Merge "Remove deprecated bootstrap code"
This commit is contained in:
commit
5504649539
|
@ -57,8 +57,7 @@
|
||||||
# Defaults to 'public'
|
# Defaults to 'public'
|
||||||
#
|
#
|
||||||
class keystone::bootstrap (
|
class keystone::bootstrap (
|
||||||
# TODO(tobias-urdin): Make the password required when compat is removed.
|
$password,
|
||||||
$password = undef,
|
|
||||||
$username = 'admin',
|
$username = 'admin',
|
||||||
$email = 'admin@localhost',
|
$email = 'admin@localhost',
|
||||||
$project_name = 'admin',
|
$project_name = 'admin',
|
||||||
|
@ -74,134 +73,9 @@ class keystone::bootstrap (
|
||||||
|
|
||||||
include ::keystone::deps
|
include ::keystone::deps
|
||||||
|
|
||||||
# TODO(tobias-urdin): Remove compat layer.
|
$internal_url_real = $internal_url ? {
|
||||||
if $password == undef {
|
undef => $public_url,
|
||||||
if defined('$::keystone::admin_password') and $::keystone::admin_password != undef {
|
default => $internal_url
|
||||||
$password_real = $::keystone::admin_password
|
|
||||||
warning('Using deprecated keystone::admin_password as admin password')
|
|
||||||
# Check if we differ from the roles admin pw
|
|
||||||
if defined('$::keystone::roles::admin::password') and $::keystone::roles::admin::password != $password_real {
|
|
||||||
warning('The keystone::admin_password and keystone::roles::admin::password differs and will cause a flip-flopping\
|
|
||||||
behaviour and authentication issues for the admin user.')
|
|
||||||
}
|
|
||||||
} elsif defined('$::keystone::admin_token') and $::keystone::admin_token != undef {
|
|
||||||
$password_real = $::keystone::admin_token
|
|
||||||
warning('Using deprecated keystone::admin_token as admin password')
|
|
||||||
# Check if we differ from the roles admin pw
|
|
||||||
if defined('$::keystone::roles::admin::password') and $::keystone::roles::admin::password != $password_real {
|
|
||||||
warning('The keystone::admin_token and keystone::roles::admin::password differs and will cause a flip-flopping\
|
|
||||||
behaviour and authentication issues for the admin user.')
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
# Check the keystone::roles::admin class as well.
|
|
||||||
if defined('$::keystone::roles::admin::password') and $::keystone::roles::admin::password != undef {
|
|
||||||
$password_real = $::keystone::roles::admin::password
|
|
||||||
warning('Using deprecated keystone::roles::admin::password as admin password')
|
|
||||||
} else {
|
|
||||||
fail('keystone::bootstrap::password is undef, could not resolve a password')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$password_real = $password
|
|
||||||
}
|
|
||||||
if defined('$::keystone::endpoint::public_url') and $::keystone::endpoint::public_url != undef {
|
|
||||||
$public_url_real = $::keystone::endpoint::public_url
|
|
||||||
$using_deprecated_public_url = true
|
|
||||||
warning('Using deprecated keystone::endpoint::public_url, please update to using keystone::bootstrap')
|
|
||||||
} else {
|
|
||||||
$public_url_real = $public_url
|
|
||||||
$using_deprecated_public_url = false
|
|
||||||
}
|
|
||||||
if defined('$::keystone::endpoint::internal_url') and $::keystone::endpoint::internal_url != undef {
|
|
||||||
$internal_url_final = $::keystone::endpoint::internal_url
|
|
||||||
$using_deprecated_internal_url = true
|
|
||||||
warning('Using deprecated keystone::endpoint::internal_url, please update to using keystone::bootstrap')
|
|
||||||
} else {
|
|
||||||
$internal_url_final = $internal_url
|
|
||||||
$using_deprecated_internal_url = false
|
|
||||||
}
|
|
||||||
if defined('$::keystone::endpoint::admin_url') and $::keystone::endpoint::admin_url != undef {
|
|
||||||
$admin_url_real = $::keystone::endpoint::admin_url
|
|
||||||
warning('Using deprecated keystone::endpoint::admin_url, please update to using keystone::bootstrap')
