile.cache region with the same configuration name.
# (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*expiration_time*]
# (Optional) Default TTL, in seconds, for any cached item in the
# dogpile.cache region. This applies to any cached method that
# doesn't have an explicit cache expiration time defined for it.
# (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*backend*]
# (Optional) Dogpile.cache backend module. It is recommended that
# Memcache with pooling (oslo_cache.memcache_pool) or Redis
# (dogpile.cache.redis) be used in production deployments. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*backend_argument*]
# (Optional) Arguments supplied to the backend module. Specify this option
# once per argument to be passed to the dogpile.cache backend.
# Example format: "<argname>:<value>". (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*proxies*]
# (Optional) Proxy classes to import that will affect the way the
# dogpile.cache backend functions. See the dogpile.cache documentation on
# changing-backend-behavior. (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enabled*]
# (Optional) Global toggle for caching. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*debug_cache_backend*]
# (Optional) Extra debugging from the cache backend (cache keys,
# get/set/delete/etc calls). This is only really useful if you need
# to see the specific cache-backend get/set/delete calls with the keys/values.
# Typically this should be left set to false. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*memcache_servers*]
# (Optional) Memcache servers in the format of "host:port".
# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
# (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*memcache_dead_retry*]
# (Optional) Number of seconds memcached server is considered dead before
# it is tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool
# backends only). (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*memcache_socket_timeout*]
# (Optional) Timeout in seconds for every call to a server.
# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
# (floating point value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enable_socket_keepalive*]
# (Optional) Global toggle for the socket keepalive of dogpile's
# pymemcache backend
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*socket_keepalive_idle*]
# (Optional) The time (in seconds) the connection needs to remain idle
# before TCP starts sending keepalive probes. Should be a positive integer
# most greater than zero.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*socket_keepalive_interval*]
# (Optional) The time (in seconds) between individual keepalive probes.
# Should be a positive integer most greater than zero.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*socket_keepalive_count*]
# (Optional) The maximum number of keepalive probes TCP should send before
# dropping the connection. Should be a positive integer most greater than
# zero.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*memcache_pool_maxsize*]
# (Optional) Max total number of open connections to every memcached server.
# (oslo_cache.memcache_pool backend only). (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*memcache_pool_unused_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused
# in the pool before it is closed. (oslo_cache.memcache_pool backend only)
# (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*memcache_pool_connection_get_timeout*]
# (Optional) Number of seconds that an operation will wait to get a memcache
# client connection. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*manage_backend_package*]
# (Optional) Whether to install the backend package for the cache.
@ -109,18 +109,18 @@
# [*token_caching*]
# (Optional) Toggle for token system caching. This has no effect unless
# cache_backend, cache_enabled and cache_memcache_servers is set.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*tls_enabled*]
# (Optional) Global toggle for TLS usage when communicating with
# the caching servers.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*tls_cafile*]
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*tls_certfile*]
# (Optional) Path to a single file in PEM format containing the
@ -128,84 +128,84 @@
# needed to establish the certificate's authenticity. This file
# is only required when client side authentication is necessary.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*tls_keyfile*]
# (Optional) Path to a single file containing the client's private
# key in. Otherwise the private key will be taken from the file
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*tls_allowed_ciphers*]
