diff --git a/examples/apache_dropin.pp b/examples/apache_dropin.pp index 2dea21708..dcb21ab36 100644 --- a/examples/apache_dropin.pp +++ b/examples/apache_dropin.pp @@ -34,8 +34,8 @@ class { 'keystone': } class { 'keystone::bootstrap': password => 'ChangeMe', - public_url => "https://${::fqdn}:5000", - admin_url => "https://${::fqdn}:5000", + public_url => "https://${facts['networking']['fqdn']}:5000", + admin_url => "https://${facts['networking']['fqdn']}:5000", } keystone_config { 'ssl/enable': value => true } diff --git a/examples/apache_with_paths.pp b/examples/apache_with_paths.pp index 2054be25b..2c79c390a 100644 --- a/examples/apache_with_paths.pp +++ b/examples/apache_with_paths.pp @@ -35,8 +35,8 @@ class { 'keystone': } class { 'keystone::bootstrap': password => 'ChangeMe', - public_url => "https://${::fqdn}:443/v3", - admin_url => "https://${::fqdn}:443/v3", + public_url => "https://${facts['networking']['fqdn']}:443/v3", + admin_url => "https://${facts['networking']['fqdn']}:443/v3", } keystone_config { 'ssl/enable': ensure => absent } diff --git a/examples/k2k_sp_shib.pp b/examples/k2k_sp_shib.pp index 921a538f8..cac503fb4 100644 --- a/examples/k2k_sp_shib.pp +++ b/examples/k2k_sp_shib.pp @@ -53,8 +53,8 @@ class { 'keystone': class { 'keystone::bootstrap': password => 'ChangeMe', - public_url => "https://${::fqdn}:5000", - admin_url => "https://${::fqdn}:5000", + public_url => "https://${facts['networking']['fqdn']}:5000", + admin_url => "https://${facts['networking']['fqdn']}:5000", } keystone_config { 'ssl/enable': value => true } diff --git a/manifests/cache.pp b/manifests/cache.pp index 319d43889..940305a11 100644 --- a/manifests/cache.pp +++ b/manifests/cache.pp @@ -8,99 +8,99 @@ # the cache region. This should not need to be changed unless there # is another dogpile.cache region with the same configuration name. # (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*expiration_time*] # (Optional) Default TTL, in seconds, for any cached item in the # dogpile.cache region. This applies to any cached method that # doesn't have an explicit cache expiration time defined for it. # (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*backend*] # (Optional) Dogpile.cache backend module. It is recommended that # Memcache with pooling (oslo_cache.memcache_pool) or Redis # (dogpile.cache.redis) be used in production deployments. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*backend_argument*] # (Optional) Arguments supplied to the backend module. Specify this option # once per argument to be passed to the dogpile.cache backend. # Example format: ":". (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*proxies*] # (Optional) Proxy classes to import that will affect the way the # dogpile.cache backend functions. See the dogpile.cache documentation on # changing-backend-behavior. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enabled*] # (Optional) Global toggle for caching. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*debug_cache_backend*] # (Optional) Extra debugging from the cache backend (cache keys, # get/set/delete/etc calls). This is only really useful if you need # to see the specific cache-backend get/set/delete calls with the keys/values. # Typically this should be left set to false. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*memcache_servers*] # (Optional) Memcache servers in the format of "host:port". # (dogpile.cache.memcache and oslo_cache.memcache_pool backends only). # (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*memcache_dead_retry*] # (Optional) Number of seconds memcached server is considered dead before # it is tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool # backends only). (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*memcache_socket_timeout*] # (Optional) Timeout in seconds for every call to a server. # (dogpile.cache.memcache and oslo_cache.memcache_pool backends only). # (floating point value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enable_socket_keepalive*] # (Optional) Global toggle for the socket keepalive of dogpile's # pymemcache backend -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*socket_keepalive_idle*] # (Optional) The time (in seconds) the connection needs to remain idle # before TCP starts sending keepalive probes. Should be a positive integer # most greater than zero. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*socket_keepalive_interval*] # (Optional) The time (in seconds) between individual keepalive probes. # Should be a positive integer most greater than zero. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*socket_keepalive_count*] # (Optional) The maximum number of keepalive probes TCP should send before # dropping the connection. Should be a positive integer most greater than # zero. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*memcache_pool_maxsize*] # (Optional) Max total number of open connections to every memcached server. # (oslo_cache.memcache_pool backend only). (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*memcache_pool_unused_timeout*] # (Optional) Number of seconds a connection to memcached is held unused # in the pool before it is closed. (oslo_cache.memcache_pool backend only) # (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*memcache_pool_connection_get_timeout*] # (Optional) Number of seconds that an operation will wait to get a memcache # client connection. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*manage_backend_package*] # (Optional) Whether to install the backend package for the cache. @@ -109,18 +109,18 @@ # [*token_caching*] # (Optional) Toggle for token system caching. This has no effect unless # cache_backend, cache_enabled and cache_memcache_servers is set. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*tls_enabled*] # (Optional) Global toggle for TLS usage when communicating with # the caching servers. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*tls_cafile*] # (Optional) Path to a file of concatenated CA certificates in PEM # format necessary to establish the caching server's authenticity. # If tls_enabled is False, this option is ignored. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*tls_certfile*] # (Optional) Path to a single file in PEM format containing the @@ -128,84 +128,84 @@ # needed to establish the certificate's authenticity. This file # is only required when client side authentication is necessary. # If tls_enabled is False, this option is ignored. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*tls_keyfile*] # (Optional) Path to a single file containing the client's private # key in. Otherwise the private key will be taken from the file # specified in tls_certfile. If tls_enabled is False, this option # is ignored. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*tls_allowed_ciphers*] # (Optional) Set the available ciphers for sockets created with # the TLS context. It should be a string in the OpenSSL cipher # list format. If not specified, all OpenSSL enabled ciphers will # be available. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*enable_retry_client*] # (Optional) Enable retry client mechanisms to handle failure. # Those mechanisms can be used to wrap all kind of pymemcache # clients. The wrapper allows you to define how many attempts # to make and how long to wait between attempts. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*retry_attempts*] # (Optional) Number of times to attempt an action before failing. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*retry_delay*] # (Optional) Number of seconds to sleep between each attempt. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*hashclient_retry_attempts*] # (Optional) Amount of times a client should be tried # before it is marked dead and removed from the pool in # the HashClient's internal mechanisms. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*hashclient_retry_delay*] # (Optional) Time in seconds that should pass between # retry attempts in the HashClient's internal mechanisms. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*dead_timeout*] # (Optional) Time in seconds before attempting to add a node # back in the pool in the HashClient's internal mechanisms. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # class keystone::cache( - $config_prefix = $::os_service_default, - $expiration_time = $::os_service_default, - $backend = $::os_service_default, - $backend_argument = $::os_service_default, - $proxies = $::os_service_default, - $enabled = $::os_service_default, - $debug_cache_backend = $::os_service_default, - $memcache_servers = $::os_service_default, - $memcache_dead_retry = $::os_service_default, - $memcache_socket_timeout = $::os_service_default, - $enable_socket_keepalive = $::os_service_default, - $socket_keepalive_idle = $::os_service_default, - $socket_keepalive_interval = $::os_service_default, - $socket_keepalive_count = $::os_service_default, - $memcache_pool_maxsize = $::os_service_default, - $memcache_pool_unused_timeout = $::os_service_default, - $memcache_pool_connection_get_timeout = $::os_service_default, + $config_prefix = $facts['os_service_default'], + $expiration_time = $facts['os_service_default'], + $backend = $facts['os_service_default'], + $backend_argument = $facts['os_service_default'], + $proxies = $facts['os_service_default'], + $enabled = $facts['os_service_default'], + $debug_cache_backend = $facts['os_service_default'], + $memcache_servers = $facts['os_service_default'], + $memcache_dead_retry = $facts['os_service_default'], + $memcache_socket_timeout = $facts['os_service_default'], + $enable_socket_keepalive = $facts['os_service_default'], + $socket_keepalive_idle = $facts['os_service_default'], + $socket_keepalive_interval = $facts['os_service_default'], + $socket_keepalive_count = $facts['os_service_default'], + $memcache_pool_maxsize = $facts['os_service_default'], + $memcache_pool_unused_timeout = $facts['os_service_default'], + $memcache_pool_connection_get_timeout = $facts['os_service_default'], $manage_backend_package = true, - $token_caching = $::os_service_default, - $tls_enabled = $::os_service_default, - $tls_cafile = $::os_service_default, - $tls_certfile = $::os_service_default, - $tls_keyfile = $::os_service_default, - $tls_allowed_ciphers = $::os_service_default, - $enable_retry_client = $::os_service_default, - $retry_attempts = $::os_service_default, - $retry_delay = $::os_service_default, - $hashclient_retry_attempts = $::os_service_default, - $hashclient_retry_delay = $::os_service_default, - $dead_timeout = $::os_service_default, + $token_caching = $facts['os_service_default'], + $tls_enabled = $facts['os_service_default'], + $tls_cafile = $facts['os_service_default'], + $tls_certfile = $facts['os_service_default'], + $tls_keyfile = $facts['os_service_default'], + $tls_allowed_ciphers = $facts['os_service_default'], + $enable_retry_client = $facts['os_service_default'], + $retry_attempts = $facts['os_service_default'], + $retry_delay = $facts['os_service_default'], + $hashclient_retry_attempts = $facts['os_service_default'], + $hashclient_retry_delay = $facts['os_service_default'], + $dead_timeout = $facts['os_service_default'], ){ include keystone::deps diff --git a/manifests/cors.pp b/manifests/cors.pp index 0e0417934..078f7c2b1 100644 --- a/manifests/cors.pp +++ b/manifests/cors.pp @@ -8,41 +8,41 @@ # (Optional) Indicate whether this resource may be shared with the domain # received in the requests "origin" header. # (string value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*allow_credentials*] # (Optional) Indicate that the actual request can include user credentials. # (boolean value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*expose_headers*] # (Optional) Indicate which headers are safe to expose to the API. # (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*max_age*] # (Optional) Maximum cache age of CORS preflight requests. # (integer value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*allow_methods*] # (Optional) Indicate which methods can be used during the actual request. # (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*allow_headers*] # (Optional) Indicate which header field names may be used during the actual # request. # (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # class keystone::cors ( - $allowed_origin = $::os_service_default, - $allow_credentials = $::os_service_default, - $expose_headers = $::os_service_default, - $max_age = $::os_service_default, - $allow_methods = $::os_service_default, - $allow_headers = $::os_service_default, + $allowed_origin = $facts['os_service_default'], + $allow_credentials = $facts['os_service_default'], + $expose_headers = $facts['os_service_default'], + $max_age = $facts['os_service_default'], + $allow_methods = $facts['os_service_default'], + $allow_headers = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/db.pp b/manifests/db.pp index c740b08cf..f4a3a9fd2 100644 --- a/manifests/db.pp +++ b/manifests/db.pp @@ -7,7 +7,7 @@ # [*database_db_max_retries*] # Maximum retries in case of connection error or deadlock error before # error is raised. Set to -1 to specify an infinite retry count. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_connection*] # Url used to connect to database. @@ -15,44 +15,44 @@ # # [*database_connection_recycle_time*] # Timeout when db connections should be reaped. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_max_retries*] # Maximum number of database connection retries during startup. # Setting -1 implies an infinite retry count. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_retry_interval*] # Interval between retries of opening a database connection. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_max_pool_size*] # Maximum number of SQL connections to keep open in a pool. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_max_overflow*] # If set, use this value for max_overflow with sqlalchemy. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_pool_timeout*] # (Optional) If set, use this value for pool_timeout with SQLAlchemy. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*mysql_enable_ndb*] # (Optional) If True, transparently enables support for handling MySQL # Cluster (NDB). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class keystone::db ( - $database_db_max_retries = $::os_service_default, + $database_db_max_retries = $facts['os_service_default'], $database_connection = 'sqlite:////var/lib/keystone/keystone.sqlite', - $database_connection_recycle_time = $::os_service_default, - $database_max_pool_size = $::os_service_default, - $database_max_retries = $::os_service_default, - $database_retry_interval = $::os_service_default, - $database_max_overflow = $::os_service_default, - $database_pool_timeout = $::os_service_default, - $mysql_enable_ndb = $::os_service_default, + $database_connection_recycle_time = $facts['os_service_default'], + $database_max_pool_size = $facts['os_service_default'], + $database_max_retries = $facts['os_service_default'], + $database_retry_interval = $facts['os_service_default'], + $database_max_overflow = $facts['os_service_default'], + $database_pool_timeout = $facts['os_service_default'], + $mysql_enable_ndb = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/federation.pp b/manifests/federation.pp index 283ac10ef..d5bb8747a 100644 --- a/manifests/federation.pp +++ b/manifests/federation.pp @@ -7,16 +7,16 @@ # This setting ensures that keystone only sends token data back to trusted # servers. This is performed as a precaution, specifically to prevent man-in- # the-middle (MITM) attacks. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*remote_id_attribute*] # (Optional) Value to be used to obtain the entity ID of the Identity # Provider from the environment. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class keystone::federation ( - $trusted_dashboards = $::os_service_default, - $remote_id_attribute = $::os_service_default, + $trusted_dashboards = $facts['os_service_default'], + $remote_id_attribute = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/federation/identity_provider.pp b/manifests/federation/identity_provider.pp index 65200ae74..ab7e898f9 100644 --- a/manifests/federation/identity_provider.pp +++ b/manifests/federation/identity_provider.pp @@ -85,15 +85,15 @@ class keystone::federation::identity_provider( $certfile = $::keystone::ssl_ca_certs, $keyfile = $::keystone::ssl_ca_key, $user = $::keystone::params::user, - $idp_organization_name = $::os_service_default, - $idp_organization_display_name = $::os_service_default, - $idp_organization_url = $::os_service_default, - $idp_contact_company = $::os_service_default, - $idp_contact_name = $::os_service_default, - $idp_contact_surname = $::os_service_default, - $idp_contact_email = $::os_service_default, - $idp_contact_telephone = $::os_service_default, - $idp_contact_type = $::os_service_default, + $idp_organization_name = $facts['os_service_default'], + $idp_organization_display_name = $facts['os_service_default'], + $idp_organization_url = $facts['os_service_default'], + $idp_contact_company = $facts['os_service_default'], + $idp_contact_name = $facts['os_service_default'], + $idp_contact_surname = $facts['os_service_default'], + $idp_contact_email = $facts['os_service_default'], + $idp_contact_telephone = $facts['os_service_default'], + $idp_contact_type = $facts['os_service_default'], $package_ensure = present, ) inherits keystone::params { diff --git a/manifests/federation/shibboleth.pp b/manifests/federation/shibboleth.pp index dbca81f01..04978a06a 100644 --- a/manifests/federation/shibboleth.pp +++ b/manifests/federation/shibboleth.pp @@ -74,8 +74,8 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e 'auth/saml2': ensure => absent; } - if $::osfamily == 'Debian' or ($::osfamily == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) { - if $::osfamily == 'RedHat' { + if $facts['os']['family'] == 'Debian' or ($facts['os']['family'] == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) { + if $facts['os']['family'] == 'RedHat' { warning('The platform is not officially supported, use at your own risk. Check manifest documentation for more.') apache::mod { 'shib2': id => 'mod_shib', @@ -90,7 +90,7 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e content => template('keystone/shibboleth.conf.erb'), order => $template_order, } - } elsif $::osfamily == 'Redhat' { + } elsif $facts['os']['family'] == 'Redhat' { if !$suppress_warning { warning( 'Can not configure Shibboleth in Apache on RedHat OS.Read the Note on this federation/shibboleth.pp' ) } diff --git a/manifests/healthcheck.pp b/manifests/healthcheck.pp index 172c61b95..7025e4305 100644 --- a/manifests/healthcheck.pp +++ b/manifests/healthcheck.pp @@ -6,28 +6,28 @@ # # [*detailed*] # (Optional) Show more detailed information as part of the response. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*backends*] # (Optional) Additional backends that can perform health checks and report # that information back as part of a request. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*disable_by_file_path*] # (Optional) Check the presence of a file to determine if an application # is running on a port. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*disable_by_file_paths*] # (Optional) Check the presence of a file to determine if an application # is running on a port. Expects a "port:path" list of strings. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class keystone::healthcheck ( - $detailed = $::os_service_default, - $backends = $::os_service_default, - $disable_by_file_path = $::os_service_default, - $disable_by_file_paths = $::os_service_default, + $detailed = $facts['os_service_default'], + $backends = $facts['os_service_default'], + $disable_by_file_path = $facts['os_service_default'], + $disable_by_file_paths = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/init.pp b/manifests/init.pp index 77ca80ab2..909ff54e7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -32,15 +32,15 @@ # # [*password_hash_algorithm*] # (Optional) The password hash algorithm to use. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*password_hash_rounds*] # (Optional) The amount of rounds to do on the hash. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*revoke_driver*] # (Optional) Driver for token revocation. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*revoke_by_id*] # (Optional) Revoke token by token identifier. @@ -62,11 +62,11 @@ # (Optional) A URL representing the messaging driver to use and its full # configuration. Transport URLs take the form: # transport://user:pass@host1:port[,hostN:portN]/virtual_host -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_ha_queues*] # (Optional) Use HA queues in RabbitMQ. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_heartbeat_timeout_threshold*] # (Optional) Number of seconds after which the RabbitMQ broker is considered @@ -74,14 +74,14 @@ # Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently # closed, resulting in missed or lost messages from the queue. # (Requires kombu >= 3.0.7 and amqp >= 1.4.0) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_heartbeat_rate*] # (Optional) How often during the rabbit_heartbeat_timeout_threshold period to # check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 # when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked # every 30 seconds. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_heartbeat_in_pthread*] # (Optional) EXPERIMENTAL: Run the health check heartbeat thread @@ -91,86 +91,86 @@ # example if the parent process have monkey patched the # stdlib by using eventlet/greenlet then the heartbeat # will be run through a green thread. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_use_ssl*] # (Optional) Connect over SSL for RabbitMQ -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_ca_certs*] # (Optional) SSL certification authority file (valid only if SSL enabled). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_certfile*] # (Optional) SSL cert file (valid only if SSL enabled). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_keyfile*] # (Optional) SSL key file (valid only if SSL enabled). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_version*] # (Optional) SSL version to use (valid only if SSL enabled). # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be # available on some distributions. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_reconnect_delay*] # (Optional) How long to wait before reconnecting in response # to an AMQP consumer cancel notification. (floating point value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_failover_strategy*] # (Optional) Determines how the next RabbitMQ node is chosen in case the one # we are currently connected to becomes unavailable. Takes effect only if # more than one RabbitMQ node is provided in config. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_compression*] # (Optional) Possible values are: gzip, bz2. If not set compression will not # be used. This option may notbe available in future versions. EXPERIMENTAL. # (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*notification_transport_url*] # (Optional) A URL representing the messaging driver to use for notifications # and its full configuration. Transport URLs take the form: # transport://user:pass@host1:port[,hostN:portN]/virtual_host -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*notification_driver*] # RPC driver. Not enabled by default (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*notification_topics*] # (Optional) AMQP topics to publish to when using the RPC notification driver. # (list value) -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*notification_format*] # (Optional) Define the notification format for identity service events. # Valid values are 'basic' and 'cadf'. -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*notification_opt_out*] # (Optional) Opt out notifications that match the patterns expressed in this # list. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*control_exchange*] # (Optional) AMQP exchange to connect to if using RabbitMQ # (string value) -# Default to $::os_service_default +# Default to $facts['os_service_default'] # # [*rpc_response_timeout*] # (Optional) Seconds to wait for a response from a call. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*public_endpoint*] # (Optional) The base public endpoint URL for keystone that are # advertised to clients (NOTE: this does NOT affect how # keystone listens for connections) (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*service_name*] # (Optional) Name of the service that will be providing the @@ -193,7 +193,7 @@ # # [*max_token_size*] # (Optional) maximum allowable Keystone token size -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*sync_db*] # (Optional) Run db sync on the node. @@ -213,7 +213,7 @@ # # [*fernet_max_active_keys*] # (Optional) Number of maximum active Fernet keys. Integer > 0. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*fernet_keys*] # (Optional) Hash of Keystone fernet keys @@ -274,7 +274,7 @@ # # [*policy_driver*] # Policy backend driver. (string value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*using_domain_config*] # (Optional) Eases the use of the keystone_domain_config resource type. @@ -303,11 +303,11 @@ # # [*enable_proxy_headers_parsing*] # (Optional) Enable oslo middleware to parse proxy headers. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*max_request_body_size*] # (Optional) Set max request body size -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*purge_config*] # (Optional) Whether to set only the specified config options @@ -316,7 +316,7 @@ # # [*amqp_durable_queues*] # (Optional) Whether to use durable queues in AMQP. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # DEPRECATED PARAMETERS # @@ -340,55 +340,55 @@ class keystone( $catalog_template_file = '/etc/keystone/default_catalog.templates', $token_provider = 'fernet', $token_expiration = 3600, - $password_hash_algorithm = $::os_service_default, - $password_hash_rounds = $::os_service_default, - $revoke_driver = $::os_service_default, + $password_hash_algorithm = $facts['os_service_default'], + $password_hash_rounds = $facts['os_service_default'], + $revoke_driver = $facts['os_service_default'], $revoke_by_id = true, - $public_endpoint = $::os_service_default, + $public_endpoint = $facts['os_service_default'], $manage_service = true, $enabled = true, - $rabbit_heartbeat_timeout_threshold = $::os_service_default, - $rabbit_heartbeat_rate = $::os_service_default, - $rabbit_heartbeat_in_pthread = $::os_service_default, - $rabbit_use_ssl = $::os_service_default, - $default_transport_url = $::os_service_default, - $rabbit_ha_queues = $::os_service_default, - $kombu_ssl_ca_certs = $::os_service_default, - $kombu_ssl_certfile = $::os_service_default, - $kombu_ssl_keyfile = $::os_service_default, - $kombu_ssl_version = $::os_service_default, - $kombu_reconnect_delay = $::os_service_default, - $kombu_failover_strategy = $::os_service_default, - $kombu_compression = $::os_service_default, - $notification_transport_url = $::os_service_default, - $notification_driver = $::os_service_default, - $notification_topics = $::os_service_default, - $notification_format = $::os_service_default, - $notification_opt_out = $::os_service_default, - $control_exchange = $::os_service_default, - $rpc_response_timeout = $::os_service_default, + $rabbit_heartbeat_timeout_threshold = $facts['os_service_default'], + $rabbit_heartbeat_rate = $facts['os_service_default'], + $rabbit_heartbeat_in_pthread = $facts['os_service_default'], + $rabbit_use_ssl = $facts['os_service_default'], + $default_transport_url = $facts['os_service_default'], + $rabbit_ha_queues = $facts['os_service_default'], + $kombu_ssl_ca_certs = $facts['os_service_default'], + $kombu_ssl_certfile = $facts['os_service_default'], + $kombu_ssl_keyfile = $facts['os_service_default'], + $kombu_ssl_version = $facts['os_service_default'], + $kombu_reconnect_delay = $facts['os_service_default'], + $kombu_failover_strategy = $facts['os_service_default'], + $kombu_compression = $facts['os_service_default'], + $notification_transport_url = $facts['os_service_default'], + $notification_driver = $facts['os_service_default'], + $notification_topics = $facts['os_service_default'], + $notification_format = $facts['os_service_default'], + $notification_opt_out = $facts['os_service_default'], + $control_exchange = $facts['os_service_default'], + $rpc_response_timeout = $facts['os_service_default'], $service_name = $::keystone::params::service_name, - $max_token_size = $::os_service_default, + $max_token_size = $facts['os_service_default'], $sync_db = true, $enable_fernet_setup = true, $fernet_key_repository = '/etc/keystone/fernet-keys', - $fernet_max_active_keys = $::os_service_default, + $fernet_max_active_keys = $facts['os_service_default'], $fernet_keys = false, $fernet_replace_keys = true, $enable_credential_setup = true, $credential_key_repository = '/etc/keystone/credential-keys', $credential_keys = false, $default_domain = undef, - $policy_driver = $::os_service_default, + $policy_driver = $facts['os_service_default'], $using_domain_config = false, $domain_config_directory = '/etc/keystone/domains', $keystone_user = $::keystone::params::user, $keystone_group = $::keystone::params::group, $manage_policyrcd = false, - $enable_proxy_headers_parsing = $::os_service_default, - $max_request_body_size = $::os_service_default, + $enable_proxy_headers_parsing = $facts['os_service_default'], + $max_request_body_size = $facts['os_service_default'], $purge_config = false, - $amqp_durable_queues = $::os_service_default, + $amqp_durable_queues = $facts['os_service_default'], # DEPRECATED PARAMETERS $catalog_type = undef, ) inherits keystone::params { @@ -408,7 +408,7 @@ class keystone( # openstacklib policy_rcd only affects debian based systems. Policy_rcd <| title == 'keystone' |> -> Package['keystone'] Policy_rcd['apache2'] -> Package['httpd'] - if ($::operatingsystem == 'Ubuntu') { + if ($facts['os']['name'] == 'Ubuntu') { $policy_services = 'apache2' } else { $policy_services = ['keystone', 'apache2'] @@ -526,7 +526,7 @@ class keystone( case $service_name { $::keystone::params::service_name: { - if $::operatingsystem != 'Debian' { + if $facts['os']['name'] != 'Debian' { # TODO(tkajinam): Make this hard-fail warning('Keystone under Eventlet is no longer supported by this operating system') } @@ -547,7 +547,7 @@ class keystone( $service_name_real = $::apache::params::service_name Service <| title == 'httpd' |> { tag +> 'keystone-service' } - if $::operatingsystem == 'Debian' { + if $facts['os']['name'] == 'Debian' { service { 'keystone': ensure => 'stopped', name => $::keystone::params::service_name, diff --git a/manifests/ldap.pp b/manifests/ldap.pp index b84a3bbd5..557a50441 100644 --- a/manifests/ldap.pp +++ b/manifests/ldap.pp @@ -6,60 +6,60 @@ # # [*url*] # URL for connecting to the LDAP server. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user*] # User BindDN to query the LDAP server. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*password*] # Password for the BindDN to query the LDAP server. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*suffix*] # LDAP server suffix (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*query_scope*] # The LDAP scope for queries, this can be either "one" # (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*page_size*] # Maximum results per page; a value of zero ("0") disables paging. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_tree_dn*] # Search base for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_filter*] # LDAP search filter for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_objectclass*] # LDAP objectclass for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_id_attribute*] # LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_name_attribute*] # LDAP attribute mapped to user name. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_description_attribute*] # LDAP attribute mapped to user description. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_mail_attribute*] # LDAP attribute mapped to user email. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_attribute*] # LDAP attribute mapped to user enabled flag. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_mask*] # Bitmask integer to indicate the bit that the enabled value is stored in if @@ -67,7 +67,7 @@ # boolean. A value of "0" indicates the mask is not used. If this is not set # to "0" the typical value is "2". This is typically used when # "user_enabled_attribute = userAccountControl". (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_default*] # Default value to enable users. This should match an appropriate int value @@ -75,7 +75,7 @@ # is enabled or disabled. If this is not set to "True" the typical value is # "512". This is typically used when "user_enabled_attribute = # userAccountControl". (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_invert*] # Invert the meaning of the boolean enabled values. Some LDAP servers use a @@ -83,30 +83,30 @@ # "user_enabled_invert = true" will allow these lock attributes to be used. # This setting will have no effect if "user_enabled_mask" or # "user_enabled_emulation" settings are in use. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_attribute_ignore*] # List of attributes stripped off the user on update. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_default_project_id_attribute*] # LDAP attribute mapped to default_project_id for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_pass_attribute*] # LDAP attribute mapped to password. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_emulation*] # If true, Keystone uses an alternative method to determine if # a user is enabled or not by checking if they are a member of # the "user_enabled_emulation_dn" group. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_emulation_dn*] # DN of the group entry to hold enabled users when using enabled emulation. # (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_additional_attribute_mapping*] # List of additional LDAP attributes used for mapping @@ -114,119 +114,119 @@ # format is :, where ldap_attr is the # attribute in the LDAP entry and user_attr is the Identity # API attribute. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_tree_dn*] # Search base for groups. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_filter*] # LDAP search filter for groups. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_objectclass*] # LDAP objectclass for groups. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_id_attribute*] # LDAP attribute mapped to group id. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_name_attribute*] # LDAP attribute mapped to group name. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_member_attribute*] # LDAP attribute mapped to show group membership. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_members_are_ids*] # LDAP attribute when members of the group object class are keystone user IDs. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_desc_attribute*] # LDAP attribute mapped to group description. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_attribute_ignore*] # List of attributes stripped off the group on update. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_additional_attribute_mapping*] # Additional attribute mappings for groups. Attribute mapping # format is :, where ldap_attr is the # attribute in the LDAP entry and user_attr is the Identity # API attribute. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*chase_referrals*] # Whether or not to chase returned referrals. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_tls*] # Enable TLS for communicating with LDAP servers. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*tls_cacertfile*] # CA certificate file path for communicating with LDAP servers. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*tls_cacertdir*] # CA certificate directory path for communicating with LDAP servers. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*tls_req_cert*] # Valid options for tls_req_cert are demand, never, and allow. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*identity_driver*] # Identity backend driver. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_pool*] # Enable LDAP connection pooling. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_size*] # Connection pool size. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_retry_max*] # Maximum count of reconnect trials. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_retry_delay*] # Time span in seconds to wait between two reconnect trials. (floating point value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_connection_timeout*] # Connector timeout in seconds. Value -1 indicates indefinite wait for response. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_connection_lifetime*] # Connection lifetime in seconds. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_auth_pool*] # Enable LDAP connection pooling for end user authentication. # If use_pool is disabled, then this setting is meaningless and is not used at all. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_pool_size*] # End user auth connection pool size. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_pool_connection_lifetime*] # End user auth connection lifetime in seconds. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*credential_driver*] # Credential backend driver. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*assignment_driver*] # Assignment backend driver. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*package_ensure*] # (optional) Desired ensure state of packages. @@ -248,56 +248,56 @@ # Copyright 2012 Puppetlabs Inc, unless otherwise noted. # class keystone::ldap( - $url = $::os_service_default, - $user = $::os_service_default, - $password = $::os_service_default, - $suffix = $::os_service_default, - $query_scope = $::os_service_default, - $page_size = $::os_service_default, - $user_tree_dn = $::os_service_default, - $user_filter = $::os_service_default, - $user_objectclass = $::os_service_default, - $user_id_attribute = $::os_service_default, - $user_name_attribute = $::os_service_default, - $user_description_attribute = $::os_service_default, - $user_mail_attribute = $::os_service_default, - $user_enabled_attribute = $::os_service_default, - $user_enabled_mask = $::os_service_default, - $user_enabled_default = $::os_service_default, - $user_enabled_invert = $::os_service_default, - $user_attribute_ignore = $::os_service_default, - $user_default_project_id_attribute = $::os_service_default, - $user_pass_attribute = $::os_service_default, - $user_enabled_emulation = $::os_service_default, - $user_enabled_emulation_dn = $::os_service_default, - $user_additional_attribute_mapping = $::os_service_default, - $group_tree_dn = $::os_service_default, - $group_filter = $::os_service_default, - $group_objectclass = $::os_service_default, - $group_id_attribute = $::os_service_default, - $group_name_attribute = $::os_service_default, - $group_member_attribute = $::os_service_default, - $group_members_are_ids = $::os_service_default, - $group_desc_attribute = $::os_service_default, - $group_attribute_ignore = $::os_service_default, - $group_additional_attribute_mapping = $::os_service_default, - $chase_referrals = $::os_service_default, - $use_tls = $::os_service_default, - $tls_cacertdir = $::os_service_default, - $tls_cacertfile = $::os_service_default, - $tls_req_cert = $::os_service_default, - $identity_driver = $::os_service_default, - $assignment_driver = $::os_service_default, - $credential_driver = $::os_service_default, - $use_pool = $::os_service_default, - $pool_size = $::os_service_default, - $pool_retry_max = $::os_service_default, - $pool_retry_delay = $::os_service_default, - $pool_connection_timeout = $::os_service_default, - $pool_connection_lifetime = $::os_service_default, - $use_auth_pool = $::os_service_default, - $auth_pool_size = $::os_service_default, - $auth_pool_connection_lifetime = $::os_service_default, + $url = $facts['os_service_default'], + $user = $facts['os_service_default'], + $password = $facts['os_service_default'], + $suffix = $facts['os_service_default'], + $query_scope = $facts['os_service_default'], + $page_size = $facts['os_service_default'], + $user_tree_dn = $facts['os_service_default'], + $user_filter = $facts['os_service_default'], + $user_objectclass = $facts['os_service_default'], + $user_id_attribute = $facts['os_service_default'], + $user_name_attribute = $facts['os_service_default'], + $user_description_attribute = $facts['os_service_default'], + $user_mail_attribute = $facts['os_service_default'], + $user_enabled_attribute = $facts['os_service_default'], + $user_enabled_mask = $facts['os_service_default'], + $user_enabled_default = $facts['os_service_default'], + $user_enabled_invert = $facts['os_service_default'], + $user_attribute_ignore = $facts['os_service_default'], + $user_default_project_id_attribute = $facts['os_service_default'], + $user_pass_attribute = $facts['os_service_default'], + $user_enabled_emulation = $facts['os_service_default'], + $user_enabled_emulation_dn = $facts['os_service_default'], + $user_additional_attribute_mapping = $facts['os_service_default'], + $group_tree_dn = $facts['os_service_default'], + $group_filter = $facts['os_service_default'], + $group_objectclass = $facts['os_service_default'], + $group_id_attribute = $facts['os_service_default'], + $group_name_attribute = $facts['os_service_default'], + $group_member_attribute = $facts['os_service_default'], + $group_members_are_ids = $facts['os_service_default'], + $group_desc_attribute = $facts['os_service_default'], + $group_attribute_ignore = $facts['os_service_default'], + $group_additional_attribute_mapping = $facts['os_service_default'], + $chase_referrals = $facts['os_service_default'], + $use_tls = $facts['os_service_default'], + $tls_cacertdir = $facts['os_service_default'], + $tls_cacertfile = $facts['os_service_default'], + $tls_req_cert = $facts['os_service_default'], + $identity_driver = $facts['os_service_default'], + $assignment_driver = $facts['os_service_default'], + $credential_driver = $facts['os_service_default'], + $use_pool = $facts['os_service_default'], + $pool_size = $facts['os_service_default'], + $pool_retry_max = $facts['os_service_default'], + $pool_retry_delay = $facts['os_service_default'], + $pool_connection_timeout = $facts['os_service_default'], + $pool_connection_lifetime = $facts['os_service_default'], + $use_auth_pool = $facts['os_service_default'], + $auth_pool_size = $facts['os_service_default'], + $auth_pool_connection_lifetime = $facts['os_service_default'], $package_ensure = present, $manage_packages = true, ) inherits keystone::params { diff --git a/manifests/ldap_backend.pp b/manifests/ldap_backend.pp index 620098850..a6f13206c 100644 --- a/manifests/ldap_backend.pp +++ b/manifests/ldap_backend.pp @@ -9,59 +9,59 @@ # # [*url*] # URL for connecting to the LDAP server. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user*] # User BindDN to query the LDAP server. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*password*] # Password for the BindDN to query the LDAP server. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*suffix*] # LDAP server suffix (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*query_scope*] # The LDAP scope for queries, this can be either "one" # (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*page_size*] # Maximum results per page; a value of zero ("0") disables paging. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_tree_dn*] # Search base for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_filter*] # LDAP search filter for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_objectclass*] # LDAP objectclass for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_id_attribute*] # LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_name_attribute*] # LDAP attribute mapped to user name. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_description_attribute*] # LDAP attribute mapped to user description. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_mail_attribute*] # LDAP attribute mapped to user email. (string value) # # [*user_enabled_attribute*] # LDAP attribute mapped to user enabled flag. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_mask*] # Bitmask integer to indicate the bit that the enabled value is stored in if @@ -69,7 +69,7 @@ # boolean. A value of "0" indicates the mask is not used. If this is not set # to "0" the typical value is "2". This is typically used when # "user_enabled_attribute = userAccountControl". (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_default*] # Default value to enable users. This should match an appropriate int value @@ -77,7 +77,7 @@ # is enabled or disabled. If this is not set to "True" the typical value is # "512". This is typically used when "user_enabled_attribute = # userAccountControl". (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_invert*] # Invert the meaning of the boolean enabled values. Some LDAP servers use a @@ -85,30 +85,30 @@ # "user_enabled_invert = true" will allow these lock attributes to be used. # This setting will have no effect if "user_enabled_mask" or # "user_enabled_emulation" settings are in use. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_attribute_ignore*] # List of attributes stripped off the user on update. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_default_project_id_attribute*] # LDAP attribute mapped to default_project_id for users. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_pass_attribute*] # LDAP attribute mapped to password. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_emulation*] # If true, Keystone uses an alternative method to determine if # a user is enabled or not by checking if they are a member of # the "user_enabled_emulation_dn" group. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_enabled_emulation_dn*] # DN of the group entry to hold enabled users when using enabled emulation. # (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_additional_attribute_mapping*] # List of additional LDAP attributes used for mapping @@ -116,75 +116,75 @@ # format is :, where ldap_attr is the # attribute in the LDAP entry and user_attr is the Identity # API attribute. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_tree_dn*] # Search base for groups. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_filter*] # LDAP search filter for groups. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_objectclass*] # LDAP objectclass for groups. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_id_attribute*] # LDAP attribute mapped to group id. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_name_attribute*] # LDAP attribute mapped to group name. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_member_attribute*] # LDAP attribute mapped to show group membership. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_members_are_ids*] # LDAP attribute when members of the group object class are keystone user IDs. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_desc_attribute*] # LDAP attribute mapped to group description. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_attribute_ignore*] # List of attributes stripped off the group on update. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_additional_attribute_mapping*] # Additional attribute mappings for groups. Attribute mapping # format is :, where ldap_attr is the # attribute in the LDAP entry and user_attr is the Identity # API attribute. (list value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*group_ad_nesting*] # If enabled, group queries will use Active Directory specific # filters for nested groups. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*chase_referrals*] # Whether or not to chase returned referrals. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_tls*] # Enable TLS for communicating with LDAP servers. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*tls_cacertfile*] # CA certificate file path for communicating with LDAP servers. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*tls_cacertdir*] # CA certificate directory path for communicating with LDAP servers. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*tls_req_cert*] # Valid options for tls_req_cert are demand, never, and allow. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*identity_driver*] # Identity backend driver. (string value) @@ -192,40 +192,40 @@ # # [*use_pool*] # Enable LDAP connection pooling. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_size*] # Connection pool size. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_retry_max*] # Maximum count of reconnect trials. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_retry_delay*] # Time span in seconds to wait between two reconnect trials. (floating point value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_connection_timeout*] # Connector timeout in seconds. Value -1 indicates indefinite wait for response. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*pool_connection_lifetime*] # Connection lifetime in seconds. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_auth_pool*] # Enable LDAP connection pooling for end user authentication. # If use_pool is disabled, then this setting is meaningless and is not used at all. (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_pool_size*] # End user auth connection pool size. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_pool_connection_lifetime*] # End user auth connection lifetime in seconds. (integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*package_ensure*] # (optional) Desired ensure state of packages. @@ -245,55 +245,55 @@ # == Dependencies # == Examples define keystone::ldap_backend( - $url = $::os_service_default, - $user = $::os_service_default, - $password = $::os_service_default, - $suffix = $::os_service_default, - $query_scope = $::os_service_default, - $page_size = $::os_service_default, - $user_tree_dn = $::os_service_default, - $user_filter = $::os_service_default, - $user_objectclass = $::os_service_default, - $user_id_attribute = $::os_service_default, - $user_name_attribute = $::os_service_default, - $user_description_attribute = $::os_service_default, - $user_mail_attribute = $::os_service_default, - $user_enabled_attribute = $::os_service_default, - $user_enabled_mask = $::os_service_default, - $user_enabled_default = $::os_service_default, - $user_enabled_invert = $::os_service_default, - $user_attribute_ignore = $::os_service_default, - $user_default_project_id_attribute = $::os_service_default, - $user_pass_attribute = $::os_service_default, - $user_enabled_emulation = $::os_service_default, - $user_enabled_emulation_dn = $::os_service_default, - $user_additional_attribute_mapping = $::os_service_default, - $group_tree_dn = $::os_service_default, - $group_filter = $::os_service_default, - $group_objectclass = $::os_service_default, - $group_id_attribute = $::os_service_default, - $group_name_attribute = $::os_service_default, - $group_member_attribute = $::os_service_default, - $group_members_are_ids = $::os_service_default, - $group_desc_attribute = $::os_service_default, - $group_attribute_ignore = $::os_service_default, - $group_additional_attribute_mapping = $::os_service_default, - $group_ad_nesting = $::os_service_default, - $chase_referrals = $::os_service_default, - $use_tls = $::os_service_default, - $tls_cacertdir = $::os_service_default, - $tls_cacertfile = $::os_service_default, - $tls_req_cert = $::os_service_default, + $url = $facts['os_service_default'], + $user = $facts['os_service_default'], + $password = $facts['os_service_default'], + $suffix = $facts['os_service_default'], + $query_scope = $facts['os_service_default'], + $page_size = $facts['os_service_default'], + $user_tree_dn = $facts['os_service_default'], + $user_filter = $facts['os_service_default'], + $user_objectclass = $facts['os_service_default'], + $user_id_attribute = $facts['os_service_default'], + $user_name_attribute = $facts['os_service_default'], + $user_description_attribute = $facts['os_service_default'], + $user_mail_attribute = $facts['os_service_default'], + $user_enabled_attribute = $facts['os_service_default'], + $user_enabled_mask = $facts['os_service_default'], + $user_enabled_default = $facts['os_service_default'], + $user_enabled_invert = $facts['os_service_default'], + $user_attribute_ignore = $facts['os_service_default'], + $user_default_project_id_attribute = $facts['os_service_default'], + $user_pass_attribute = $facts['os_service_default'], + $user_enabled_emulation = $facts['os_service_default'], + $user_enabled_emulation_dn = $facts['os_service_default'], + $user_additional_attribute_mapping = $facts['os_service_default'], + $group_tree_dn = $facts['os_service_default'], + $group_filter = $facts['os_service_default'], + $group_objectclass = $facts['os_service_default'], + $group_id_attribute = $facts['os_service_default'], + $group_name_attribute = $facts['os_service_default'], + $group_member_attribute = $facts['os_service_default'], + $group_members_are_ids = $facts['os_service_default'], + $group_desc_attribute = $facts['os_service_default'], + $group_attribute_ignore = $facts['os_service_default'], + $group_additional_attribute_mapping = $facts['os_service_default'], + $group_ad_nesting = $facts['os_service_default'], + $chase_referrals = $facts['os_service_default'], + $use_tls = $facts['os_service_default'], + $tls_cacertdir = $facts['os_service_default'], + $tls_cacertfile = $facts['os_service_default'], + $tls_req_cert = $facts['os_service_default'], $identity_driver = 'ldap', - $use_pool = $::os_service_default, - $pool_size = $::os_service_default, - $pool_retry_max = $::os_service_default, - $pool_retry_delay = $::os_service_default, - $pool_connection_timeout = $::os_service_default, - $pool_connection_lifetime = $::os_service_default, - $use_auth_pool = $::os_service_default, - $auth_pool_size = $::os_service_default, - $auth_pool_connection_lifetime = $::os_service_default, + $use_pool = $facts['os_service_default'], + $pool_size = $facts['os_service_default'], + $pool_retry_max = $facts['os_service_default'], + $pool_retry_delay = $facts['os_service_default'], + $pool_connection_timeout = $facts['os_service_default'], + $pool_connection_lifetime = $facts['os_service_default'], + $use_auth_pool = $facts['os_service_default'], + $auth_pool_size = $facts['os_service_default'], + $auth_pool_connection_lifetime = $facts['os_service_default'], $package_ensure = present, $manage_packages = true, $create_domain_entry = false, diff --git a/manifests/logging.pp b/manifests/logging.pp index 4cdfbfaa1..dd8ad5758 100644 --- a/manifests/logging.pp +++ b/manifests/logging.pp @@ -6,72 +6,72 @@ # # [*debug*] # (Optional) Should the daemons log debug messages -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_syslog*] # (Optional) Use syslog for logging. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_journal*] # (Optional) Use journal for logging. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_json*] # (Optional) Use JSON format for logging. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_stderr*] # (Optional) Use stderr for logging -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*log_facility*] # (Optional) Syslog facility to receive log lines. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*log_dir*] # (Optional) Directory where logs should be stored. -# If set to $::os_service_default, it will not log to any directory. +# If set to $facts['os_service_default'], it will not log to any directory. # Defaults to '/var/log/keystone' # # [*log_file*] # (Optional) File where logs should be stored. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*logging_context_format_string*] # (Optional) Format string to use for log messages with context. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ # [%(request_id)s %(user_identity)s] %(instance)s%(message)s' # # [*logging_default_format_string*] # (Optional) Format string to use for log messages without context. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ # [-] %(instance)s%(message)s' # # [*logging_debug_format_suffix*] # (Optional) Formatted data to append to log format when level is DEBUG. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(funcName)s %(pathname)s:%(lineno)d' # # [*logging_exception_prefix*] # (Optional) Prefix each line of exception output with this format. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' # # [*logging_user_identity_format*] # (Optional) Defines the format string for %(user_identity)s that is used in logging_context_format_string. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s' # # [*log_config_append*] # (Optional) The name of an additional logging configuration file. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # See https://docs.python.org/2/howto/logging.html # # [*default_log_levels*] # (Optional) Hash of logger (keys) and level (values) pairs. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: # { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', # 'sqlalchemy' => 'WARN', 'suds' => 'INFO', @@ -83,55 +83,55 @@ # # [*publish_errors*] # (Optional) Publish error events (boolean value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*fatal_deprecations*] # (Optional) Make deprecations fatal (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*instance_format*] # (Optional) If an instance is passed with the log message, format it # like this (string value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '[instance: %(uuid)s] ' # # [*instance_uuid_format*] # (Optional) If an instance UUID is passed with the log message, format # it like this (string value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: instance_uuid_format='[instance: %(uuid)s] ' # # [*log_date_format*] # (Optional) Format string for %%(asctime)s in log records. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: 'Y-%m-%d %H:%M:%S' # # [*watch_log_file*] # (Optional) Uses logging handler designed to watch file system (boolean value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class keystone::logging( - $use_syslog = $::os_service_default, - $use_journal = $::os_service_default, - $use_json = $::os_service_default, - $use_stderr = $::os_service_default, - $log_facility = $::os_service_default, + $use_syslog = $facts['os_service_default'], + $use_journal = $facts['os_service_default'], + $use_json = $facts['os_service_default'], + $use_stderr = $facts['os_service_default'], + $log_facility = $facts['os_service_default'], $log_dir = '/var/log/keystone', - $log_file = $::os_service_default, - $debug = $::os_service_default, - $logging_context_format_string = $::os_service_default, - $logging_default_format_string = $::os_service_default, - $logging_debug_format_suffix = $::os_service_default, - $logging_exception_prefix = $::os_service_default, - $logging_user_identity_format = $::os_service_default, - $log_config_append = $::os_service_default, - $default_log_levels = $::os_service_default, - $publish_errors = $::os_service_default, - $fatal_deprecations = $::os_service_default, - $instance_format = $::os_service_default, - $instance_uuid_format = $::os_service_default, - $log_date_format = $::os_service_default, - $watch_log_file = $::os_service_default, + $log_file = $facts['os_service_default'], + $debug = $facts['os_service_default'], + $logging_context_format_string = $facts['os_service_default'], + $logging_default_format_string = $facts['os_service_default'], + $logging_debug_format_suffix = $facts['os_service_default'], + $logging_exception_prefix = $facts['os_service_default'], + $logging_user_identity_format = $facts['os_service_default'], + $log_config_append = $facts['os_service_default'], + $default_log_levels = $facts['os_service_default'], + $publish_errors = $facts['os_service_default'], + $fatal_deprecations = $facts['os_service_default'], + $instance_format = $facts['os_service_default'], + $instance_uuid_format = $facts['os_service_default'], + $log_date_format = $facts['os_service_default'], + $watch_log_file = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/messaging/amqp.pp b/manifests/messaging/amqp.pp index 07c99680e..c3fe5c3b2 100644 --- a/manifests/messaging/amqp.pp +++ b/manifests/messaging/amqp.pp @@ -6,40 +6,40 @@ # # [*amqp_pre_settled*] # (Optional) Send messages of this type pre-settled -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*amqp_idle_timeout*] # (Optional) Timeout for inactive connections -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*amqp_ssl_ca_file*] # (Optional) CA certificate PEM file to verify server certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*amqp_ssl_cert_file*] # (Optional) Identifying certificate PEM file to present to clients -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*amqp_ssl_key_file*] # (Optional) Private key PEM file used to sign cert_file certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*amqp_ssl_key_password*] # (Optional) Password for decrypting ssl_key_file (if encrypted) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*amqp_sasl_mechanisms*] # (Optional) Space separated list of acceptable SASL mechanisms -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # class keystone::messaging::amqp( - $amqp_pre_settled = $::os_service_default, - $amqp_idle_timeout = $::os_service_default, - $amqp_ssl_ca_file = $::os_service_default, - $amqp_ssl_cert_file = $::os_service_default, - $amqp_ssl_key_file = $::os_service_default, - $amqp_ssl_key_password = $::os_service_default, - $amqp_sasl_mechanisms = $::os_service_default, + $amqp_pre_settled = $facts['os_service_default'], + $amqp_idle_timeout = $facts['os_service_default'], + $amqp_ssl_ca_file = $facts['os_service_default'], + $amqp_ssl_cert_file = $facts['os_service_default'], + $amqp_ssl_key_file = $facts['os_service_default'], + $amqp_ssl_key_password = $facts['os_service_default'], + $amqp_sasl_mechanisms = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/params.pp b/manifests/params.pp index 12b662598..b7698634d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -12,7 +12,7 @@ class keystone::params { $keystone_user = $user $keystone_group = $group - case $::osfamily { + case $facts['os']['family'] { 'Debian': { $package_name = 'keystone' $service_name = 'keystone' @@ -30,7 +30,7 @@ class keystone::params { $python_pysaml2_package_name = 'python3-pysaml2' } default: { - fail("Unsupported osfamily ${::osfamily}") + fail("Unsupported osfamily: ${facts['os']['family']}") } } } diff --git a/manifests/policy.pp b/manifests/policy.pp index ed3de61df..e6c3ad514 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -6,12 +6,12 @@ # # [*enforce_scope*] # (Optional) Whether or not to enforce scope when evaluating policies. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*enforce_new_defaults*] # (Optional) Whether or not to use old deprecated defaults when evaluating # policies. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*policies*] # (Optional) Set of policies to configure for keystone @@ -34,11 +34,11 @@ # # [*policy_default_rule*] # (Optional) Default rule. Enforced when a requested rule is not found. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*policy_dirs*] # (Optional) Path to the keystone policy folder -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*purge_config*] # (optional) Whether to set only the specified policy rules in the policy @@ -46,12 +46,12 @@ # Defaults to false. # class keystone::policy ( - $enforce_scope = $::os_service_default, - $enforce_new_defaults = $::os_service_default, + $enforce_scope = $facts['os_service_default'], + $enforce_new_defaults = $facts['os_service_default'], $policies = {}, $policy_path = '/etc/keystone/policy.yaml', - $policy_default_rule = $::os_service_default, - $policy_dirs = $::os_service_default, + $policy_default_rule = $facts['os_service_default'], + $policy_dirs = $facts['os_service_default'], $purge_config = false, ) { diff --git a/manifests/resource/authtoken.pp b/manifests/resource/authtoken.pp index 2f9da6bef..a1f02132f 100644 --- a/manifests/resource/authtoken.pp +++ b/manifests/resource/authtoken.pp @@ -52,63 +52,63 @@ # # [*project_name*] # (Optional) Service project name -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_domain_name*] # (Optional) Name of domain for $username -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*project_domain_name*] # (Optional) Name of domain for $project_name -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*system_scope*] # (Optional) Scope for system operations -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*insecure*] # (Optional) If true, explicitly allow TLS without checking server cert # against any certificate authorities. WARNING: not recommended. Use with # caution. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_section*] # (Optional) Config Section from which to load plugin specific options -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*auth_type*] # (Optional) Authentication type to load -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*www_authenticate_uri*] # (Optional) Complete public Identity API endpoint. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*auth_version*] # (Optional) API version of the admin Identity API endpoint. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*cache*] # (Optional) Env key for the swift cache. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*cafile*] # (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs # connections. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*certfile*] # (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*collect_timing*] # (Optional) If true, collect per-method timing information for each API call. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*delay_auth_decision*] # (Optional) Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. Boolean value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*enforce_token_bind*] # (Optional) Used to control the use and type of token binding. Can be set @@ -118,56 +118,56 @@ # type is unknown the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a binding method that # must be present in tokens. String value. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*http_connect_timeout*] # (Optional) Request timeout value for communicating with Identity API server. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*http_request_max_retries*] # (Optional) How many times are we trying to reconnect when communicating # with Identity API Server. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*include_service_catalog*] # (Optional) Indicate whether to set the X-Service-Catalog header. If False, # middleware will not ask for service catalog on token validation and will not # set the X-Service-Catalog header. Boolean value. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*keyfile*] # (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_conn_get_timeout*] # (Optional) Number of seconds that an operation will wait to get a memcached # client connection from the pool. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_dead_retry*] # (Optional) Number of seconds memcached server is considered dead before it # is tried again. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_maxsize*] # (Optional) Maximum total number of open connections to every memcached # server. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_socket_timeout*] # (Optional) Number of seconds a connection to memcached is held unused in the # pool before it is closed. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_unused_timeout*] # (Optional) Number of seconds a connection to memcached is held unused in the # pool before it is closed. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_secret_key*] # (Optional, mandatory if memcache_security_strategy is defined) This string # is used for key derivation. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_security_strategy*] # (Optional) If defined, indicate whether token data should be authenticated or @@ -175,27 +175,27 @@ # in the cache. If ENCRYPT, token data is encrypted and authenticated in the # cache. If the value is not one of these options or empty, auth_token will # raise an exception on initialization. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_use_advanced_pool*] # (Optional) Use the advanced (eventlet safe) memcached client pool. The # advanced pool will only work under python 2.x Boolean value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcached_servers*] # (Optional) Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached in-process. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*region_name*] # (Optional) The region in which the identity server can be found. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*token_cache_time*] # (Optional) In order to prevent excessive effort spent validating tokens, # the middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*manage_memcache_package*] # (Optional) Whether to install the python-memcache package. @@ -209,63 +209,63 @@ # here are applied as an ANY check so any role in this list # must be present. For backwards compatibility reasons this # currently only affects the allow_expired check. (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*service_token_roles_required*] # (optional) backwards compatibility to ensure that the service tokens are # compared against a list of possible roles for validity # true/false -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*service_type*] # (Optional) The name or type of the service as it appears in the service # catalog. This is used to validate tokens that have restricted access rules. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*interface*] # (Optional) Interface to use for the Identity API endpoint. Valid values are # "public", "internal" or "admin". -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # define keystone::resource::authtoken( $username, $password, $auth_url, - $project_name = $::os_service_default, - $user_domain_name = $::os_service_default, - $project_domain_name = $::os_service_default, - $system_scope = $::os_service_default, - $insecure = $::os_service_default, - $auth_section = $::os_service_default, - $auth_type = $::os_service_default, - $www_authenticate_uri = $::os_service_default, - $auth_version = $::os_service_default, - $cache = $::os_service_default, - $cafile = $::os_service_default, - $certfile = $::os_service_default, - $collect_timing = $::os_service_default, - $delay_auth_decision = $::os_service_default, - $enforce_token_bind = $::os_service_default, - $http_connect_timeout = $::os_service_default, - $http_request_max_retries = $::os_service_default, - $include_service_catalog = $::os_service_default, - $keyfile = $::os_service_default, - $memcache_pool_conn_get_timeout = $::os_service_default, - $memcache_pool_dead_retry = $::os_service_default, - $memcache_pool_maxsize = $::os_service_default, - $memcache_pool_socket_timeout = $::os_service_default, - $memcache_pool_unused_timeout = $::os_service_default, - $memcache_secret_key = $::os_service_default, - $memcache_security_strategy = $::os_service_default, - $memcache_use_advanced_pool = $::os_service_default, - $memcached_servers = $::os_service_default, - $region_name = $::os_service_default, - $token_cache_time = $::os_service_default, + $project_name = $facts['os_service_default'], + $user_domain_name = $facts['os_service_default'], + $project_domain_name = $facts['os_service_default'], + $system_scope = $facts['os_service_default'], + $insecure = $facts['os_service_default'], + $auth_section = $facts['os_service_default'], + $auth_type = $facts['os_service_default'], + $www_authenticate_uri = $facts['os_service_default'], + $auth_version = $facts['os_service_default'], + $cache = $facts['os_service_default'], + $cafile = $facts['os_service_default'], + $certfile = $facts['os_service_default'], + $collect_timing = $facts['os_service_default'], + $delay_auth_decision = $facts['os_service_default'], + $enforce_token_bind = $facts['os_service_default'], + $http_connect_timeout = $facts['os_service_default'], + $http_request_max_retries = $facts['os_service_default'], + $include_service_catalog = $facts['os_service_default'], + $keyfile = $facts['os_service_default'], + $memcache_pool_conn_get_timeout = $facts['os_service_default'], + $memcache_pool_dead_retry = $facts['os_service_default'], + $memcache_pool_maxsize = $facts['os_service_default'], + $memcache_pool_socket_timeout = $facts['os_service_default'], + $memcache_pool_unused_timeout = $facts['os_service_default'], + $memcache_secret_key = $facts['os_service_default'], + $memcache_security_strategy = $facts['os_service_default'], + $memcache_use_advanced_pool = $facts['os_service_default'], + $memcached_servers = $facts['os_service_default'], + $region_name = $facts['os_service_default'], + $token_cache_time = $facts['os_service_default'], $manage_memcache_package = false, - $service_token_roles = $::os_service_default, - $service_token_roles_required = $::os_service_default, - $service_type = $::os_service_default, - $interface = $::os_service_default, + $service_token_roles = $facts['os_service_default'], + $service_token_roles_required = $facts['os_service_default'], + $service_type = $facts['os_service_default'], + $interface = $facts['os_service_default'], ) { include keystone::params @@ -308,7 +308,7 @@ define keystone::resource::authtoken( }) } } else { - $memcached_servers_real = $::os_service_default + $memcached_servers_real = $facts['os_service_default'] } if is_service_default($system_scope) { @@ -317,8 +317,8 @@ define keystone::resource::authtoken( } else { # When system scope is used, project parameters should be removed otherwise # project scope is used. - $project_name_real = $::os_service_default - $project_domain_name_real = $::os_service_default + $project_name_real = $facts['os_service_default'] + $project_domain_name_real = $facts['os_service_default'] } $keystonemiddleware_options = { diff --git a/manifests/resource/service_user.pp b/manifests/resource/service_user.pp index 3b100706a..1893b4194 100644 --- a/manifests/resource/service_user.pp +++ b/manifests/resource/service_user.pp @@ -23,15 +23,15 @@ # # [*project_name*] # (Optional) Service project name -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*user_domain_name*] # (Optional) Name of domain for $username -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*project_domain_name*] # (Optional) Name of domain for $project_name -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*send_service_user_token*] # (Optional) The service uses service token feature when this is set as true @@ -39,55 +39,55 @@ # # [*system_scope*] # (Optional) Scope for system operations -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*insecure*] # (Optional) If true, explicitly allow TLS without checking server cert # against any certificate authorities. WARNING: not recommended. Use with # caution. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_type*] # (Optional) Authentication type to load -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_version*] # (Optional) API version of the admin Identity API endpoint. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*cafile*] # (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs # connections. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*certfile*] # (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*keyfile*] # (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*region_name*] # (Optional) The region in which the identity server can be found. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # define keystone::resource::service_user( $username, $password, $auth_url, - $project_name = $::os_service_default, - $user_domain_name = $::os_service_default, - $project_domain_name = $::os_service_default, - $system_scope = $::os_service_default, + $project_name = $facts['os_service_default'], + $user_domain_name = $facts['os_service_default'], + $project_domain_name = $facts['os_service_default'], + $system_scope = $facts['os_service_default'], $send_service_user_token = false, - $insecure = $::os_service_default, - $auth_type = $::os_service_default, - $auth_version = $::os_service_default, - $cafile = $::os_service_default, - $certfile = $::os_service_default, - $keyfile = $::os_service_default, - $region_name = $::os_service_default, + $insecure = $facts['os_service_default'], + $auth_type = $facts['os_service_default'], + $auth_version = $facts['os_service_default'], + $cafile = $facts['os_service_default'], + $certfile = $facts['os_service_default'], + $keyfile = $facts['os_service_default'], + $region_name = $facts['os_service_default'], ) { include keystone::params @@ -99,8 +99,8 @@ define keystone::resource::service_user( } else { # When system scope is used, project parameters should be removed otherwise # project scope is used. - $project_name_real = $::os_service_default - $project_domain_name_real = $::os_service_default + $project_name_real = $facts['os_service_default'] + $project_domain_name_real = $facts['os_service_default'] } $service_user_options = { diff --git a/manifests/security_compliance.pp b/manifests/security_compliance.pp index 7ebe70915..253945934 100644 --- a/manifests/security_compliance.pp +++ b/manifests/security_compliance.pp @@ -8,65 +8,65 @@ # [*change_password_upon_first_use*] # (Optional) Enabling this option requires users to change their password # when the user is created, or upon administrative reset. (Boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*disable_user_account_days_inactive*] # (Optional) The maximum number of days a user can go without authenticating # before being considered "inactive" and automatically disabled (locked). # (Integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*lockout_duration*] # (Optional) The number of seconds a user account will be locked when the # maximum number of failed authentication attempts (as specified by # `[security_compliance] lockout_failure_attempts`) is exceeded. # (Integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*lockout_failure_attempts*] # (Optional) The maximum number of times that a user can fail to authenticate # before the user account is locked for the number of seconds specified by # `[security_compliance] lockout_duration`. (Integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*minimum_password_age*] # (Optional) The number of days that a password must be used before the user # can change it. This prevents users from changing their passwords immediately # in order to wipe out their password history and reuse an old password. # (Integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*password_expires_days*] # (Optional) The number of days for which a password will be considered valid # before requiring it to be changed. (Integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*password_regex*] # (Optional) The regular expression used to validate password strength requirements. # By default, the regular expression will match any password. (String value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*password_regex_description*] # (Optional) Describe your password regular expression here in language for humans. # (String value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*unique_last_password_count*] # (Optional) This controls the number of previous user password iterations to keep # in history, in order to enforce that newly created passwords are unique. # (Integer value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class keystone::security_compliance( - $change_password_upon_first_use = $::os_service_default, - $disable_user_account_days_inactive = $::os_service_default, - $lockout_duration = $::os_service_default, - $lockout_failure_attempts = $::os_service_default, - $minimum_password_age = $::os_service_default, - $password_expires_days = $::os_service_default, - $password_regex = $::os_service_default, - $password_regex_description = $::os_service_default, - $unique_last_password_count = $::os_service_default, + $change_password_upon_first_use = $facts['os_service_default'], + $disable_user_account_days_inactive = $facts['os_service_default'], + $lockout_duration = $facts['os_service_default'], + $lockout_failure_attempts = $facts['os_service_default'], + $minimum_password_age = $facts['os_service_default'], + $password_expires_days = $facts['os_service_default'], + $password_regex = $facts['os_service_default'], + $password_regex_description = $facts['os_service_default'], + $unique_last_password_count = $facts['os_service_default'], ) { include keystone::deps diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index acb83133c..40c94118e 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -12,7 +12,7 @@ # # [*servername*] # (Optional) The servername for the virtualhost. -# Defaults to $::fqdn +# Defaults to $facts['networking']['fqdn'] # # [*bind_host*] # (Optional) The host/ip address Apache will listen on. @@ -32,7 +32,7 @@ # # [*workers*] # (Optional) Number of WSGI workers to spawn. -# Defaults to $::os_workers_keystone +# Defaults to $facts['os_workers_keystone'] # # [*ssl_cert*] # (Optional) Path to SSL certificate @@ -142,12 +142,12 @@ # Defaults to undef # class keystone::wsgi::apache ( - $servername = $::fqdn, + $servername = $facts['networking']['fqdn'], $bind_host = undef, $port = 5000, $path = '/', $ssl = false, - $workers = $::os_workers_keystone, + $workers = $facts['os_workers_keystone'], $ssl_cert = undef, $ssl_key = undef, $ssl_chain = undef, @@ -227,7 +227,7 @@ class keystone::wsgi::apache ( # The file should be created after the apache class is invoked, otherwise # the file is deleted because of its default behavior which removes all files # in sites-available/sites-enabled. - if ($::operatingsystem == 'Ubuntu') { + if ($facts['os']['name'] == 'Ubuntu') { ensure_resource('file', '/etc/apache2/sites-available/keystone.conf', { 'ensure' => 'file', 'content' => '', diff --git a/manifests/wsgi/uwsgi.pp b/manifests/wsgi/uwsgi.pp index e86e50d57..81fb01c05 100644 --- a/manifests/wsgi/uwsgi.pp +++ b/manifests/wsgi/uwsgi.pp @@ -11,7 +11,7 @@ # # [*processes*] # (Optional) Number of processes. -# Defaults to $::os_workers. +# Defaults to $facts['os_workers']. # # [*threads*] # (Optional) Number of threads. @@ -22,14 +22,14 @@ # Defaults to 100 # class keystone::wsgi::uwsgi ( - $processes = $::os_workers, + $processes = $facts['os_workers'], $threads = 32, $listen_queue_size = 100, ){ include keystone::deps - if $::operatingsystem != 'Debian'{ + if $facts['os']['name'] != 'Debian'{ warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.') } diff --git a/spec/classes/keystone_client_spec.rb b/spec/classes/keystone_client_spec.rb index 8495ad93e..ff49ee878 100644 --- a/spec/classes/keystone_client_spec.rb +++ b/spec/classes/keystone_client_spec.rb @@ -42,7 +42,7 @@ describe 'keystone::client' do end let (:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :client_package_name => 'python3-keystoneclient' } when 'RedHat' diff --git a/spec/classes/keystone_federation_identity_provider_spec.rb b/spec/classes/keystone_federation_identity_provider_spec.rb index fae5e1f5b..1f10b3875 100644 --- a/spec/classes/keystone_federation_identity_provider_spec.rb +++ b/spec/classes/keystone_federation_identity_provider_spec.rb @@ -119,7 +119,7 @@ describe 'keystone::federation::identity_provider' do end let (:platform_params) do - if facts[:osfamily] == 'RedHat' + if facts[:os]['family'] == 'RedHat' keystone_service = 'openstack-keystone' python_pysaml2_package_name = 'python3-pysaml2' else diff --git a/spec/classes/keystone_federation_mellon_spec.rb b/spec/classes/keystone_federation_mellon_spec.rb index 5970faff4..01514b19e 100644 --- a/spec/classes/keystone_federation_mellon_spec.rb +++ b/spec/classes/keystone_federation_mellon_spec.rb @@ -86,9 +86,7 @@ describe 'keystone::federation::mellon' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :concat_basedir => '/var/lib/puppet/concat' - })) + facts.merge(OSDefaults.get_facts()) end it_behaves_like 'Federation Mellon' diff --git a/spec/classes/keystone_federation_shibboleth_spec.rb b/spec/classes/keystone_federation_shibboleth_spec.rb index aee1da6d3..c87d9322b 100644 --- a/spec/classes/keystone_federation_shibboleth_spec.rb +++ b/spec/classes/keystone_federation_shibboleth_spec.rb @@ -143,14 +143,12 @@ describe 'keystone::federation::shibboleth' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :concat_basedir => '/var/lib/puppet/concat' - })) + facts.merge(OSDefaults.get_facts()) end it_behaves_like 'keystone::federation::shibboleth' it_behaves_like 'keystone::federation::shibboleth with invalid parameters' - it_behaves_like "keystone::federation::shibboleth on #{facts[:osfamily]}" + it_behaves_like "keystone::federation::shibboleth on #{facts[:os]['family']}" end end end diff --git a/spec/classes/keystone_init_spec.rb b/spec/classes/keystone_init_spec.rb index 9370be247..e8ea67ba4 100644 --- a/spec/classes/keystone_init_spec.rb +++ b/spec/classes/keystone_init_spec.rb @@ -177,7 +177,7 @@ describe 'keystone' do end it do - if facts[:operatingsystem] == 'Debian' + if facts[:os]['name'] == 'Debian' is_expected.to contain_service('keystone').with( :ensure => 'stopped', :name => platform_params[:service_name], @@ -620,14 +620,11 @@ describe 'keystone' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge!(OSDefaults.get_facts({ - :concat_basedir => '/var/lib/puppet/concat', - :fqdn => 'some.host.tld', - })) + facts.merge!(OSDefaults.get_facts()) end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :package_name => 'keystone', :service_name => 'keystone', diff --git a/spec/classes/keystone_ldap_spec.rb b/spec/classes/keystone_ldap_spec.rb index 88661d65e..64f040367 100644 --- a/spec/classes/keystone_ldap_spec.rb +++ b/spec/classes/keystone_ldap_spec.rb @@ -236,7 +236,7 @@ describe 'keystone::ldap' do end let (:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :python_ldappool_package_name => 'python3-ldappool' } when 'RedHat' diff --git a/spec/classes/keystone_wsgi_apache_spec.rb b/spec/classes/keystone_wsgi_apache_spec.rb index 0a4e436ea..b8dfc013c 100644 --- a/spec/classes/keystone_wsgi_apache_spec.rb +++ b/spec/classes/keystone_wsgi_apache_spec.rb @@ -16,7 +16,7 @@ describe 'keystone::wsgi::apache' do } it { should contain_openstacklib__wsgi__apache('keystone_wsgi').with( - :servername => 'some.host.tld', + :servername => 'foo.example.com', :bind_host => nil, :bind_port => 5000, :group => 'keystone', @@ -195,13 +195,11 @@ describe 'keystone::wsgi::apache' do let (:facts) do facts.merge!(OSDefaults.get_facts({ :os_workers_keystone => 8, - :concat_basedir => '/var/lib/puppet/concat', - :fqdn => 'some.host.tld', })) end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :wsgi_script_path => '/usr/lib/cgi-bin/keystone', @@ -214,7 +212,7 @@ describe 'keystone::wsgi::apache' do end it_behaves_like 'keystone::wsgi::apache' - if facts[:operatingsystem] == 'Ubuntu' + if facts[:os]['name'] == 'Ubuntu' it_behaves_like 'keystone::wsgi::apache on Ubuntu' end end diff --git a/spec/defines/keystone_ldap_backend_spec.rb b/spec/defines/keystone_ldap_backend_spec.rb index ae690fa92..13a4e5c5f 100644 --- a/spec/defines/keystone_ldap_backend_spec.rb +++ b/spec/defines/keystone_ldap_backend_spec.rb @@ -216,7 +216,7 @@ describe 'keystone::ldap_backend' do end let (:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :python_ldappool_package_name => 'python3-ldappool' } when 'RedHat' diff --git a/spec/defines/keystone_resource_authtoken_spec.rb b/spec/defines/keystone_resource_authtoken_spec.rb index 2a2913904..f652b2e5f 100644 --- a/spec/defines/keystone_resource_authtoken_spec.rb +++ b/spec/defines/keystone_resource_authtoken_spec.rb @@ -273,7 +273,7 @@ describe 'keystone::resource::authtoken' do end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' memcache_package_name = 'python3-memcache' when 'RedHat'