|
|
||||||
} else {
|
|
||||||
$admin_url_real = $admin_url
|
|
||||||
}
|
|
||||||
if defined('$::keystone::endpoint::region') and $::keystone::endpoint::region != undef {
|
|
||||||
$region_real = $::keystone::endpoint::region
|
|
||||||
warning('Using deprecated keystone::endpoint::region, please update to using keystone::bootstrap')
|
|
||||||
} else {
|
|
||||||
$region_real = $region
|
|
||||||
}
|
|
||||||
if !$using_deprecated_internal_url and $internal_url == undef and $using_deprecated_public_url {
|
|
||||||
warning('Using deprecated keystone::endpoint::public_url for keystone::bootstrap::internal_url')
|
|
||||||
}
|
|
||||||
if defined('$::keystone::roles::admin::admin') and $::keystone::roles::admin::admin != undef {
|
|
||||||
$username_real = $::keystone::roles::admin::admin
|
|
||||||
if $username_real != $username and $username == 'admin' {
|
|
||||||
warning('Using keystone::roles::admin::admin as username, the keystone::bootstrap::username default is different\
|
|
||||||
dont forget to set that later')
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$username_real = $username
|
|
||||||
}
|
|
||||||
if defined('$::keystone::roles::admin::email') and $::keystone::roles::admin::email != undef {
|
|
||||||
$email_real = $::keystone::roles::admin::email
|
|
||||||
if $email_real != $email and $email == 'admin@localhost' {
|
|
||||||
warning('Using keystone::roles::admin::email as email, the keystone::bootstrap::email default is different\
|
|
||||||
dont forget to set that later')
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$email_real = $email
|
|
||||||
}
|
|
||||||
if defined('$::keystone::roles::admin::admin_roles') and $::keystone::roles::admin::admin_roles != undef {
|
|
||||||
$role_name_real = $::keystone::roles::admin::admin_roles
|
|
||||||
warning("Using keystone::roles::admin::admin_roles with value ${role_name_real} note that the\
|
|
||||||
keystone::bootstrap when used will only set a single role, by default the 'admin' role.")
|
|
||||||
warning('Will use the first value in admin_roles for bootstrap and all (if multiple) for all other resources!')
|
|
||||||
if is_array($role_name_real) {
|
|
||||||
$bootstrap_role_name = $role_name_real[0]
|
|
||||||
} else {
|
|
||||||
$bootstrap_role_name = $role_name_real
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$role_name_real = [$role_name]
|
|
||||||
$bootstrap_role_name = $role_name
|
|
||||||
}
|
|
||||||
if defined('$::keystone::roles::admin::admin_tenant') {
|
|
||||||
$admin_tenant = $::keystone::roles::admin::admin_tenant
|
|
||||||
if ($admin_tenant == undef or $admin_tenant == 'openstack') {
|
|
||||||
# Try to keep the backward compatible creation of the openstack project.
|
|
||||||
# We still create the 'admin' project with the bootstrap process below.
|
|
||||||
# This is a best effort, we still ignore the description and default domain.
|
|
||||||
ensure_resource('keystone_tenant', 'openstack', {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'enabled' => true,
|
|
||||||
})
|
|
||||||
ensure_resource('keystone_user_role', "${username_real}@openstack", {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'roles' => $role_name_real,
|
|
||||||
})
|
|
||||||
|
|
||||||
# Use the default value so we create the "admin" project
|
|
||||||
$project_name_real = $project_name
|
|
||||||
} else {
|
|
||||||
warning('Using keystone::roles::admin::admin_tenant as project name for admin')
|
|
||||||
$project_name_real = $admin_tenant
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$project_name_real = $project_name
|
|
||||||
}
|
|
||||||
if defined('$::keystone::roles::admin::service_tenant') and $::keystone::roles::admin::service_tenant != undef {
|
|
||||||
warning('Using keystone::roles::admin::service_tenant as service project name')