# (Optional) Set the available ciphers for sockets created with
# the TLS context. It should be a string in the OpenSSL cipher
# list format. If not specified, all OpenSSL enabled ciphers will
# be available.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*enable_retry_client*]
# (Optional) Enable retry client mechanisms to handle failure.
# Those mechanisms can be used to wrap all kind of pymemcache
# clients. The wrapper allows you to define how many attempts
# to make and how long to wait between attempts.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*retry_attempts*]
# (Optional) Number of times to attempt an action before failing.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*retry_delay*]
# (Optional) Number of seconds to sleep between each attempt.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*hashclient_retry_attempts*]
# (Optional) Amount of times a client should be tried
# before it is marked dead and removed from the pool in
# the HashClient's internal mechanisms.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*hashclient_retry_delay*]
# (Optional) Time in seconds that should pass between
# retry attempts in the HashClient's internal mechanisms.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*dead_timeout*]
# (Optional) Time in seconds before attempting to add a node
# back in the pool in the HashClient's internal mechanisms.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
class keystone::cache(
$config_prefix = $::os_service_default,
$expiration_time = $::os_service_default,
$backend = $::os_service_default,
$backend_argument = $::os_service_default,
$proxies = $::os_service_default,
$enabled = $::os_service_default,
$debug_cache_backend = $::os_service_default,
$memcache_servers = $::os_service_default,
$memcache_dead_retry = $::os_service_default,
$memcache_socket_timeout = $::os_service_default,
$enable_socket_keepalive = $::os_service_default,
$socket_keepalive_idle = $::os_service_default,
$socket_keepalive_interval = $::os_service_default,
$socket_keepalive_count = $::os_service_default,
$memcache_pool_maxsize = $::os_service_default,
$memcache_pool_unused_timeout = $::os_service_default,
$memcache_pool_connection_get_timeout = $::os_service_default,
$config_prefix = $facts['os_service_default'],
$expiration_time = $facts['os_service_default'],
$backend = $facts['os_service_default'],
$backend_argument = $facts['os_service_default'],
$proxies = $facts['os_service_default'],
$enabled = $facts['os_service_default'],
$debug_cache_backend = $facts['os_service_default'],
$memcache_servers = $facts['os_service_default'],
$memcache_dead_retry = $facts['os_service_default'],
$memcache_socket_timeout = $facts['os_service_default'],
$enable_socket_keepalive = $facts['os_service_default'],
$socket_keepalive_idle = $facts['os_service_default'],
$socket_keepalive_interval = $facts['os_service_default'],
$socket_keepalive_count = $facts['os_service_default'],
$memcache_pool_maxsize = $facts['os_service_default'],
$memcache_pool_unused_timeout = $facts['os_service_default'],
$memcache_pool_connection_get_timeout = $facts['os_service_default'],
$manage_backend_package = true,
$token_caching = $::os_service_default,
$tls_enabled = $::os_service_default,
$tls_cafile = $::os_service_default,
$tls_certfile = $::os_service_default,
$tls_keyfile = $::os_service_default,
$tls_allowed_ciphers = $::os_service_default,
$enable_retry_client = $::os_service_default,
$retry_attempts = $::os_service_default,
$retry_delay = $::os_service_default,
$hashclient_retry_attempts = $::os_service_default,
$hashclient_retry_delay = $::os_service_default,
$dead_timeout = $::os_service_default,
$token_caching = $facts['os_service_default'],
$tls_enabled = $facts['os_service_default'],
$tls_cafile = $facts['os_service_default'],
$tls_certfile = $facts['os_service_default'],
$tls_keyfile = $facts['os_service_default'],
$tls_allowed_ciphers = $facts['os_service_default'],
$enable_retry_client = $facts['os_service_default'],
$retry_attempts = $facts['os_service_default'],
$retry_delay = $facts['os_service_default'],
$hashclient_retry_attempts = $facts['os_service_default'],
$hashclient_retry_delay = $facts['os_service_default'],
$dead_timeout = $facts['os_service_default'],
){
include keystone::deps