|
|
||||||
$service_project_name_real = $::keystone::roles::admin::service_tenant
|
|
||||||
} else {
|
|
||||||
$service_project_name_real = $service_project_name
|
|
||||||
}
|
|
||||||
# Compat code ends here.
|
|
||||||
|
|
||||||
$internal_url_real = $internal_url_final ? {
|
|
||||||
undef => $public_url_real,
|
|
||||||
default => $internal_url_final
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if defined('$::keystone::keystone_user') {
|
if defined('$::keystone::keystone_user') {
|
||||||
|
@ -216,15 +90,15 @@ class keystone::bootstrap (
|
||||||
exec { 'keystone bootstrap':
|
exec { 'keystone bootstrap':
|
||||||
command => 'keystone-manage bootstrap',
|
command => 'keystone-manage bootstrap',
|
||||||
environment => [
|
environment => [
|
||||||
"OS_BOOTSTRAP_USERNAME=${username_real}",
|
"OS_BOOTSTRAP_USERNAME=${username}",
|
||||||
"OS_BOOTSTRAP_PASSWORD=${password_real}",
|
"OS_BOOTSTRAP_PASSWORD=${password}",
|
||||||
"OS_BOOTSTRAP_PROJECT_NAME=${project_name_real}",
|
"OS_BOOTSTRAP_PROJECT_NAME=${project_name}",
|
||||||
"OS_BOOTSTRAP_ROLE_NAME=${bootstrap_role_name}",
|
"OS_BOOTSTRAP_ROLE_NAME=${role_name}",
|
||||||
"OS_BOOTSTRAP_SERVICE_NAME=${service_name}",
|
"OS_BOOTSTRAP_SERVICE_NAME=${service_name}",
|
||||||
"OS_BOOTSTRAP_ADMIN_URL=${admin_url_real}",
|
"OS_BOOTSTRAP_ADMIN_URL=${admin_url}",
|
||||||
"OS_BOOTSTRAP_PUBLIC_URL=${public_url_real}",
|
"OS_BOOTSTRAP_PUBLIC_URL=${public_url}",
|
||||||
"OS_BOOTSTRAP_INTERNAL_URL=${internal_url_real}",
|
"OS_BOOTSTRAP_INTERNAL_URL=${internal_url_real}",
|
||||||
"OS_BOOTSTRAP_REGION_ID=${region_real}",
|
"OS_BOOTSTRAP_REGION_ID=${region}",
|
||||||
],
|
],
|
||||||
user => $keystone_user,
|
user => $keystone_user,
|
||||||
path => '/usr/bin',
|
path => '/usr/bin',
|
||||||
|
@ -238,40 +112,40 @@ class keystone::bootstrap (
|
||||||
# use the below resources to make sure the current resources are
|
# use the below resources to make sure the current resources are
|
||||||
# correct so if some value was updated we set that.
|
# correct so if some value was updated we set that.
|
||||||
|
|
||||||
ensure_resource('keystone_role', $role_name_real, {
|
ensure_resource('keystone_role', $role_name, {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
})
|
})
|
||||||
|
|
||||||
ensure_resource('keystone_user', $username_real, {
|
ensure_resource('keystone_user', $username, {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
'enabled' => true,
|
'enabled' => true,
|
||||||
'email' => $email_real,
|
'email' => $email,
|
||||||
'password' => $password_real,
|
'password' => $password,
|
||||||
})
|
})
|
||||||
|
|
||||||
ensure_resource('keystone_tenant', $service_project_name_real, {
|
ensure_resource('keystone_tenant', $service_project_name, {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
'enabled' => true,
|
'enabled' => true,
|
||||||
})
|
})
|
||||||
|
|
||||||
ensure_resource('keystone_tenant', $project_name_real, {
|
ensure_resource('keystone_tenant', $project_name, {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
'enabled' => true,
|
'enabled' => true,
|
||||||
})
|
})
|
||||||
|
|
||||||
ensure_resource('keystone_user_role', "${username_real}@${project_name_real}", {
|
ensure_resource('keystone_user_role', "${username}@${project_name}", {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
'roles' => $role_name_real,
|
'roles' => $role_name,
|
||||||
})
|
})
|
||||||
|
|
||||||
ensure_resource('keystone_service', "${service_name}::identity", {
|
ensure_resource('keystone_service', "${service_name}::identity", {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
})
|
})
|
||||||
|
|
||||||
ensure_resource('keystone_endpoint', "${region_real}/${service_name}::identity", {
|
ensure_resource('keystone_endpoint', "${region}/${service_name}::identity", {
|
||||||
'ensure' => 'present',
|
'ensure' => 'present',
|
||||||
'public_url' => $public_url_real,
|
'public_url' => $public_url,
|
||||||
'admin_url' => $admin_url_real,
|
'admin_url' => $admin_url,
|
||||||
'internal_url' => $internal_url_real,
|
'internal_url' => $internal_url_real,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -289,19 +163,19 @@ class keystone::bootstrap (
|
||||||
}
|
}
|
||||||
|
|
||||||
if $interface == 'admin' {
|
if $interface == 'admin' {
|
||||||
$auth_url_real = $admin_url_real
|
$auth_url_real = $admin_url
|
||||||
} elsif $interface == 'internal' {
|
} elsif $interface == 'internal' {
|
||||||
$auth_url_real = $internal_url_real
|
$auth_url_real = $internal_url_real
|
||||||
} else {
|
} else {
|
||||||
$auth_url_real = $public_url_real
|
$auth_url_real = $public_url
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone::resource::authtoken { 'keystone_puppet_config':
|
keystone::resource::authtoken { 'keystone_puppet_config':
|
||||||
username => $username_real,
|
username => $username,
|
||||||
password => $password_real,
|
password => $password,
|
||||||
auth_url => $auth_url_real,
|
auth_url => $auth_url_real,
|
||||||
project_name => $project_name_real,
|
project_name => $project_name,
|
||||||
region_name => $region_real,
|
region_name => $region,
|
||||||
interface => $interface,
|
interface => $interface,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,74 +0,0 @@