View File

@ -8,41 +8,41 @@
# (Optional) Indicate whether this resource may be shared with the domain
# received in the requests "origin" header.
# (string value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*allow_credentials*]
# (Optional) Indicate that the actual request can include user credentials.
# (boolean value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*expose_headers*]
# (Optional) Indicate which headers are safe to expose to the API.
# (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*max_age*]
# (Optional) Maximum cache age of CORS preflight requests.
# (integer value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*allow_methods*]
# (Optional) Indicate which methods can be used during the actual request.
# (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*allow_headers*]
# (Optional) Indicate which header field names may be used during the actual
# request.
# (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
class keystone::cors (
$allowed_origin = $::os_service_default,
$allow_credentials = $::os_service_default,
$expose_headers = $::os_service_default,
$max_age = $::os_service_default,
$allow_methods = $::os_service_default,
$allow_headers = $::os_service_default,
$allowed_origin = $facts['os_service_default'],
$allow_credentials = $facts['os_service_default'],
$expose_headers = $facts['os_service_default'],
$max_age = $facts['os_service_default'],
$allow_methods = $facts['os_service_default'],
$allow_headers = $facts['os_service_default'],
) {
include keystone::deps

View File

@ -7,7 +7,7 @@
# [*database_db_max_retries*]
# Maximum retries in case of connection error or deadlock error before
# error is raised. Set to -1 to specify an infinite retry count.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_connection*]
# Url used to connect to database.
@ -15,44 +15,44 @@
#
# [*database_connection_recycle_time*]
# Timeout when db connections should be reaped.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_retries*]
# Maximum number of database connection retries during startup.
# Setting -1 implies an infinite retry count.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_retry_interval*]
# Interval between retries of opening a database connection.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_pool_size*]
# Maximum number of SQL connections to keep open in a pool.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_overflow*]
# If set, use this value for max_overflow with sqlalchemy.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_pool_timeout*]
# (Optional) If set, use this value for pool_timeout with SQLAlchemy.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*mysql_enable_ndb*]
# (Optional) If True, transparently enables support for handling MySQL
# Cluster (NDB).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class keystone::db (
$database_db_max_retries = $::os_service_default,
$database_db_max_retries = $facts['os_service_default'],
$database_connection = 'sqlite:////var/lib/keystone/keystone.sqlite',
$database_connection_recycle_time = $::os_service_default,
$database_max_pool_size = $::os_service_default,
$database_max_retries = $::os_service_default,
$database_retry_interval = $::os_service_default,
$database_max_overflow = $::os_service_default,
$database_pool_timeout = $::os_service_default,
$mysql_enable_ndb = $::os_service_default,
$database_connection_recycle_time = $facts['os_service_default'],
$database_max_pool_size = $facts['os_service_default'],
$database_max_retries = $facts['os_service_default'],
$database_retry_interval = $facts['os_service_default'],
$database_max_overflow = $facts['os_service_default'],
$database_pool_timeout = $facts['os_service_default'],
$mysql_enable_ndb = $facts['os_service_default'],
) {
include keystone::deps

View File

@ -7,16 +7,16 @@
# This setting ensures that keystone only sends token data back to trusted
# servers. This is performed as a precaution, specifically to prevent man-in-
# the-middle (MITM) attacks.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*remote_id_attribute*]
# (Optional) Value to be used to obtain the entity ID of the Identity
# Provider from the environment.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class keystone::federation (
$trusted_dashboards = $::os_service_default,
$remote_id_attribute = $::os_service_default,
$trusted_dashboards = $facts['os_service_default'],
$remote_id_attribute = $facts['os_service_default'],
) {
include keystone::deps

View File

@ -85,15 +85,15 @@ class keystone::federation::identity_provider(
$certfile = $::keystone::ssl_ca_certs,
$keyfile = $::keystone::ssl_ca_key,
$user = $::keystone::params::user,
$idp_organization_name = $::os_service_default,
$idp_organization_display_name = $::os_service_default,
$idp_organization_url = $::os_service_default,
$idp_contact_company = $::os_service_default,
$idp_contact_name = $::os_service_default,
$idp_contact_surname = $::os_service_default,
$idp_contact_email = $::os_service_default,
$idp_contact_telephone = $::os_service_default,
$idp_contact_type = $::os_service_default,
$idp_organization_name = $facts['os_service_default'],
$idp_organization_display_name = $facts['os_service_default'],
$idp_organization_url = $facts['os_service_default'],
$idp_contact_company = $facts['os_service_default'],
$idp_contact_name = $facts['os_service_default'],
$idp_contact_surname = $facts['os_service_default'],
$idp_contact_email = $facts['os_service_default'],
$idp_contact_telephone = $facts['os_service_default'],
$idp_contact_type = $facts['os_service_default'],
$package_ensure = present,
) inherits keystone::params {

View File

@ -74,8 +74,8 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
'auth/saml2': ensure => absent;
}
if $::osfamily == 'Debian' or ($::osfamily == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) {
if $::osfamily == 'RedHat' {
if $facts['os']['family'] == 'Debian' or ($facts['os']['family'] == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) {
if $facts['os']['family'] == 'RedHat' {
warning('The platform is not officially supported, use at your own risk. Check manifest documentation for more.')
apache::mod { 'shib2':
id => 'mod_shib',
@ -90,7 +90,7 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
}
} elsif $::osfamily == 'Redhat' {
} elsif $facts['os']['family'] == 'Redhat' {
if !$suppress_warning {
warning( 'Can not configure Shibboleth in Apache on RedHat OS.Read the Note on this federation/shibboleth.pp' )
}

View File

@ -6,28 +6,28 @@
#
# [*detailed*]
# (Optional) Show more detailed information as part of the response.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*backends*]
# (Optional) Additional backends that can perform health checks and report
# that information back as part of a request.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_path*]
# (Optional) Check the presence of a file to determine if an application
# is running on a port.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_paths*]
# (Optional) Check the presence of a file to determine if an application
# is running on a port. Expects a "port:path" list of strings.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class keystone::healthcheck (
$detailed = $::os_service_default,
$backends = $::os_service_default,
$disable_by_file_path = $::os_service_default,
$disable_by_file_paths = $::os_service_default,
$detailed = $facts['os_service_default'],
$backends = $facts['os_service_default'],
$disable_by_file_path = $facts['os_service_default'],
$disable_by_file_paths = $facts['os_service_default'],
) {
include keystone::deps

View File

@ -32,15 +32,15 @@
#
# [*password_hash_algorithm*]
# (Optional) The password hash algorithm to use.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*password_hash_rounds*]
# (Optional) The amount of rounds to do on the hash.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*revoke_driver*]
# (Optional) Driver for token revocation.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*revoke_by_id*]
# (Optional) Revoke token by token identifier.
@ -62,11 +62,11 @@
# (Optional) A URL representing the messaging driver to use and its full
# configuration. Transport URLs take the form:
# transport://user:pass@host1:port[,hostN:portN]/virtual_host
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_ha_queues*]
# (Optional) Use HA queues in RabbitMQ.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_timeout_threshold*]
# (Optional) Number of seconds after which the RabbitMQ broker is considered
@ -74,14 +74,14 @@
# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
# closed, resulting in missed or lost messages from the queue.
# (Requires kombu >= 3.0.7 and amqp >= 1.4.0)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_rate*]
# (Optional) How often during the rabbit_heartbeat_timeout_threshold period to
# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2
# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked
# every 30 seconds.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_in_pthread*]
# (Optional) EXPERIMENTAL: Run the health check heartbeat thread
@ -91,86 +91,86 @@
# example if the parent process have monkey patched the
# stdlib by using eventlet/greenlet then the heartbeat
# will be run through a green thread.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_use_ssl*]
# (Optional) Connect over SSL for RabbitMQ
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_ca_certs*]
# (Optional) SSL certification authority file (valid only if SSL enabled).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_certfile*]
# (Optional) SSL cert file (valid only if SSL enabled).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_keyfile*]
# (Optional) SSL key file (valid only if SSL enabled).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_version*]
# (Optional) SSL version to use (valid only if SSL enabled).
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
# available on some distributions.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_reconnect_delay*]
# (Optional) How long to wait before reconnecting in response
# to an AMQP consumer cancel notification. (floating point value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_failover_strategy*]
# (Optional) Determines how the next RabbitMQ node is chosen in case the one
# we are currently connected to becomes unavailable. Takes effect only if
# more than one RabbitMQ node is provided in config. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_compression*]
# (Optional) Possible values are: gzip, bz2. If not set compression will not
# be used. This option may notbe available in future versions. EXPERIMENTAL.
# (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*notification_transport_url*]
# (Optional) A URL representing the messaging driver to use for notifications
# and its full configuration. Transport URLs take the form:
# transport://user:pass@host1:port[,hostN:portN]/virtual_host
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*notification_driver*]
# RPC driver. Not enabled by default (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*notification_topics*]
# (Optional) AMQP topics to publish to when using the RPC notification driver.
# (list value)
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*notification_format*]
# (Optional) Define the notification format for identity service events.
# Valid values are 'basic' and 'cadf'.
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*notification_opt_out*]
# (Optional) Opt out notifications that match the patterns expressed in this
# list.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*control_exchange*]
# (Optional) AMQP exchange to connect to if using RabbitMQ
# (string value)
# Default to $::os_service_default
# Default to $facts['os_service_default']
#
# [*rpc_response_timeout*]
# (Optional) Seconds to wait for a response from a call.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*public_endpoint*]
# (Optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*service_name*]
# (Optional) Name of the service that will be providing the
@ -193,7 +193,7 @@