|
||||||
# == Class: keystone::endpoint
|
|
||||||
#
|
|
||||||
# DEPRECATED!
|
|
||||||
#
|
|
||||||
# Creates the auth endpoints for keystone
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*public_url*]
|
|
||||||
# (optional) Public url for keystone endpoint.
|
|
||||||
# Defaults to undef
|
|
||||||
# This url should *not* contain any version or trailing '/'.
|
|
||||||
#
|
|
||||||
# [*internal_url*]
|
|
||||||
# (optional) Internal url for keystone endpoint.
|
|
||||||
# Defaults to undef
|
|
||||||
# This url should *not* contain any version or trailing '/'.
|
|
||||||
#
|
|
||||||
# [*admin_url*]
|
|
||||||
# (optional) Admin url for keystone endpoint.
|
|
||||||
# Defaults to undef
|
|
||||||
# This url should *not* contain any version or trailing '/'.
|
|
||||||
#
|
|
||||||
# [*region*]
|
|
||||||
# (optional) Region for endpoint.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*user_domain*]
|
|
||||||
# (Optional) Domain for $auth_name
|
|
||||||
# Defaults to undef (use the keystone server default domain)
|
|
||||||
#
|
|
||||||
# [*project_domain*]
|
|
||||||
# (Optional) Domain for $tenant (project)
|
|
||||||
# Defaults to undef (use the keystone server default domain)
|
|
||||||
#
|
|
||||||
# [*default_domain*]
|
|
||||||
# (Optional) Domain for $auth_name and $tenant (project)
|
|
||||||
# If keystone_user_domain is not specified, use $keystone_default_domain
|
|
||||||
# If keystone_project_domain is not specified, use $keystone_default_domain
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*version*]
|
|
||||||
# (optional) API version for endpoint.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# === Examples
|
|
||||||
#
|
|
||||||
# class { 'keystone::endpoint':
|
|
||||||
# public_url => 'https://154.10.10.23:5000',
|
|
||||||
# internal_url => 'https://11.0.1.7:5000',
|
|
||||||
# admin_url => 'https://10.0.1.7:5000',
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
class keystone::endpoint (
|
|
||||||
$public_url = undef,
|
|
||||||
$internal_url = undef,
|
|
||||||
$admin_url = undef,
|
|
||||||
$region = undef,
|
|
||||||
$user_domain = undef,
|
|
||||||
$project_domain = undef,
|
|
||||||
$default_domain = undef,
|
|
||||||
$version = undef,
|
|
||||||
) {
|
|
||||||
|
|
||||||
warning('The keystone::endpoint class has been replaced with keystone::bootstrap class\
|
|
||||||
will try to use the backward compatible approach')
|
|
||||||
|
|
||||||
if !defined('$::keystone::roles::admin::admin_tenant') {
|
|
||||||
fail('You are using the backward compatible approach instead of keystone::bootstrap\
|
|
||||||
you need to ensure that keystone::roles::admin is defined BEFORE keystone::endpoint in your manifest')
|
|
||||||
}
|
|
||||||
|
|
||||||
include keystone::bootstrap
|
|
||||||
}
|
|
|
@ -456,23 +456,6 @@
|
||||||
# (Optional) The url to validate keystone against
|
# (Optional) The url to validate keystone against
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
# [*admin_token*]
|
|
||||||
# Admin token that can be used to authenticate as a keystone
|
|
||||||
# admin. This is not the password for the admin user
|
|
||||||
# in the Keystone database. This is a token that bypasses authentication.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*admin_password*]
|
|
||||||
# Keystone password for the admin user. This is not the admin_token.
|
|
||||||
# This is the password that the admin user signs into keystone with.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*enable_bootstrap*]