#
# [*max_token_size*]
# (Optional) maximum allowable Keystone token size
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*sync_db*]
# (Optional) Run db sync on the node.
@ -213,7 +213,7 @@
#
# [*fernet_max_active_keys*]
# (Optional) Number of maximum active Fernet keys. Integer > 0.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*fernet_keys*]
# (Optional) Hash of Keystone fernet keys
@ -274,7 +274,7 @@
#
# [*policy_driver*]
# Policy backend driver. (string value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*using_domain_config*]
# (Optional) Eases the use of the keystone_domain_config resource type.
@ -303,11 +303,11 @@
#
# [*enable_proxy_headers_parsing*]
# (Optional) Enable oslo middleware to parse proxy headers.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*max_request_body_size*]
# (Optional) Set max request body size
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*purge_config*]
# (Optional) Whether to set only the specified config options
@ -316,7 +316,7 @@
#
# [*amqp_durable_queues*]
# (Optional) Whether to use durable queues in AMQP.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# DEPRECATED PARAMETERS
#
@ -340,55 +340,55 @@ class keystone(
$catalog_template_file = '/etc/keystone/default_catalog.templates',
$token_provider = 'fernet',
$token_expiration = 3600,
$password_hash_algorithm = $::os_service_default,
$password_hash_rounds = $::os_service_default,
$revoke_driver = $::os_service_default,
$password_hash_algorithm = $facts['os_service_default'],
$password_hash_rounds = $facts['os_service_default'],
$revoke_driver = $facts['os_service_default'],
$revoke_by_id = true,
$public_endpoint = $::os_service_default,
$public_endpoint = $facts['os_service_default'],
$manage_service = true,
$enabled = true,
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
$rabbit_heartbeat_rate = $::os_service_default,
$rabbit_heartbeat_in_pthread = $::os_service_default,
$rabbit_use_ssl = $::os_service_default,
$default_transport_url = $::os_service_default,
$rabbit_ha_queues = $::os_service_default,
$kombu_ssl_ca_certs = $::os_service_default,
$kombu_ssl_certfile = $::os_service_default,
$kombu_ssl_keyfile = $::os_service_default,
$kombu_ssl_version = $::os_service_default,
$kombu_reconnect_delay = $::os_service_default,
$kombu_failover_strategy = $::os_service_default,
$kombu_compression = $::os_service_default,
$notification_transport_url = $::os_service_default,
$notification_driver = $::os_service_default,
$notification_topics = $::os_service_default,
$notification_format = $::os_service_default,
$notification_opt_out = $::os_service_default,
$control_exchange = $::os_service_default,
$rpc_response_timeout = $::os_service_default,
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
$rabbit_use_ssl = $facts['os_service_default'],
$default_transport_url = $facts['os_service_default'],
$rabbit_ha_queues = $facts['os_service_default'],
$kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $facts['os_service_default'],
$notification_transport_url = $facts['os_service_default'],
$notification_driver = $facts['os_service_default'],
$notification_topics = $facts['os_service_default'],
$notification_format = $facts['os_service_default'],
$notification_opt_out = $facts['os_service_default'],
$control_exchange = $facts['os_service_default'],
$rpc_response_timeout = $facts['os_service_default'],
$service_name = $::keystone::params::service_name,
$max_token_size = $::os_service_default,
$max_token_size = $facts['os_service_default'],
$sync_db = true,
$enable_fernet_setup = true,
$fernet_key_repository = '/etc/keystone/fernet-keys',
$fernet_max_active_keys = $::os_service_default,
$fernet_max_active_keys = $facts['os_service_default'],
$fernet_keys = false,
$fernet_replace_keys = true,
$enable_credential_setup = true,
$credential_key_repository = '/etc/keystone/credential-keys',
$credential_keys = false,
$default_domain = undef,
$policy_driver = $::os_service_default,
$policy_driver = $facts['os_service_default'],
$using_domain_config = false,
$domain_config_directory = '/etc/keystone/domains',
$keystone_user = $::keystone::params::user,
$keystone_group = $::keystone::params::group,
$manage_policyrcd = false,
$enable_proxy_headers_parsing = $::os_service_default,
$max_request_body_size = $::os_service_default,
$enable_proxy_headers_parsing = $facts['os_service_default'],
$max_request_body_size = $facts['os_service_default'],
$purge_config = false,
$amqp_durable_queues = $::os_service_default,
$amqp_durable_queues = $facts['os_service_default'],
# DEPRECATED PARAMETERS
$catalog_type = undef,
) inherits keystone::params {
@ -408,7 +408,7 @@ class keystone(
# openstacklib policy_rcd only affects debian based systems.
Policy_rcd <| title == 'keystone' |> -> Package['keystone']
Policy_rcd['apache2'] -> Package['httpd']
if ($::operatingsystem == 'Ubuntu') {
if ($facts['os']['name'] == 'Ubuntu') {
$policy_services = 'apache2'
} else {
$policy_services = ['keystone', 'apache2']
@ -526,7 +526,7 @@ class keystone(
case $service_name {
$::keystone::params::service_name: {
if $::operatingsystem != 'Debian' {
if $facts['os']['name'] != 'Debian' {
# TODO(tkajinam): Make this hard-fail
warning('Keystone under Eventlet is no longer supported by this operating system')
}
@ -547,7 +547,7 @@ class keystone(
$service_name_real = $::apache::params::service_name
Service <| title == 'httpd' |> { tag +> 'keystone-service' }
if $::operatingsystem == 'Debian' {
if $facts['os']['name'] == 'Debian' {
service { 'keystone':
ensure => 'stopped',
name => $::keystone::params::service_name,