|
|
||||||
# (Optional) Enable keystone bootstrapping.
|
|
||||||
# This option to true will automatically bootstrap the default domain
|
|
||||||
# user by running 'keystone-manage bootstrap'.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*database_min_pool_size*]
|
# [*database_min_pool_size*]
|
||||||
# (Optional) Minimum number of SQL connections to keep open in a pool.
|
# (Optional) Minimum number of SQL connections to keep open in a pool.
|
||||||
# Defaults to: undef
|
# Defaults to: undef
|
||||||
|
@ -652,9 +635,6 @@ class keystone(
|
||||||
$validate_insecure = undef,
|
$validate_insecure = undef,
|
||||||
$validate_auth_url = undef,
|
$validate_auth_url = undef,
|
||||||
$validate_cacert = undef,
|
$validate_cacert = undef,
|
||||||
$admin_token = undef,
|
|
||||||
$admin_password = undef,
|
|
||||||
$enable_bootstrap = undef,
|
|
||||||
$database_min_pool_size = undef,
|
$database_min_pool_size = undef,
|
||||||
$cache_backend = undef,
|
$cache_backend = undef,
|
||||||
$cache_backend_argument = undef,
|
$cache_backend_argument = undef,
|
||||||
|
@ -775,11 +755,6 @@ class keystone(
|
||||||
purge => $purge_config,
|
purge => $purge_config,
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO(tobias-urdin): Remove this when admin_token is removed.
|
|
||||||
keystone_config {
|
|
||||||
'DEFAULT/admin_token': ensure => 'absent', secret => true;
|
|
||||||
}
|
|
||||||
|
|
||||||
keystone_config {
|
keystone_config {
|
||||||
'DEFAULT/member_role_id': value => $member_role_id;
|
'DEFAULT/member_role_id': value => $member_role_id;
|
||||||
'DEFAULT/member_role_name': value => $member_role_name;
|
'DEFAULT/member_role_name': value => $member_role_name;
|
||||||
|
|
|
@ -1,102 +0,0 @@
|
||||||
# == Class: keystone::roles::admin
|
|
||||||
#
|
|
||||||
# DEPRECATED!
|
|
||||||
#
|
|
||||||
# This class implements some reasonable admin defaults for keystone.
|
|
||||||
#
|
|
||||||
# It creates the following keystone objects:
|
|
||||||
# * service tenant (tenant used by all service users)
|
|
||||||
# * "admin" tenant (defaults to "openstack")
|
|
||||||
# * admin user (that defaults to the "admin" tenant)
|
|
||||||
# * admin role
|
|
||||||
# * adds admin role to admin user on the "admin" tenant
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*password*]
|
|
||||||
# The admin password. Required. In a later release
|
|
||||||
# this will default to $keystone::admin_password.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*email*]
|
|
||||||
# The email address for the admin. Optional.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*admin_roles*]
|
|
||||||
# The list of the roles with admin privileges. Optional.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*admin_tenant*]
|
|
||||||
# The name of the tenant to be used for admin privileges. Optional.
|
|
||||||
# Defaults to openstack.
|
|
||||||
#
|
|
||||||
# [*service_tenant*]
|
|
||||||
# The name of service keystone tenant. Optional.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*admin*]
|
|
||||||
# Admin user. Optional.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*admin_tenant_desc*]
|
|
||||||
# Optional. Description for admin tenant,
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*service_tenant_desc*]
|
|
||||||
# Optional. Description for admin tenant,
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*configure_user*]
|
|
||||||
# Optional. Should the admin user be created?
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*configure_user_role*]