View File

@ -6,60 +6,60 @@
#
# [*url*]
# URL for connecting to the LDAP server. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user*]
# User BindDN to query the LDAP server. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*password*]
# Password for the BindDN to query the LDAP server. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*suffix*]
# LDAP server suffix (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*query_scope*]
# The LDAP scope for queries, this can be either "one"
# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*page_size*]
# Maximum results per page; a value of zero ("0") disables paging. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_tree_dn*]
# Search base for users. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_filter*]
# LDAP search filter for users. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_objectclass*]
# LDAP objectclass for users. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_id_attribute*]
# LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_name_attribute*]
# LDAP attribute mapped to user name. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_description_attribute*]
# LDAP attribute mapped to user description. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_mail_attribute*]
# LDAP attribute mapped to user email. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_enabled_attribute*]
# LDAP attribute mapped to user enabled flag. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_enabled_mask*]
# Bitmask integer to indicate the bit that the enabled value is stored in if
@ -67,7 +67,7 @@
# boolean. A value of "0" indicates the mask is not used. If this is not set
# to "0" the typical value is "2". This is typically used when
# "user_enabled_attribute = userAccountControl". (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_enabled_default*]
# Default value to enable users. This should match an appropriate int value
@ -75,7 +75,7 @@
# is enabled or disabled. If this is not set to "True" the typical value is
# "512". This is typically used when "user_enabled_attribute =
# userAccountControl". (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_enabled_invert*]
# Invert the meaning of the boolean enabled values. Some LDAP servers use a
@ -83,30 +83,30 @@
# "user_enabled_invert = true" will allow these lock attributes to be used.
# This setting will have no effect if "user_enabled_mask" or
# "user_enabled_emulation" settings are in use. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_attribute_ignore*]
# List of attributes stripped off the user on update. (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_default_project_id_attribute*]
# LDAP attribute mapped to default_project_id for users. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_pass_attribute*]
# LDAP attribute mapped to password. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_enabled_emulation*]
# If true, Keystone uses an alternative method to determine if
# a user is enabled or not by checking if they are a member of
# the "user_enabled_emulation_dn" group. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_enabled_emulation_dn*]
# DN of the group entry to hold enabled users when using enabled emulation.
# (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*user_additional_attribute_mapping*]
# List of additional LDAP attributes used for mapping
@ -114,119 +114,119 @@
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_tree_dn*]
# Search base for groups. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_filter*]
# LDAP search filter for groups. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_objectclass*]
# LDAP objectclass for groups. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_id_attribute*]
# LDAP attribute mapped to group id. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_name_attribute*]
# LDAP attribute mapped to group name. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_member_attribute*]
# LDAP attribute mapped to show group membership. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_members_are_ids*]
# LDAP attribute when members of the group object class are keystone user IDs. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_desc_attribute*]
# LDAP attribute mapped to group description. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_attribute_ignore*]
# List of attributes stripped off the group on update. (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*group_additional_attribute_mapping*]
# Additional attribute mappings for groups. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*chase_referrals*]
# Whether or not to chase returned referrals. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_tls*]
# Enable TLS for communicating with LDAP servers. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*tls_cacertfile*]
# CA certificate file path for communicating with LDAP servers. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*tls_cacertdir*]
# CA certificate directory path for communicating with LDAP servers. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*tls_req_cert*]
# Valid options for tls_req_cert are demand, never, and allow. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*identity_driver*]
# Identity backend driver. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_pool*]
# Enable LDAP connection pooling. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*pool_size*]
# Connection pool size. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*pool_retry_max*]
# Maximum count of reconnect trials. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*pool_retry_delay*]
# Time span in seconds to wait between two reconnect trials. (floating point value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*pool_connection_timeout*]
# Connector timeout in seconds. Value -1 indicates indefinite wait for response. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*pool_connection_lifetime*]
# Connection lifetime in seconds. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_auth_pool*]
# Enable LDAP connection pooling for end user authentication.
# If use_pool is disabled, then this setting is meaningless and is not used at all. (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*auth_pool_size*]
# End user auth connection pool size. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*auth_pool_connection_lifetime*]
# End user auth connection lifetime in seconds. (integer value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*credential_driver*]
# Credential backend driver. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*assignment_driver*]
# Assignment backend driver. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*package_ensure*]
# (optional) Desired ensure state of packages.
@ -248,56 +248,56 @@
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class keystone::ldap(
$url = $::os_service_default,
$user = $::os_service_default,
$password = $::os_service_default,
$suffix = $::os_service_default,
$query_scope = $::os_service_default,
$page_size = $::os_service_default,
$user_tree_dn = $::os_service_default,
$user_filter = $::os_service_default,
$user_objectclass = $::os_service_default,
$user_id_attribute = $::os_service_default,
$user_name_attribute = $::os_service_default,
$user_description_attribute = $::os_service_default,
$user_mail_attribute = $::os_service_default,
$user_enabled_attribute = $::os_service_default,
$user_enabled_mask = $::os_service_default,
$user_enabled_default = $::os_service_default,
$user_enabled_invert = $::os_service_default,
$user_attribute_ignore = $::os_service_default,
$user_default_project_id_attribute = $::os_service_default,
$user_pass_attribute = $::os_service_default,
$user_enabled_emulation = $::os_service_default,
$user_enabled_emulation_dn = $::os_service_default,
$user_additional_attribute_mapping = $::os_service_default,
$group_tree_dn = $::os_service_default,
$group_filter = $::os_service_default,
$group_objectclass = $::os_service_default,
$group_id_attribute = $::os_service_default,
$group_name_attribute = $::os_service_default,
$group_member_attribute = $::os_service_default,
$group_members_are_ids = $::os_service_default,
$group_desc_attribute = $::os_service_default,
$group_attribute_ignore = $::os_service_default,
$group_additional_attribute_mapping = $::os_service_default,
$chase_referrals = $::os_service_default,
$use_tls = $::os_service_default,
$tls_cacertdir = $::os_service_default,
$tls_cacertfile = $::os_service_default,
$tls_req_cert = $::os_service_default,
$identity_driver = $::os_service_default,
$assignment_driver = $::os_service_default,
$credential_driver = $::os_service_default,
$use_pool = $::os_service_default,
$pool_size = $::os_service_default,
$pool_retry_max = $::os_service_default,
$pool_retry_delay = $::os_service_default,
$pool_connection_timeout = $::os_service_default,
$pool_connection_lifetime = $::os_service_default,
$use_auth_pool = $::os_service_default,
$auth_pool_size = $::os_service_default,
$auth_pool_connection_lifetime = $::os_service_default,
$url = $facts['os_service_default'],
$user = $facts['os_service_default'],
$password = $facts['os_service_default'],
$suffix = $facts['os_service_default'],
$query_scope = $facts['os_service_default'],
$page_size = $facts['os_service_default'],
$user_tree_dn = $facts['os_service_default'],
$user_filter = $facts['os_service_default'],
$user_objectclass = $facts['os_service_default'],
$user_id_attribute = $facts['os_service_default'],
$user_name_attribute = $facts['os_service_default'],
$user_description_attribute = $facts['os_service_default'],
$user_mail_attribute = $facts['os_service_default'],
$user_enabled_attribute = $facts['os_service_default'],
$user_enabled_mask = $facts['os_service_default'],
$user_enabled_default =