|
|
||||||
# Optional. Should the admin role be configured for the admin user?
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*admin_user_domain*]
|
|
||||||
# Optional. Domain of the admin user
|
|
||||||
# Defaults to undef (undef will resolve to class keystone $default_domain)
|
|
||||||
#
|
|
||||||
# [*target_admin_domain*]
|
|
||||||
# Optional. Domain where the admin user will have the $admin_role
|
|
||||||
# Defaults to undef (undef will not associate the $admin_role to any
|
|
||||||
# domain, only project)
|
|
||||||
#
|
|
||||||
# [*admin_project_domain*]
|
|
||||||
# Optional. Domain of the admin tenant
|
|
||||||
# Defaults to undef (undef will resolve to class keystone $default_domain)
|
|
||||||
#
|
|
||||||
# [*service_project_domain*]
|
|
||||||
# Optional. Domain for $service_tenant
|
|
||||||
# Defaults to undef (undef will resolve to class keystone $default_domain)
|
|
||||||
#
|
|
||||||
# == Dependencies
|
|
||||||
# == Examples
|
|
||||||
# == Authors
|
|
||||||
#
|
|
||||||
# Dan Bode dan@puppetlabs.com
|
|
||||||
#
|
|
||||||
# == Copyright
|
|
||||||
#
|
|
||||||
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
|
||||||
#
|
|
||||||
class keystone::roles::admin(
|
|
||||||
$password = undef,
|
|
||||||
$email = undef,
|
|
||||||
$admin = undef,
|
|
||||||
$admin_tenant = 'openstack',
|
|
||||||
$admin_roles = undef,
|
|
||||||
$service_tenant = undef,
|
|
||||||
$admin_tenant_desc = undef,
|
|
||||||
$service_tenant_desc = undef,
|
|
||||||
$configure_user = undef,
|
|
||||||
$configure_user_role = undef,
|
|
||||||
$admin_user_domain = undef,
|
|
||||||
$admin_project_domain = undef,
|
|
||||||
$service_project_domain = undef,
|
|
||||||
$target_admin_domain = undef,
|
|
||||||
) {
|
|
||||||
|
|
||||||
warning('The keystone::roles::admin class has been replaced with keystone::bootstrap class')
|
|
||||||
}
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The classes keystone::endpoint and keystone::roles::admin is removed, use
|
||||||
|
the new keystone::bootstrap class directly.
|
||||||
|
- |
|
||||||
|
The password parameter in keystone::bootstrap is required and does not
|
||||||
|
default to undef.
|
||||||
|
- |
|
||||||
|
The deprecated parameters admin_token, admin_password and enable_bootstrap
|
||||||
|
in the keystone class is removed.
|
|
@ -4,7 +4,6 @@ describe 'keystone::federation::identity_provider' do
|
||||||
|
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class { 'keystone':
|
"class { 'keystone':
|
||||||
admin_token => 'dummy',
|
|
||||||
service_name => 'httpd',
|
service_name => 'httpd',
|
||||||
enable_ssl=> true }"
|
enable_ssl=> true }"
|
||||||
end
|
end
|
||||||
|
@ -37,7 +36,6 @@ describe 'keystone::federation::identity_provider' do
|
||||||
context 'keystone not running under apache' do
|
context 'keystone not running under apache' do
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class { 'keystone':
|
"class { 'keystone':
|
||||||
admin_token => 'dummy',
|
|
||||||
service_name => 'keystone',
|
service_name => 'keystone',
|
||||||
enable_ssl=> true }"
|
enable_ssl=> true }"
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,9 +8,7 @@ describe 'keystone::federation::openidc' do
|
||||||
|
|
||||||
let(:pre_condition) do
|
let(:pre_condition) do
|
||||||
<<-EOS
|
<<-EOS
|
||||||
class { 'keystone':
|
class { 'keystone': }
|
||||||
admin_token => 'service_token',
|
|
||||||
}
|
|
||||||
|
|
||||||
include keystone::wsgi::apache
|
include keystone::wsgi::apache
|
||||||
EOS
|
EOS
|
||||||
|
|
|
@ -4,10 +4,7 @@ describe 'keystone::federation' do
|
||||||
|
|
||||||
let(:pre_condition) do
|
let(:pre_condition) do
|
||||||
<<-EOS
|
<<-EOS
|
||||||
class { 'keystone':
|
class { 'keystone': }
|
||||||
admin_token => 'service_token',
|
|
||||||
admin_password => 'special_password',
|
|
||||||
}
|
|
||||||
EOS
|
EOS
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ describe 'keystone::wsgi::apache' do
|
||||||
|
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class { 'keystone':
|
"class { 'keystone':
|
||||||
admin_token => 'dummy',
|
|
||||||
service_name => 'httpd',
|
service_name => 'httpd',
|
||||||
enable_ssl => true,
|
enable_ssl => true,
|
||||||
}"
|
}"
|
||||||
|
|
|
@ -26,7 +26,6 @@ def setup_provider_tests
|
||||||
def self.reset
|
def self.reset
|
||||||
@public_endpoint = nil
|
@public_endpoint = nil
|
||||||
@tenant_hash = nil
|
@tenant_hash = nil
|
||||||
@admin_token = nil
|
|
||||||
@keystone_file = nil
|
@keystone_file = nil
|
||||||
Puppet::Provider::Keystone.class_variable_set('@@default_domain_id', nil)
|
Puppet::Provider::Keystone.class_variable_set('@@default_domain_id', nil)
|
||||||
@domain_hash = nil
|
@domain_hash = nil
|
||||||
|
|
Loading…
Reference in New Issue